The December 2022 issue of IEEE Spectrum is here!

Close bar

There's an interesting story in next month’s National Defense magazine on the long gestation of the REAL ID Act.

As you may remember, eight years ago the U.S. Congress passed the REAL ID Act of 2005. It would have forced states to start issuing tamper-proof driver licenses and identify cards by 11 May 2008. The reason for the act, a brainchild of Congressman Jim Sensenbrenner of Wisconsin, was to make it harder for terrorists and other criminals to be able to pass off fake IDs in the commission of their crimes. And a REAL ID card would be required to enter a federal building or board a commercial airline flight.

After an outcry from state governors over the projected cost—upwards to US $12 billion they claimed—and from privacy advocates over this creation of a de facto national identity card, the Department of Homeland Security (DHS) decided in March 2007 to move the act's compliance date to December 2009. Then, in January 2008, DHS decided again to postpone the deadline for states to the 11 May 2011 and also changed some of the documentation requirements needed to get a REAL ID in hopes of quieting the critics. DHS estimated then that the states’ implementation costs would not be any greater than $3.9 billion, which DHS would help cover with $280 million in state grants.

After continued grumbling by the states about the cost, and some two dozen state legislatures passing laws or resolutions refusing to comply with the REAL ID requirements, in March 2011, DHS postponed the compliance deadline yet again, this time to 15 January 2013. And then, as this deadline approached and with most states still in non-compliance, late last month DHS for the fourth time delayed the compliance deadline. It will apparently be to sometime in 2015; the department won't announce the exact date until later this year.

A DHS press release announcing this latest delay praised the 13 states that it says have met REAL ID standards: Colorado, Connecticut, Delaware, Georgia, Iowa, Indiana, Maryland, Ohio, South Dakota, Tennessee, West Virginia, Wisconsin, and Wyoming. However, as the National Defense magazine article points out, the Real ID act requires that there exist “five different national databases for states to tap into to verify identities [but those] are not up and running.”

Hmm, I guess meeting the REAL ID standard all depends what you mean by “standard.” Or maybe the word "is."

In addition, as noted in an acerbic post at the CATO Institute, there are pretty good odds that the states who haven’t complied with the REAL ID act will probably never have to, making suckers out of those that did. As CATO points out, it is highly unlikely that the federal government is going to tell the citizens of 37 states they can’t fly in planes or enter federal buildings. How will federal judges feel about all those empty jury boxes? As it happens, I've been called to federal court jury duty next week, in a state that doesn’t meet the REAL ID act.

The pleasure of watching the endless tug of war over federal (unfunded) mandates versus states’ rights exposed by the REAL ID act is compounded by the risible and ever-changing cost estimates to the states of implementing it. Sensenbrenner originally estimated (i.e., pulled out of the air if not another place) that the cost to change state department of motor vehicle computer systems would be about $2 million per state over 5 years, or $100 million overall. The Congressional Budget Office, sharing the same fantasy, generally concurred, estimating that it would be closer to $120 million over the 5 years total.

However, a  2006 study by the  National Conference of State Legislatures (NCSL), the National Governors Association (NGA), and the American Association of Motor Vehicle Administrators (AAMVA) said that Sensenbrenner and the CBO were way off, and did not account for the vast majority of costs that would be incurred. This group estimated that the REAL ID act could cost states more than $11 billion over five years (pdf).

That number was thought to be way off until the DHS admitted in March 2007 that its own estimates of the REAL ID act implementation costs would be from $10.7 billion to $14.6 billion—with another $7.8 billion or so in costs borne by individuals in fees—over ten years.

After its January 2008 changes to the REAL ID requirements, DHS revised its own estimate and claimed that compliance would now cost the states a mere $3.9 billion or so over ten years.  In 2011, the Center for Immigration Studies, an advocate for REAL ID, estimated the cost  to the states would be even less: somewhere  between $350 million and $750 million. That seems remarkably low, given that DHS has said that it has already awarded $263 million in grants from FY 2008 to FY 2011 to states to help them meet the REAL ID requirements—and three-fourths of the states aren't done yet.

Exactly how much money the states have spent so far on top of this DHS grant amount is unknown, but even the DHS knows that meeting the Real ID “standards” aren't cheap. One reason for the latest delay, DHS says, is that “in a period of declining state revenues,” the states are having a hard time finding the money to implement the act's requirements.

My guess is that the DHS will continue to set Real ID compliance deadlines only to postpone them at the last moment, and hope that over time, the vast majority of states will ultimately albeit grudgingly implement REAL ID as they eventually replace their DMV legacy systems. Me, I'm rooting for some genuine enforcement of compliance by 2015. I probably wouldn't ever have to report for federal jury duty again.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
Vertical
A plate of spaghetti made from code
Shira Inbar
DarkBlue1

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less
{"imageShortcodeIds":["31996907"]}