[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]


 
SECURE IDENTIFICATION: THE REAL ID ACT'S MINIMUM STANDARDS FOR DRIVER'S 
                   LICENSES AND IDENTIFICATION CARDS

=======================================================================

                                HEARING

                               BEFORE THE

                   SUBCOMMITTEE ON CRIME, TERRORISM,
                         AND HOMELAND SECURITY

                                 OF THE

                       COMMITTEE ON THE JUDICIARY
                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             SECOND SESSION

                               __________

                             MARCH 21, 2012

                               __________

                           Serial No. 112-103

                               __________

         Printed for the use of the Committee on the Judiciary


      Available via the World Wide Web: http://judiciary.house.gov



                  U.S. GOVERNMENT PRINTING OFFICE
73-416                    WASHINGTON : 2012
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202ï¿½09512ï¿½091800, or 866ï¿½09512ï¿½091800 (toll-free). E-mail, [email protected].  


                       COMMITTEE ON THE JUDICIARY

                      LAMAR SMITH, Texas, Chairman
F. JAMES SENSENBRENNER, Jr.,         JOHN CONYERS, Jr., Michigan
    Wisconsin                        HOWARD L. BERMAN, California
HOWARD COBLE, North Carolina         JERROLD NADLER, New York
ELTON GALLEGLY, California           ROBERT C. ``BOBBY'' SCOTT, 
BOB GOODLATTE, Virginia                  Virginia
DANIEL E. LUNGREN, California        MELVIN L. WATT, North Carolina
STEVE CHABOT, Ohio                   ZOE LOFGREN, California
DARRELL E. ISSA, California          SHEILA JACKSON LEE, Texas
MIKE PENCE, Indiana                  MAXINE WATERS, California
J. RANDY FORBES, Virginia            STEVE COHEN, Tennessee
STEVE KING, Iowa                     HENRY C. ``HANK'' JOHNSON, Jr.,
TRENT FRANKS, Arizona                  Georgia
LOUIE GOHMERT, Texas                 PEDRO R. PIERLUISI, Puerto Rico
JIM JORDAN, Ohio                     MIKE QUIGLEY, Illinois
TED POE, Texas                       JUDY CHU, California
JASON CHAFFETZ, Utah                 TED DEUTCH, Florida
TIM GRIFFIN, Arkansas                LINDA T. SANCHEZ, California
TOM MARINO, Pennsylvania             JARED POLIS, Colorado
TREY GOWDY, South Carolina
DENNIS ROSS, Florida
SANDY ADAMS, Florida
BEN QUAYLE, Arizona
MARK AMODEI, Nevada

           Richard Hertling, Staff Director and Chief Counsel
       Perry Apelbaum, Minority Staff Director and Chief Counsel
                                 ------                                

        Subcommittee on Crime, Terrorism, and Homeland Security

            F. JAMES SENSENBRENNER, Jr., Wisconsin, Chairman

                  LOUIE GOHMERT, Texas, Vice-Chairman

BOB GOODLATTE, Virginia              ROBERT C. ``BOBBY'' SCOTT, 
DANIEL E. LUNGREN, California        Virginia
J. RANDY FORBES, Virginia            STEVE COHEN, Tennessee
TED POE, Texas                       HENRY C. ``HANK'' JOHNSON, Jr.,
JASON CHAFFETZ, Utah                   Georgia
TIM GRIFFIN, Arkansas                PEDRO R. PIERLUISI, Puerto Rico
TOM MARINO, Pennsylvania             JUDY CHU, California
TREY GOWDY, South Carolina           TED DEUTCH, Florida
SANDY ADAMS, Florida                 SHEILA JACKSON LEE, Texas
MARK AMODEI, Nevada                  MIKE QUIGLEY, Illinois
                                     JARED POLIS, Colorado

                     Caroline Lynch, Chief Counsel

                     Bobby Vassar, Minority Counsel


                            C O N T E N T S

                              ----------                              

                             MARCH 21, 2012

                                                                   Page

                           OPENING STATEMENTS

The Honorable F. James Sensenbrenner, Jr., a Representative in 
  Congress from the State of Wisconsin, and Chairman, 
  Subcommittee on Crime, Terrorism, and Homeland Security........     1

The Honorable Robert C. ``Bobby'' Scott, a Representative in 
  Congress from the State of Virginia, and Ranking Member, 
  Subcommittee on Crime, Terrorism, and Homeland Security........     3

The Honorable Lamar Smith, a Representative in Congress from the 
  State of Texas, and Chairman, Committee on the Judiciary.......     4

The Honorable John Conyers, Jr., a Representative in Congress 
  from the State of Michigan, and Ranking Member, Committee on 
  the Judiciary..................................................     5

                               WITNESSES

David Heyman, Assistant Secretary, Office of Policy, U.S. 
  Department of Homeland Security
  Oral Testimony.................................................    47
  Prepared Statement.............................................    49

Darrell Williams, former Senior Director, Office of State-Issued 
  ID Support, U.S. Department of Homeland Security
  Oral Testimony.................................................    53
  Prepared Statement.............................................    54

Stewart A. Baker, Partner, Steptoe & Johnson, LLP
  Oral Testimony.................................................    58
  Prepared Statement.............................................    59

David Quam, Director, Office of Federal Relations, National 
  Governors Associaton
  Oral Testimony.................................................    63
  Prepared Statement.............................................    64

          LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING

Material submitted by the Honorable John Conyers, Jr., a 
  Representative in Congress from the State of Michigan, and 
  Ranking Member, Committee on the Judiciary.....................     6

Material submitted by the Honorable F. James Sensenbrenner, Jr., 
  a Representative in Congress from the State of Wisconsin, and 
  Chairman, Subcommittee on Crime, Terrorism, and Homeland 
  Security.......................................................    10

                                APPENDIX
               Material Submitted for the Hearing Record

Prepared Statement of the American Civil Liberties Union (ACLU)..    81

Letter from Patricia W. Potrezebowski, Ph.D., Executive Director, 
  the National Association for Public Health Statistics and 
  Information (NAPHSIS)..........................................    87

Letter from Brian Schweitzer, Governor, State of Montana.........    90

Letter from Chuck Canterbury, National President, Fraternal Order 
  of Police......................................................    91

Prepared Statement of the National Conference of State 
  Legislatures...................................................    93

Prepared Statement of Paul E. Opsommer, State Representative, 
  Michigan House of Representatives, and Chair, Michigan House 
  Transportation Committee.......................................    98

Prepared Statement of the North American Security Products 
  Organization (NASPO)...........................................   102


SECURE IDENTIFICATION: THE REAL ID ACT'S MINIMUM STANDARDS FOR DRIVER'S 
                   LICENSES AND IDENTIFICATION CARDS

                              ----------                              


                       WEDNESDAY, MARCH 21, 2012

              House of Representatives,    
              Subcommittee on Crime, Terrorism,    
                             and Homeland Security,
                                Committee on the Judiciary,
                                                    Washington, DC.

    The Subcommittee met, pursuant to call, at 9:59 a.m., in 
room 2141, Rayburn Office Building, the Honorable F. James 
Sensenbrenner, Jr. (Chairman of the Subcommittee) presiding.
    Present: Representatives Sensenbrenner, Smith, Scott, 
Conyers, Chu, Deutch, Jackson Lee, and Polis.
    Staff present: (Majority) Caroline Lynch, Subcommittee 
Chief Counsel; Andrea Loving, Counsel; Arthur Radford Baker, 
Counsel; Lindsay Hamilton, Clerk; (Majority) Bobby Vassar, 
Subcommittee Chief Counsel; Joe Graupensberger, Counsel; and 
Veronica Eligan, Professional Staff Member.
    Mr. Sensenbrenner. The Subcommittee will come to order. 
Today's hearing examines whether the Department of Homeland 
Security is taking its responsibilities seriously to help 
ensure that all states and territories have the resources and 
guidance they need in order to comply with the secure identity 
document standards put in place by the REAL ID Act of 2005.
    I authored REAL ID based on the necessity to help ensure 
the security of driver's licenses and other state-issued 
identification cards. Just as the September 11th hijackers 
exploited loopholes in our U.S. immigration system, they also 
exploited loopholes in state driver's license systems. The 
terrorists moved freely throughout our country prior to 
September 11th. They took flying lessons, purchased airline 
tickets, rented cars, airplanes and condos. They were able to 
do these things because, as the 9/11 Commission found, the 19 
hijackers had at least 30 pieces of identification, most 
fraudulently obtained. They ultimately used these 
identification documents to board the airplanes with which they 
murdered over 3,000 innocent people.
    The September 11th attacks forced us to acknowledge the 
weaknesses in the driver's licenses and identification document 
issuance process. At that time, most states did not even verify 
the true identity of the person before issuing the most 
universally accepted form of identification in the United 
States, the driver's license. The 9/11 Commission recognized 
the importance of secure identification to prevent terrorist 
activity. They stated that, quote, ``Members of al Qaeda 
clearly valued freedom of movement as critical to their ability 
to plan and carry out the attacks prior to September 11th,'' 
unquote. In addition, the Commission noted that if terrorist 
travel options are reduced, they may be forced to rely on means 
of interaction which can be more easily monitored and resort to 
travel documents that are more easily detectable.
    The REAL ID Act established minimum standards for state-
issued driver's licenses and identity documents that are used 
for Federal purposes, such as to enter a Federal building or a 
nuclear power plant or to board an airplane. States are free to 
issue and accept non-REAL ID-compliant IDs so long as they are 
clearly marked ``not for identification purposes.''
    Despite the REAL ID Act's enactment, DHS is hindering 
implementation by the states. Specifically, I am concerned 
about the clear lack of commitment by the Department to 
enforcing the REAL ID standards. Every effort has been made by 
the Secretary of Homeland Security to create confusion as to 
whether the law will remain in place.
    Secretary Napolitano boldly stated her intent first to 
repeal REAL ID and then to repeal and replace REAL ID, and she 
seems now to simply ignore it. DHS has not allocated adequate 
resources to fully implement REAL ID. The Office of State-
Issued Identification Support is within the Office of Policy, 
which makes little sense, and it doesn't have enough staff to 
adequately verify compliance packages submitted by the states 
or to provide adequate guidance to the states regarding 
compliance. And even more telling is the lack of commitment of 
the fact that the fiscal year 2012 DHS did not even bother to 
publish grant guidance or to allocate money for REAL ID grants.
    Additionally, I am concerned that DHS has not yet 
coordinated with the Federal Protective Service, Transportation 
Security Administration, or any other relevant Federal agency 
regarding enforcement of the upcoming January 2013 state 
implementation deadline. It seems that the DHS has not taken 
any steps to prepare for the deadline or to alert the traveling 
public regarding the coming deadline.
    Despite a lack of guidance and communication from DHS, many 
states are moving forward with identification security reforms 
based upon guidance provided by the prior Administration. In 
fact, according to DHS, six states have submitted full 
compliance certification packages, 22 other states are 
materially compliant and are issuing compliant documents or are 
committed to compliance, 12 states or territories are committed 
to meeting 15 of the 18 REAL ID benchmarks, and 4 additional 
states have enhanced driver's license programs comparable to 
REAL ID guidelines.
    States need to understand that the January 2013 deadline 
will, in fact, be the final deadline. They need to understand 
that secure identification is a DHS priority, and they need to 
know that DHS is serious about helping them get to full 
implementation. I certainly hope that DHS will not abrogate one 
of its responsibilities to the American people by once again 
extending the deadline.
    It is now my pleasure to recognize for his opening 
statement the Ranking Member of the Subcommittee, the gentleman 
from Virginia, Mr. Scott.
    Mr. Scott. Thank you, Mr. Chairman. I thank you for 
convening today's hearing.
    While it is a good idea to improve the security of state-
issued IDs and driver's licenses, I have some concerns about 
the implementation of the REAL ID Act. If we make it more 
difficult for terrorists to get IDs, we also make it more 
difficult for everybody else. And if the process doesn't 
actually prevent terrorists from getting an ID, all we have 
left is the expense and inconvenience for law-abiding citizens.
    The REAL ID Act requires tighter standards for driver's 
licenses and identification cards. It was enacted in response 
to the 9/11 Commission's recommendation to implement a more 
secure form of identification for boarding aircraft and 
accessing vulnerable facilities. These are seemingly prudent 
and necessary requirements.
    The Act, however, has been subject to significant 
resistance from the states. Prior to the passage of REAL ID, 
and almost immediately after 9/11, many states were already 
taking action to tighten driver's licensing standards. 
Intelligence Reform and Terrorism Prevention Act of 2004 
provided for a collaborative rule-making process that included 
states to achieve these goals. The REAL ID Act interrupted and 
replaced that process with a more rigid system of requirements 
that raise a number of budgetary and privacy concerns.
    Many elected officials in state governments across the 
country simply oppose the REAL ID Act on principle. They see it 
as an unfunded mandate. The REAL ID Act has significant 
expense. The Department of Homeland Security initially 
estimated that it would cost over $23 billion for states to 
implement. The most recent estimate is around $10 billion. But, 
of course, Congress has appropriated only a fraction of that to 
defray the costs.
    Today, 7 years after the legislation's enactment, 25 
states, either through statute or legislative resolution, have 
rejected the REAL ID Act or said they would simply not comply 
with it. Especially now, since states face unprecedented 
budgetary constraints, it is essential that we find cost-
effective ways to meet the objectives of the REAL ID Act.
    At the same time, privacy and civil rights organizations 
from across the political spectrum have also objected to the 
REAL ID. They see the legislation as a de facto national ID 
card, one that will be used not just for boarding an airplane 
but ultimately will be required for many other types of 
transactions, raising significant privacy concerns.
    Critics point out that the REAL ID would require a national 
consolidated driver's license database accessible to thousands 
of DMV officials across the country. If hacked or otherwise 
compromised, millions of Americans could be at risk of identity 
theft.
    I am also concerned that the full implementation of the Act 
would make it more difficult for citizens to vote. According to 
DHS, final regulations complying with the REAL ID is expected 
to create a significant expense to citizens as they acquire and 
pay for necessary documents and wait in long lines at the DMV. 
In fact, DHS estimates that Americans will spend hours 
complying with the Act. All of this is in addition to the 
direct cost of almost $4 billion imposed on the states, a cost 
that will be passed on directly to drivers in the form of 
higher fees.
    This money and administrative burden will effectively stand 
in the way of those trying to vote in states requiring the 
furnishing of ID by voters, and the burden will fall most 
heavily on low-income workers without paid vacation or 
disposable income to spend on new fees.
    While we all agree that security and validity of the 
identification requirements are important issues, there are 
real problems with implementing REAL ID, and so I look forward 
to today's hearing to see what the witnesses have to say and 
how we can comply.
    Thank you, Mr. Chairman. I yield back.
    Mr. Sensenbrenner. The Chair recognizes the Chairman of the 
full committee, the gentleman from Texas, Mr. Smith.
    Mr. Smith. Thank you, Mr. Chairman.
    Last September marked the 10th anniversary of the 9/11 
attacks. Unfortunately, a key recommendation of the 9/11 
Commission, which called for secure forms of identification, is 
still not completely addressed, and it seems that this 
Administration has very little interest in addressing it.
    On September 11, 2001, Americans were attacked by foreign 
nationals who exploited our laws and lived unnoticed in the 
United States. Nineteen of the hijackers fraudulently obtained 
17 driver's licenses from Arizona, California and Florida, and 
13 state-issued IDs from Florida, Virginia and Maryland.
    During the planning stages of the attacks, these 
identification documents were used to rent vehicles, evade law 
enforcement officials, and enroll in flight school. Ultimately, 
the hijackers showed these licenses and identification cards in 
order to board the airplanes they used to murder over 3,000 
innocent Americans.
    Because of these loopholes in our laws, the 9/11 Commission 
recommended that the, quote, ``Federal Government should set 
standards for the issuance of birth certificates and sources of 
identification such as driver's licenses,'' end quote. The 
Commission went on to state, ``Fraud in identification 
documents is no longer just a problem of theft. At many entry 
points to vulnerable facilities, including gates for boarding 
aircraft, sources of identification are the last opportunity to 
ensure that people are who they say they are and to check 
whether they are terrorists.''
    The Commission was correct, and in 2005 Congress passed and 
the President signed the REAL ID Act into law. This law 
addresses this security gap and requires states to meet certain 
security standards for issuance of driver's licenses and 
identification cards. Despite that action nearly 7 years ago, 
REAL ID has not yet been fully implemented.
    The current Administration has actually undermined the REAL 
ID Act whenever possible. They extended the compliance deadline 
two times, most recently in March of last year. Now states do 
not have to comply with REAL ID until January 15th, 2013, which 
is 11-and-a-half years after the 9/11 attacks. And Secretary 
Napolitano has consistently supported the repeal of REAL ID 
instead of compliance with the law.
    Many states understand that they need to issue secure forms 
of identification. They do not want to issue a driver's license 
to the next terrorist. Unfortunately, the Department of 
Homeland Security does not seem to have the resources in place 
to help ensure that states get the guidance they need in order 
to comply with REAL ID.
    The risk of not implementing REAL ID is great. That is 
apparent in the facts that surround the February 2011 arrest of 
Khalid Ali-M Aldawsari in Texas on a Federal charge of 
attempted use of a weapon of mass destruction. According to the 
arrest affidavit, when the FBI searched his residence, they 
found his journal in which he wrote of the need to obtain a 
forged U.S. birth certificate, multiple driver's licenses, and 
a U.S. passport. He planned to use those driver's licenses to 
rent several cars, each with a different license, specifically 
to avoid detection.
    This is evidence that terrorists still plan to exploit the 
weaknesses in our driver's license issuance processes in order 
to attack us. If we don't do everything in our power to fully 
implement REAL ID, we set ourselves up for another attack. 
History can only repeat itself if we let it.
    Thank you, Mr. Chairman. I yield back.
    Mr. Sensenbrenner. Thank you very much.
    The Chair recognizes the junior Chairman emeritus, the 
gentleman from Michigan, Mr. Conyers.
    Mr. Conyers. Thank you, Chairman Sensenbrenner. I am 
delighted to be here in my relegated capacity to be permitted 
to make an opening comment.
    I notice the impatient tone in the Chairman's voice about 
the delays that have occurred in terms of the REAL ID Act. But 
I would like to put forward a bipartisan recognition of some 
concerns that we have, and they start off with the governor of 
North Carolina, the former governor of South Carolina, Governor 
Mark Sanford, who called the REAL ID Act, quote, ``the worst 
piece of legislation I have seen during the 15 years I've been 
engaged in the political process,'' end quotation.
    And then I call to my colleagues' attention the other 28 
organizations and individuals, prominent individuals, including 
Bob Barr, a former Member of this Committee and chairman of 
Liberty Guard, who have said that this legislation would harm 
individual liberty and waste precious taxpayer resources.
    Now, that doesn't mean that they are all right and the 
Chairman is all incorrect. I think, though, we have to take the 
28 organizations, the American Civil Liberties Union, the 
American Library Association, the Asian Law Caucus, the 
Consumer Federation of America, Consumer Watchdog--I will put 
all these in--the Hispanic Leadership Conference, and----
    Mr. Sensenbrenner. Without objection.
    [The information referred to follows:]

