'TSA Is Not the Right Agency to Lead' REAL ID Implementation, Security Experts Say

Security and identity management experts urged Congress to direct the National Institute of Standards and Technology to play a bigger role in developing standards for digital identity management ahead of a looming 2025 deadline for domestic air travellers to comply with security requirements outlined in the REAL ID Act.

"While DHS does not create standards, DHS - or even better, the White House or Congress - should request that NIST lead a timeboxed, one-year effort to create the standards and guidance needed to accelerate the deployment of secure, privacy-protecting mDL apps that Americans can use to protect and assert their identity online," Grant testified.

Jay Stanley, a senior policy analyst with the American Civil Liberties Union's Speech, Privacy, and Technology Project, warned that the TSA has proposed to adopt the ISO standards, which he said were "created behind closed doors by a secretive committee" and are "inadequate and incomplete when it comes to the protection of our privacy."

Sounds like Jeremy Grant is involved somehow.  ..tom