Real ID enforcement delayed yet again — this time to 2025

The Department of Homeland Security said Monday it’s again pushing back the enforcement of Real ID requirements for state driver’s licenses and ID cards. The latest delay moves states’ compliance deadline to May 7th, 2025.

Passed by Congress in 2005 as a response to the Sept. 11th, 2001 terrorist attacks, the Real ID Act requires stricter documentation for boarding flights and entering federal or nuclear facilities. For example, to get a Real ID-compliant driver’s license or state ID card, you need to provide paperwork for your name, date of birth, address, Social Security card and birth certificate.

The DHS says the requirements increase state IDs' reliability and accuracy. Officials can quickly see whether a card is Real ID-compliant by looking for the gold star in the upper right-hand corner.

When the bill passed, states initially had a 2008 compliance deadline. But after some states and US territories refused to play ball, the cutoff faced delay after delay. Despite the ever-shifting deadlines, 13 states rolled out support in 2012. The list grew in the following years as reluctant states faced the prospect of having their residents blocked from flights. But the COVID-19 pandemic led to even more kicking of the can, and today’s cutoff point pushes it back from May 2023 to May 2025.

“DHS continues to work closely with US states, the District of Columbia, and the US territories to meet Real ID requirements,” said Secretary of Homeland Security Alejandro N. Mayorkas in a news release today. “This extension will give states needed time to ensure their residents can obtain a Real ID-compliant license or identification card. DHS will also use this time to implement innovations to make the process more efficient and accessible. We will continue to ensure that the American public can travel safely.” 

Security flaw in Florida tax website exposed filers’ sensitive data

Some Florida residents may be keeping a close eye on their finances after a security incident. Researcher Kamran Mohsin tellsTechCrunch that Florida's Department of Revenue website had a flaw that exposed hundreds of filers' bank account and Social Security numbers. Anyone who logged in to the state business tax registration site could see, modify and even delete personal data just by modifying the web address pointing to a taxpayer's application number — you just needed to change the digits in the link.

There were over 713,000 applications in the Department's pipeline at the time of the discovery, Mohsin said. Mohsin warned the Department about the flaw on October 27th.

Department representative Bethany Wester said in a statement that the government fixed the flaw within four days of the report, and that two unnamed firms have deemed the site secure. She added there was "no sign" attackers abused the flaw, but didn't say how officials might have spotted any misuse. The agency contacted every affected taxpayers by phone or writing within four days of learning about the issue, and has offered a year of free credit monitoring.

Bugs like these, known as insecure direct object references, are relatively easy to fix. The damage might also be limited compared to other tax-related breaches, such as a Healthcare.gov intrusion that compromised about 75,000 people in 2018. However, the incident underscores the potential harm from weak security — even a small-scale exposure like this could be used to commit tax fraud and steal refunds.

Security flaw in Florida tax website exposed filers’ sensitive data

Some Florida residents may be keeping a close eye on their finances after a security incident. Researcher Kamran Mohsin tellsTechCrunch that Florida's Department of Revenue website had a flaw that exposed hundreds of filers' bank account and Social Security numbers. Anyone who logged in to the state business tax registration site could see, modify and even delete personal data just by modifying the web address pointing to a taxpayer's application number — you just needed to change the digits in the link.

There were over 713,000 applications in the Department's pipeline at the time of the discovery, Mohsin said. Mohsin warned the Department about the flaw on October 27th.

Department representative Bethany Wester said in a statement that the government fixed the flaw within four days of the report, and that two unnamed firms have deemed the site secure. She added there was "no sign" attackers abused the flaw, but didn't say how officials might have spotted any misuse. The agency contacted every affected taxpayers by phone or writing within four days of learning about the issue, and has offered a year of free credit monitoring.

Bugs like these, known as insecure direct object references, are relatively easy to fix. The damage might also be limited compared to other tax-related breaches, such as a Healthcare.gov intrusion that compromised about 75,000 people in 2018. However, the incident underscores the potential harm from weak security — even a small-scale exposure like this could be used to commit tax fraud and steal refunds.