    
    
    
    
    
    
                               __________

    Mr. Conyers. I thank the Chair, and let me go directly to 
what the problem is and what we can do about it.
    Number one, I am going to ask the Subcommittee Chair and 
the Ranking Member to let me join with them in an invitation to 
Janet Napolitano, our Secretary, and ask that we meet with her 
as reasonably soon as possible, perhaps before the recess, to 
see if we can make progress on this issue. She was before the 
committee, one of the committees in Judiciary only recently, 
but this was not the subject of the conversation.
    Mr. Sensenbrenner. If the gentleman will yield.
    Mr. Conyers. Certainly.
    Mr. Sensenbrenner. I would be happy to invite her, and I 
invite the gentleman from Michigan to help us prod her into 
following the law that was passed----
    Mr. Conyers. Thank you.
    Mr. Sensenbrenner. I think a long time ago.
    Mr. Conyers. Well, we didn't do it, so let's do it now. But 
I appreciate the gentleman's cooperation, Chairman.
    Then the last two points that I would like to make that get 
down to what I would like to hear from the witnesses about. The 
problem with the REAL ID mandate, as Mr. Scott said, it is an 
unfunded mandate, $23 billion worth of unfunded mandate, and 
one of the things, if we have such a meeting, Mr. Chairman, 
would be to figure out how we can really work out the funding 
of this.
    The other issue is the matter of the privacy concerns. 
States and their citizens are worried about the far-reaching 
implications of having so much personal information becoming so 
accessible to so many organizations, state agencies and people. 
I think there may be ways that could come out of this important 
hearing to tighten up privacy restrictions and address these 
concerns in an appropriate way.
    And so it is with that spirit of bipartisanship that I look 
forward to the testimony of our very welcome witnesses. I thank 
you, Mr. Chairman.
    Mr. Sensenbrenner. The gentleman's time has expired.
    I ask unanimous consent to submit for the record materials 
from the Center for Immigration Studies, the National 
Association of Public Health Statistics and Information 
Systems, the Document Security Alliance, and the Coalition for 
a Secure Driver's License.
    And without objection, the Chair will be authorized to 
declare recesses during votes on the House floor.
    Hearing no objection, so ordered.
    [The information referred to follows:]

    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    


                               __________
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               


                               __________
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               


                               __________
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               
                               __________

    Mr. Sensenbrenner. It is now my pleasure to introduce 
today's witnesses.
    David Heyman is the Assistant Secretary for Policy at the 
U.S. Department of Homeland Security. Previously he served as a 
Senior Fellow and Director of the CSIS Homeland Security 
Program. He is an adjunct professor in security studies at 
Georgetown. He received his Bachelor's degree from Brandeis 
University in 1986 and his Master of Arts from Johns Hopkins 
University School of Advanced International Studies in 1996.
    Darrell Williams retired last year from the Department of 
Homeland Security after 38 years of Federal Government service. 
Prior to his retirement, Mr. Williams served as Senior Director 
for the DHS Office of State-Issued ID Support, formerly named 
the REAL ID Program Office. Prior to that, he served as the 
Senior Program Manager for the Department of Homeland Security 
Senior Border Initiative Program and Program Director for 
several U.S. Coast Guard command, control, and communications 
and Department of Defense programs. He received his 
undergraduate degree from Wright State University and his 
Master of Science degree in national security strategy from 
U.S. National War College. He received his Master of Public 
Administration degree from Central Michigan.
    Stewart Baker is a Distinguished Visiting Fellow at the 
Center for Strategic and International Studies. He will shortly 
return to the practice of law at Steptoe & Johnson in 
Washington. From 2005 to 2009, he was the First Assistant 
Secretary for Policy at the Department of Homeland Security. 
Prior to that, he served as General Counsel of the WMD 
Commission and the National Security Agency. Mr. Baker received 
his undergraduate degree from Brown University and his J.D. 
from UCLA in 1976.
    David Quam currently serves as Director of the Office of 
Federal Relations at the National Governors Association. Prior 
to his position at NGA, Mr. Quam was an associate at Powell, 
Goldstein, Frazer and Murphy, LLP. He held various other 
positions, including Director of International Affairs and 
General Counsel at the International Anti-Counterfeiting 
Coalition, Inc., and Majority Counsel to the Subcommittee on 
the Constitution, Federalism and Property Rights for the U.S. 
Senate Committee on the Judiciary. He received his Bachelor's 
degree from Duke and his Juris Doctor from Vanderbilt.
    The witnesses' written statements will be entered into the 
record in their entirety. I ask that they summarize their 
testimony in 5 minutes or less. You see the blinking lights in 
front of you. Yellow means wrap it up. Red means time is up.
    So I now recognize Mr. Heyman, and without objection, all 
of the witnesses' full written statements will appear in the 
record with their testimony.

   TESTIMONY OF DAVID HEYMAN, ASSISTANT SECRETARY, OFFICE OF 
          POLICY, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Heyman. Thank you, Mr. Chairman, Congressman Scott, 
Chairman Smith, distinguished Members of the Subcommittee. I 
very much appreciate the opportunity to testify before you 
today and to discuss the progress that states have made 
implementing REAL ID and improving the security of driver's 
licenses and identification documents.
    The Department of Homeland Security is fundamentally a law 
enforcement agency, and law enforcement must be able to rely on 
government-issued IDs and know that the bearer is who he or she 
claims to be. Fraudulent IDs present opportunities for 
terrorists, and as such, securing IDs is a common sense 
national security and law enforcement imperative, and helps 
combat identity fraud and illegal immigration.
    Since the Act was passed, we have made considerable 
progress. In 2007, DHS published an implementation plan, and in 
2008 the Department published a final rule establishing minimum 
standards for states and territories. While the Nation's 56 
states and territories have principal responsibility for 
implementing REAL ID, DHS has provided tangible support. Since 
2007, the Department has awarded over $263 million in grants to 
fund enhancements to driver's license security programs and 
develop verification capabilities such as matching lawful 
status, improving facility security, modernization of 
information technology systems, increasing interoperability, 
and adding security features to documents.
    Nearly half of this funding has been disbursed to states 
over the past 2 years. The fact that 54 of 56 jurisdictions 
have applied for and used these grant awards indicates that we 
share the same goals, objectives, and even standards for 
improving security of state-issued credentials.
    One of the most challenging aspects of REAL ID is verifying 
source documents. When the bill was passed, those verification 
capabilities did not principally exist, particularly the 
ability to electronically match documents against appropriate 
Federal or other state databases. Over the past several years, 
DHS and states have collectively built and are building the 
technical infrastructure and systems to support verification of 
Social Security numbers, birth certificates, U.S. passports, 
and immigration status, all key steps toward improving the 
security of our documents.
    Today I can report that significant progress has been made 
in this regard and in developing verification capabilities to 
meet the verification requirements, with all but one 
verification capability operational or in pilot testing today.
    The Department's efforts extend beyond financial support. 
DHS has issued guidance documents and engaged stakeholders to 
ensure their concerns are being heard and challenges are being 
addressed. In 2009, DHS issued two guidance documents to assist 
states in understanding and meeting the REAL ID security 
standards, one on marked guidelines and another on best 
practices for security facilities and plans, card design, 
privacy and personnel security.
    It was apparent from conversations with the states that 
additional clarification is warranted, and we will, in fact, be 
issuing additional guidance soon. This additional guidance will 
help reduce uncertainty regarding compliance by describing 
comparable programs that meet minimum standards, and this will 
help encourage states to submit information on their progress.
    Additionally, our program office for this program has 
conducted considerable outreach through participation and 
meetings with states, territories, and partnering with Federal 
organizations. The office has conducted outreach to 
stakeholders, as well as attended a wide range of conferences, 
even visiting 44 of 56 states and territories and working 
extensively with the American Association of Motor Vehicle 
Administrators.
    Perhaps the greatest success of REAL ID has been the 
security of driver's licenses has been improved in all states, 
even in the 13 states with legislation prohibiting REAL ID. The 
deadline for REAL ID is January 15th, 2013. Our goal is to get 
this done, and states have made significant progress in meeting 
the minimum security standards. All 56 states and territories 
have submitted documentation regarding their status with 
respect to material compliance benchmarks of REAL ID. They have 
made significant progress in meeting the benchmarks and other 
requirements, and most are meeting facility production issuance 
and card standards.
    When determining whether a state has implemented a secure 
driver's license program, DHS will base its decision on the 
totality of what states have done. We commend them for their 
efforts. We have shared goals, and that is evident from the 
progress being made.
    Thank you again for the opportunity to speak to you today, 
and I'm happy to answer your questions.
    [The prepared statement of Mr. Heyman follows:]

       Prepared Statement of David Heyman, Assistant Secretary, 
         Office of Policy, U.S. Department of Homeland Security

    Chairman Sensenbrenner, Representative Scott, and Members of the 
Subcommittee: Thank you for your leadership on homeland security 
issues, and thank you for holding this important hearing today so that 
the Department of Homeland Security (DHS) can provide you with an 
update on the progress the states have made implementing the REAL ID 
Act of 2005, Title II of division B of Pub. L. 109-13 (``REAL ID Act'' 
or ``Act''). We welcome the opportunity to submit this testimony on how 
the state, territory, and federal partners have improved the security 
of driver's licenses and identification documents.
    Over the last two Administrations, we have worked to implement the 
REAL ID Act of 2005. States have the principal responsibility for 
implementing REAL ID. DHS developed an Implementation Plan in June 2007 
and published a Final Rule in January 2008, which provided states and 
territories with information on the minimum requirements that must be 
met and the funding available to help meet those requirements. Since 
then, DHS awarded over $200 million in grants to states and territories 
to fund enhancements to driver's license security programs. 
Additionally, DHS has issued guidance documents and engaged 
stakeholders to ensure their concerns were heard. DHS, the states, and 
the territories have collectively built or are building the technical 
infrastructure and systems to support verification of social security 
numbers, birth certificates, U.S. passports, and immigration status--
key steps toward improving the security of our documents. Perhaps the 
greatest success of REAL ID has been that the security of driver's 
licenses has been improved in ALL states, even in the 13 states with 
legislation prohibiting their participation in REAL ID. Diligent 
outreach and work with states by DHS has yielded real benefits in the 
last several years.
    In my testimony, I will elaborate on the progress but first it is 
important to provide the background to how we got to where we are 
today.

