I Proposed REAL ID 20 Years Ago – Now, It’s Real, But What’s Next?

By Stewart Verdery | May 7, 2026

One year ago today, the federal government finally did what it had been threatening to do for nearly two decades: enforce the REAL ID Act at airport security checkpoints. As someone who testified before Congress over 20 times on biometrics, travel identification, and border security — including on the very programs and policy debates that led to REAL ID’s enactment on May 11, 2005 — I have spent a lot of time thinking about what this anniversary means, and what it still doesn’t.

The short version: implementation is a genuine achievement, and a long overdue one. The problem was never technical feasibility — the technology was available. The delays were about money and political will. States needed federal funding to retool their DMV systems, and administrations of both parties chose accommodation over enforcement year after year. The can got kicked. The deadline got moved. The Onion wrote about it.  But some of the hardest policy questions remain unresolved — the same ones, frankly, that I was raising in congressional hearing rooms ten and twenty years ago.

What Enforcement Actually Looked Like

When TSA finally flipped the switch in May 2025, the outcome was neither the disaster that critics feared nor the seamless rollout that proponents promised. Roughly 80% of travelers were already compliant — they had REAL ID-compliant licenses, U.S. passports, or other qualifying documents. For them, nothing changed.

For the remaining 20%, the experience varied. TSA, appropriately, did not turn noncompliant travelers away at the gate on day one. First-time violators received warnings, in some cases enhanced screening, and directions to obtain compliant documents before their next flight. States with long DMV backlogs presented real hardship cases, as did elderly travelers who faced difficulties resolving identity verification issues in government databases. The system, as I had argued it should, showed some flexibility in the short term while holding firm on the long-term direction.

That approach was right. The goal of a program like REAL ID is not perfection on day one. It is to create an enforcement incentive strong enough to drive behavior change across a large population. Having the hammer, and using it with some judgment, is exactly what was needed. And it’s no surprise that the percentage of travelers with a compliant document has risen to around 95%.

The Unfinished Business

But one year in, I want to be clear about what REAL ID does not solve — because some of the same gaps I was identifying in those congressional hearings are still with us.

REAL ID is a credential integrity standard. It makes the card harder, although certainly not impossible, to forge. What it does not do is tie the card to a verified biometric record of the person holding it. In 2006, I was already telling Congress that “the next generation has to be a biometrically-based system so you are actually tying the person to the card to a database.” That generation has not arrived in any comprehensive way at the domestic aviation checkpoint.

We also still have an interoperability problem. REAL ID, Secure Flight, CBP’s trusted traveler programs like Global Entry and TSA PreCheck, and the broader identity ecosystem have never been as well-integrated as they should be. In 2006, I warned that multiple identity and travel systems were being built in parallel and would need to work together. Today, while programs like Secure Flight and trusted traveler systems have matured, integration across state DMV systems, TSA checkpoint operations, and CBP’s biometric and traveler vetting infrastructure remains incomplete. The seams are narrower than they were, but without a unified, biometrically anchored identity framework, they remain a vulnerability rather than just an inefficiency.

And misidentification — the problem of travelers being flagged because they share a name with a watchlist entry — remains an underappreciated source of friction. In 2008, I advocated before Congress for the DHS Traveler Redress Inquiry Program and calling for its expansion, because screening systems that lack sufficient information to differentiate travelers produce real harm to real people with common names. That problem has not gone away.

What the Next Decade Should Look Like

REAL ID enforcement is the floor, not the ceiling. Here is what I believe the next phase of this work should prioritize.

First, biometric integration at the checkpoint. TSA and CBP have the tools and the statutory authority to expand biometric verification — linking a traveler’s face or fingerprints to their identity record in real time. CBP has demonstrated this works well in the international arrivals context. It needs to become standard in the domestic aviation environment, too. REAL ID is only as strong as our ability to confirm that the person presenting the card is the person the card was issued to.

Second, a genuine trusted traveler pathway for domestic air travel. Programs like Global Entry and TSA PreCheck have demonstrated real success and provide a strong foundation to build on. Travelers who have undergone rigorous background checks, submitted biometrics, and demonstrated compliance should move through checkpoints with minimal friction. Expanding and fully realizing this model is good security policy — it allows screeners to focus resources on the unknown rather than the already-vetted.

Third, sustained federal investment in state DMV modernization. The implementation of REAL ID exposed significant variation in state capacity to verify identity documents and maintain accurate records. If REAL ID’s value depends on the integrity of the issuance process, then underfunded state DMV offices are a systemic vulnerability. The criminal rings and foreign governments that facilitate fake identification documents are becoming more sophisticated too.  Congress needs to treat identity security as the ongoing federal responsibility it is.

A Bipartisan Lesson Worth Remembering

The REAL ID saga is, at its core, a story about the gap between passing a law and implementing one. REAL ID had broad bipartisan support when it was enacted. Its repeated delays were bipartisan failures. The lesson is not that the security goal was wrong — it was right. The lesson is that security policy requires political will to follow through, funding to make compliance achievable, and enough institutional memory to resist the path of least resistance when deadlines loom.

In 2005, as I was advocating for passage of REAL ID, my wife and I had our youngest child. In the twenty years it took to actually implement the law, he went from newborn to college student. Twenty years is a longer period than Peyton Manning’s NFL career and the show ER, and it is 10 times longer than it took the build the Pentagon.  Over those two decades, I watched this country make extraordinary progress on biometric travel security — US-VISIT, e-passports, Global Entry, the Western Hemisphere Travel Initiative. REAL ID was the domestic piece of that same architecture, and its absence was always an anomaly. One year in, we have finally closed that gap.

Now let’s build what comes next.