Phil Libin, president of CoreStreet, an ID management firm, writes a perspective piece at CNET in which he questions the strong backlash against RealID.
Security is a mess under the current systems. Methods of collecting, verifying and storing background data differ from state to state, as do the physical protections on the cards themselves and the qualifications of the people that handle your licenses. It's not terribly difficult to get a fraudulent driver's license in any state, and it's easier in some states than others. This kind of setup is structurally likely to worsen over time as people "shopping" for a fake license disproportionately target states known to have weak security. The argument that monoculture and homogenization of systems are generally bad for security doesn't apply here; all the state systems don't have to fail for a terrorist to get a fake license--it only takes one.
One of the big objections is privacy and the risk that Real ID will actually make it easier for personal data to be intercepted. Libin says the proposal needs work but is probably no worse than the current standard in driver's licenses.
Privacy with the status quo isn't much better. All of your personal data is already stored on your license and can be read electronically by anyone with a simple 2D bar code scanner. DMV databases are susceptible to data theft, and there are no consistent regulations for what you're allowed to do with a driver's data. With the bar set so low, Real ID should be able to provide a significant privacy upgrade, so it's disappointing that the initial proposed language is mostly mute on privacy. If passed today, Real ID would probably do no net harm to our already meager privacy, but this isn't good enough. Let's work explicit privacy protections into the plan. Real ID should be about real privacy and real security.
But he gives short shrift to the cost issue, which is really the issue that is causing states to balk at RealID.
So how do we judge Real ID? We are already living with a national-scale identity system, except it's an accidental system that sucks for security and privacy and is lackluster in convenience and cost. Is Real ID overwhelmingly better? Not yet, but it can be made so. Let's.