The Morning After: Senator calls for an end to ‘failed Big Tech self-regulation’

Senator Ed Markey of Massachusetts is calling on Congress to pass new legislation to rein in tech companies after Twitter boss Elon Musk ignored an information request. “Elon Musk could respond to my tweets but failed to respond to my letter by yesterday’s deadline and answer basic questions about Twitter verification,” Markey tweeted on Saturday.

The senator sent a letter on November 11th about Twitter’s paid account verification feature. Following the initial rollout, trolls could impersonate celebrities, politicians and company brand accounts, the latter leading to real-world effects on stock prices.

Musk addressed one of Markey’s questions when he announced Twitter’s new verification system on Friday. It’ll feature manual authentication and different colored check marks for different types of users. "Gold check for companies, gray check for government, blue for individuals (celebrity or not) and all verified accounts will be manually authenticated before check activates," Musk said. He’s also said sign-ups have hit an all-time high.

– Mat Smith

The Morning After isn’t just a newsletter – it’s also a daily podcast. Get our daily audio briefings, Monday through Friday, by subscribing right here.

The biggest stories you might have missed

FCC bans telecom and video surveillance gear from Huawei and ZTE

The agency is implementing the rules from the 2021 Secure Equipment Act.

TMA
Getty Images

The FCC announced it's officially implementing the Secure Equipment Act, which means some future equipment from Huawei, ZTE, Hytera, Hikvision and Dahua won't be authorized for sale in the US. Existing equipment from those companies, all listed under the FCC's Covered List, aren't affected by the law. Last year, the Biden administration signed into law the Secure Equipment Act, which aimed to block the authorization of network licenses from several Chinese companies whose hardware has been deemed a national security threat.

Continue reading.

NASA’s Orion spacecraft breaks Apollo 13 flight record

The capsule traveled farther than any spacecraft designed to carry humans had before.

TMA
NASA

The Artemis 1 Orion crew vehicle has set a record for a NASA flight. On Saturday, Orion flew farther than any spacecraft designed to carry human astronauts had ever before, surpassing the previous record set by Apollo 13 back in 1970 – not that it was the aim of the mission. Funnily enough, it’s fitting that Artemis 1 was the one to do it. As Space.com points out, Apollo 13’s original flight plan didn’t call for a record-setting flight. It was only after a mid-mission explosion forced NASA to plot a new return course that Apollo 13’s Odyssey command module set the previous record at 248,655 miles (400,171 kilometers) from Earth.

Continue reading.

Charles Darwin's full correspondence is now available online

You can read over 15,000 letters from the evolutionary science pioneer.

The University of Cambridge has published all the evolutionary scientist's surviving correspondence online, including 400 letters that have either surfaced or are newly "reinterpreted." The searchable collection now covers over 15,000 letters written between 1822 and 1882, ranging from his influential time aboard the HMS Beagle to On the Origin of Species and his end-of-life reflections. The internet archive may even be the only way to see a fuller picture of Darwin's life. The university notes a print edition of his correspondence, due in early 2023, doesn't include letters that arrived too late to reach physical copies.

Continue reading.

UK aims to ban non-consensual deepfake porn

Critics say other aspects of the proposed legislation pose dangers to privacy and security.

The UK government will amend its Online Safety Bill with measures designed to prohibit abuse of intimate images, whether or not they're real. If the bill becomes law as is, it will be illegal to share deepfake porn without the subject's consent. This would be the first ban on sharing deepfakes in the country, and if the law comes into effect, violating this rule could lead to a prison sentence. Critics have pushed back against certain aspects of the bill, including a revived plan to verify a person's age before permitting them to access adult content online.

Continue reading.

The Morning After: Senator calls for an end to ‘failed Big Tech self-regulation’

Senator Ed Markey of Massachusetts is calling on Congress to pass new legislation to rein in tech companies after Twitter boss Elon Musk ignored an information request. “Elon Musk could respond to my tweets but failed to respond to my letter by yesterday’s deadline and answer basic questions about Twitter verification,” Markey tweeted on Saturday.

The senator sent a letter on November 11th about Twitter’s paid account verification feature. Following the initial rollout, trolls could impersonate celebrities, politicians and company brand accounts, the latter leading to real-world effects on stock prices.

