🧵🧵🧵 Digital ID is now the law in the United States & it is being implemented as we speak.

As a lawyer - the destruction of our privacy rights is making me sick. It is getting worse by the day and people seem unaware that it’s happening.

The implementation of digital ID in the U.S. is not driven by a single law, but rather by updates to existing regulations, primarily based on the “Patriot Act,” post-9/11, trade our freedom for security mindset.

The most relevant laws facilitate digital identification through state-issued Mobile Driver's Licenses (mDLs) and set the foundational technical requirements.

This thread gives an overview of the laws and regulations, along with the relevant text, that provide and facilitate digital ID in the United States.
@VigilantFox @RealAlexJones

1. Foundational Federal Law: The REAL ID Act of 2005

This law, codified in 49 U.S.C. § 30301 note, established minimum security standards for state-issued driver's licenses and identification cards to be accepted for federal purposes (like boarding commercial flights). Although it governs physical IDs, its mandates for "digital" features and databases laid the groundwork for modern digital ID. This law was updated with the REAL ID Modernization Act signed into law as part of a larger bill in 2020.

Relevant Text from the REAL ID Act of 2005 (Title II, Sec. 202)

The Act sets the minimum information and features required on an acceptable ID. These include key digital components that paved the way for digital ID:
Requirement:
Relevant Text (Summary of Sec. 202(b))
Digital Photo
"(5) A digital photograph of the person..."
Machine-Readable Tech
"(9) A common machine-readable technology, with defined minimum data elements."

The Act also outlines minimum issuance standards for states, requiring an infrastructure built on digital data retention. Keep in mind that the “facial image capture” is a form of biometric identification:

Requirement Relevant Text (Summary of Sec. 202(d))
Digital Source Document Retention
"(1) Employ technology to capture digital images of identity source documents so that the images can be retained in electronic storage in a transferable format."
Facial Image Capture
"(3) Subject each person applying for a driver's license or identification card to mandatory facial image capture."

2. Key Federal Regulation: 6 CFR Part 37

This Department of Homeland Security (DHS) regulation, which is the implementing rule for the REAL ID Act, was specifically amended to address the acceptance of digital IDs. It formally creates the path for Mobile Driver's Licenses (mDLs) to be used for federal purposes.

Relevant Text from 6 CFR § 37.7 - Temporary waiver for mDLs; State eligibility

This section directly addresses how a digital ID can be accepted by federal agencies (like the TSA), moving beyond the requirement for a physical card.
Section Relevant Text
§ 37.7(a) Generally
"TSA may issue a temporary certificate of waiver to a State that meets the requirements of §§37.10(a)and (b)."
§ 37.7(b) State eligibility
"A State may be eligible for a waiver only if, after considering all information provided by a State under §§37.10(a) and (b), TSA determines that— (1) The State is in full compliance with all applicable REAL ID requirements... and (2) Information provided by the State... sufficiently demonstrates that the State's mDL provides the security, privacy, and interoperability necessary for acceptance by Federal agencies."

The Data Sharing Part of the Law (REAL ID Act of 2005)

The requirement for states to share their motor vehicle data is found in Title II, Section 202(d)(12) of the REAL ID Act:
"(12) Provide electronic access to all other States to information contained in the motor vehicle database of the State."

The primary, congressionally mandated purpose of this requirement is to prevent one person from holding multiple REAL ID-compliant credentials by allowing a state to check an applicant's status in all other states.

The Mechanism for Sharing (S2S/AAMVA)

The actual system implementing this electronic access is the State-to-State (S2S) Verification Service.
•S2S is a "pointer system," meaning it doesn't store all the data centrally, but rather acts as a hub that points one state's system to another's to verify a record.
•The platform supporting S2S is called the State Pointer Exchange Services (SPEXS), which extends the platform previously used for Commercial Driver's Licenses (CDLIS).
•Both S2S and SPEXS are developed, maintained, and operated by the American Association of Motor Vehicle Administrators (AAMVA), a PRIVATE, non-profit organization established by state and provincial (in Canada) officials.
•Data Shared: The data exchanged via S2S includes an individual's name, date of birth, driver's license number, and other data fields to confirm or deny the existence of a duplicate license.

REMEMBER: the AAMVA is a PRIVATE non-profit meaning there is no public right to know a lot of what they are doing with our data.

The Driver's Privacy Protection Act (DPPA), 18 U.S.C. § 2721 et seq., governs how state DMVs can release personal information from motor vehicle records. While the DPPA generally prohibits public disclosure, it contains 14 specific exceptions that allow access for certain private entities.

Key exceptions that enable current private-sector data use:
•Insurance: For use in connection with motor vehicle, driver safety, or theft prevention activities.
•Legal Proceedings: For use in connection with civil, criminal, administrative, or arbitral proceedings.
•Legitimate Business: For use by any legitimate business in connection with a motor vehicle transaction initiated by the individual, specifically to verify the accuracy of information supplied by the individual.
•Express Consent: The most common path: if the individual has given express consent to the state to release their personal information to the requestor. You know all those “agreements” you sign when you sign up for email or a cell phone… they may well start including provisions for your consent…

Other exceptions are in the pics of the law below:

As if that is not bad enough, your data can then be resold by the recipients:

In addition to all of these privacy “loopholes,” the 2020 Real ID Modernization Act that Trump signed pushes the mDLs (Mobile Drivers Licenses) - see above. This means that States will be partnering with private partners (big tech) to create the tech that will enable mDLs. These guys will have access to your data and - depending on the state contracts - may be able to use it.