There has been discussion that Enhanced Drivers Licenses are really a ‘gateway document’ towards implementing a continental identity management system. The Department of Homeland Security’s new secretary, Janet Napolitano, is an outspoken critic of the Real ID program. There has been wide speculation about what her position would be concerning Real ID now that she is running the department that was pushing Real ID. We’re now starting to see her position come out:
Enhanced driver’s licenses give confidence that the person holding the card is the person who is supposed to be holding the card, and it’s less elaborate than Real ID. (Source)
As long as states are running the databases, rather than there being a central federal database, she’s willing to get behind EDLs. While it’s good that the DHS is retreating from a full-scale deployment of Real ID, I’m not so sure that shifting to EDLs is a ‘solution’ to the privacy issues that are discussed surrounding the RFIDs in EDLs.
Technology, Thoughts & Trinkets 
It’s not just that there is RFID in EDLs, it is the kind of RFID, which is different than in passports and much less secure than passport RFID. That may not be a big deal for US tourists in Candada, but it sure a big deal for American tourists in Mexico if they are looking not to stand out. It won’t take long for commerical interests in the states to use the RFID for their own purpose either. They may not be able to pull up the customs database with the RFID number, but once they associate it with you at the checkout line you can be sure they will start to track you and it will become part of a different database. But beyond that, the EDL database involves a lot of datasharing with the governments of Canada and Mexico:
http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20090215/border_privacy_090215/20090215?hub=Canada&s_name=
LikeLike
The EPC Gen 2 RFIDs do indeed lack any real security. The fact that they broadcast a unique identifier, in the clear, is worrying. It does have to be noted, of course, that while the number stands as a proxy identifier, the information emitted by EDLs is limited to just that number. This is different from the American ePassports, which use smart-card technology to retain a substantial amount of personal information.
It’s great that the privacy commissioners in Canada have been vocal opponents of the EDLs, though I worry that with Ontario, Quebec, and BC adopting them that there will be substantial pressure on provinces like Alberta and Saskatchewan to end up adopting them. I guess that only time will tell….
LikeLike
The use of a pointer system / unique identifier is certainly better than if it was broadcasting your information. The problem though is not so much that others will be able to skim and use that number to access the official database. The main concern is that it will get used for other purposes and attached to you. When you should your ID to buy your Labatts, your big box store than knows that that number is you, and if you are paying by credit card (especially a RFID credit card), that link will get made instanteously and becomes part of the store databased that is entirely separate than customs. You can then be tracked in their store, or outside of it if they sell the data
LikeLike
I absolutely agree with you Pete – this was an issue that I raised when submitting comments on the EDLs to the Ontario government last year. We’re seeing drivers licenses being used for purposes that they weren’t initially intended for here in Canada, which actually led the privacy commissioners of Canada to release a public statement in December about the appropriateness of collecting drivers license data. I worry that without fairly rigorous regulation that warnings alone won’t be enough.
Even with regulation, of course, we’re left with pieces of technology that are pretty well inherently privacy invasive. I see the Ontario Commissioner working to try and make them more privacy friendly, but I just wish that we saw a more vibrant resistance AGAINST these devices by the public officials who are meant to secure our privacy, rather than just try to make them ‘less invasive’.
LikeLike