Musk addressed one of Markey’s questions when he announced Twitter’s new verification system on Friday. It’ll feature manual authentication and different colored check marks for different types of users. "Gold check for companies, gray check for government, blue for individuals (celebrity or not) and all verified accounts will be manually authenticated before check activates," Musk said. He’s also said sign-ups have hit an all-time high.

– Mat Smith

The Morning After isn’t just a newsletter – it’s also a daily podcast. Get our daily audio briefings, Monday through Friday, by subscribing right here.

The biggest stories you might have missed

FCC bans telecom and video surveillance gear from Huawei and ZTE

The agency is implementing the rules from the 2021 Secure Equipment Act.

TMA
Getty Images

The FCC announced it's officially implementing the Secure Equipment Act, which means some future equipment from Huawei, ZTE, Hytera, Hikvision and Dahua won't be authorized for sale in the US. Existing equipment from those companies, all listed under the FCC's Covered List, aren't affected by the law. Last year, the Biden administration signed into law the Secure Equipment Act, which aimed to block the authorization of network licenses from several Chinese companies whose hardware has been deemed a national security threat.

Continue reading.

NASA’s Orion spacecraft breaks Apollo 13 flight record

The capsule traveled farther than any spacecraft designed to carry humans had before.

TMA
NASA

The Artemis 1 Orion crew vehicle has set a record for a NASA flight. On Saturday, Orion flew farther than any spacecraft designed to carry human astronauts had ever before, surpassing the previous record set by Apollo 13 back in 1970 – not that it was the aim of the mission. Funnily enough, it’s fitting that Artemis 1 was the one to do it. As Space.com points out, Apollo 13’s original flight plan didn’t call for a record-setting flight. It was only after a mid-mission explosion forced NASA to plot a new return course that Apollo 13’s Odyssey command module set the previous record at 248,655 miles (400,171 kilometers) from Earth.

Continue reading.

Charles Darwin's full correspondence is now available online

You can read over 15,000 letters from the evolutionary science pioneer.

The University of Cambridge has published all the evolutionary scientist's surviving correspondence online, including 400 letters that have either surfaced or are newly "reinterpreted." The searchable collection now covers over 15,000 letters written between 1822 and 1882, ranging from his influential time aboard the HMS Beagle to On the Origin of Species and his end-of-life reflections. The internet archive may even be the only way to see a fuller picture of Darwin's life. The university notes a print edition of his correspondence, due in early 2023, doesn't include letters that arrived too late to reach physical copies.

Continue reading.

UK aims to ban non-consensual deepfake porn

Critics say other aspects of the proposed legislation pose dangers to privacy and security.

The UK government will amend its Online Safety Bill with measures designed to prohibit abuse of intimate images, whether or not they're real. If the bill becomes law as is, it will be illegal to share deepfake porn without the subject's consent. This would be the first ban on sharing deepfakes in the country, and if the law comes into effect, violating this rule could lead to a prison sentence. Critics have pushed back against certain aspects of the bill, including a revived plan to verify a person's age before permitting them to access adult content online.

Continue reading.

Senator Markey calls for an end to ‘failed Big Tech self-regulation’ following Musk letter snub

Senator Ed Markey of Massachusetts is calling on Congress to pass new legislation to rein in Big Tech companies after Elon Musk ignored an information request. “Elon Musk could respond to my tweets but failed to respond to my letter by yesterday’s deadline and answer basic questions about Twitter verification,” Markey tweeted Saturday. “Congress must end the era of failed Big Tech self-regulation and pass laws that put user safety over the whims of billionaires.”

Musk had until November 25th to answer a letter the senator sent on November 11th about Twitter’s paid account verification feature. The initial rollout of the new Twitter Blue saw trolls use the service to impersonate celebrities, politicians and brands. Markey sent Musk a list of questions about the launch after The Washington Post created a “verified” account impersonating him. One day after Markey shared a copy of the letter on Twitter, Musk attacked the senator.

