Can a national ID system intercept criminals and deter foreign threats while protecting privacy?
Ten days after terrorists transformed passenger jets into bombs
in attacks on the World Trade Center and Pentagon, Oracle Corp. CEO Larry Ellison touched off a technological and political furor by suggesting that airline travel could never again be safe until everyone in the United Statescitizen and guest alikewas required to present a national ID card to board a plane.
"We need a national ID card with our photograph and thumbprint digitized and embedded in the ID card," Ellison said in an interview with San Franciscos KPIX-TV.
Immediate reactions to Ellisons proposal tended to focus on the political issues of privacy and civil liberties. Almost instantly, it seemed, an ad hoc alliance of strange bedfellowsarchconservatives, libertarians and civil libertariansspontaneously formed in opposition to the idea of the government issuing a national ID. And while U.S. Attorney General John Ashcroft initially suggested the government might entertain the idea, only days later, the White House announced that President Bush was "not considering it at this time."
But many others were considering it. Among them was a Harvard Law School professor, Alan Dershowitz, a leading civil libertarian.
Dershowitz startled many fellow liberals when he published an op-ed piece in the Oct. 13 issue of The New York Times, asking "Why Fear National ID Cards?" Dershowitz argued for "an optional national identity card" on the merits of a social trade-off: "a little less anonymity for a lot more security."
"As a civil libertarian, I am instinctively skeptical of such trade-offs," Dershowitz said, but added that a national ID "could be an effective tool for preventing terrorism, reducing the need for other law enforcement mechanismsespecially racial and ethnic profilingthat pose even greater dangers to civil liberties."
A sense of national emergency has confounded traditional political ideologies and kept the idea alive. But as the social debate plays itself out, the focus has quietly shifted to an IT reality check: What kind of card, if any, tied to what kind of database or network might be feasible in terms of technology and cost?
Not surprisingly, the news media focused on Ellisons offer to supply Oracle database software for a national ID system at no chargean offer, he said, that was made to avoid any appearance of profiteering from the war on terrorism. Sun Microsystems Inc. CEO Scott McNealy quickly backed the notion of a national IDbut one built on distributed smart devices using Java to execute authentication algorithms.
Its not clear if the government could legally take Ellison up on his offeror if Oracles software would even be the right solutionbut as technologists and government bureaucrats got down to the business of investigating what it would take to implement a national ID card, it quickly became apparent that database software and network architecture were the least of their worries.
"The real challenge," said John Moore, program analyst with the General Services Administrations Office of Electronic Government, in Washington, "is getting all the various vendors and contractors to agree on interoperability issuesnot to mention finding a way to ensure that the data you put in the card is credible in the first place. Neither of those is as simple as it might seem."
Moore spoke from unique experience. The GSA is overseeing a $1.5 billion project to issue 3 million digital IDs to the U.S. military by the end of 2003. The experience gained from that initiativeand, just as important, the standards that result from itis widely expected to determine the future of global identification systems.
In many ways, instituting a national ID would amount to a typical IT initiative riddled with frustratingly mundane issues: card durability and data capacity; cost and availability of readers; ubiquitous connectivity to an array of government and private-sector databases; and, of course, the ever-present bogeyman in any network architecture: the security of the technology itself.
Of all these potential stumbling blocks, the card itself is the most important because it determines the kind of reader that will go with it. But, alas, theres no unanimity yet on the best type of card.
"Asking which is the best kind of card is kind of like asking whats the best religion," said Tate Preston, vice president for government sales at Datacard Group. The Minneapolis-based company, which supplies various kinds of national IDs for 15 nations, remains agnostic about competing technologies, Preston said, because each kind of card has its own strengths and weaknesses.
For example, the typical mag, or magnetic, stripe encoding used on credit cards can hold only about 275 bytes of information, and as millions of frustrated consumers can attest, mag stripes often lose data, typically at the most inconvenient times, and have to be shipped back to the bank for data recovery. On the other hand, the cards are inexpensive to produce, and readers are inexpensive and ubiquitous among retailers and service providers throughout the world.
One alternative, the two-dimensional bar-code card, can hold as much as 2KB of data, enough to encrypt a thumbprint, plus other identifying information. It is also cheap to issue and rarely becomes unreadable. But unlike linear bar codes that have become familiar on consumer products, 2-D bar codes require readers that are relatively expensive and not widely available.
