So DHS finally released the proposed new standard for drivers licenses as mandated under the Real ID Act. It’s a rather long document (over 150 pages) so I haven’t had a chance to read the whole thing but 27B Stroke 6 has some highlights, including:
While some expected Homeland Security to require the licenses to have smart cards or RFID chips, DHS instead proposes a 2D bar code (magnetic stripe) similiar to those used on many licenses. That information will not be encrypted.
The FAQ (also linked to by 27 B Stroke 6) goes into more depth about both of the above facts, saying:
The regulations propose the use of the 2-D barcode already used by 46 jurisdictions (45 States and the District of Columbia). DHS leans towards encrypting the data on the barcode as a privacy protection and requests comments on how to proceed given operational considerations.
I can’t begin to describe how happy I am to hear that RFID is not part of the proposed new standard. It is delightful to see that our objections have been heard and that we will be protected from proximity based attacks. I’m sure it doesn’t hurt that 45 of the states and Washington DC already use 2D barcodes, thus making that portion of the standards much more palatable and reducing the costs in that realm.