              WHY WE NEED SECURE IDENTIFICATION DOCUMENTS

    Law enforcement must be able to rely on government-issued 
identification documents and know that the bearer of such a document is 
who he or she claims to be. Obtaining fraudulent identification 
documents presents an opportunity for terrorists to board airplanes, 
rent cars, open bank accounts, or conduct other activities without 
being detected. According to the 9/11 Commission Report, ``All but one 
of the 9/11 hijackers acquired some form of U.S. identification 
document, some by fraud.'' \1\
---------------------------------------------------------------------------
    \1\ The 9/11 Commission Report: Final Report of the National 
Commission on Terrorist Attacks upon the United States, at 390 (2004).
---------------------------------------------------------------------------
    We recognize that preventing terrorists from obtaining these 
documents is critical. As the 9/11 Commission noted, ``For terrorists, 
travel documents are as important as weapons.'' \2\
---------------------------------------------------------------------------
    \2\ The 9/11 Commission Report: Final Report of the National 
Commission on Terrorist Attacks upon the United States, at 384 (2004).
---------------------------------------------------------------------------
    The 9/11 Commission recommended that the federal government work 
with other layers of government to solidify the security of government-
issued IDs. While improving government-issued IDs alone will not thwart 
every planned terrorist attack, it does present an important obstacle 
to any potential terrorist operating in the United States and could aid 
law enforcement in stopping terrorist plots. Securing IDs is a common-
sense national security and law enforcement imperative, which also 
helps to combat identity fraud and illegal immigration. The 9/11 
Commission spelled out the need for the federal government and the 
state or territory \3\ to take action together on this issue and 
together we have made considerable progress.
---------------------------------------------------------------------------
    \3\ States and territories is used to refer to all fifty-six 
jurisdictions covered by the REAL ID Act, to include the fifty states, 
the District of Columbia, Puerto Rico, the Virgin Islands, Guam, 
American Samoa, and the Commonwealth of the Northern Marianas Islands.
---------------------------------------------------------------------------
                   PASSAGE OF THE REAL ID ACT OF 2005

    In May 2005, Congress enacted the REAL ID Act of 2005 in response 
to the 9/11 Commission's recommendations for more secure standards for 
identification. The Act included the following provisions:

          Prohibits Federal agencies from accepting driver's 
        licenses or identification cards unless the Department 
        determines that the state or territory meets minimum security 
        requirements.

          Establishes minimum standards for the:

            Information and features that appear on the face of the 
        card;

            Physical security of cards to prevent tampering, 
        counterfeiting, and duplication of the documents for a 
        fraudulent purpose;

            Presentation and verification of source documents, 
        including presentation and verification of documents evidencing 
        citizenship or lawful status; and

            Physical security of production and storage facilities and 
        for materials from which REAL ID cards are produced.

          Authorizes the Department of Homeland Security to 
        make grants to states and territories to assist in conforming 
        to the minimum standards of the Act.

    In June 2007, DHS submitted, and the Senate and House 
Appropriations Committees subsequently approved, the REAL ID 
Implementation Plan. In the REAL ID Implementation Plan, DHS outlined 
its plans to make grant funds available specifically for projects that 
addressed the following areas:

          Enhancements to existing communications and 
        verification systems to support cost effective electronic 
        verification of source documents.

          Development of a secure indexing or pointer system 
        for verification that an individual does not hold multiple 
        licenses in multiple states or territories.

          Development of a cost effective capability for 
        verification of lawful status. Improvements to the 
        infrastructure to support electronic verification of birth 
        certificates.

          Model privacy standards, security practices, and 
        business rules regarding verification of applicant information 
        with Federal and state agencies.

    Additionally, in January 2008, the Department published the REAL ID 
regulation (``Minimum Standards for Driver's Licenses and 
Identification Cards Acceptable by Federal Agencies for Official 
Purposes'' (6 C.F.R. part 37)) providing greater detail on the minimum 
requirements states and territories must satisfy to be in compliance 
with the Act.
    When determining whether a state has implemented a secure driver's 
license program, DHS will base its decision on what states have done to 
meet the requirements of the regulation. The security benchmarks in the 
regulation focus on: identity assurance procedures; license information 
and security features; secure business processes; employee training and 
background checks; and privacy protections. They also address the 
primary sources of fraud in the issuance and use of driver's licenses 
and identification cards.

     DHS FUNDING TO SUPPORT EFFORTS TO MEET THE SECURITY STANDARDS 
                           OF THE REAL ID ACT

    Since FY 2006, the Department has obligated a total of $273 million 
in REAL ID program funds to support states and territories in their 
efforts to meet the requirements of the REAL ID Act.
    From FY 2006 through FY 2011, FEMA awarded approximately $200 
million in grants to 54 states and territories to fund individual 
projects to improve the security of their credentials, facilities, 
systems, and business processes commensurate with the standards of the 
REAL ID Act. States and territories have been able to allocate these 
funds based on individual needs, priorities, and operations.
    States and territories have used these awards to meet the material 
compliance security benchmarks and other REAL ID standards, including:

          Adding tamper resistant or enhanced security features 
        to their documents.

          Modifying their facilities to limit access to 
        sensitive materials and card production areas.

          Modernizing information technology systems to promote 
        interoperability.

          Conducting fraudulent document training or re-
        engineering the driver's license issuance process to reduce 
        customer wait times.

          Implementing verification of lawful status.

          Improving their ability to protect applicants' 
        personal information.

    For example, using REAL ID FY 2008 Demonstration Grant funds, the 
State of New York purchased facial recognition software to detect 
individuals holding multiple drivers' licenses, sometimes in an attempt 
to evade law enforcement detection. New York used facial recognition 
technology to review the records of 600,000 holders of New York State 
Commercial Driver Licenses (CDLs). The results of this effort led to 
the arrest of more than 50 commercial drivers for fraudulently 
obtaining multiple driver licenses using an alias. Since February 2010, 
800 people have been arrested for having two or more licenses under 
different aliases.
    From FY 2008 through FY 2011, FEMA also awarded approximately $63 
million in targeted grants to five states, Mississippi, Kentucky, 
Indiana, Florida, and Nevada, which volunteered to upgrade existing 
communications and verification infrastructure needed by all states and 
territories to meet the requirements of the REAL ID Act.

          The following verification capabilities to meet the 
        verification requirements of the REAL ID regulation are either 
        operational or in pilot testing. Specifically:

            The states have upgraded the infrastructure necessary to 
        support DMV verification of birth certificates. Birth records 
        from 38 state Vital Records Agencies are now available for 
        electronic verification;

            Fifty states and the District of Columbia are verifying 
        social security numbers;

            Forty-seven states and territories have signed an 
        agreement with USCIS to verify lawful status through the SAVE 
        program; and

            Four states are piloting verification of U.S. passports 
        and this capability will be available to all states later this 
        calendar year.

          Driver Licensing Agencies (DLAs) have used, and are 
        continuing to use, remaining Driver's License Security Grant 
        awards to fund the local information technology and business 
        process improvements needed to connect to and use these 
        systems.

    Additionally, USCIS has supported almost $10 million in projects 
for the development and deployment of cost-effective methods that 
states and territories can use to verify lawful status, U.S. passports, 
and social security numbers. USCIS has worked together with the states 
and territories in the development, testing, and deployment of these 
capabilities.

    FACILITATING CONFORMITY WITH THE STANDARDS OF THE REAL ID ACT--
          GUIDANCE AND OUTREACH FOR THE STATES AND TERRITORIES

    The Department's efforts extend far beyond providing financial 
assistance to states and territories. DHS has been working with states 
and territories to assist them in understanding and meeting the 
security standards of the REAL ID Act. In 2008 and 2009, DHS issued two 
guidance documents for that purpose:

          REAL ID Mark Guidelines (October 2008), providing DHS 
        recommendations for the marking of licenses.

          REAL ID Security Plan Guidance Handbook (February 
        2009), providing best practices for: securing facilities where 
        enrollment, production, and/or issuance of REAL ID driver's 
        licenses and identification cards occur; card design and 
        security; privacy; personnel security, and the contents of the 
        security plans.

    Because of additional requests from the states for clarification, 
the Department plans to issue additional guidance in the near future to 
clarify the minimum standards that states and territories must meet to 
achieve full compliance with the Act and provide examples of how states 
can meet them. While DHS has worked closely with many individual states 
and territories--some of which already submitted full compliance 
packages--the Department believes that the guidance will reduce the 
uncertainty surrounding the regulation and encourage states and 
territories to submit information on their progress consistent with the 
minimum standards of the REAL ID Act. In providing further guidance, 
DHS's purpose is to afford every state and territory the flexibility 
and opportunity to reach full compliance in a practical manner.
    DHS's subject matter experts have worked with the states and 
territories continually since 2007. Through its participation in 
meetings with the states, territories, partnering federal 
organizations, and stakeholders as well as attendance at a wide range 
of conferences, our program office, the Office of State-Issued Identity 
Support (OSIIS), visited 44 of 56 states and territories covered by the 
REAL ID Act, including four of the five U.S. territories. DHS continues 
to work closely with the Department of State on the passport 
verification module. DHS has worked with the American Association of 
Motor Vehicle Administrators (AAMVA) to coordinate implementation of 
the standards of the REAL ID regulation. In particular, DHS 
participated with the states and territories in the drafting of the 
Personal Identification--AAMVA North American Standard--DL/ID Card 
Design to ensure that states and territories can implement the REAL ID 
requirements for card design by means of common, consensus-based data 
formats and card technologies endorsed by all states and territories.
    Since 2007, OSIIS has also participated in at least 40 meetings 
with AAMVA and member states regarding all aspects of the REAL ID 
program, and provides regular briefings at the semiannual AAMVA Board 
of Directors Meetings and regional meetings. OSIIS representatives have 
also attended annual meetings of National Association for Public Health 
Statistics and Information Systems since 2007. The program communicates 
regularly with the Coalition for A Secure Driver's License. OSIIS has 
also participated in a dozen on-site meeting with the State of 
Mississippi and the Mississippi consortium of states leading state 
efforts to improve the communications system infrastructure supporting 
the verification requirements of the Act.
    Thirteen states \4\ have laws prohibiting compliance with the REAL 
ID Act. Even so, DHS believes that some of these states already issue 
secure identification documents consistent with the standards of the 
regulation.
---------------------------------------------------------------------------
    \4\ Alaska, Arizona, Idaho, Louisiana, Maine, Minnesota, Missouri, 
Montana, New Hampshire, Oklahoma, Oregon, South Carolina, and 
Washington.
---------------------------------------------------------------------------
    It is important to note that the REAL ID regulation provides DHS 
with the ability to recognize comparable programs in states and 
territories that issue driver's licenses and ID cards consistent with 
the minimum requirements of the regulation. States and territories are, 
in fact, already achieving success with their comparable efforts.
    For example, four states (Michigan, New York, Vermont, and 
Washington) currently issue Enhanced Driver's Licenses and Enhanced 
Identification Documents (EDLs) that were developed in alignment with 
the REAL ID standards, but can also be used by U.S. citizens as a 
border crossing document to enter the United States through a land or 
sea port of entry in accordance with the Western Hemisphere Travel 
Initiative (WHTI).

                          APPROACHING DEADLINE

    The deadline for meeting the standards of the REAL ID Act is 
January 15, 2013. To assist DHS in making compliance determinations, 
the regulation also requires states and territories to submit 
certification materials at least 90 days prior to the effective date of 
compliance. A DHS compliance determination means that a state's or 
territory's program meets or exceeds the REAL ID regulatory 
requirements or has a program comparable to the requirements of the 
REAL ID regulation.

                               CONCLUSION

    This hearing seeks to take stock of implementation of the REAL ID 
Act of 2005. DHS relies on alternative data collection methods, such as 
grant reporting, to document progress made by states and territories in 
improving the security of their driver's licenses and identification 
cards commensurate with the standards of the REAL ID Act. While this 
does not afford DHS full visibility into all the progress states have 
made, we can say that the Department, along with our federal, state and 
territory partners, has made great strides in improving the security of 
credentials since 9/11 and the subsequent enactment of the REAL ID Act 
of 2005. States and territories have made significant progress in 
meeting the benchmarks and other requirements of the REAL ID regulation 
and most are meeting REAL ID facility, production, issuance, and card 
standards. We commend them for their efforts.
    Thank you again for this opportunity to testify. I am happy to 
answer any questions you may have.
                               __________

    Mr. Sensenbrenner. Thank you very much.
    Mr. Williams?

 TESTIMONY OF DARRELL WILLIAMS, FORMER SENIOR DIRECTOR, OFFICE 
    OF STATE-ISSUED ID SUPPORT, U.S. DEPARTMENT OF HOMELAND 
                            SECURITY

    Mr. Williams. Mr. Chairman and Ranking Member, and 
distinguished Members of the Subcommittee, thanks for the 
invitation to actually speak.
    From 2006 until when I retired in 2011, I was the Director 
for the REAL ID program. Pretty much all the documents, the 
concept of operations, implementation plans, the expenditure 
plans I pretty much developed with my staff. All the staff that 
is currently in the office I actually selected.
    In regards to the implementation of REAL ID, which is what 
I will focus on, we actually established an outreach program 
which included all 56 states and territories in regards to our 
attempts to, first of all, help them understand what REAL ID is 
and does, but also to take a look at the implementation 
activities associated with REAL ID so they could actually get 
better cost estimates as they looked forward to attempting to 
implement the program.
    A lot of the successes that REAL ID has actually come to 
know really came from the states leaning forward not so much 
because of what DHS did but because the states realized long 
before 9/11 that there was a number of fallacies within their 
processes in regards to security dilemmas in their facilities, 
and then they also realized that a lot of the security issues 
associated with producing a driver's license actually came from 
internal processes where their individuals created a lot of the 
internal fraud.
    So again, those are things that states realized, states 
wanted to do, and then REAL ID actually became the overall 
umbrella to help states implement the kinds of things they 
wanted to do and actually start off with.
    The progress that states have made has been well 
documented. For example, if you take a look at states, and we 
actually did a state survey where a number of states responded, 
82 percent of states have improved their card security. All 
those security improvements are really consistent with REAL ID. 
There are a number of other stats that I have in my testimony 
that I won't review now. But again, it shows again the 
tremendous progress that states have made and that states are 
committed to improving their security and the integrity and the 
trustworthiness of their documents.
    One of the things that has prohibited states from making 
more progress is states need clear and consistent guidance. 
That is the one thing that they have not received. For example, 
with the PASS ID dilemma, states became confused as to whether 
or not DHS was going to implement REAL ID or replace it at some 
point in time with PASS ID. In that confusion, states decided 
to stop using some of the grant funding to improve the security 
of their systems. That took, in some cases, anywhere from 12 to 
18 months longer.
    The other example is we talk about the verification 
capabilities that states will need to use to verify whether or 
not a person is issued a driver's license in another state. 
That system, which I really started to develop back in the 2007 
timeframe, with the advent of the PASS ID confusion, that 
progress was also delayed. So that IT system that is not in 
progress today could have been furthered if states weren't in 
that confused state waiting for DHS to provide clear and 
consistent guidance.
    The other guidance that states aren't totally sure of is 
when states take a look at the REAL ID Act and what it 
requires, it does not provide clear pass/fail guidance as to 
what states need to evaluate their facilities, their people, 
and their processes to clearly determine whether or not they 
meet the requirements of the REAL ID Act. DHS also does not 
have that pass/fail criteria.
    So when we talk about compliance audits at some point in 
time in the future, without that clear pass/fail criteria, DHS 
would not be capable of actually rendering and determining 
whether or not a state actually meets the requirements of the 
Act itself.
    There is more to say, and I will save much for the 
questions so I can stay within the 5 minutes. But again, thanks 
for the invitation to speak, and I look forward to your 
questions.
    [The prepared statement of Mr. Williams follows:]

