When asked about the security of the files being copied from data-drives during the process of issuing an ID, a senior staffer at the Maryland DMV, Waldorf office, responded "It is only accessible to our employees. Our employees are safe." He was speechless when we said, "So was Edward Snowden."
How can it be safe to Xerox and put in universally accessible-to-DMV-employees files a copy of basically four-of these: your birth certificate, passport, unemployment, social security number, residency proof, drivers license or registration, auto insurance proof, utility bill, W-2, tax record, lease agreement, marriage certificate, a DL-32 (concerning gender change), and more? Seriously, just Xerox those into DMV files and be required to share those with other states? And if you are a migrant, there is a slew of other documents you need to bring.
When we asked about the Maryland Department of Transportation's Motor Vehicle Administration (MDOT-MVA) privacy concerns, senior spokesman Ashley Millner, Assistant Media Relations Manager for the state agency, responded on behalf of DMV:
"All Personally Identifiable Information (PII) is physically secured in MDOT-MVA databases and encrypted. The data is protected by firewalls, sensors for detecting malicious activity, Intrusion Detection Systems, and other security monitoring systems" All databases are actively audited and monitored, and access is tightly controlled" An individual's PII may not be disclosed outside of the agency, except where specifically required by state law." (Full statement below and at the link: Click Here ). None of that stops an Edward Snowden from getting it.
Jay Jacob Wind, an I.T. and Data Specialist who helped develop former Vice-President Al Gore's environmental pollution data, said: "If all data is encrypted, then someone or something 'knows' the encryption algorithm, and they will test various defenses to find it and bypass the encryption algorithm, as Edward Snowden did."
The MDOT's response says nothing about preventing an individual employee from accessing a Maryland citizen's records via another State's poorly secured data-entry point. Again, remembering Edward Snowden, they can't stop an individual employee from gaining ill-intended usage. Just last year, the Texas Department of Motor Vehicles (DMV) suffered a data-breach after Vertafore - a software company with access to DMV records - was hacked due to improper storage of data information.
Thirty-one states have already shared millions of private records with each other and the DHS, to comply with the REAL-ID Act. Real-ID could take a page out of the Koch-Goldwater Privacy Act of 1974, or a Conyers-Amash 2013 congressional bill to ban bulk federal data collection without a warrant from cell phones, which failed by 13 votes but was effectively made law by a Supreme Court ban in 2018. However, as now crafted, the new Real-ID causes private information to be shared with state and federal agencies.
Much like NSA surveillance, the REAL-ID Act raises security questions towards the privacy of US citizens nationwide. It is an invitation to a future security disaster. Before COVID restrictions are lifted and people rush back to traveling, REAL-ID should be delayed or curtailed altogether without security assurances. Before it's too late and the next massive hack occurs, it's time for Congress to act.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
1
1
1
