Efforts to establish a U.S. national identification system could backfire unless policymakers address an exhaustive array of privacy, security and logistical concerns, the nation's top research and development institutions warned in a recent report.
The recommendations were offered in a report endorsed by the National Research Council's Computer Science and Telecommunications Board, which is staffed by an array of private sector entities and academic institutions, including Microsoft Corp., AT&T Labs, AOL Time Warner, the Massachusetts Institute of Technology and Stanford University, among many others.
The admonition comes while Congress is considering legislation that would require states to link information in their motor vehicle databases and adopt a standardized driver's license equipped with technology capable of uniquely identifying the cardholder."Given the wide range of technological and logistical challenges, the likely direct and indirect costs, the serious potential for infringing on the rights and freedoms of ordinary citizens, and the gravity of the policy issues raised, any proposed nationwide identity system requires strict scrutiny and significant deliberation well in advance of design and deployment," the study concludes.
Calls for a national ID emerged shortly after the Sept. 11 terrorist attacks, in which the hijackers used fraudulently obtained driver's licenses to evade security checks.The legislative proposal,
developed along lines similar to those supported by the American Association of Motor Vehicle Administrators (AAMVA), would allow states to share demographic and driving record information in real time. The legislation also would mandate the use of security features such as holograms, fingerprints or other biometric identifiers on all state-issued ID cards.Durbin and the AAMVA say they are not seeking to create a national ID card, rather, they want changes that would help stop identity fraud and terrorism by preventing criminals from obtaining drivers' licenses in someone else's name.
Yet, the NRC report urges policymakers to carefully consider the scope and ramifications of such an ambitious project, noting that "the costs of abandoning, correcting or redesigning a system after broad deployment might well be extremely high."
The AAMVA estimates the system would initially cost between $75 million and $100 million to put the necessary infrastructure in place to make changes to the nation's 200 million drivers' licenses.
The last time Congress addressed the national ID card debate was with the Illegal Immigration Act of 1996, which among other things would have required states to list Social Security numbers on all drivers' licenses. While that section of the Act was later repealed, the Social Security Administration estimated it would could cost from $5.2 billion to $10.5 billion to issued enhanced, tamper-resistant cards to the nation's 260 million Social Security cardholders.
The report's authors also are concerned that officials may not be able to prevent "function creep," the reuse of an ID for purposes beyond their original intent.
The report points to the nation's experience with the Social Security number: Initially designed for administering Social Security benefits, the 10-digit number has now become the de facto national identifier used by the private and public sectors to pool data on individual consumers.
"The ID would need to be presented in connection with many transactions in the private sector, such as when traveling on commercial airlines or staying in a hotel," the NRC said. "However, as the set of users of a system expands, securing against misuse becomes more
complicated."
A national ID system that uses the Internet to permit the exchange of validation requests also would present a nearly irresistible target for malicious hackers."To the extent that important activities become dependent on the system, the system becomes an attractive target for denial-of-service attacks," the NRC said.The report echoes several key concerns raised by privacy and civil liberties groups in recent months.
Ari Schwartz, a policy analyst with the Center for Democracy and Technology, said authorities should focus on finding ways to increase the security and reliability of birth certificates and other documents needed to obtain identification cards."We need to analyze how this fraud is happening and then try to come up with a solution that addresses that, rather than saying we need to have standardized cards and shared database to work with that as an answer to a question we haven't fully examined," Schwartz said. "Doing this under the rubric of post-Sept. 11 security concerns seems to be a terrible way of addressing fraud concerns."
Since Sept. 11, several industry and policy groups have stepped forward to encourage the adoption of a national ID. The Progressive Policy Institute (PPI), a libertarian think-tank based in Washington, D.C., is a strong backer of the AAMVA proposal.
PPI envisions ID cards equipped with digital "smart chips" and biometric technologies that would allow cardholders to store applications such as digital cash or their ATM information on unused portions of the chip.
Larry Ponemon, CEO of the Privacy Council, said he's convinced that Americans will one day soon be required to carry a national ID equipped with such technology. But Ponemon said high-tech national IDs would only lull consumers into a false sense of security, until a major slip-up causes what he calls "an Exxon-Valdez of privacy.""I can see where all of this data sharing will ultimately result in a spillage of some kind where a lot of personal information will be revealed to someone or some group," he said. "The bad guys will use the same process, and it will only provide a deterrent until something blows up."
The report was endorsed by the NRC, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine.
COPYRIGHT 2002 Washingtonpost Newsweek Interactive
COPYRIGHT 2002 Gale Group