Prepared Statement of Darrell Williams, former Senior Director, Office 
    of State-Issued ID Support, U.S. Department of Homeland Security

    Chairman Smith, Ranking Member Conyers, and distinguished members 
of this Subcommittee I am pleased to be here today to discuss the 
importance of the REAL ID Act's Minimum Standards for Driver's Licenses 
and Identification Cards.
    From December 2006 until 1 April 2011 I served as the Director for 
the Department of H0meland Security (DHS) REAL ID Program Office, later 
renamed the Office of State-Issued ID Support. During my tenure, I 
established the REAL ID Program Office, planned and executed the 
program's budget and selected each member of the REAL ID program office 
team. In addition, I lead the development the of REAL ID Regulation, 
REAL ID Program's Concept of Operations, and the REAL ID Implementation 
and Expenditure Plans which were both approved by DHS and submitted to 
Congress. I specifically communicated the program's requirements, 
implementation progress and expenditures to DHS executive leadership, 
Office of Management and Budget and Congress. I also worked with other 
Federal agencies and developed an outreach program designed to 
establish and maintain a long-term partnership with all U.S. States and 
territories Department of Motor Vehicle (DMV) leadership, the American 
Association of Motor Vehicle Administrators (AAMVA) and specific 
document identity data verification system managers. My goal was simply 
to assist states to enhance the security, integrity and trustworthiness 
of their driver licenses and identification cards, facilities and 
processes to comply with the requirements of the REAL ID Act and 
implementing regulation.
    A brief synopsis of the primary requirements are located in Section 
202 of the REAL ID Act which reads, ``Prohibits Federal agencies from 
accepting State issued driver's licenses or identification cards unless 
such documents are determined by the Secretary to meet minimum security 
requirements, including the incorporation of specified data, a common 
machine-readable technology, and certain anti-fraud security features. 
In addition, Section 202 also sets forth minimum issuance standards for 
such documents that require: (1) verification of presented information; 
(2) evidence that the applicant is lawfully present in the United 
States; (3) issuance of temporary driver's licenses or identification 
cards to persons temporarily present that are valid only for their 
period of authorized stay (or for one year where the period of stay is 
indefinite); (4) a clear indication that such documents may not be 
accepted for Federal purposes where minimum issuance standards are not 
met; and (5) electronic access by all other States to the issuing 
State's motor vehicle database.''
    Prior to managing the REAL ID program, I served as the Senior 
Program Manager for the DHS's Secure Border Initiative Program, several 
U.S. Coast Guard Command, Control and Communications programs and 
numerous Department of Defense major weapon system acquisition and 
support programs. Lastly, among other degree's, I have a MS Degree in 
National Security Strategy from The National War College.
    Although I am be delighted to discuss or address any questions the 
Committee may have regarding the REAL ID Act or Regulation, I will 
focus my written testimony and opening remarks on the program's 
implementation activities.
    Under my direction the REAL ID Program Office, later renamed the 
Office of State Issued Identification Support, was responsible for REAL 
ID program development, REAL ID Rule development, REAL ID related grant 
oversight, development of an identity documentation electronic 
verification capability and implementation of the REAL ID Act. The 
regulatory scope of the REAL ID Act and regulation include the 
following:

          Approximately 240 million holders of State driver's 
        licenses and identification cards

          56 jurisdictions, including the 50 States, the 
        District of Columbia, and five U.S. territories

          Approximately 2,200 State DMV offices and facilities 
        employing about 30,000 state employees and contractors

          Millions of commercial airlines travelers and 
        visitors to the Federal facilities

          Multiple Federal agencies to include Department of 
        Transportation, the Transportation Security Administration 
        (TSA), Federal Protective Service (FPS), the Nuclear Regulatory 
        Commission (NRC), and other Federal entities managing access to 
        Federal facilities.

    In December 2006 one of the most formidable REAL ID challenges 
facing DHS was direct opposition by the states and specifically each 
state's DMV Offices. During this time frame, the states DMV 
administrators collectively considered DHS an absolute adversary and as 
result the few discussions that occurred between representatives from 
the state DMV offices and DHS were quite contentious and non-
productive. However, I'm delighted to report that upon my retirement in 
2011, numerous DMV staff members and specifically DMV administrators 
from across the country and the U.S. territories emailed, phoned and 
sent letters to thank me for my efforts that led to establishing and 
maintaining an open and honest REAL ID implementation partnership.
    The benefits of this partnership which began in the spring of 2007 
eventually resulted in the DMV administrators teaming with AAMVA to 
become the REAL ID Program Office's most supportive implementation 
advocate. The implementation success that will be discussed later in 
this testimony would have not been realized without the DMV 
administrators and AAMVA support.
    An example of this support was first realized in the spring and 
summer of 2007, when AAMVA agreed to host four regional meetings in the 
cites of Baltimore, Chicago, Los Angeles and Atlanta which allowed me 
to conduct 4 four hour meeting with all the DMV staff members in each 
region to discuss DHS plans regarding the proposed REAL ID rule and 
address the numerous misconceptions, false information and reduce the 
DMVs fear of this unknown rule's impact on how they conduct their day 
to day business with their respective customers.
    In addition to support, AAMVA and the state DMV's funded their 
personnel expenses to attend and participate in these meetings. These 
meetings resulted in a tremendous amount of clarity for the states. 
This initial series of regional meetings reduced the state's high 
anxiety by clarifying the rules intensions, removing misinformation and 
asking the states to share their operational insight.
    While at these meetings I also conducted several side-bar meetings 
with DMV regional leaders. From the follow-on side bar meetings I 
recruited numerous state DMV staff members to partner with DHS to form 
several working groups. Early in 2007, I realize that I did not have 
the program funding or adequately trained staff to properly understand 
all the relevant operational aspects of the state DMV driver's license 
issuance processes, facilities and IT capabilities. To quickly acquire 
the technical expertise needed, I partnered with the DMV leadership to 
develop several DMV process-focused technical working groups comprised 
primarily with the DMV and AAMVA staff members. AAMVA agreed to host 
the working group meetings. Without belaboring the point, I bring this 
information forward to stress that virtually all the implementation 
progress made to date has been greatly facilitated with state DMVs and 
AAMVA technical, administrative assistance and in some cases financial 
support.
    States have been fully engaged in improving the security, integrity 
and trust worthiness of their respective state issued driver's license 
and identify cards. Many of these security improvements either exactly 
meet or are consistent with the requirements of the REAL ID Act or 
Rule. States have made these improvements primarily because they were 
well aware prior to September 2011 that their driver's license and 
identity card issuance processes, cards and facilities had numerous 
security deficiencies. In addition, states have long wanted to develop 
a capability that allows each state's DMV to electronically verify all 
applicant's identity documents (birth record, passport, out-of-state's 
driver's license, immigration documents) information prior to issuing a 
driver's license or identity card.
    States have and continue to make significant implementation 
progress consistent with requirements of REAL ID. A February 2011 
Driver's Information Verification System (DIVS) report shows the 
results of a state-based questionnaire where states self-report their 
driver's license and identity card security progress as follows:

          82% of states have improved their card security

          96% of states provide fraudulent document security 
        recognition training

          89% of states perform background checks on employees

          78% of driver's license agencies have improved the 
        physical security of their facilities

          96% of states have instituted IT hardware and 
        software that links a given license issuer with a given issued 
        license

          71% of states access USCIS data to verify U.S. issued 
        immigration documentation

          84% of states coordinate driver's license and 
        identity document expiration date to an applicant's U.S.-issued 
        immigration documentation.

    The above DIVS report indicates the great progress states have made 
absent clear and consistent DHS guidance. DHS vacillation on support of 
PASS ID vs. REAL ID temporarily delayed numerous states from making 
progress and resulted in an untimely delay in states utilizing their 
grant funding to make security improvements. In 2010, numerous states 
expressed concern that if they continued to expend their 2008 and 2009 
grant funds to comply with REALID requirements, those funds would not 
be available if the requirements were changed to align with PASS ID. In 
absence of clear and consistent guidance, numerous states delayed grant 
fund expenditures and thus REAL ID implementation enhancements. States 
remain unclear if DHS will, yet again, postpone the compliance deadline 
beyond January 2013, continue to pursue PASS ID or another alternative, 
or if they should march full speed ahead to continue to improve and 
enhance their driver's license and identity card issuance processes to 
become comparable to or consistent with REAL ID requirements.
    In addition, states continue to express concern about REAL ID Rule 
Subpart E.37.51 that says ``States must have met the REAL ID Rule 
standards of subparts A through D or have a REAL ID program that DHS 
has determined to be comparable to the standards of subparts A through 
D.'' To date, DHS has not provided states clear guidance on what 
constitutes comparable and must do so as soon as possible to allow 
states time, if they so elect, to pursue a comparable alternative lead 
time away from the established compliance deadline of January 15, 2013.
    In addition to the above, below you will find a list several other 
implementation issues that should be resolved as soon as possible to 
provide all willing states a realistic opportunity to achieve a 
successful REAL ID program implementation.

          DHS must establish clear pass/fail criteria that 
        states can use to measure and determine when they comply with 
        the REAL ID or comparable program compliance requirements.

            Until such clear guidance is provided, states do not have 
        the ability to determine if they have met all the requirements 
        for compliance.

            In addition, DHS will need the pass/fail criteria to 
        perform future compliance audits

          Per REAL ID rule section 37.55, 37.59 and 37.61, DHS 
        must establish a state compliance audit process to conduct 
        future compliance audits. A compliance audit process is 
        required to verify if a state has met or is meeting the 
        required initial or recertification compliance requirements per 
        the REAL ID rule.

            Subpart E--Procedures for Determining State Compliance, 
        section 37.55 indicates that DHS will make a final compliance 
        determination. Subpart E--Procedures for Determining State 
        Compliance, section 37.59 indicates that DHS will review to 
        determine whether the state meets the requirements for 
        compliance.

          DHS must develop a REALID enforcement strategy that 
        clearly conveys how the REAL ID Act requirements will be 
        enforced beginning January 15, 2013.

            Enforcement strategy must include at minimum the Federal 
        Protective Service, Transportation Security Agency and other 
        Federal facilities as covered by the REAL ID Act and 
        implementing regulation.

          DHS must develop a grant funding financial audit 
        review strategy to ensure the grant funds awarded to states are 
        being expended in accordance with the grant application and 
        approval.

            Currently, DHS lacks the process to know and ensure 
        accountability for REAL ID grant funds expenditures

          To vastly improve the quality of program 
        implementation, strongly encourage the REAL ID program be 
        transitioned to an operational environment that has 
        acquisition, program management, system engineering, at a 
        minimum, as core competencies. Although the DHS Office of 
        Policy may be well intended, the office is not equipped with 
        the experience or expertise to oversee the design and 
        development of an operational program. The Office of Policy is 
        especially not capable and does not have the expertise to 
        oversee the design, test, implementation an initial operation 
        of the multi-million dollar REAL ID Driver's License 
        Information and Verification (DIVS) Program which is currently 
        in the design phase. This REAL ID electronic document 
        verification program, developed with Congressional appropriated 
        funds, is currently in the design phase. The REAL ID program 
        has been in the implementation and system development stage for 
        several years. For example, for past three years the Office of 
        Policy has overseen and managed the requirements generation 
        process, which will lead to the design, development, testing 
        and fielding of an operational IT system expected to process 
        millions of daily state to state DMV transactions. The DIVS 
        system is expected to complete the design phase in 2014, 
        testing in 2015 and become operational and deployed by 2016. 
        Just as policy should not be developed in an operational 
        environment, an IT focused system's design, development, test, 
        initial operation and full system deployment should not be led 
        by a Policy Office.

          REAL ID's Greatest implementation assets:

            All DMV leadership is aware of the critical need to 
        improve the security, integrity and trust worthiness of their 
        driver's license and identity card processes and they are 
        willing to take action.

            State's continue to make significant progress to enhance 
        the security of their cards, systems, processes and facilities

          REAL ID's Greatest implementation impediments:

            Retaining the design, development, testing and fielding of 
        an operational program in a Policy making environment will 
        continue to delay the program's implementation. The program 
        must be transitioned to an operational environment.

            Lack of DHS clear and consistent guidance to states.

              The program lacks clear pass/fail compliance 
        criteria

              The program lacks clear guidance on what 
        constitutes a comparable program

              The program lacks clear guidance on how 
        enforcement will be implemented and if enforcement will begin 
        January 15, 2013

            Lack of DHS executive level engagement and support

              States DMV leadership remain uncertain and 
        unconvinced that DHS executive leadership is committed to REAL 
        ID implementation
                               __________

    Mr. Sensenbrenner. Thank you, Mr. Williams.
    Mr. Baker?

            TESTIMONY OF STEWART A. BAKER, PARTNER, 
                     STEPTOE & JOHNSON, LLP

    Mr. Baker. Chairman Sensenbrenner, Ranking Member Scott, 
Chairman Smith, Chairman Emeritus Conyers, Members of the 
Committee, it is a pleasure to be here. My claim to fame is I 
hired Darrell and had David Heyman's job before he had it.
    It is a pleasure to talk about this topic because it is so 
important. It is not just that the 9/11 Commission after 10 
years reiterated how important it was. It is not just that 
practically every terrorist act in the last 20 years, from 
Oklahoma City to 9/11 to the Lubbock, Texas attacks, depended 
on fake and fraudulent IDs. But one person, one household in 14 
every year is the subject of identity theft. Most of it, the 
most serious of it is facilitated by fake IDs. This is the real 
privacy issue that we should be focused on. People are losing 
control of their identities to people who have easy access to 
fake or fraudulent driver's licenses.
    The good news that I do want to talk about is that most 
states have, at the end of the day, as we have heard already, 
recognized they have a responsibility to fix their security 
problems, and nearly 40 of them could meet this deadline, or 
perhaps more. They are on track to meet the deadline. That is 
great news. It is particularly impressive that they have put in 
place the ability to check birth certificates, which are really 
the most dangerous breeder document that facilitates this kind 
of fraud. That is possible by January of 2013.
    The bad news from my point of view is that even if 80 or 90 
percent of the states meet this deadline, they are not going to 
get rid of 80 or 90 percent of the fraud. They are going to get 
rid of about 10 percent of the fraud because the fraudsters and 
the terrorists, everybody who wants a fake ID, are just going 
to figure out which states allow them still to use bad birth 
certificates or to meet other fraudulent requirements, and they 
are going to go there.
    So until we get everybody up to a high level, we are not 
going to solve this problem. That is why, I think, the REAL ID 
Act very wisely put in place a penalty for failure to meet this 
deadline. Until the last state comes on board, we have a 
problem in our ID system.
    The difficulty with the penalty that we have, and I faced 
this because I actually was facing the prospect of pulling the 
trigger on the refusal to accept licenses at airports, is it is 
like a nuclear weapon. It is really effective at scaring 
people, but when you actually set it off, a lot of bad things 
happen that no one really wants to see happen.
    So there is a kind of chicken that is played between the 
Department and the states. The states say, ``I wonder if they 
will really set that off, because if they won't, maybe I can 
just, you know, skate past the deadline.'' And the Department 
doesn't want to set it off, but they have to persuade people 
that they are actually going to do something serious when the 
deadline arrives. I don't think David or the Administration has 
persuaded anybody that they are serious about setting off that 
weapon or imposing that penalty.
    So my suggestion for this committee is you really need to 
find some penalty to enforce that deadline that is not 
dependent on the Secretary having the will to use that penalty, 
and my suggestion in the testimony--I will stop here--is that 
you say to the 54 or 56 jurisdictions who took money to comply 
with REAL ID that if you don't meet January 2013, give the 
money back. Thanks.
    [The prepared statement of Mr. Baker follows:]

 Prepared Statement of Stewart A. Baker, Partner, Steptoe & Johnson LLP

    Chairman Sensenbrenner, Ranking Member Scott, Members of the 
Subcommittee, I am pleased to testify today about the importance of 
improving the security of drivers' licenses, the identity documents on 
whose security Americans rely daily.

