Real ID: Principal versus Principle

Orin Kerr at The Volokh Conspiracy writes on the Real ID bill (included by House Republicans in the emergency appropriation bill for Iraq/Afghanistan to change requirements for drivers licenses) as commented on by Bruce Schneier here. Kerr is tentatively against Real ID, but thinks Schneier may overstate the case. Without going over the history, current law, and significance of the bill, I'd make these points:

• I wish they'd teach spelling in Minnesota--the bill talks of "principle residence" when they mean "principal".
  
• I don't have major problems with the aim, which is to tighten rules on issuing drivers licenses. As a technocrat, however, I wish we had a debate over identification, national standards, and data privacy.
  
• I do believe in encryption, both of the data contained on the card and the data in state databases. The occasions when the license needs to be swiped should be rare, and readability should be limited to authorized agents of the state. If private entities want to swipe the card, let them OCR it.

Unfortunately the U.S. doesn't have a rational debate about identification, security, and data privacy. Since we don't and won't, I say:

* we should be doing away with the social security number, not further embedding it into our systems (Unlike other data it often serves both to identify and authenticate the person, which violates good security logic.)
* the implementation of Real ID should be flexible. The Federal govt. has guidelines for e-authentication that agencies are in the process of implementing, but that seems to be a separate line of discussion/development from Real ID. It's going to be expensive to implement both; we ought to be doing them logically.
* RealID ought to include restrictions on the state databases, including provisions for audit trails and transaction logs, encryption of data, provision for review and access.