The Devil is in the Details (and here they come):

You probably remember that the real ID law is not complete. The law requires the DHS to specify additional requirements that every state must meet. A news story at Security Document World lists recommendations that an organization called the Document Security Alliance (DSA) has made to the DHS. (No telling whether the DHS is listening, of course.) The DSA "is made up of approximately 70 industry members and representatives from 20 federal government organizations including the United States Secret Service, Federal Bureau of Investigation, Departments of Homeland Security, Treasury and Transportation, along with the Social Security Administration, Bureau of Engraving and Printing, and the Government Printing Office." This group has apparently looked at issues of compatibility, retention, verifiability and authentication, and they've made a lot of recommendations. At the very least, they are showing us how complicated (and expensive) it may be to "do Real ID right." Here are some of their concerns:

* electronic scanning and archiving for document capture, retention and storage;
* electronic verification of applicant information;
* 2D Barcodes as the standard overt machine-readable technology for carrying data;
* incorporation of new technologies to enable cross-jurisdictional point of inspection human and machine-readable ID authentication (such as barcodes, digital watermarks and optical media);
* support for current major issuing methods (Over-the-Counter, Central, Hybrid) with security process improvements;
* document durability and performance standards including the use of composite cards, PVC and polyester, polycarbonate, Teslin or other card materials that can meet the performance requirements yet are also compatible with current typical personalization equipment presently being used in secure ID issuance systems;
* 5-year validity period for identity credentials
* physical security of materials and facilities ;
* training on fraudulent documents and human-verifiable and machine-readable features of credentials.

Here's one small sample point: some states believe they are already in compliance with the Real ID act, but if the DHS accepts these recommendations and establishes challenging standards for the required degree of detail used to scan paper documents, all states may have to buy new systems and rescan everything their citizens have already produced.

The DSA'a website is www.documentsecurityalliance.com. You will find two interesting, short papers here at their site.