               WHY WE NEED MORE SECURE DRIVERS' LICENSES

    It shouldn't be necessary to say that we need secure identification 
documents in the United States. Ten years ago, the 9/11 hijackers 
exploited the security weaknesses of state DMVs to obtain nearly 30 
licenses, many of them by fraud. And twenty years ago, Timothy McVeigh 
used a fake South Dakota license to rent the truck he filled with 
fertilizer and fuel oil; South Dakota's license security was so weak 
that McVeigh made his fake license with a typewriter and a clothes 
iron.
    That's not the end of it. Last year, the FBI arrested a Saudi 
student in Texas whose notes showed that he had devoted much of his 
young life to winning a scholarship to the United States, where he 
planned emulate Osama bin Laden by killing large numbers of Americans. 
His plans included casing the home of George W. Bush and preparing a 
chronology for the attacks listing these key steps in his plan: 
``obtaining a forged US birth certificate, applying for a US passport 
and driver's license; . . . using a different drivers' license for each 
car he rents; . . . putting the bombs into the cars and taking them to 
different places during rush hour.''
    Some things never change. Terrorists hoping to attack us at home 
will keep exploiting the insecurity of our drivers' license system for 
as long as we fail to improve that system.
    So will criminals. Identity theft is a fast-growing and 
disturbingly common crime; one household in 14 suffered an identity 
theft in 2010, according to the U.S. Justice Department, up from one in 
18 just five years earlier. Some of the most intrusive and devastating 
forms of identity theft--forged checks, for example, or employment 
fraud--require a fraudulent drivers' license or similar identification 
document to accomplish. Bad drivers' license security has victimized 
millions of Americans.
    It could even get some of them killed. I am still appalled by the 
story of Kevin Wehner. Having his wallet stolen on vacation was the 
beginning a nightmare. The thief used Wehner's documents, along with a 
forged Virgin Islands birth certificate, to obtain a Florida license in 
Wehner's name. When Wehner moved to Florida, the DMV refused to give 
him a license. ``You've already got one,'' they told him. He sent them 
his picture to straighten out the mess. That only made things worse. 
Because the identity thief had moved on to stealing cars and killing 
police officers. To catch the killer, Florida police circulated the 
photo that the real Kevin Wehner had recently supplied to the DMV. 
Luckily, a friend who saw the photo on TV called Wehner before a 
nervous police officer pulled him over. Shortly thereafter, police 
located the fake Kevin Wehner and shot him dead in a gun battle. 
Florida's inability to check a forged birth certificate could have 
killed the real Kevin Wehner just as easily.

                WHY REAL ID HAS NOT YET BEEN IMPLEMENTED

    Unfortunately, not everyone agrees with the need for better 
drivers' license security. Opposition to REAL ID unites the nations' 
governors and the ACLU. As a candidate, President Obama campaigned 
against REAL ID. And as a governor, Secretary Napolitano did the same. 
So it was no surprise that the Obama administration supported repeal of 
REAL ID and adoption of a softer approach, called PASS ID. Expecting 
PASS ID to be adopted, the administration soft-pedaled the states' 
obligations under REAL ID.
    But PASS ID did not pass, and REAL ID is still the law. 
Unfortunately, however, it's not being treated like a real law. In 
2009, the Secretary of Homeland Security permanently stayed the 
deadline for states to come into material compliance, on the grounds 
that the Department was pursuing PASS ID. By March 2011, with the 
deadline for full compliance with REAL ID just two months away, that 
reasoning wouldn't work anymore; everyone recognized that PASS ID was 
dead. But the Secretary nonetheless postponed the deadline for full 
compliance to January 2013 without taking comments. The remarkable 
justification for the delay was that the administration had encouraged 
the states to hope that the law would change, so they didn't take steps 
to comply with the law as it stands:

        [S]ome States delayed investing in new technology and process 
        changes because of uncertainty associated with Congressional 
        action on the PASS ID Act. PASS ID, which was supported by the 
        Administration as well as State associations, including the 
        National Governor's Association and the American Association of 
        Motor Vehicle Administrators, would have modified certain 
        requirements of REAL ID to facilitate State compliance. States 
        delayed making investments to implement REAL ID to ensure they 
        were not making expenditures to comply with requirements that 
        would have been undone had PASS ID been enacted into law. Now 
        that PASS ID seems unlikely to be enacted, DHS anticipates 
        States will refocus on achieving compliance with the REAL ID 
        requirements.

    Wow. I only wish I could get an extension on my tax return by 
saying I was hoping the law would change before the returns were due 
but that I'm now ready to ``refocus on achieving compliance'' with the 
requirements of the tax code.
    In fact, apart from hoping that the states will refocus, the 
Department does not seem to be doing much to encourage them to meet the 
new deadline. As far as I can see, it hasn't audited state compliance; 
it hasn't processed the submissions of states that want to certify 
their compliance with REAL ID; and it hasn't pressed the states that 
are lagging far behind to step up their efforts.

        THE 9/11 COMMISSION IS RIGHT: WE CAN'T AFFORD MORE DELAY

    That approach will mean years of delay in improving drivers' 
license security, millions more victims of identity theft, and perhaps 
more victims of terrorism. It will mean negating not just a federal law 
but one of the last unimplemented recommendations of the 9/11 
commission. The members of that commission recently reassembled for a 
tenth anniversary review of the nation's progress in adopting its 
recommendations. They were blunt in their criticism of the 
administration's delay in implementing REAL ID:

        Recommendation: ``The federal government should set standards 
        for the issuance of birth certificates and sources of 
        identification, such as drivers licenses.''
        .  .  .

        [T]he deadlines for compliance have been pushed back twice . . 
        . until January 2013. The delay in compliance creates 
        vulnerabilities and makes us less safe. No further delay should 
        be authorized; rather, compliance should be accelerated. The 
        delay in compliance creates vulnerabilities and makes us less 
        safe. No further delay should be authorized; rather, compliance 
        should be accelerated. (Emphasis added.)

    The 9/11 Commission members are right. The foot-dragging should 
stop, in Washington and in the states.

       MOST STATES ARE READY TO MEET THE REQUIREMENTS OF REAL ID

    This is particularly true because, despite all the public outcry 
and political posturing, most motor vehicle departments are making good 
progress toward the goals set out in the REAL ID act. Janice Kephart of 
the Center for Immigration Studies has done invaluable work in 
surveying the states' progress toward achieving compliance with the 
standards set by REAL ID. Her most recent study estimates that nine 
states are on track to achieve full compliance with all REAL ID 
requirements by January 2013, and that another 27 will have achieved 
material compliance with the act by then. That means that the great 
majority of states can meet the deadline, at least for material 
compliance, if they simply keep on doing what they have been doing.
    In saying that, I do not mean to overlook the distinction between 
material compliance and full compliance. The principal difference is 
that states can achieve material compliance without having in place an 
electronic verification system for birth certificates. To achieve full 
compliance, they must check birth certificates with the issuing 
jurisdiction.
    Now, as you might guess from my early remarks, I think that 
checking birth certificates is crucial to achieving a more secure 
license system. Birth certificates are much easier to forge and much 
harder to check than licenses, so it's no wonder that everyone from 
aspiring terrorists to cop-killing car thieves views a forged birth 
certificate as the key to building a fake identity.
    And so, having an electronic system for checking birth certificates 
is crucial. It too should be in place as soon as possible.

           BIRTH RECORDS CAN BE CHECKED ELECTRONICALLY TODAY

    Once again, there is good news on this front in the Kephart report, 
which says that by February of this year, 37 states had already entered 
their birth records into a system that allows other agencies to conduct 
verification online. This system, called Electronic Verification of 
Vital Events (or EVVE), is administered by the National Association for 
Public Health Statistics and Information Systems (or NAPHSIS). The 
network is still growing; NAPHSIS tells me that they've added another 
state since February; EVVE now covers 38 states. And the system isn't 
just theoretically available. It's actually being used on a daily basis 
by several US government agencies, such as the State Department's 
passport fraud investigators, the Office of Personnel Management, and 
the Social Security Administration.
    The really good news, then, is that there are no technical barriers 
to nearly immediate implementation of electronic birth certificate 
checks. Any state that can achieve material compliance by 2013 can also 
achieve the most important element of full compliance by that date; it 
just has to hook up its DMV to EVVE. In short, nearly 40 jurisdictions 
are on track to do what the 9/11 Commission recently urged them to do: 
implement drivers' license security without delay.

                       WHY CONGRESS NEEDS TO ACT

    Now let me turn to three pieces of bad news, and the reason that 
the 9/11 Commission's goal will remain unfulfilled unless Congress 
acts.
    1. Everyone's security is set by the weakest states, not the 
strongest. First, the efforts of nearly 40 jurisdictions to improve 
their license security won't do us much good unless the remaining 
states get on board. It's become quite obvious that identity thieves--
whether they're illegal workers or fraudsters--keep a close eye on the 
license security practices of the states. When they need a fraudulent 
document, they always manage to find the states with the weakest 
security.
    This is why REAL ID was needed in the first place. Many states did 
a good job, and a few did not; but those few undermined the efforts of 
all the others. We have to bring the laggard states up to the same 
standards that most states are on track to meet. Only a firm deadline, 
with penalties, will do that. And, since the administration has made 
clear its reluctance to enforce REAL ID, Congress needs to impose its 
own deadline.
    2. We need new penalties for noncompliance. That brings me to the 
second piece of bad news. The main penalty for states that miss 
deadlines is that TSA will refuse to accept the licenses they issue, 
meaning that residents of those states won't be able to fly without a 
U.S. passport or other strong ID. The problem with this penalty is not 
that it's too weak.
    Rather, it's too strong. It's like a nuclear weapon--so big and so 
damaging to so many innocent people that whoever sets it off is likely 
to be judged harshly. With both sides aware of the risks, REAL ID 
penalties are at best a game of chicken between recalcitrant states and 
DHS. If the states convince DHS that they will not meet the deadline, 
DHS will probably cave and issue an extension. If DHS convinces the 
states that real penalties will be imposed and the deadline will not be 
extended, then the states will probably cave and come into compliance. 
But to be candid, having granted two extensions already, I don't think 
this administration can persuade the states that this time is 
different.
    That's why Congress should act. REAL ID needs a statutory deadline 
with penalties that are credible. Here's one idea. Remember that the 
states, almost without exception, have accepted more than $220 million 
in grants to comply with REAL ID or improve license security; they 
accepted grants during fiscal years 2005, 2007, 2008, 2009, and 2011. 
Many of those grants required the states to affirm that they were in 
the process of complying with REAL ID. Yet years later some of them 
still are not on track to meet the much-delayed implementation 
deadline. This raises the question whether the lagging states took 
federal grant funds in good faith and whether they spent the funds 
prudently. If they lag so badly that they miss even the January 2013 
deadline, perhaps it's time for them to give the money back.
    So here's one idea for changing the dynamic of REAL ID enforcement: 
perhaps any future appropriations or authorization bill dealing with 
homeland security, terrorism, or immigration should include a provision 
requiring that states failing to meet the REAL ID deadline must return 
any funds received to improve drivers' license security. The paybacks 
could be cumulative, increasing over time so that the states have a 
growing incentive to comply. While imposing fines on states or a 
requirement to disgorge grant funds would raise legal concerns, I see 
no bar to automatically reducing by the amount of the penalty any 
future payments that would otherwise be due to states under other 
programs. Such a penalty would also respond to the current budget 
climate by reserving scarce federal funds for states that live up to 
their obligations under federal law. It could be implemented either 
through appropriations or authorization bills. That's the kind of 
modest but credible penalty that is likely to finally break the last 
logjam of lagging states and bring about nationwide license security.
    3. Electronic birth certificate checks probably won't happen 
without enforcement of the deadline. Finally, the last piece of bad 
news concerns the birth certificate network, EVVE. As I said, it is 
available and ready for states to use. But the states are not in fact 
using it, at least not to check birth certificates from other states. 
(Some states do use the system to check their own birth records.) 
Indeed, a pilot in which three states were using EVVE to do cross-
border birth record checks has recently ended, and the states involved 
decided not to continue the checks--a troubling bit of backsliding, 
given the importance of birth certificates as breeder documents for 
false IDs.
    Why are states reluctant to use EVVE for drivers' license checks? I 
suspect the problem is the cost of the service. When the system is 
running at low volumes, as it is now, the cost of an electronic record 
check on EVVE is nearly two dollars. That's a lot of money for states 
that issue tens of millions of licenses and may charge only $20 or $30 
for each one. States have an incentive to hang back and let other 
states pay the high cost of being an early adopter.
    This Alfonse-and-Gaston problem is easy to solve. If all state 
motor vehicle agencies join EVVE at the same time, its volume pricing 
will bring the cost of each check down to less than a dollar--94 cents, 
I'm told by NAPHSIS. We can achieve this goal if DHS simply enforces 
the existing deadline of January 2013. Overnight, the cost of the 
service will drop. That is another reason to impose a deadline and to 
include birth record checks.
    I know the states have complained about the costs of REAL ID. That 
complaint makes no sense in the context of EVVE, however, because most 
of the 94-cent cost goes to state vital records agencies to cover their 
costs of maintaining EVVE records. Let me say that again; roughly 87 
cents of the 94-cent EVVE fee is simply a transfer between state 
agencies--from state DMVs to state vital records offices. Even when 
those transfers cross state boundaries, they go in both directions and 
are likely to roughly balance out.
    It turns out that the states will be literally paying the great 
bulk of EVVE fees to themselves, and their reluctance to make these 
payments is simply a disguised turf war between the DMVs and the vital 
records offices. Surely we should not leave future victims of future 
identity thefts and terrorist acts unprotected simply because two state 
agencies do not agree on which of them will pay to maintain digitized 
birth records.
    Still, if Congress wants to help the states achieve compliance by 
further lowering the cost of birth record checks, there is a way to do 
that while also making the country more secure. As I understand EVVE's 
pricing, its lowest fees will be charged to all comers once volume in 
the system exceeds 1.2 million checks a month. Bringing all the states 
on board through REAL ID will achieve that end. But so will requiring 
that the State Department check all birth certificates through EVVE 
before issuing a passport. Today, I believe, State only checks a 
limited number of certificates through EVVE, as part of its fraud 
prevention program. If it checked all certificates through EVVE, it 
would likely uncover more fraud, and it would lower the cost of such 
checks dramatically for all. This would add to the State Department's 
costs, but not to the deficit, because the cost of passport processing 
measures is recovered by passport fees.

