Washington Post
National ID Card Gaining Support
by Robert O'Harrow Jr. and Jonathan Krim
Monday, December 17, 2001; Page A01
Second in a series of occasional articles
Navy Petty Officer Wellington Jimenez walked into the identification room at
Fort Hamilton in Brooklyn one day recently and gave his name, rank and
fingerprint. In return, he got a token of the future: a plastic ID card
embedded with a computer chip.
The card -- with two photos, two bar codes, a magnetic stripe and the etched
gold chip -- looks like a driver's license on steroids. More than 120,000
active duty military personnel, selected reserves, Defense Department
civilians and some contractors have received the cards in recent
months.About 4 million are to be issuedover the next two years.
When Jimenez sits down at a computer on his next ship, the USS George
Washington, he will slip the card into a device that will electronically
scramble, or encrypt, his e-mail to prevent outsiders from reading it. The
same card will automatically give him access to secure rooms across the
world. At a military hospital, its chip will one day summon his medical
records. Used as a debit card, it may even buy him a sandwich at a base
cafeteria.
And more than ever, the cards will enable Defense Department officials to
look into their databases and know the doorways he passes through, the
computer he accesses, the doctor he sees, all of which is fine with Jimenez.
"I know the government will have more access to my information," Jimenez
said. "But I know it's going to be used in the right way. I feel protected."
The high-tech IDs, the latest in "smart cards," were designed for tracking
personnel across the globe and running more secure and efficient military
operations. But now they are models for something that was unthinkable
before Sept. 11: national identification cards for all U.S. citizens.
Almost from the day the planes hit the World Trade Center and the Pentagon,
members of Congress, security experts and high-tech executives have endorsed
the idea of some new form of identification system as a critical weapon in
the fight against terrorism.They believe the cards, linked to giant
databases, would be invaluable in preventing terrorists from operating under
assumed names and identities.
Any such proposals in the past foundered on a distrust of centralized
government as old as the American republic. Opponents raised the specter of
prying bureaucrats with access to databases full of personal information, of
Gestapo-like stops on the street and demands to produce papers, and the kind
of unchecked police authority that would erode constitutional protections.
The nation's new consciousness of terrorism, a product of both the fear and
anger engendered by Sept. 11, has markedly changed the way Americans think
about security, surveillance and their civil liberties. For many people, the
trade-off of less privacy for more security now seems reasonable.
As Alan M. Dershowitz, a Harvard University law professor, wrote in October
in endorsing a national ID card, the "fear of an intrusive government can be
addressed by setting criteria for any official who demands to see the card."
"Even without a national card, people are always being asked to show
identification," he said. "The existence of a national card need not change
the rules about when ID can properly be demanded."
Airport Security Needs
The new enthusiasm for ID cards is not the only example of a changed
attitude toward privacy issues. Face recognition systems that link computers
and cameras to watch passing crowds spurred so much controversy last summer
that many public officials refused to consider using the technology. Now
airports across the country are clamoring to test and install such systems.
Congress in October approved a sweeping anti-terrorism bill that gives
authorities much broader powers to monitor e-mail, listen to telephone calls
and secretly gather records. And the Bush administration, led by Attorney
General John D. Ashcroft, has proposed a series of other measures with wide
public support.
In a recent Washington Post-ABC News poll, almost 3 of 4 people said they
support government eavesdropping on telephone conversations between
terrorist suspects and their lawyers. For the first time, there is also
strong support for secret tribunals for terrorist suspects and more
government wiretapping. On the specific question of a a national ID card,
about 70 percent of those recently polled by the Pew Research Center said
they favor a system that would require people to show a card to authorities
who request it.
"We're willing to accept this immense flow of data to law enforcement and
their proxies to make sure we feel safe and secure," said Marty Abrams, an
information technology specialist at the law firm Hunton & Williams and
former senior credit bureau executive. "The equilibrium point shifted. It
was a massive movement by society."
Abrams, privacy advocates and some lawmakers wonder whether all the
implications are being considered. "We haven't really looked at what this
means in the long run," Abrams said. "In our rush to make ourselves feel
safer, have the appropriate due processes been worked out?"
To be sure, the political hurdles to a national ID card remain huge.
President Bush has publicly downplayed their benefits, saying they're
unnecessary to improve security. Bush's new cyberspace security chief,
Richard Clarke, recently said he does "not think it's a very smart idea."
Logistical problems and the potentially enormous costs make it unlikely that
a mandatory, national ID system could soon be adopted. In recent testimony
before Congress, former Wyoming senator Alan Simpson, a supporter of more
secure identification methods, warned against using the phrase "national ID"
at all because of the political sensitivities. "That's a diversion for
people who like to talk about . . . Nazi Germany," he said.
But a range of steps now underway could lead to a de facto national ID
system that could accomplish many of the same goals.
The American Association of Motor Vehicle Administrators, for example, a
group of state officials, is devising a plan to create a national
identification system that would link all driver databases to high-tech
driver's license cards with computer chips, bar codes and biometric
identifiers.
