Time for a national ID card?

2 experts debate the merits of government-issued biometric ID cards

In an effort to block people from using stolen Social Security numbers to falsely prove their eligibility for employment, Sen. Chuck Schumer (D-N.Y.) wants the government to create a computerized identity card system that would use biometrics to match cardholders to their Social Security numbers.

So far, the approach would limit use of smart cards to employment applications. However, experts have floated the idea of using such cards in a variety of other transactions, from commerce to health care services, in physical environments and digitally for online authentication.

Neville Pattinson, vice president of government affairs and business development at Gemalto North America, a provider of digital security credentials, said he believes the new Social Security card should be the basis of a national identity credential that would improve the ease and security of many transactions. Jim Harper, director of information policy studies at the Cato Institute, said he sees major dangers associated with that proposition.

They discussed their views recently with Federal Computer Week. Both men serve on the Homeland Security Department's Data Privacy and Integrity Advisory Committee, though their remarks don’t reflect DHS' or the committee's views on this subject.

What are the benefits of a single digital identity credential?

Pattinson: We’re in the midst of a national identity crisis in general. We have no single trusted credential in our society today. We’re using Social Security cards in paper form, driver's licenses, birth certificates. At best, we have a passport, which is probably the best credential of all to date.

We really need to look at the positioning for an identity credential for the citizen that gives control to that citizen to present their identity in both the real world and the online virtual world.

Harper: If you look at the way people actually work in the world and the way they do security in other realms, they disperse their assets. They have key chains with several different keys on it, and that doesn’t represent a crisis in security for physical possessions. That’s a good security mechanism to have very different keys for different purposes.

So, I think it’s a mistake to design an identity system around a single trusted credential.

How do you convince people that there are enough benefits to overcome the risks of a single credential?

Pattinson: We have, fundamentally, one identity that we use in our real-world, day-to-day [lives]. Perhaps we have pseudonyms or personas we use in our virtual world. We need a trusted credential to spawn various manifestations of the credential in different situations.

Harper: The root of your identity is actually your body, and trying to impose a governmental or private organization outside that to provide the root of our identity is a mistake. I don’t want identity systems for humans to operate the way the Internet does, with a root server that some organization controls and not me. Identity should spring from the person.

I don’t think you can make a good sales pitch to people and have them agree to hand over the keys to their identity to any organization, much less to a government body, which has so much coercive authority.

Is there a psychological barrier to people adopting this single identity, given that people like the idea of having different credentials for access to each of their assets?

Pattinson: I think, inevitably, that is the case. In the United States, that is clearly evident in the discussions we have. Some see [a single credential] as abhorrent, though others see it as something that could be useful. It’s very much a personal reaction.

Harper: The selling point that this empowers the individual is important, especially in the context of a government-provided digital credential. In my view, having a government-provided credential — and this assumes everyone should have one — undercuts the bargaining position of the individual.

It’s like “You have the national credential, don’t you?” and if you don’t and you haven’t proven who you are to me, then it’s “I can’t do business with you. You’re some kind of illegal alien.” And so we are all going to naturally migrate toward proving our identity for far more transactions than we do today and thus creating the opportunity for far more recordkeeping and undercutting our privacy.

So even though it will be presented as a choice that people can use when they want to, over time, this credential will de facto become the national identity card?

Harper: Yes, it’s the same choice that people have when they use Web sites. I’m all for publishing [Web site] privacy policies, but in the end, it’s take-it-or-leave-it. So with the majority of the public focused on living their lives and not [being] privacy activists, they will say “OK, I’m just going to present my individual credential for every transaction, including buying a pack of gum. That’s what they tell me to do.”

Pattinson: What we’re considering is the need for providing an elective digital credential, biometric identifier or whatever it may be to the citizen. On that basis, having to present it for more and more transactions is all about [evaluating] the risk of performing a transaction with or without it.

Wouldn’t the demand for efficiency push industry and government toward the use of just one or two credentials?

Pattinson: To me, this is just a transactional ability to prove who I am at the point of enrollment. After that, you’ve potentially got other identification mechanisms like those we carry today. We have a whole host of cards that we carry in our wallets and purses that have ID-based information for [use with] individual systems.

Harper: This idea of a voluntary system is rather at odds with the circumstances in which we are talking about having a biometric Social Security card.

You’ve got 7 million employers around the country already equipped to use it for employment verification, and you’ve got lots of politicians who want to solve things that are problems from their perspective. We’ve already seen legislation with regard to Real ID [federal standards for driver's licenses], for access to financial services and credit at the state and local level. You’ve seen proposals to require proof of immigration status for housing. There have even been things floated in the past because of the methamphetamine problem that a national ID should be required of people to buy cold medicine.

So the uses of this national credential, once it’s in place, are limited only by the imagination of regulators. And [the notion of it being voluntary], that just disappears over quite a short period of time.

What’s the political will for going forward with this, given everything else that’s going on today?

Harper: I think, frankly, that the stabs at national ID such as Real ID and PASS ID [a proposed replacement of Real ID] have delayed progress because everyone thinks that’s where it’s going to happen. And trying to do this at the federal level through the Social Security system I guarantee would take 10 years even if everyone agreed on it. It’s really just keeping us from letting innovation and invention and private capital go to work on this problem and start building identity systems and credentialing systems that are really creative and user-friendly.

If you haven’t met the challenge of consumer uptake, trying to force it on people through the government is not going to work either.

Pattinson: I think certainly we owe it to our citizens to provide something. There is a need. We are unable to present identity and be able to prove it in the virtual world and in our digital lives today.

What I’m suggesting is just a simplified view of being able to have one credential that could facilitate the enrollment into [other systems] and give you a trusted persona under any commercial organization. But trusted back to something that we need in our society to know who we are dealing with and [allow] an individual to be able to prove it.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Thu, Sep 3, 2009 Frodo Arizona

Why not a chip under the skin, or better yet, in a few years, a chip in our brain so no one will break any laws and always be a good citizen.

Tue, Aug 25, 2009 Dave

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." - Ben Franklin. Horrible idea. You think identity theft is a problem today? Wait until you ONLY have ONE national identity, and it gets stolen.

Tue, Aug 25, 2009 ArmySSG MO

I think America needs an ID card similar to what the military and other DoD employees use. The card we use has our picture, service affiliation, SSN, a 2D/3D personal info scan, mag strip scan, smart-card chip, biometrics, and electronic ID/encryption certificates. When we are issued this card the electronic certificates are stored in a central database. That database is accessible by those with an ID card. The states could adopt this card for ID and/or drivers licenses. I am required to login to computers with it and a PIN number of my choosing. No passwords to remember. Businesses, especially Internet retailers could use the certificates for identication and verification with online purchases. Websites could also use it for logins to their site. Employers could use it to login to their corporate network. Again no more username/password. An alcohol retailer from Nebraska wouldn't have to know what an ID from Florida is supposed to look like. If someone from New York loses their license while in California they could get it replaced with out going home. The possibilites are too numerous to mention.

Tue, Aug 25, 2009

Not only no, but Hell No. Sure a nationl ID card would be convenient and useful. But that is far outweighed by the downside risks of having a convenient way for the well-meaning Nanny State to keep track of us. (For our own good, of course.) They have been trying to back-door their way into national ID card via the standardized drivers licenses and such, and are already getting pushback from the states. The Federal Government has usurped way too many of the functions and powers of the state and local governments already. I'm not ready for 'Your papers, please?'

Mon, Aug 24, 2009 Charlemagne Brussels

Mr. Pattinson is paid by a French ID-Card maker, Mr. Harper by a Reasearch Institute. What wonder of their interest ?

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group