                               CONCLUSION

    Making sure that Americans can rely on the security of their 
drivers' licenses is a vital national priority. It has been stalled for 
too long, and this hearing serves an important purpose in drawing 
attention to how much has been achieved and how much still remains to 
be done.
    Thank you for the opportunity to testify here today.
                               __________

    Mr. Sensenbrenner. Thank you, Mr. Baker.
    Mr. Quam?

TESTIMONY OF DAVID QUAM, DIRECTOR, OFFICE OF FEDERAL RELATIONS, 
                 NATIONAL GOVERNORS ASSOCIATON

    Mr. Quam. Thank you, Mr. Chairman, Mr. Scott, Mr. Smith, 
Mr. Conyers, Members of the Subcommittee. It is a pleasure to 
be here on behalf of the National Governors Association on an 
issue that governors have worked on for a very long time.
    I think there is some good news here that you are hearing. 
States have made progress, considerable progress in moving 
ahead. Every governor is concerned with increasing the 
integrity and security of their driver's licenses. They were in 
2005, 2007, 2009. They are interested in that issue today. 
Fraud, theft, security are all concerns for every governor.
    And because of that, governors, when they started to 
address both REAL ID and the regs as they came out, looked 
through a lens of some core principles, that licenses and 
identification cards should accurately reflect the identity of 
the owner, that the laws and regulations should facilitate and 
encourage participation by all jurisdictions, that those laws 
and regulations should also enhance the security and integrity 
of all licenses and ID cards while retaining state flexibility 
to innovate, set a floor, let states go above it, and then 
address critical privacy concerns while reducing or eliminating 
unnecessary cost.
    Part of the delay with REAL ID, as it was initially written 
and as it came out, represented an unworkable and unfunded 
mandate, a very serious challenge for states. What we need is 
continued flexibility in implementation if we are going to meet 
the core objectives of the Act, something that I think 
governors share with this committee and with Congress, and the 
Department of Homeland Security.
    So where do we stand? Mr. Chairman, you accurately stated 
exactly where states are today. Six states have submitted full 
compliance certifications. Twenty-two states have said that 
they are materially compliant. Four states are using enhanced 
driver's licenses, something akin to REAL ID but currently 
doesn't exactly match the requirements of REAL ID. Twelve 
states have met 15 of 18 benchmarks, and another 12 states are 
falling short of that.
    In addition, you have 13 states who have laws on the books 
saying they will not comply. You have another three who are 
saying we won't comply unless certain conditions are met, and 
often that goes to funding.
    Of the five electronic databases necessary to really make 
REAL ID click, only two are nationally deployed and operational 
and being used by states. That is SAVE with regard to 
immigration status, and SSOLV with regard to Social Security. 
Of the other three, the passport system I believe may come 
online this year. EVVER, the Vital Records states, are joining 
and participating in digitizing their records, but that will 
not be fully implemented by the states for some time, and there 
is not one DMV currently signed up to use EVVER. As a matter of 
fact, the pilot program for the DMVs expired last year.
    And then the final one, the state-to-state driver's license 
system, which has taken time to satisfy the governance, the 
privacy, and how it will work between states, the 
implementation to get it to an operational system starts in 
2015. It won't be fully ready, from the stats I have seen, 
until possibly as late as 2023. Yet those are the systems you 
really need to make this work from an electronic standpoint and 
get this working.
    So where do we go from here? States need that clear 
guidance. For those numbers, those state numbers to become 100 
percent, states need to be able to evaluate where they are and 
what the requirements are from DHS. We have heard and we look 
forward to additional guidance from the Department of Homeland 
Security to see exactly where states stand and whether or not 
January 15th, 2013 can be met. If it can't be met, it is 
probably not at the states' hands. It is because this was a 
bridge too far to begin with.
    One of the reasons why governors have always been 
constructive partners is because driver's licenses have 
traditionally been the responsibility of the states. One of the 
reasons this has taken so long is because I believe the Federal 
Government found out how complicated this process is, how hard 
it is to validate those source documents, and how hard it is to 
check everything on those cards.
    That being said, the states have made great strides. 
Getting the guidance out, being able to determine where we are, 
and then finding out what it is going to take to fill those 
gaps, including funding, I think will be critical to finally 
meeting the objectives of REAL ID, objectives that are shared 
by all governors, this Congress, and the Administration. Thank 
you.
    [The prepared statement of Mr. Quam follows:]

    Prepared Statement of David Quam, Director, Federal Relations, 
                     National Governors Association

    Chairman Sensenbrenner, Ranking Member Scott, distinguished members 
of the committee; my name is David Quam, Director of Federal Relations 
for the National Governors Association (NGA). I appreciate the 
opportunity to appear before you today to discuss the issues 
surrounding state implementation of REAL ID.

                               OVERVIEW:

    Governors have always been committed to providing their citizens 
with drivers' licenses that are accurate and secure. In fact, during 
multiple discussions among governors regarding REAL ID, it was clear 
that all governors share common principles regarding licenses and state 
identification:

          Licenses and identification cards should accurately 
        reflect the identity of their owner;

          The systems that produce the cards and the cards 
        themselves must be secure;

          Information received about individuals should be 
        protected to ensure their privacy; and

          Services and products must be provided in a cost-
        effective manner that maximizes value for taxpayers without 
        diminishing the security or integrity of the license.

    It is through this lens that governors have viewed federal efforts 
to regulate state licenses, such as REAL ID. While governors believe 
that the objectives of REAL ID are laudable, they have found that the 
law represents an unworkable and unfunded mandate that--without 
continued flexibility in its implementation--will fail to make us more 
secure.

                              BACKGROUND:

    Congress passed the REAL ID Act (REAL ID) as part of the Emergency 
Supplemental Appropriations for Defense, the Global War on Terror and 
Tsunami Relief Act (P.L. 109-13). The law replaced section 7212 of the 
Intelligence Reform Act (P.L. 108-458), which established a negotiated 
rulemaking to determine national standards for state driver's licenses 
and identification cards (DL/IDs). NGA supported the compromise 
contained in section 7212 because it allowed stakeholders, including 
governors, to participate in the process of reforming what 
traditionally has been a state function.
    Although the negotiated rulemaking was already underway, REAL ID 
repealed the provision and replaced it with statutory standards, 
procedures and requirements that must be met if state-issued licenses 
and identification cards are to be accepted as valid identification by 
the federal government. REAL ID's mandates require alteration of long-
standing state laws, regulations and practices governing the 
qualifications for and the production and issuance of licenses in every 
state. Complying with REAL ID's standards will require significant 
investments by states and the federal government and will test the 
resolve of citizens directly affected by changes to state systems.
    More importantly, all of this must be done quickly. The next 
milestone for states is January 15, 2013. As of that date, a state must 
be ``materially compliant'' with the act, or individuals can no longer 
use its licenses or identification cards to board commercial aircraft.
    Given its impact on states and individuals, governors worked 
closely with other state groups, including the National Conference of 
State Legislatures and the American Association of Motor Vehicle 
Administrators, to recommend a regulatory framework that could bridge 
the gap between state laws and practices and the unrealistic 
requirements of REAL ID. NGA commends the Department of Homeland 
Security (DHS) for its continued efforts to develop a workable 
regulatory system to implement the law.
    Unfortunately, even after the final rule was released, major issues 
remained including a lack of funding for state implementation; privacy 
concerns regarding the collection and use of individuals' information; 
and uncertainty regarding the availability, development and cost of 
electronic databases. These concerns ultimately helped propel 16 states 
to pass laws prohibiting compliance with REAL ID; laws that remain on 
the books today.

                         DEVELOPING A SOLUTION:

    Given states' ongoing concerns, and the looming deadline for 
material compliance, governors asked NGA to work with state experts to 
develop recommendations to improve REAL ID based on the following 
principles:

        1.  Fulfill the 9/11 Commission recommendation for the 
        ``federal government to set standards for sources of 
        identification;''

        2.  Facilitate and encourage participation by all 
        jurisdictions;

        3.  Enhance the security and integrity of all licenses and ID 
        cards while retaining state flexibility to innovate; and

        4.  Address critical privacy concerns and reduce unnecessary 
        costs.

    NGA's work culminated in the following recommendations:

          Provide funds necessary for states to comply with 
        federal requirements. The projected costs of complying with the 
        act far outweigh existing sources of funding. To the extent 
        federal requirements result in increased costs for states, the 
        federal government should fund the cost of complying with the 
        law.

          Allow for date-forward implementation. To comply with 
        the act, states should only be required to issue compliant DL/
        IDs beginning on a certain date. All DL/IDs issued after that 
        date would comply with the federal law, but individuals would 
        not be required to obtain a new DL/ID until their existing DL/
        ID expires. This provision would not apply to non-federally 
        compliant DL/IDs issued by a state.

          Limit required electronic verification of documents. 
        The final rule identifies five systems states will be required 
        to use to be compliant with the law: Social Security On-Line 
        Verification (SSOLV); Electronic Verification of Vital Events 
        Records (EVVER); Systematic Alien Verification for Entitlements 
        (SAVE); an all-drivers system run by states to ensure an 
        applicant is not licensed in another state; and a system run by 
        the U.S. Department of State to validate foreign passport 
        information. Of these systems, only SSOLV and SAVE are 
        nationally deployed and functioning. Because of uncertainty 
        regarding how and whether the five electronic systems will 
        work, how they will be integrated and how they will ensure the 
        protection of data, their use should not be required by federal 
        law or regulation. Rather, states should be permitted to use 
        existing verification processes to comply with federal 
        requirements.

          Establish a unique symbol to indicate that a license 
        or identification card complies with federal requirements. 
        States should retain the authority to issue DL/IDs that do not 
        meet federal standards. In order to differentiate between DL/
        IDs that meet federal requirements and those that do not, DHS 
        should work with states to designate a means to easily identify 
        federally compliant DL/IDs.

          Provide greater clarification and flexibility 
        regarding physical security requirements. Not all departments 
        of motor vehicles issue DL/IDs through the same process; some 
        use central issuance (CI), others use over-the-counter issuance 
        (OTC) and some use a hybrid CI/OTC process. Therefore, DHS 
        should allow states to use a combination of security features 
        designed to protect the physical integrity of DL/IDs. Many 
        states have processes in place to issue, maintain and protect 
        DL/ID information. Federal law and accompanying regulations 
        should provide flexibility in how states prevent tampering, 
        counterfeiting or unauthorized duplication of DL/IDs for 
        fraudulent purposes.

          Establish minimum guidelines for the further 
        protection of personally identifiable information. DL/ID 
        information is protected by federal and state Driver Privacy 
        Protection Acts (collectively, DPPA). However, since DPPA was 
        enacted well before Real ID, DHS should establish further 
        minimum guidelines to address requirements to protect the 
        security, confidentiality and integrity of personally 
        identifiable information that could not have been contemplated 
        at the time of DPPA enactment.

          Establish a process to allow states greater 
        flexibility in validating an applicant's identity under 
        exceptional circumstances. States should be permitted to 
        establish a process to validate an applicant's identity in rare 
        cases where the applicant is unable to present the documents 
        specified in the act.

          Recognize enhanced driver's licenses as being 
        compliant with REAL ID. Enhanced driver's licenses issued by 
        states should be considered compliant with requirements for 
        secure state DL/IDs.

          Establish a demonstration program to evaluate 
        electronic information sharing among states. The hub system 
        envisioned by DHS in the final REAL ID rule is a complex and 
        potentially costly endeavor, and participation in the system 
        should not be federally required. Instead, the federal 
        government should facilitate a demonstration program among a 
        few states to determine projected costs for such a system, the 
        appropriate governance structure for administrative purposes 
        and the appropriate security and privacy measures to protect 
        individuals' personal information.

          Provide access to federal electronic systems. Access 
        to any federal electronic systems that states are required to 
        use to comply with the act should be provided free of charge, 
        just as the E-Verify system is made available to employers 
        without cost.

    PROVIDING FOR ADDITIONAL SECURITY IN STATES' IDENTIFICATION ACT:

    In 2009, NGA supported S. 1261, the ``Providing for Additional 
Security in States' Identification Act,'' (PASS ID) because it is built 
largely on governors' recommendations for solving the problems inherent 
to REAL ID.
    For example, to address the issue of cost, PASS ID would have 
eliminated fees associated with the use of existing federally run 
databases that states must use to issue DL/IDs. It would also have 
allowed states to innovate to meet security requirements and eliminated 
the requirement to use electronic verification systems that do not yet 
exist or are not nationally deployed. If implemented, these changes 
would have combined to cut state costs of compliance from $3.9 billion 
to approximately $2 billion.
    PASS ID also recognized that at the time only two of the electronic 
systems states must use under REAL ID existed and were nationally 
deployed: SAVE to verify immigration status and SSOLV to verify social 
security information.
    Today little has changed; SAVE and SSOLV remain the only two 
systems available although an electronic system to verify passports 
should be fully operational later this year.
    Work to develop an electronic database to share DL/IDs information 
among states is slow, with implementation of an operational state-to-
state system not anticipated until 2015. A fully deployed and populated 
system will not be available to states until 2023.
    Likewise, a national vital records database to check birth 
certificates remains unfunded and lacking for data. Specifically, the 
recent recession and lack of federal funds has prevented states from 
digitizing their records--a necessary step for making a national 
database a reality.
    PASS ID recognized these shortcomings by not requiring states to 
use systems that do not exist. It also addressed privacy concerns by 
requiring procedures to prevent the unauthorized access to or sharing 
of information, as well as requiring public notice of privacy policies 
and the establishment of a redress process for individuals who believe 
their personal information should be amended in records systems.
    Finally, PASS ID tied timelines for issuance and full 
implementation to the completion of final regulations. Although not a 
true date-forward implementation schedule as called for by NGA, when 
combined with other enhancements, PASS ID would have allowed states to 
begin issuing compliant licenses and IDs faster than called for by REAL 
ID.

