(But Not for the Reasons You May Think)
The "smart" biometric driver's license, proposed as part of the U.S. Driver's License Modernization Act, is taking center stage in a debate over national security. The act would establish standardized security features for all state-issued driver's licenses. Because it would utilize biometric features of its cardholders, the proposal has garnered opposition from those who are concerned with protecting civil liberties.
There's one big problem with the "smart" biometric drivers license card, and it's not because it's an intrusion into our privacy. Simply put, it's that the smart card isn't that smart. The smart card would be an irresistible target, a constant carrot in front of terrorists and others for whom identity theft is a means to an illegal end. It's just too easy to beat.
Biometric identification systems use biological and behavioral attributes to identify people. We use biometrics every time we recognize someone on the street or answer the telephone. We see people or hear their voices; we compare that sensory observation to a specific memory stored in our brains; and we make a determination of their identity.
Biometric security systems are gaining popularity at exponential rates, and with good reason. Biometric systems are far more secure because they are far harder to fake. It's one thing to forge an ID card or steal a PIN number; it's another thing altogether to alter the vein patterns in the iris of your eye.
Fingerprints are the oldest and, in some ways, still the best biometric identification method. Other systems rely on the distinctive features of faces, hands, eyes, or voices. Each
has its advantages and disadvantages.Sponsors of the legislation, Reps. Jim Moran, D-VA, and Tom Davis, R-VA, deserve credit for taking a leadership role. Eight of the 19 suicide hijackers of September 11 obtained fake state-issued driver's licenses in Virginia. And nationwide, more than 800,000 citizens become victims of identity theft. A growing number of security experts and national leaders contend that identify theft is becoming a national crisis.
Moran and Davis rightly and wisely conclude that the best way to improve identification security, and to prevent identity theft, is to use biometric technology. However, they propose that every driver's license include a micro computer chip that would encode the cardholder's unique biometric data. Their mistake is in proposing to put that unique biometric identification on the card itself.
If we distribute 100 million driver's licenses with biometric coding on them, we will create 100 million opportunities for terrorists and other bad guys to work their mischief. It is a potentially catastrophic shortcoming — one that, once exploited, would comprise the entire system.
With the rapid advancement of technology, the bad guys can easily find a way to take a lost or stolen card, and encode their own biometric data on that card. They could steal your card, strip off your biometric coding and replace it with their own. And then they would have access to places and things that were intended to be available only to you.The only truly secure biometric system is one where the biometric data is kept not on millions of cards, but in one secure, central location. This way, when citizens need to be identified at a bank, airport, prison, etc., they would put their fingerprints in a sensor — but the biometric data would be compared, not to the cards they brought with them, but to a secure database protected from terrorists and others.
The bottom line is that a biometric "card" is not part of the solution. A card will only weaken the true capabilities that biometrics can offer.