Tag Archives: pia


fbi biometrics

Oct. 26, 2015

Kaye Beach

The conversation surrounding the supposed impending enforcement of the federal REAL ID Act is so muddled that it is virtually impossible for anyone to develop an informed opinion on the matter. I am trying to help by providing documentation that will put to rest a few of the elementary aspects of REAL ID so that, hopefully, we can have a productive discussion about the matter.

To my mind, there is a few things about this federal law that we should understand before making a decision about whether or not our state should commit to it. For instance, we need to understand that REAL ID is a biometric ID and what the implications of moving the population en mass to this form of identification  are. Many seem to be confused about the difference between biometric ID and RFID so I want to write a post about that. We should also be aware that REAL ID requires the linking of our state databases and the is also an open ended aspect of the Act that we need to consider. There is much more to the REAL ID ACT but these are the items that come to my mind most immediately.

In my last post I addressed only one issue – are our Oklahoma state drivers licenses and ID cards biometric ID‘s? The answer is YES and you can take a look at the some of the sources of that information here.

In this short post, I am only going to address one subject as well.


The Federal REAL ID Act of 2005 REQUIRES that a digital facial image be captured from each driver’s license and ID card applicant.

These images must to be captured conformant to an international biometric format standard enabling the use of facial recognition technology and global information sharing.

The National Conference of State Legislatures is a trusted policy think tank that advises state legislators about a variety of policy matters. In 2014 the NCSL did a policy brief on REAL ID. Here is what they say:

NSCL REAL ID biometric


A digital facial image is required by the REAL ID Act.

202 facial image DHS PIA 2007

Link: https://www.dhs.gov/sites/default/files/publications/privacy_pia_realid_1.pdf

Buried in a pile of REAL ID rules is a notation that mentions a bit of technical information regarding the digital facial images that are required by the Act that reveals that the image is collected as biometric data (as opposed to just a simple photograph)

ICAO 9303 Real ID Rules 2007

And more from the Department of Homeland Security on how this biometric data is intended to be used.


Link: https://www.dhs.gov/sites/default/files/publications/privacy_pia_realid_1.pdf

These are just a few sources that verify that REAL ID is indeed a biometric ID but in the spirit of trying to keep things simple, I am trying to provide just just enough information to put the question to rest.

real id is biometric id

Here is a one page PDF of this info in case you would like a copy of these sources.

Now we know that our current ID cards and driver’s licenses are biometric ID’s and that the federal REAL ID is also a biometric ID.

My next posts will cover the difference between RFID and Biometric ID and some of the implications of biomtric identification and what the difference is between having a state level biomertric ID vs. a federal one.

DHS Disregards Public Comments, OKs ‘Global Entry’ Program

Kaye Beach

Feb 16, 2012

From EPIC the Electronic Privacy Information Center;


The US Bureau of Customs and Border Protection (CBP), a law enforcement
agency of the Department of Homeland Security, has issued a final rule
approving Global Entry, a traveler-screening program, despite the
substantial privacy and security risks brought to the agency’s
attention. Under the Global Entry program, the CBP would collect
detailed personal information about airline passengers, including Social
Security numbers and biometric information such as iris scans, which
normally would be subject to Privacy Act safeguards.
Global Entry allows travelers to expedite their entry into the United
States at US partner airports. To participate in the program, travelers
must meet specific requirements and undergo pre-screening by the CBP,
which will use biometrics “to validate identity.” The CBP claims to have
legal authority to share travelers’ personal information with US law
enforcement agencies.
In public comments submitted to the agency in 2010, EPIC stressed that
the Global Entry program should “(1) provide individuals judicially
enforceable rights of access and correction; (2) create suitable
retention and disposal standards; (3) limit the distribution of
information to only those necessary for the screening process; (4) and
respect individuals’ rights to their information that is collected and
maintained by the agency.”  EPIC also noted that implementing the
Global Entry program without first conducting a Privacy Impact
Assessment would violate federal law. Finally, EPIC underscored the
importance of a Privacy Impact Assessment, “particularly in light of
the fiasco encountered under Clear, a similar registered traveler
The CPB’s final rulemaking, however, rejected EPIC’s recommendation
that the agency comply with the Privacy Act by limiting the
distribution of passenger information to those who need it for
screening purposes.
Fed. Digital System:  Final Rule on Global Entry Program (Feb. 6, 2012)
US Customs and Border Protection:  Global Entry
EPIC:  Comments on Establishment of Global Entry (Jan. 19, 2010)
EPIC:  Global Entry