                              CONCLUSION:

    Since its passage, governors have consistently offered constructive 
recommendations for implementing REAL ID. Governors have encouraged DHS 
and Congress to ``fix'' the act by implementing statutory or regulatory 
changes to make REAL ID feasible and cost-effective. They also have 
called on the federal government to ``fund'' REAL ID by providing 
federal dollars to offset state expenditures for meeting new federal 
standards.
    If Congress wants to see REAL ID implemented, it needs to encourage 
and support the implementation of regulations and guidelines that make 
compliance a possibility. DHS has worked closely with states to 
understand the complexities of the DL/ID process and provide rules that 
encourage better and more secure DL/IDs in a more cost-effective and 
realistic manner. More, however, needs to be done.
    Security of our nation is not a partisan issue. Every governor is a 
security governor. Every governor is interested in making government 
work. Governors look forward to continuing efforts with Congress and 
DHS to find workable, cost-effective solutions that can increase the 
security and integrity of all state license and identification systems.
                               __________

    Mr. Sensenbrenner. Thank you very much.
    The Chair is going to clean up and ask questions last. So 
the gentleman from Virginia, Mr. Scott, is recognized.
    Mr. Scott. Thank you, Mr. Chairman.
    I guess, Mr. Williams, what ID is necessary to get a REAL 
ID? What does a person have to present in order to get 
identification?
    Mr. Williams. Well, what an individual would need to do is 
present source documents, for example, such as a birth 
certificate, and if they have a Social Security number, they 
should present that Social Security card or another acceptable 
document with the Social Security number so that number can be 
verified.
    If they are in the country, for example, with immigration 
papers, then they certainly need to present their immigration 
document to be verified.
    Mr. Scott. Let me just--for a citizen just trying to get an 
ID----
    Mr. Williams. For a U.S. citizen?
    Mr. Scott. Yes.
    Mr. Williams. A birth certificate and Social Security card.
    Mr. Scott. Now, what do you need to do to get a birth 
certificate?
    Mr. Williams. To get a birth certificate, different states 
have different processes in regards to how you get it and who 
is authorized to get a birth certificate. But in many cases, I 
think you would have to go to your vital records agency within 
that state to request a birth certificate. And again, that is 
the general term. Different states have different processes.
    Mr. Scott. And again, what do you have to present to get 
the birth certificate?
    Mr. Williams. Each state I think has a different process 
for it.
    Mr. Scott. Could a terrorist show up and get a birth 
certificate, my birth certificate?
    Mr. Williams. That is a question I couldn't answer. I don't 
participate in the vital records agency processes.
    Mr. Scott. I don't know where my Social Security card is. I 
know my number, but I wouldn't have a clue as to where the 
actual card is.
    Mr. Williams. If you don't have your Social Security card, 
there are other documents that you can use with that Social 
Security number.
    Mr. Scott. Okay.
    Mr. Williams. For example, if you are employed and you have 
a W-2----
    Mr. Scott. If two people were wandering around using the 
same birth certificate or the same Social Security number, is 
there something in the system that would expose that?
    Mr. Williams. Well, Social Security, the agency has the 
capability to identify----
    Mr. Scott. A lot of people sell Social Security numbers, 
those that would actually check when you go through the 
process, as a valid Social Security number. How do you know 
that the person before you is the one with that Social Security 
number?
    Mr. Williams. Again, that would be a process of checking 
with the Social Security Administration and using their 
processes.
    Mr. Scott. REAL ID doesn't solve this.
    Mr. Williams. No, REAL ID doesn't govern that process.
    Mr. Scott. Mr. Heyman, is possession of a fake ID a crime?
    Mr. Heyman. I believe it is.
    Mr. Scott. You believe it is?
    Mr. Heyman. I don't know.
    Mr. Scott. You don't know.
    Mr. Heyman. Use of it is a crime.
    Mr. Scott. Use of it. But, I mean, if you just ran across 
somebody and they had three or four different IDs in their 
pocket, would that be a--you don't know if that is a crime or 
not? Okay.
    Mr. Williams, you indicated exposure of employee fraud. If 
you have a DMV clerk somewhere in some rural area just making 
money by selling fake IDs, would these IDs be as good-looking 
as other IDs?
    Mr. Williams. The most valuable ID that you can actually 
get is working with an internal person to produce one based 
upon the internal processes of that particular state's DMV. The 
cost for that process, to show you how realistic it is, for 
example in New York, they were selling fake IDs for as much as 
$10,000 per copy. In the State of, for example, Maryland, a 
fake ID produced internally could render as much as anywhere 
from $2,500 to $3,000; California, anywhere from about $5,000--
--
    Mr. Scott. Well, if you have bribed a DMV official, will 
the ID be--would anybody be able to ascertain that this is a 
fake ID?
    Mr. Williams. If the ID is produced internally, it will be 
exactly the same as any other ID. That is the value of finding 
someone who works inside, and that is what REAL ID seeks to 
prevent.
    Mr. Scott. How does it prevent internal fraud?
    Mr. Williams. By coming up with a number of internal 
processes that the DMV must actually utilize, for example, to 
include background checks of its employees, but also internal 
processes to ensure that, for example, one person does not have 
the authority to actually produce a driver's license from start 
to finish, and then other internal processes like, for example, 
making sure that you have a photo of the individual who sought 
a driver's license through application so you can actually 
check internally to see whether or not that photo shows up on 
any other driver's license with a different name and Social 
Security number.
    Mr. Scott. Is that check actually done anywhere?
    Mr. Williams. That check is actually done by a number of 
DMVs today. With the advent of REAL ID, that number of internal 
checks has gone up significantly.
    Mr. Scott. If I can just follow up on this with one 
question?
    Mr. Sensenbrenner. Without objection, the gentleman has one 
more question.
    Mr. Scott. If two people are using the same photo, that 
would be exposed?
    Mr. Williams. If two people were using the same photo at 
the same DMV, DMVs have----
    Mr. Scott. The DMVs, one is in Connecticut and one is in 
Virginia.
    Mr. Williams. Well, if they were in different states and 
those states did not have a process where they actually shared 
photos, then that would be more difficult. But in the same 
state, a number of states have same-day processes where they 
take your picture and then run it through the database and 
check with all other photos in their database to see whether 
you are the person you claim to be. And then on a 24-hour 
basis, they run it through their entire system to process to 
see whether or not you have a, quote unquote, face that is 
recognized in their database, and then what they have is 
control investigators. Once they ascertain that you may have a 
photo already in their database, the investigator is actually 
used to pursue to determine whether or not you are an exact 
match or if you are a similar match but not necessarily the 
exact same person.
    So a number of processes are in place to prevent the same 
photos with different IDs inside the state level. States have 
cooperative sharing relationships where they are actually 
starting to share some of their photos across state lines to 
ensure that you don't have, for example, a picture ID in the 
State of North Carolina, but also in the State of South 
Carolina.
    Mr. Sensenbrenner. I guess all this was done because of 
REAL ID.
    The gentleman from Michigan, Mr. Conyers.
    Mr. Conyers. Thanks, Chairman Sensenbrenner.
    Let's use this time to focus on the two issues that have 
been so well raised in this discussion, and I want to thank 
attorney Stewart Baker for his emphasis on the privacy issue. 
Let's talk about how we fund and how we guard for privacy. 
Remember now that we may be meeting with the Secretary 
Napolitano on this subject, and we want to use these minutes to 
get your best advice as to how we deal with her, with the 
Chairman, with these two issues.
    Let's start off with you, David Quam, and then let's 
everybody just chime in when you want to.
    Mr. Quam. Thank you, sir. I think the emphasis with the 
Secretary has really got to be first and foremost with the 
guidance that needs to come out so states know exactly where 
they are. So knowing those rules so states can evaluate where 
we are today and where states need to be by January 15th is 
critical. I think that guidance is pending and will come out 
very shortly.
    With regard to privacy, governors have always been 
concerned with governance of these systems. It is how the 
systems work, but how are they governed? How is individual 
information being protected, and how can it be corrected if 
there is a mistake, to make sure there aren't false-positives?
    So, very large privacy concerns that need to be worked out. 
That is why some of those systems are going to take some time 
to bring online, and privacy guidance is critical, and 
hopefully it is going to be part of this next guidance.
    And then finally, with regard to funding, states have long 
said this is an expensive proposition. If it is a mandate from 
the Federal Government, it should be paid for by the Federal 
Government. One simple example that we have called for, if 
there is a requirement to use Federal systems, then those 
Federal systems should be free to the states, much like e-
Verify is for a lot of businesses. The Federal Government has 
the databases, let us use that. It is part of the problem we 
have had with vital records where there is a fee that has to be 
charged every time. In the fiscal condition of states, that can 
be very problematic. But with some funding for states, I think 
you can find that states can more easily come on board.
    Mr. Scott. Attorney Stewart Baker.
    Mr. Baker. On the privacy issue, to my mind the biggest 
privacy issue in this area is not having a good ID. I don't 
understand what privacy interest is served by having a bad ID. 
The real privacy concern is the risk that your identity will be 
stolen and someone will use a fake ID to pretend to be you.
    The Department has lots of information about people who are 
engaged in that kind of identity fraud, and there needs to be 
better coordination with the states so that they don't continue 
to issue driver's licenses to people using bad Social Security 
numbers and so they can reinvestigate people who may have used 
bad Social Security numbers to get their cards in the first 
place.
    So that would be a privacy issue that I think would be very 
useful to address. I do think the Department has done a good 
job of coming up with some additional privacy standards that 
they think should be met by states to protect data, and that is 
a good thing.
    On the question of unfunded mandate, I think that is--I 
don't agree with it, and the problem with that is the argument 
that somehow the Federal Government should make free the SSOLV 
and SAVE programs that allow you to use the government's 
records to check Social Security numbers and the like. Those 
cost pennies, maybe 20 cents. The states, on the other hand, 
have put in place EVVER, in which they propose to charge $2 a 
check, the income of which they are going to keep to use for--
--
    Mr. Conyers. Do you prefer the state solution?
    Mr. Baker. This is the state electronic event verification, 
essentially the birth record database. The current prices for 
that are $2 because the state vital records offices want to 
make about $1 every time they provide this information. For the 
states to say we want to charge you dollars and we want you to 
forgive the pennies that we are paying is inconsistent, I 
think.
    Mr. Conyers. Let me get to Darrell Williams.
    Mr. Williams. There are only three issues we are talking 
about: privacy, cost, and a recommendation for DHS. On privacy, 
most of the data that we are talking about already exists in 
various state DMV databases. States use what they call--this is 
actually run by the Department of Transportation--the CDLIS 
system, and that CDLIS, which is a commercial driver's license 
information system, actually contains the name, date of birth, 
and driver's license information for virtually all drivers 
already, because whenever anyone applies for a CDL, a 
commercial driver's license, they are run through the CDLIS 
system to determine whether or not they have a commercial 
driver's license somewhere else. So the data that we are pretty 
much talking about in regards to privacy concerns, it already 
exists in the database.
    The second issue, we talked about cost, and actually I will 
piggyback on an example that you gave in regards to Mark 
Sanford. Of course, now, Mark Sanford did write a letter. 
Actually, he wrote a couple of letters to DHS that went to 
Secretary Chertoff, but also to Napolitano, where he expressed 
concern about REAL ID and its cost. However, in that same 
letter Mark Sanford said that South Carolina, at the time of 
his writing, currently met about 90 percent of the REAL ID 
requirements. So if he was concerned about cost, he is 90 
percent there. There is only a 10 percent delta, and the delta 
wasn't going to be overly substantial at the time when I 
actually read his letter and talked with Marcia Adams, who is 
the South Carolina DMV Director in that timeframe to determine 
exactly where South Carolina was. So the cost delta using that 
example was not going to be that great.
    The last item in regards to a recommendation for REAL ID 
implementation, REAL ID is a program, and REAL ID is managed 
pretty much out of a program office. I know because I started 
it. However, the enforcement part about REAL ID today is that 
program and that program office remains in a policy 
environment, which is the exact wrong place for a program to 
be.
    The skill sets are not there. The program management skills 
are not there. The engineering skills are not there. So if you 
are designing and developing an information-based system, 
policy is the exact wrong environment to be in for a program to 
thrive and flourish as we look at going forward.
    Mr. Sensenbrenner. Without objection, the gentleman from 
Michigan will be given an additional minute.
    Mr. Conyers. I thought it was 2 minutes.
    Mr. Sensenbrenner. No. I said you were already 2 minutes 
over.
    Mr. Conyers. Oh. Thank you very much. Mr. Heyman, please.
    Mr. Heyman. Thank you, Congressman. Thank you. Let me just 
talk on those three points that you are interested in.
    First, in terms of the privacy, the REAL ID Act did not 
contemplate or stipulate privacy requirements, but we did put 
in the regulation privacy requirements on the states. There are 
standards for data protection, particularly on the network. 
There will be encryption standards, and as Mr. Williams 
mentioned, the networks are built on private networks that 
already exist with privacy protections.
    We are moving forward with guidance, as the states have 
asked for. That guidance will, I believe, help provide clarity 
for helping on compliance questions by providing comparable 
programs that had not possibly been contemplated.
    And then lastly on the funding question, funding this year, 
the Secretary did sign out in February 2012 new FEMA grant 
guidance to state administrative agencies to help address and 
to be used for funding driver's license security grant 
programs.
    Mr. Conyers. Thank you.
    Mr. Sensenbrenner. The gentleman's time has expired.
    The gentleman from Colorado, Mr. Polis.
    Mr. Polis. Thank you.
    My first question is for Mr. Heyman. I am concerned that 
there are several classes of legal immigrants who would not be 
eligible for a license under this law. Some of those include 
non-immigrant visas such as victims of trafficking, immigrants 
who have been paroled into the U.S. for humanitarian reasons, 
battered immigrants who are awaiting actions or on petitions 
filed with U.S. CIS. These are some of the most vulnerable 
legal immigrants in our country.
    Does the law need to be fixed so these people can get a 
license, or is there some procedure under this law where these 
groups of legal immigrants would be able to get licenses?
    Mr. Heyman. Well, under the REAL ID Act and regulations, 
lawful presence is assessed and determined, but the actual 
determination of who to issue a state driver's license for 
operating a vehicle but perhaps not REAL ID-compliant is left 
to the state. So that decision is a state decision.
    Mr. Polis. But the issue is whether the ID would be useful 
for Federal purposes, and I think it is in many ways a backdoor 
Federal takeover of the licensing requirement for the states. 
Do you anticipate that the states will have two sets of 
licensing requirements, one REAL ID-compliant and one not? Is 
that what you are contemplating?
    Mr. Heyman. We are not--we are contemplating that if a 
driver's license is to be used for Federal purposes, it must be 
REAL ID-compliant.
    Mr. Polis. As far as you know, are any of the states 
maintaining two separate types of driver's license, one REAL 
ID-compliant and one non?
    Mr. Heyman. We don't have an assessment at this point, as 
you know, because the compliance deadline has not been met yet. 
We do not have visibility into what all states are 
contemplating.
    Mr. Polis. Have any states brought that up to the agency, 
that they are considering doing a two-ID approach?
    Mr. Heyman. I am not aware of that.
    Mr. Polis. Okay. Again, so the concern is, again under the 
REAL ID requirements, which are being heavily pushed to the 
states, it is my understanding that a victim of trafficking or 
a legal immigrant who has been paroled in the U.S. for 
humanitarian reasons or a battered immigrant who is awaiting 
actions on a petition filed under U.S. CIS, at least those 
three categories of immigrants it is my understanding are not 
able to get REAL ID-compliant driver's licenses. Is that 