The technology that many expect will eventually win out as a form of secure identification is the smart card, which incorporates an embedded chip that can hold up to 64KB of data, though most in use today offer only 4KB to 16KB. Datacards Preston predicted they will eventually store many times more than 64KB.
Smart cards are expensive to produce, and in the United States, readers are costly and rare. But those drawbacks are likely to be overcome soon because Europe is quickly standardizing on the smart card, and American Express Co. is making a strong push domestically with its Amex Blue smart card.
High-volume production is likely to push costs down for both smart cards and readers if, as expected, the technology is rapidly embraced for applications in telecommunications, financial services, retail, transportation, health care and perhaps even by state governments for drivers licenses and welfare program IDs.
In 2000, the last year for which data is available, the total number of smart cards manufactured for use in the United States and Canada grew 37 percent, to 28.4 million, according to a report issued this year by KPMGs Information Risk Management practice. Growth numbers for this year will be released in the first quarter of next year by the Smart Card Alliance, an industry association founded to accelerate standardization and acceptance of smart-card technology, but the total is still expected to add up to little more than the equivalent of a rounding error in tabulating the number of mag stripe cards in use today.
On the other hand, said Donna Farmer, the alliances president and CEO, in New York, the cost of a technology cannot be measured without weighing its relative value compared with other technologies.
When things such as security, privacy and storage capacity are balanced against the rapidly dropping prices of cards and readers, Farmer said, the smart card is clearly superior. In fact, she wondered if Ellisons Oracle database software would be needed at all for a national ID, since the essential data would be embedded in the card.
The GSAs Moore said its not quite that simple because the interaction between the card and the network can involve highly complex architectures. For the most part, he agreed with the essence of Farmers assertion: All data relevant to identification canand for security reasons shouldbe encoded in the card itself.
"But identification isnt the same as authorization," Moore said. For authorization under a variety of situationsto vote, for example, or to board a planeit would be in the nations best interest for the ID card to interact with continuously updated databases linked to the ID network, he said.
To a large extent, political questions about a national ID will dictate technology solutionsnot exactly a recipe for best practices, especially when the division of responsibilities between states and the federal government is factored in.
Airline travel offers a prime example of this, a paradox resulting from the historical reluctance of the federal government to issue a national ID.
During the Gulf War, the Federal Aviation Administration made it official policy that airlines had to require passengers to show a form of "government-issued identification" in the form of a photo ID to board a flight.
In effect, that meant passengers had to present either a passport or a drivers license. But no attempt was ever made to standardize state-issued drivers licenses, by far the most common boarding ID. And since the FAA does not require that ticket-counter personnel receive training in how to spot phony or doctored drivers licenses, almost none do.
While its easy to point fingers at past and present deficiencies, the path to the future is anything but clear. Should a national ID simply be established by congressional mandate? If so, should it be required, like a Social Security number, or should it be a voluntary but official government identification like a passport or drivers license? Should it incorporate the functions and embed the data of all those IDs in a single digital device that adds biometric information such as fingerprints or iris scans and encodes it all in a securely encrypted form? Or would it be more socially and politically acceptable to encourage a public/private-sector collaboration?
For example, sundry identification and database technologies, combined in a single personal smart card, could replace multiple bank cards and serve as secure identification for myriad retail transactions that now require a drivers licenserenting a car or truck, for instance, or boarding a plane.
Whether produced by the federal government or some confederation of interested public and private parties, there would almost certainly be greater efficiency than in the present creaky system.
In his Times op-ed piece, Dershowitz wrote: "A national card would be uniform and difficult to forge or alter. It would reduce the likelihood that someone could, intentionally or not, get lost in the cracks of multiple bureaucracies."
The problem is that many Americans cherish the abilityor at least the illusion of the abilityto lose themselves in the cracks. For many, in fact, being able to remain lost until they want to be found is the very definition of privacy.
The tension between that widely cherished right and the need for social order and security will probably never be fully resolved, according to Professor Emeritus Gary Marx of the Massachusetts Institute of Technology. In a recent essay titled "Identity and Anonymity: Some Conceptual Distinctions and Issues for Research," Marx wrote, "At best, we can hope to find a compass rather than a map and a moving equilibrium rather than a fixed point."