Technology specialists at the Justice Department and General Services
Administration have acknowledged they are working with motor vehicle
officials and commercial vendors to develop a standard for some sort of ID
system, mandatory or not.
The Air Transport Association, meanwhile, has called for the creation of a
voluntary travel card for passengers that would include a biometric
identifier. They proposed linking the card to a system of government
databases that would include criminal, intelligence and financial records.
Passengers who agree to use the card would have easier access to airplanes.
A bill introduced in Congress by Rep. Stephen Horn (R-Calif.), would
establish a Commission on Homeland Security to study the federal
government's efforts to protect U.S. security, including the use of national
identification systems.
"This commission is not intended to resolve the national identification
issue," said Horn. "It is merely to advance the debate in light of the
September 11 attacks and the changed world in which we now live."
Fighting Fraud
Much of the momentum for a card has been generated by the fact that five of
the 19 terrorists involved in the attacks on New York and at the Pentagon
were able to obtain Social Security numbers, even with false identities. The
other 14 probably made up or appropriated other numbers and used them for
false identification, according to Social Security officials.
At least seven of the hijackers also obtained Virginia state ID cards, which
would serve as identification to board a plane, even though they lived in
Maryland motels. "If we can't be sure when interacting that someone is who
they purport to be, where are we?" said James G. Huse Jr., the Social
Security Administration's inspector general.
Over the years, the government has found myriad ways to get involved in the
identity business -- passports, for one, or state-issued driver's licenses.
A Social Security number is a ubiquitous identifier, now used far beyond its
original purpose.
Still, there is broad recognition that existing forms of identification are
inadequate, an awareness that has been fueled by an explosion in the number
of financial crimes in which fraud artists adopt the identity of their victims.
Social Security cards contain no authenticating information, such as
pictures, and they can be easily forged. Pilot licenses are often printed on
paper. Driver's licenses, even those now designed to be tamper-proof, also
are vulnerable to abuse because they can be obtained with fraudulent birth
certificates, Social Security cards and other documentation.
Tamper-proof smart cards don't necessarily worry privacy advocates, who have
made identity theft a banner issue in recent years. What does trouble them
is the more complex question of whether a national ID system should go
beyond simple authentication of an individual's identity.
Proponents argue that security can be achieved only with a smart card that
can cross-check various storehouses of personal data to determine whether
someone should be viewed with suspicion. That would mean, for example, that
an airline ticket agent swiping a card would be warned, by law enforcement,
intelligence and some private databases, about an individual who overstayed
a tourist visa, is on a government watch list or who is wanted for a crime.
In the world before Sept. 11, a large majority of Americans expressed
concerns about personal privacy in surveys, and those concerns focused on
the increasing collection of data -- names, addresses, buying habits and
movements -- by businesses interested in developing ever more sophisticated
marketing campaigns.
At the same time, they also demonstrated a willingness to surrender personal
information for discounts or conveniences, such as cheaper groceries, faster
passage through toll booths and upgrades on airline travel, one reason for
an enormous growth in databases in recent years.
"It's massive,"said Judith DeCew, a Clark University professor and author of
"In Pursuit of Privacy: Law, Ethics and the Rise of Technology." "It's
financial information. It's credit information. It's medical records,
insurance records, what you buy, calls you make. Almost every action or
activity you participate in while living a normal life potentially generates
a huge database about you."
Tapping Data
State and federal governments alsoexpanded their data networks and use of
personal information. Nearly every time policemake a traffic stop, for
example, they tap into National Crime Information Center databases to check
whether the driver is a known criminalor suspect.And as part of a new and
aggressive effort to track down parents who owe child support, the federal
government created a vast computerized data-monitoring system that includes
all individuals with new jobs and the names, addresses, Social Security
numbers and wages of nearly every working adult in the United States. Under
the system, banks are obligated to search through lists of accounts for
deadbeats, or turn the data over to the government.
Government agencies have also contracted with private companies for
information. The Internal Revenue Service, for example, hired a data company
called ChoicePoint Inc. to give about 20,000 employees instant access to 10
billion public records containing housing, financial and other personal
information about individuals. ChoicePoint provides data to the FBI and
other agencies as well.
Privacy groups are troubled by the evolving uses agencies, marketers and
others find for the new databases. Law enforcement authorities and private
attorneys, for instance, regularly use subpoena power now to gain access to
grocery, toll and a bonanza of other kinds of privately collected data for
use in civil and criminal cases. And many of the databases that grew so
quickly in recent years are now being studied for their potential value to
law enforcement authorities.
Acxiom Corp. is lobbying Congress to change a relatively new law that limits
their use of driver's license numbers. Acxiom wants to use those numbers to
create a new authentication system at airports, improving the ability of
clerks to ask travelers personal questions about their lives that would help
verify who they are.
A centralized ID database system would dramatically speed verification and
make life more convenient for travelers, airlines and others. The
disadvantage, according to civil liberties activists, is that agencies would
gain access to unprecedented amounts of aggregated data. They also would
have to be relied upon to ensure the database is current and accurate.
Questions about who would maintain the database and gain access to it would
be thorny ones.