consistent with your understanding?
    Mr. Heyman. An individual must be able, must present, must 
be lawfully present in the United States to attain a driver's 
license. So if they are lawfully present, they will be, along 
with all the other requirements.
    Mr. Polis. Okay. Well, those are people who are lawfully 
present in the United States, but they are legal immigrants, 
not illegal immigrants. But it is my understanding that in some 
cases, because their cases are pending, they would be unable to 
get the REAL ID. But are you saying they would be able to get a 
REAL ID-compliant state ID?
    Mr. Heyman. I am not aware of an exception to that. So if 
the Congressman would allow, we can get back to you on the 
record.
    Mr. Polis. We will be happy to get you some specifics.
    Let me go to Mr. Baker. It is my understanding DHS 
postponed the REAL ID implementation under the Bush 
Administration, and I would like to ask what those reasons were 
for that postponement over those period of years.
    Mr. Baker. We concluded that the states, by and large, were 
not going to meet the deadline. It was a pretty demanding set 
of requirements. They had been fighting them. They had been 
hoping to delay the implementation. And we broke the 
implementation into two stages, material and full compliance, 
so that we could get the states to a place with about a 1-year 
extension where they were implementing most of REAL ID. So we 
gave them a relatively short extension to meet, I would say, 90 
percent of the requirements, and in exchange for that we got 
their assurance that they were working diligently toward 
achieving the standards of REAL ID.
    Mr. Polis. Mr. Quam mentioned that the original was 
untenable and the flexibility was critical. I would like to ask 
Mr. Quam, is there sufficient flexibility in the current law, 
or do we need to go back and add additional flexibility to 
ensure that this can be implemented?
    Mr. Quam. It is quite possible that we need additional 
flexibility. Part of the reason for the delay was the first set 
of regs really was untenable. It was not going to provide the 
opportunity for states to truly implement the law. I think DHS 
did a very good job of listening to the states. I have to 
congratulate the Department, both Administrations, for 
listening to the states and realizing how complex this was in 
making changes.
    I think this next set of guidance is going to be critical 
for states to evaluate where we are and what other 
flexibilities need to be put in. Again, with regard to some of 
the databases that are necessary, they are just not there. If 
they are not there, states cannot be required to meet a 
compliance standard that is impossible to meet. So that 
flexibility has to be there to get states to move forward. 
States are moving forward. They are doing the best they can 
with the rules as we have them.
    Mr. Polis. I just want to ask for 30 seconds?
    Mr. Sensenbrenner. Without objection.
    Mr. Polis. And the final question, Mr. Quam. So again, 
without additional flexibility, do you believe that there would 
have to be additional postponing of the hard deadline for the 
REAL ID Act to go into effect?
    Mr. Quam. Until we see the guidelines, it is impossible to 
say what is going to be necessary for the states. States do 
have to make progress in order to meet the rules as they stand 
today. I think that guidance and an evaluation by the states is 
going to be critical to determine that question.
    Mr. Polis. Thank you, and I yield back.
    Mr. Sensenbrenner. The gentlewoman from California, Ms. 
Chu.
    Ms. Chu. Thank you, Mr. Chair.
    Under the REAL ID Act, an individual's address has to be on 
the face of the card, but many individuals ranging from law 
enforcement and judges to victims of domestic violence may be 
put at risk due to this requirement. Mr. Heyman, there are many 
domestic violence victims who don't want their address on the 
ID card, and there are many victims of domestic violence. One 
in four women will experience domestic violence in her 
lifetime.
    What is DHS doing to address this issue, and has there been 
any study of the effect of these provisions on survivors of 
domestic violence, sexual assault, or stalking?
    Mr. Heyman. There are provisions for alternative ways for 
identification, the specifics of which I would actually turn to 
my colleague here, who used to work for me, who actually helped 
implement them.
    Mr. Williams. The rule as written today does allow for 
individuals that are victims of domestic violence not to have 
their home addresses displayed, for law enforcement and judges 
as well.
    Ms. Chu. So there are allowances for that?
    Mr. Williams. Yes.
    Ms. Chu. Let me ask about another issue. Actually, Mr. 
Williams, I would like to address this to you, and that has to 
do with the fact that, of course, there are more stringent 
requirements for the REAL ID Act, and yet at the same time 
there is another thing going on, which is that at least 34 
states have introduced legislation just this last year that 
would require voters to provide a photo ID when they go to 
vote. At least 12 states have introduced legislation that would 
require proof of citizenship such as a birth certificate to 
register to vote.
    To what extent--and Mr. Heyman, too--to what extent has the 
Department been monitoring the recent attempts to enforce these 
ID requirements and its impact on voting?
    Mr. Williams. For that, I would have to really refer back 
to the Secretary Heyman in regards to what DHS is doing to 
monitor.
    Mr. Heyman. Well, we are aware of those provisions. They 
are not material to the compliance for REAL ID, but we are 
certainly paying attention to that.
    Ms. Chu. Let me ask about the 25 states that have, through 
statute or legislative resolution, rejected their intent to 
comply with the Act. I know there has been some dialogue and so 
forth, but what conversations has DHS had with governors and 
state legislatures to address their concerns with the Act? And 
also, if REAL ID is implemented by 2013, what implications will 
it have for citizens from these states if there are still those 
that reject the REAL ID Act? Will citizens from these states no 
longer be able to board a plane? What implications are there 
for their everyday life, Mr. Williams and Mr. Heyman?
    Mr. Heyman. Well, let me just say that if you look at all 
states and all territories to include those that have acts 
against REAL ID, all of them have made progress on driver's 
license security. In fact, if you look at the material 
compliance, the 18 benchmarks for material compliance, 83 
percent of those with benchmarks, states have committed to 
meeting or are already meeting 83 percent of those.
    What that reflects is that while the actual compliance with 
the specific Act may have been rejected by some states, they 
are continuing to make progress on the actual underlying 
security standards.
    Mr. Williams. I would say one of the other advantages that 
citizens of those states would have is REAL ID is only required 
when an individual goes to the airport and is asked to produce 
a form of ID. If that person chooses to produce a driver's 
license as a form of ID is where the REAL ID requirement would 
come in. There are other forms of ID a person could actually 
produce, and that could be very well accepted by the TSA 
individuals at the airport. Or, for example, a person could 
very well have no form of ID and still be allowed to get on an 
airplane.
    So they do have alternatives and options if, by chance, you 
are addressing the issue as to, when they go to the airport, 
whether or not they would be allowed to actually board a 
commercial airline. So, yes, there are options available for 
them in any of those states.
    Ms. Chu. And the other forms of ID for boarding a plane 
would be?
    Mr. Williams. Please?
    Ms. Chu. The other forms of ID you said would be acceptable 
for boarding a plane?
    Mr. Williams. Well, there's a TSA list of items that they 
accept, I guess on the TSA website, I believe, in regards to 
what are acceptable forms of identification other than a 
driver's license.
    Mr. Sensenbrenner. The gentlewoman's time has expired.
    The gentlewoman from Texas, Ms. Jackson Lee.
    Ms. Jackson Lee. Mr. Chairman, thank you very much, and 
thank you for holding this hearing that reviews what I think is 
a stalled law ready for burial. I believe the REAL ID Act was 
implemented in 2005, and it seems as if implementation has 
completely stalled, and there seems to be resistance to the 
REAL ID implementation in the states, and it is guaranteed that 
the statute seemingly will never be implemented as it is 
currently drafted.
    It was passed as a rider to a bill funding the military 
expenditures and tsunami relief, so it obviously slipped under 
the radar screen. But it gives states 3 years to bring their 
driver's license into compliance with the Act's requirements, 
common licensing standards national database, et cetera. It is 
now 2012. That is 7 years. The REAL ID has faced opposition 
from civil rights and civil liberties, but I think the real 
question is the lack of sufficient protections.
    We are now in the midst of another rage of what we call 
voter ID laws in 40 states, all being confronted with the real 
issue of denying someone a birthright, a citizen's right to 
vote. They have been previously able to identify themselves, 
have a voter registration card.
    So I want to ask the representative of the National 
Governors Association. I have never known the National 
Governors Association to not be quite prompt, and not only 
prompt but conversant and ready to adhere to Federal laws, but 
I am respectful of the fact of the different requirements of 
each state. Tell me why this has been so difficult and what I 
perceive to be opposition to implementing a law passed in 2005. 
And I might just put on the record that there are those 
opponents that come from all political perspectives who are 
dealing with questions of civil liberties and civil rights. But 
let me hear from the representative of the National Governors 
Association, please.
    Mr. Quam. I greatly appreciate the question. I think a lot 
of the problem initially was a misunderstanding of how driver's 
license systems work, and there was an education process that 
had to go on between the time of the passage of the bill and 
ultimately the regulations that came out, and then the 
regulations that were rewritten. As everybody learned how 
difficult the processes are, the fact that the states have been 
doing this for over 100 years and not the Federal Government, 
and that combining rules for the Nation when you have each 
state doing their own is a difficult process.
    And so what happened is that governors really tried to be 
constructive partners to find a solution. One of our key calls 
was fix and fund REAL ID early on. Later it became let's take 
the strengths of REAL ID and get rid of its problems. That 
became the PASS ID Act that was introduced, at least in the 
Senate.
    You still see states today trying to improve and meeting 
some of these benchmarks, the integrity of their licenses, 
because every governor is a security governor. They want their 
driver's license to be secure and safe. But very real problems 
were raised on both sides of the aisle with regard to privacy, 
with regard to the reach of the Federal Government into state 
actions, and then ultimately how do you get this done, how do 
you find a solution that makes the most sense.
    The original compromise for a negotiated rulemaking was 
something that governors and states were willing to participate 
in and were active participants. I think if that had been 
allowed to go forward, we may be further than we are today. But 
like I said, there was a partnership formed between governors, 
between states, the Department of Homeland Security, and even 
many Members of Congress to try to find a way forward. You have 
seen a lot of progress, but there are still a lot of 
objections, and there are 16 states who still have a law on the 
books today saying we will not comply.
    It is a problem when one-fourth of the states say we are 
not participating in a national system. It is hard to have a 
national system when one out of every four isn't participating.
    Ms. Jackson Lee. Let me thank you for that explanation. I 
know that, as a Member of the Homeland Security Committee, I 
will be probing this independently, and I am not going to probe 
Mr. Heyman at this time. I think the record is going to be very 
clear in this hearing. It is not functioning. It is not 
working. I think the privacy issues are severe, and I think 
that this adds to the opposition to this massive plague of 
voter ID laws. It just compounds fears.
    I just came out of a hearing dealing with Hezbollah and 
homeland concerns on Hezbollah's presence on the homeland. Yes, 
that is where we need to be focusing. And, yes, we need to be 
acknowledging that 9/11, tragic as it was, that our message was 
that we are not going to allow terrorists to cause ourselves to 
undermine our basic civil liberties and privacy.
    So I just want to yield back at this time and say that my 
concern remains on this REAL ID law, and I believe it is not 
effective at this time. I yield back.
    Mr. Sensenbrenner. The gentlewoman's time has expired.
    It seems from this hearing that because of the REAL ID law, 
there have been significant improvements in the security of 
state IDs, even in the states that rejected the REAL ID law. 
And Mr. Quam I notice is nodding his head, and so we will put 
that in the record.
    I think one of the ways to get the ball over the goal on 
this--and I realize as the author of the bill that this is a 
complicated bill--is, first of all, states need guidance; and 
secondly, the DHS has to show that it is serious that there is 
a deadline.
    So, Mr. Heyman, let me ask you, when are the states going 
to get some guidance, better guidance?
    Mr. Heyman. Guidance is in OMB now for clearance. It should 
be forthcoming in the next couple of weeks.
    Mr. Sensenbrenner. That is good. Now, during an oversight 
hearing that this committee had last November, Secretary 
Napolitano refused to say whether or not the DHS would hold 
firm to the January 15th, 2013 deadline. Is DHS going to extend 
the deadline again?
    Mr. Heyman. We have no plans to extend the deadline.
    Mr. Sensenbrenner. That is good. Now, Mr. Heyman, in your 
testimony you state that REAL ID regulation, as opposed to the 
law, provides DHS with the ability to recognize comparable 
programs in states and territories that issue driver's license 
and ID cards consistent with the minimum requirements of the 
regulation. But the REAL ID Act does not differentiate between 
requirements that are mandatory and those that are 
discretionary. Please inform the committee which part of the 
REAL ID Act authorizes DHS to make that distinction.
    Mr. Heyman. Congressman, what we are looking to do here is 
to take the brilliant invention of states which allowed for 
innovation in a democratic society and to capture that, in 
effect, such that one state that may have thought of a solution 
for implementation of the regs that we had not originally 
contemplated but was consistent with the regs could be 
identified and shared with others. That is the purpose of 
putting forward comparable programs.
    Mr. Sensenbrenner. Well, in my high school civics class, I 
learned in a democratic society that laws that are passed by a 
majority vote of the legislature and signed either by the 
President or the governor are the law. Now, has that basic 
constitutional principle penetrated DHS or not?
    Mr. Heyman. The law is the law, Congressman, and the ways 
in which states can comply with that law, there may be 
comparable programs that, with technology or otherwise, that 
allow for consistent application of the law through state by 
state innovations.
    Mr. Sensenbrenner. Okay. Let's get back to the guidance. 
Why has the DHS waited so long to issue the guidance?
    Mr. Heyman. The guidance has been in development over a 
period of probably a little over a year, and it is forthcoming 
now. I think it is timely. It will give states an opportunity 
to assess where they are in the compliance process, and for us 
to do the same.
    Mr. Sensenbrenner. Well, the law was signed in 2005 by 
former President Bush. Did it take DHS 6 years to start doing 
the guidance and now we are about ready to get to it?
    Mr. Heyman. Well, the history of the implementation is that 
first the Department established a regulation and an 
implementation plan, and then it issued two other forms of 
guidance in 2009. In our dialogue, this is a partnership with 
the states, and in our dialogue with the states it has become 
clear that they have sought additional clarity, and we are 
therefore putting forward additional guidance.
    Mr. Sensenbrenner. Okay. Now, my final question is there 
has been a disconnect between DHS and the states, both in this 
Administration and in the Bush Administration on this subject. 
How many states has DHS visited or AAMVA meetings has DHS 
participated in with regard to the REAL ID Act?
    Mr. Heyman. I believe we have traveled to 44 out of 56 
states or territories, and I can't give you the number on AAMVA 
participation, but we regularly, perhaps even annually, 
participate in their national convention.
    Mr. Sensenbrenner. Okay. Well, thank you. I think that 
completes the record. I yield back the balance of my time.
    Are there any further items that Mr. Scott wants to put 
into the record?
    Mr. Scott. Well, Mr. Chairman, we have had statements from 
others that we would like into the record, if we could.
    Mr. Sensenbrenner. Without objection, both the majority and 
the minority may put additional statements into the record that 
are relevant and material to the purpose of this hearing or the 
testimony of the witnesses.
    Hearing none, so ordered.
    And without objection, this hearing is adjourned. I thank 
all of the witnesses for their testimony.
    [Whereupon, at 11:17 a.m., the Subcommittee was adjourned.]

                            A P P E N D I X

                              ----------                              


               Material Submitted for the Hearing Record















                                









                                





                                







                                













                                











                                










                                 
