Real ID creates new opportunities for id thiefs by requiring DMVs to store a huge amount of personal information in databases that can be stolen, and by requiring that all this personal information is available on a drivers license for bars, merchants, or anybody else to scan. [Bruce Schneier points out that this information will then be resold to data aggregators like Choicepoint ... remember them?]
Just as importantly, PRC explains why Real ID is likely to make things much more difficult for victims of identity theft:
A lot of what makes it so difficult for victims is that they run up against a presumption that the transactions completed in their name are legitimate. Banks, merchants, and other creditors assume that the purchases that were made and the loans that were given belong to the victim – and the victim is forced to prove otherwise.
Real ID may just strengthen that presumption. If someone succeeds in getting a counterfeit Real ID under your name, you’ll have to confront a perception that Real IDs are more secure and difficult to obtain fraudulently.
The proposed Real ID explicitly punt on these issues: "DHS believes that it would be outside its authority to address this issue within this rulemaking." Anita Ramasastry has a good response to this in her FindLaw column:
DHS itself should be forced to confront, not dodge, the important privacy, security and identity theft issues the REAL ID program raises. In addition, the federal government should pay the tab for addressing the information-security issues its legislation will predictably create.