Most people are who they say they are. Just ask them and they will tell you.
The real question for critical infrastructure is whether demanding a driver’s license to determine if someone is who they say they are makes the organization more safe from terrorists and intelligent criminal predators?
The driver’s licence is an identity token. Its primary purpose is to affirm the bearer is granted the privilege to operate a motor vehicle. If someone claims to be Mickey Mouse, lives where they say the live, and pays any accrued fines and renews the licence in accordance with the rules, the driver’s licence identification token has served it’s original purpose.
A driver’s licence (DL) my be sufficient for some sectors, especially where the consequences of a security breach are not potentially catastrophic. This is not the case for critical infrastructure. This was precisely the case with the 911 attacks on the World Trade Center and the Pentagon.
Reaction in US to 911 was to create REAL ID of 2005 to elevate the state-issued driver’s licenses to a de facto national ID card. Security guru Bruce Schneier writes this is a lousy security trade-off. Accepting a driver’s license as proof someone is who they say they are, is to accept the Department of Motor Vehicle’s Branch front line clerks – in customer service environments – are not being duped with fraudulently acquired, counterfeit, forged, stolen or shared proof of status documents. In 2008 United States General Accounting Office auditors where not reject once presenting counterfeit proof of status documents and out-of-state driver’s licences.
This is not to mention incidents of corruption of front line employees and their supervisors, who don’t have all that much a stake when tempted to do bad things. Here are some examples:
- A Chattanooga grand jury returned a two count indictment against a State of Tennessee Department of Motor Vehicles employee for conspiring to unlawfully issue driver’s licenses.
- Police arrested at least seven employees at the state license bureau in Delray Beach. They accepted bribes in exchange for putting drivers licenses in the hands of more than 1,500 persons who shouldn’t have them
- A Texas Department of Public Safety employee is arrested in Houston as the result of an undercover sting operation for taking bribes and issuing driver’s licenses
- A former Concord, New Hampshire Department of Motor Vehicles employee plead guilty to taking bribes.This employee is alleged to have exchanged up to 70 driver’s licenses for $500, without asking for proper documentation
- A former Stevens Point, Wisconsin DMV employee was indicted for erroneously issuing driver’s licenses to about 70 people. The employee allegedly accepted bribes in exchange for inputting false information into the DMV’s computer system
The driver’s licence is, none-the-less, a valuable tool for critical infrastructure in a secondary role. Interviewee’s presenting DL’s should be able to volunteer information consistent with the transactions recorded in the driver’s license abstract retained by the DL issuer.