“Perhaps it is because your real account sounds like a parody,” Musk tweeted. “And why does your pp have a mask!?” he added a few hours later, referring to Markey’s profile picture, which shows the policymaker wearing a face covering. The exchange prompted Markey to chastise the billionaire. “One of your companies is under an FTC consent decree. Auto safety watchdog NHTSA is investigating another for killing people. And you’re spending your time picking fights online,” the senator said. “Fix your companies. Or Congress will.”

As of the writing of this article, Musk has yet to respond to Markey’s latest tweet. It’s hard to say whether the senator’s call will translate to legislative action, particularly with a split between the House of Representatives and Senate. Musk did appear to answer at least one of Markey’s questions when he announced Twitter’s new verification system on Friday. The latest iteration of the program will feature manual authentication and different colored check marks for different types of users. "Gold check for companies, grey check for government, blue for individuals (celebrity or not) and all verified accounts will be manually authenticated before check activates," he said.

Senator Markey calls for an end to ‘failed Big Tech self-regulation’ following Musk letter snub

Senator Ed Markey of Massachusetts is calling on Congress to pass new legislation to rein in Big Tech companies after Elon Musk ignored an information request. “Elon Musk could respond to my tweets but failed to respond to my letter by yesterday’s deadline and answer basic questions about Twitter verification,” Markey tweeted Saturday. “Congress must end the era of failed Big Tech self-regulation and pass laws that put user safety over the whims of billionaires.”

Musk had until November 25th to answer a letter the senator sent on November 11th about Twitter’s paid account verification feature. The initial rollout of the new Twitter Blue saw trolls use the service to impersonate celebrities, politicians and brands. Markey sent Musk a list of questions about the launch after The Washington Post created a “verified” account impersonating him. One day after Markey shared a copy of the letter on Twitter, Musk attacked the senator.

“Perhaps it is because your real account sounds like a parody,” Musk tweeted. “And why does your pp have a mask!?” he added a few hours later, referring to Markey’s profile picture, which shows the policymaker wearing a face covering. The exchange prompted Markey to chastise the billionaire. “One of your companies is under an FTC consent decree. Auto safety watchdog NHTSA is investigating another for killing people. And you’re spending your time picking fights online,” the senator said. “Fix your companies. Or Congress will.”

As of the writing of this article, Musk has yet to respond to Markey’s latest tweet. It’s hard to say whether the senator’s call will translate to legislative action, particularly with a split between the House of Representatives and Senate. Musk did appear to answer at least one of Markey’s questions when he announced Twitter’s new verification system on Friday. The latest iteration of the program will feature manual authentication and different colored check marks for different types of users. "Gold check for companies, grey check for government, blue for individuals (celebrity or not) and all verified accounts will be manually authenticated before check activates," he said.

FCC bans telecom and video surveillance gear from Huawei, ZTE and other Chinese companies

Last year, the Biden administration signed the Secure Equipment Act into law, which aimed to block the authorization of network licenses from several Chinese companies whose hardware has been deemed a national security threat. Today, the FCC announced that it's officially implementing that ruling, which means some future equipment from Huawei, ZTE, Hytera, Hikvision and Dahua won't be authorized for sale in the US. Existing equipment from those companies, which are all listed under the FCC's "Covered List," aren't affected by the law.

“The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here,” FCC Chairwoman Jessica Rosenworcel said in a statement. “These new rules are an important part of our ongoing actions to protect the American people from national security threats involving telecommunications.”

To be clear, the FCC isn't completely blocking all hardware from these companies. And for some, like Hytera, Hikvision and Dahua, Rosenworcel writes that it's specifically focusing on gear related to "the purpose of public safety, security of government facilities, physical surveillance of critical infrastructure, and other national security purposes." If those companies can show that they're not marketing that equipment for government use — for example, directing it consumers instead — they may be able get authorized by the FCC.

This latest move follows years of conflict between the US and companies closely tied to Chinese governments. That's included placing several notable Chinese companies, including DJI, on the Department of Commerce's "Entity List," which prohibits US firms from selling equipment to them. The FCC is also calling for $5 billion to help US carriers with the massive task of replacing equipment from Huawei and ZTE.

