Among its many other effects, September 11 turned out to be a wake-up call for a national-identification movement. After all, seven of the 19 hijackers had used Virginia’s “we’ll take your word for it” approach to obtain cards (the state has since fixed the loophole). Other hijackers had no problem obtaining driver’s licenses from other states. And several of them had entered the country under false pretenses–a sign that our immigration system has serious ID flaws.
And terror isn’t the only problem. Identity theft has become the leading source of consumer fraud, with an estimated 500,000 to 700,000 victims a year. Social Security numbers have been auctioned on eBay, and typing “fake ID” into an Internet search engine yields dozens of offshore operations promising holographic-equipped “novelty souvenir” cards that look scandalously like the real things.
No wonder that surveys taken last fall indicated that more than two thirds of the public declared themselves in favor of a national ID system. This is quite a turnaround from a citizenry that often views its government with suspicion. When we watch movies about wartime Europe with uniformed sentries barking, “Show us your papers,” our feeling is, “It can’t happen here.” And until the Twin Towers fell, the worry that a high-tech ID system would mean unacceptable privacy trade-offs meant “it won’t happen here.” But suddenly we were seeing advocates for a national ID card crawling out of the woodwork. Even in the strange land of 24-hour cable news, it was bizarre to see defense lawyer Alan Dershowitz–who has no problem with even O.J. prancing about unfettered–hawking smart cards for all. “The government has a right to make you identify yourself,” the Dersh told NEWSWEEK, not long before keynoting at a smart-card convention in New Orleans.
As months passed, though, so did the sense of urgency about securing identity. An alliance of right and left remembered that a national ID card was anathema to traditional privacy values. The Bush administration said it had no interest in such a system. Civil-liberties groups kept hitting the Big Brother issue and the public seemed to agree: by March a survey by Gartner Inc. found that only 26 percent supported a national ID card (41 percent were opposed).
But the effort to bring about a secure national ID system hasn’t gone away: it’s donned camouflage. Congress, the adminstration and the private sector are all busy planning limited and often voluntary improvements that in the aggregate may well look, smell and act like official identification systems–no matter what their promoters say they are. “We don’t automatically have to call it a national ID card–that’s a radioactive term,” said Rep. Jane Harman at a Brookings Institution briefing last week. “But we can certainly think about smart cards for essential functions and we need the database to support that.” Translation: Show us your papers.
The most visible effort at national ID comes by way of beefing up our driver’s licenses. Americans may regard their local DMVs as the least-trusted institution for managing data (OK, it’s a tie with Internal Revenue), but the American Association of Motor Vehicle Administrators wants all the states and the Canadian provinces to adopt a single hard-to-forge, universally recognizable standard, preferably with an advanced “biometric” identifier like a fingerprint or a retinal scan. Congress is responding.
“We’re going to professionalize and improve this process,” says bill sponsor Illinois Sen. Richard Durbin. On the House side, Reps. Jim Moran and Tom Davis (both painfully aware that their home state, Virginia, licensed terrorist hijackers) last week introduced the Driver’s License Modernization Act of 2002. Both bills outline a system with tougher license rules, where cops in any state could get instant information from the card of any other state. Both increase the penalties for fraud (take note, Bush daughters). But the House bill requires that cards have computer chips to store not only fingerprint information but other data, ranging from medical data to credit-card numbers–security and e-commerce on one piece of plastic. “Two months after you have these chips on driver’s licenses, Dell’s going to start shipping PCs with card and thumbprint readers,” says Robert Atkinson of the Progressive Policy Institute.
What’s Homeland Security czar Tom Ridge’s role in this? His spokesman Gordon Johndroe provides the standard disclaimer: “We at this time do not think a national ID card is necessary.” But we know Ridge likes stronger ID systems: just last week he voiced his approval of a national driver’s license. Ridge has also spoken favorably for immigration-reform bills that would require visas to be accompanied by biometric data and linked to a central database of suspected security risks. And Ridge is working behind the scenes to promote a “trusted traveler” system that would grant frequent fliers special cards to whisk them past the hoi polloi at airport security checks.
The technology industry, which sees homeland security as a profit center, is a huge fan of identity systems. The Valley’s ID king is Oracle CEO Larry Ellison, who made headlines last fall by offering the government free software to run a national identification database linked to cards. “Government should be at least as good at looking for terrorists as the credit-card companies are at preventing fraud,” he told NEWSWEEK in October. Since then he has met with Vice President Dick Cheney, Ridge and other officials, and, confirms a spokesperson, still has high hopes that the Feds will take him up on his offer. Also, as you might expect, there’s considerable interest in companies involved in biometrics, data storage and analysis, and of course, smart cards.
“Add Ridge, Ellison and motor-vehicle associations, and you have a system of national identification,” says Robert Ellis Smith, editor of Privacy Journal, who fears that the combined initiatives will lead to a “domestic passport” that will destroy our cultural values of free movement.
In an age when homeland defense actually matters, it’s reasonable to consider strong ID systems. But as a recent study by the National Research Council concludes, so far those promoting various systems have been maddeningly fuzzy on their purposes and methods. For any of the proposed systems, there are vexing questions to consider:
How would you get the card? The integrity of any system depends on issuing identification only to the person who’s supposed to be identified. That’s not so easy. “Since we don’t enroll our DNA at birth there’s no way to enroll [in an ID system] with certainty,” says William Crowell, CEO of Cylink and a former deputy director of the National Security Agency. So it requires a lot of care and effort to make sure that someone isn’t issued a card from phony or stolen “breeder” documents. The best way to do it is by relying on several trusted documents and a multistep process–a time-consuming, expensive (but not foolproof) process that would be mind-boggling to administer en masse.
Gadgetry determines not just the security of the system, but its potential to morph into something beyond its original intent. The wave of the future is the thin chips that transform plain old plastic cards into smart cards. Though they cost a few bucks each, they’re hard to forge (they’re encrypted), and they can store more information. To privacy advocates like Marc Rotenberg of the Electronic Privacy Information Center, however, a snooper Rubicon gets crossed when your identification gets smart. “Every time you swipe it, it leaves a record,” he says. In theory, this could mark your whereabouts every time you visit a federal building or get carded by a bartender.
To some, the scariest privacy prospect is a big centralized national database (or a series of linked ones) that has all the goods on almost everybody. The sponsors of the driver’s-license bills say that the standardized cards will connect only to databases of the individual states. But Ridge last week said that he wanted cards tied to immigration databases–which in turn must work in tandem with criminal databases to be effective. And the USA Patriot Act passed last fall relaxes some restrictions against linking domestic records to information gathered in foreign operations. There’s no way for citizens to correct inaccurate information in some of those databases.
Will systems allow cardholders to bypass security checks? “As cards get harder to forge, people wrongly assume that forged cards can’t happen,” says Bruce Schneier, founder of Counterpane Security. But any scheme can be beaten. This introduces a dilemma: if you structure a system that makes life easier for those who hold the proper ID, the most dangerous evildoers–those with the sophistication, funding and determination to crack the system–will find it easier to cause trouble.
Certainly everybody wants to make sure that the next set of terrorists won’t be able to do their ID shopping at a 7-Eleven parking lot. But without solid answers to such questions, it’s impossible to analyze what we’ll be giving up and what we’ll gain with these systems. The worst-case scenario is that we all lose with a system that really doesn’t stop terror but steals some of our freedom. Your papers, please?
