Summary: What GAO Found
To verify license applicants' identity, all 50 states and the District of Columbia have procedures that may detect counterfeit documents. For example, all states are now verifying key personal information, such as Social Security numbers (SSN) through online queries to a Social Security Administration (SSA) database, a significant increase from about a decade ago. This effort helps ensure that the identity information presented belongs to a valid identity and also is not associated with a deceased person. Additionally, most states verify non-citizen applicants' immigration documents with the Department of Homeland Security (DHS) to ensure these individuals have lawful status in the United States. Many states are also using facial recognition techniques to better detect attempts to obtain a license under another's identity. While most states have taken steps required by the REAL ID Act of 2005 (Act), officials in some states indicated that they may not comply with certain provisions--such as re-verifying SSNs for license renewals--because of state laws or concerns that these requirements are unnecessary and burdensome.
State officials interviewed by GAO report that identity verification procedures have been effective at combating certain kinds of fraud, but vulnerabilities remain. Officials in most of the 11 states GAO contacted reported a decline in the use of counterfeit identity documents, and officials in states using facial recognition said they detected a number of identity theft attempts. However, criminals can still steal the identity of someone in one state and use it to get a license in another because states lack the capacity to consistently detect such cross-state fraud. A system for addressing such fraud would enable states to comply with the Act's prohibition against issuing licenses to individuals who already have a license from another state, but may not be fully operational until 2023. Furthermore, officials in many states said they have difficulties detecting forged birth certificates. Verifying date of birth is also required by the Act, and a system exists for doing so, but no licensing agencies are using it because of concerns about incomplete data, among other reasons. Partly because these two systems are not fully operational, GAO investigators were able to use counterfeit out-of-state drivers' licenses and birth certificates to fraudulently obtain licenses in three states.
By improving their respective verification systems, SSA and DHS have helped states enhance their identity verification procedures. For example, SSA has established timeliness goals for responding to state SSN queries and DHS has addressed data accuracy issues. DHS has also provided funding for states to develop new systems. However, DHS has not always provided timely, comprehensive, or proactive guidance to help states implement provisions of the Act related to identity verification. For example, DHS did not issue formal, written guidance in this area for more than 4 years after issuing final regulations, even though officials from most states GAO interviewed said they needed such guidance. Additionally, even though relevant national systems are not yet fully operational, DHS has no plans to promote certain alternatives states can use to comply with the Act's identity verification requirements and combat cross-state and birth certificate fraud. Officials in some states indicated they needed direction from DHS in this area.
Why GAO Did This StudyObtaining a driver's license under another's identity can enable criminals to commit various crimes. The 9/11 terrorists, for example, possessed fraudulent licenses. The REAL ID Act sets minimum standards for states when verifying license applicants' identity, which go into effect in January 2013. If states do not meet these requirements, their licenses will not be accepted for official purposes such as boarding commercial aircraft. DHS is responsible for establishing how states may certify compliance and for determining compliance. SSA helps states verify SSNs. GAO was asked to examine (1) states' identity verification procedures for license applicants, (2) the procedures' effectiveness in addressing fraud, and (3) how federal agencies have helped states enhance procedures. GAO analyzed DHS and SSA data on states' use of verification systems; interviewed officials from DHS, SSA, and other organizations; and conducted on-site or phone interviews with licensing agency officials in 11 states. GAO tested state procedures in three states that have known vulnerabilities; results from these states are not generalizable.
What GAO RecommendsGAO recommends that DHS work with partners to take interim actions to help states address cross-state and birth certificate fraud. DHS did not concur with these recommendations, saying its ongoing efforts are sufficient. GAO has demonstrated that vulnerabilities remain as long as national systems are not yet fully operational. Therefore, GAO continues to believe additional DHS actions are needed.
For more information, contact Daniel Bertoni at (202) 512-7215 or bertonid@gao.gov.