FCC bans telecom and video surveillance gear from Huawei, ZTE and other Chinese companies

Last year, the Biden administration signed the Secure Equipment Act into law, which aimed to block the authorization of network licenses from several Chinese companies whose hardware has been deemed a national security threat. Today, the FCC announced that it's officially implementing that ruling, which means some future equipment from Huawei, ZTE, Hytera, Hikvision and Dahua won't be authorized for sale in the US. Existing equipment from those companies, which are all listed under the FCC's "Covered List," aren't affected by the law.

“The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here,” FCC Chairwoman Jessica Rosenworcel said in a statement. “These new rules are an important part of our ongoing actions to protect the American people from national security threats involving telecommunications.”

To be clear, the FCC isn't completely blocking all hardware from these companies. And for some, like Hytera, Hikvision and Dahua, Rosenworcel writes that it's specifically focusing on gear related to "the purpose of public safety, security of government facilities, physical surveillance of critical infrastructure, and other national security purposes." If those companies can show that they're not marketing that equipment for government use — for example, directing it consumers instead — they may be able get authorized by the FCC.

This latest move follows years of conflict between the US and companies closely tied to Chinese governments. That's included placing several notable Chinese companies, including DJI, on the Department of Commerce's "Entity List," which prohibits US firms from selling equipment to them. The FCC is also calling for $5 billion to help US carriers with the massive task of replacing equipment from Huawei and ZTE.

UK aims to ban non-consensual deepfake porn in Online Safety Bill

The UK government will amend its Online Safety Bill with measures designed to prohibit abuse of intimate images, whether or not they're real. If the bill becomes law as is, it will be illegal to share deepfake porn without the subject's consent. This would be the first ban on sharing deepfakes in the country and if the law comes into effect, violating this rule could lead to a prison sentence.

Additionally, the Ministry of Justice aims to ban "downblousing," which it describes as an incident "where photos are taken down a woman’s top without consent." The country banned upskirt photos, which are exactly what the term suggests, in 2019. Furthermore, the government wants to make it illegal to install certain equipment, including hidden cameras, to capture images of someone without their consent.

The UK banned revenge porn in 2015 and the government is aiming to expand the scope to make it illegal for anyone to share any intimate image of someone without consent. As it stands, prosecutors have to prove that the perpetrator had "intent to cause distress." Based on recommendations from the Law Commission, the government also intends to establish two additional serious offenses, which are "based on intent to cause humiliation, alarm, or distress and for obtaining sexual gratification." Officials already intended to outlaw cyberflashing, or sending unsolicited nudes, as part of the Online Safety Bill.

"We must do more to protect women and girls, from people who take or manipulate intimate photos in order to hound or humiliate them," Dominic Raab, the deputy prime minister and secretary of state for justice, said. "Our changes will give police and prosecutors the powers they need to bring these cowards to justice and safeguard women and girls from such vile abuse."

The government hasn't yet released the text of the amended Online Safety Bill. "The government will bring forward the wider package of changes as soon as parliamentary time allows and will announce further details in due course," the Ministry of Justice said. The bill has been delayed several times but it's set to return to parliament in December

As TechCrunch notes, though, finding parliamentary time to formally read the amended bill, then to eventually debate and vote on it, may not be easy. It's unclear whether the government will be able to pass the legislation before the next general election is called within the next two years.

Critics have pushed back against certain aspects of the bill, including a revived plan to verify a person's age before permitting them to access adult content online. For many reasons, that measure may not be workable in practice.

The proposed legislation has also been described as a threat to free speech. On Thursday, an open letter to Prime Minister Rishi Sunak signed by 70 cyber security experts, organizations and elected officials laid out some of the dangers to privacy and security that the bill poses. Among other issues, the signatories argued that the Online Safety Bill includes "clauses that would erode end-to-end encryption in private messaging." The letter adds that UK businesses would have less data flow protection than counterparts in the US and EU, "leaving them more susceptible to cyberattacks and intellectual property theft."

"The bill is a deeply flawed censorship proposal that would allow UK residents to be thrown in jail for what they say online," the Electronic Frontier Foundation said this week. "It would also force online service providers to use government-approved software to search for user content that is deemed to be related to terrorism or child abuse. In the process, it will undermine our right to have a private conversation, and the technologies that protect that right, like end-to-end encryption."