An alternative would be to configure databases to allow certain pieces of
information, or fields of data, to be accessed by the smart card. This
approach would limit the amount of information contained in a single database.
"Any national ID system, regardless of who controls it, has a tremendous
potential for misuse and abuse," said John Berthoud, president of the
National Taxpayers Union in Alexandria.
Even a de facto national ID system, of the sort proposed by motor vehicle
administrators, would dramatically ease the collection of sensitive personal
information about individuals by linking it all to a single, unique
identifier: A smart card with a fingerprint or other biometric.
Simon Davies, director of Privacy International, a London-based advocacy
group that has studied national IDs, said the computers and networks in a
centralized system would also become targets of hackers. In recent years,
scores of private and government databases, containing financial, medical
and other personal information, have been breached by hackers, some who
publicized the data or used it in fraud schemes.
It also could make it easier for a successful forger or hacker to maintain a
false identity, since authorities would be so trusting in a new, high-tech
system. A lost or stolen card under such a system "will paralyze your card
or your identity for days or weeks," he said.
"At this point, you created a huge technological infrastructure of such
massive proportions it trips over its own shoelaces," he said.
Global Roots
More than 100 nations have a form of national identification and use them in
a variety of ways to improve security, assist law enforcement and make the
delivery of services more efficient.
In Spain, for example, an ID card is mandatory for all citizens older than
14, and they're required for many government programs. Argentinians must get
a card when they turn 8 and then re-register at 17. Kenya requires its
citizens to carry an ID at all times. Germany likewise requires all citizens
over 16 to carry a card that's similar to a passport.
Belgium first used ID cards during the German occupation in World War I.
Today every citizen older than 15 has to carry one, and it is used as proof
of age and identity for an array of consumer and financial transactions. It
also allows Belgians to travel to several countries without a passport.
Police officers in Belgium can request to see the card for any reason, at
any time.
Finland has one of the most sophisticated systems in the world, including a
voluntary smart card that comes with a computer chip and serves as a travel
card, or "mini-passport," in at least 15 European countries.
Much like the Defense Department card, which is officially called the Common
Access Card, the Finnish ID enables users to electronically sign and encrypt
online documents. Eventually, it would allow users to improve the security
of cell phones by scrambling calls. To protect against fraud or misuse,
officials limit the amount of personal information contained on the chip.
If a new ID card system is developed in the United States the initial users
are likely to be immigrants and foreign visitors. Last month, Sen. Dianne
Feinstein (D-Calif.) and Sen. Jon Kyl (R-Ariz.) introduced legislation that
would require foreign nationals to use high-tech visa cards containing a
fingerprint, retinal scan or other unique identifier. It also would create a
centralized "lookout database" containing information about known terrorists
and other U.S. visitors deemed threatening.
Larry Ellison, chief executive of Oracle Corp., the world's largest database
software maker, favors a voluntary card for all citizens, much like what the
Air Transport Association endorsed. But he agrees that such a system might
ultimately serve the same purpose as a national ID, if people found that
travel and other activity was too inconvenient without it.
To critics such a card would open the door to a host of difficult questions
over when and where it would be used. Could Greyhound require it, even if a
person wants to pay cash? A hardware store? A hardware store if you buy only
certain things, such as large quantities of fertilizer? Who decides? How
would an individual's name be shared? And what if a database is mistaken --
what kind of access and recourse would an individual have?
"Those are political decisions that need to be made," said Ellison, who was
among the first to promote a national ID system and pledged to donate
computer software to make it possible. "I just think people need to ask
themselves who they trust more, terrorists or the government?"
The driver's license proposal stands as an alternative to a single national
card. A technical standard would define the security features of the card,
but it would allow states the freedom of creative design and put the burden
on them for administering it. Proponents of this approach acknowledge it
could easily assume all the features of a national ID card once other
government agencies and private companies begin tailoring their computers to
capture information from the card.
And even if it were approved today, proponents say, the card would take
years to unveil, as motor vehicle administrators arranged funding and
drivers reapplied for licenses.
Deirdre Mulligan, director of the Samuelson Law, Technology and Public
Policy Clinic at the University of California at Berkeley, said she believes
a single ID system would be overly intrusive and ineffective. She said any
decision to adopt such a system should be made by elected officials, not
motor vehicle bureaucrats or private companies. "The debate about a national
ID card is not something that should occur in the darkroom of some
administrative process," Mulligan said.
Robert Ellis Smith, a lawyer and privacy specialist, said the push for a
national ID card is based on the false belief there can be a simple,
high-tech solution to an immensely complex problem. "One way to predict the
effectiveness of a national ID number or document is to look at environments
where the true identity of all residents is known: prisons, the military,
many workplaces, many college campuses," he writes in a new paper about
national ID cards. "And yet these places are far from crime free."
A national identification system would raise privacy questions, said Tate
Preston, vice president at Datacard Group, which creates high-tech IDs. But
the need for a better identification system is beyond question.
"In the 19th century, it was sufficient to ask who you are," he said. "In
the 20th century, it was sufficient to show who you are," he said. "In the
21st century, you will have to prove who you are."
© 2001 The Washington Post Company
|