- By William Matthews
- May 27, 2002
Shane Ham looks forward to the day when he can make a credit card purchase, borrow a library book, board an airplane, enter his locked office building or pay a parking lot fee all with one card — his driver's license.
An encrypted biometric identifier would protect his license, making it utterly useless to anyone else — thief, computer hacker or dishonest waiter.
When Barry Steinhart contemplates the same card, he is aghast.
The idea is dangerous for America as a society, Steinhart said. "It would facilitate the creation of the surveillance society that Americans have always resisted," he said.
Before long, Steinhart fears, the card will be demanded at doctors' offices, gas stations and highway tollbooths. It will be required not only for boarding airplanes, but for boarding subways and buses as well.
Every time a police officer, a security guard or a store clerk scans the card, Steinhart worries it will add to a database that keeps track of where the holder has been and what he or she has been doing.
To Ham, a technology policy analyst at the Progressive Policy Institute, the multiuse, smart card driver's license offers a neat technological solution to the glaring weakness of current identification documents — and it throws in the benefit of promoting e-commerce and e-government.
To Steinhart, associate director of the American Civil Liberties Union, the idea is simply a national ID card disguised as a high-tech driver's license and is likely to evolve into an "internal passport."
Debate over national ID cards dates back decades. The Reagan administration briefly considered them as a way to discourage illegal aliens from entering the country — an ID would be required to get a job. Then, during the 1990s, various versions of national ID cards were considered as ways to track "deadbeat dads," distribute health care benefits, control gun sales and reform Social Security.
All were rejected. "This idea has failed several other times," said Ari Schwartz, a policy analyst at the Center for Democracy and Technology.
But since the Sept. 11 terrorist attacks, calls for national ID cards are being heard again. "This is an attempt to push national IDs under the national security banner," Schwartz said.
Proposals in Play
In January, the American Association of Motor Vehicle Administrators launched the effort that now has the most momentum. AAMVA is urging Congress to require — and fund — the creation of more secure, nationally uniform driver's licenses. Driver's licenses, the association said, "have become the most requested form of identification in North America."
AAMVA wants all states to be required to adopt uniform and stricter standards by which states verify the identities of people applying for licenses. The association wants licenses to include a "unique identifier," such as a fingerprint or eye scan, as well as other security features. And it wants state databases to be linked so authorities in any state would have virtually instant access to the driving records of all other states.
Legislation introduced by Rep. Jim Moran (D-Va.) would fulfill AAMVA's wishes and then some. Drafted with help from Ham, Moran's Driver's License Modernization Act of 2002 would require states to issue driver's licenses with embedded "smart chips" to hold encrypted biometric data, such as a digitized fingerprint or eye scan.
A driver's data would take up only a fraction of the chip memory. The extra space could be partitioned to hold additional applications, from credit card accounts and digital food stamps to voter registrations and fishing licenses. The license could also hold a digital signature, enabling license holders to verify their identities online.
That feature, the Progressive Policy Institute contends, "will jump-start the New Economy, making off-line and online transactions more convenient and more secure than ever before."
AAMVA asked for $100 million to fund the uniform license initiative, but Moran has proposed spending $315 million. He introduced his bill May 1 with Rep. Tom Davis (R-Va.), decrying that terrorists had been "able to weave into the fabric of American society" by fraudulently obtaining driver's licenses. He said his legislation "could make a profound difference in personal and national security."
Moran ensured that his legislation would prohibit using the new driver's licenses to track individuals. The bill contains "very strict controls for privacy," he said.
National ID or Not?
Ham, who explained the technical details of the bill, insisted, "This bill does not create a national ID card in any sense."
That's a claim the ACLU and others dispute. "It clearly establishes a national ID system," said Katie Corrigan, the ACLU's legislative counsel. And a committee of the prestigious National Academy of Sciences agrees.
In a report in April, the committee said the "AAMVA proposal to link state motor vehicle databases is a nationwide identity system. So is the recent proposal to create a traveler ID and database to expedite security checks at airports."
A "trusted traveler card" for frequent airline passengers is being developed by the Transportation Department. Like the smart driver's license, the trusted traveler card would contain a biometric identifier and personal information in digital form.
To qualify as trusted travelers, individuals would have to be thoroughly screened by law enforcement agencies to ensure that they pose no security threat. Then, with trusted traveler cards in hand, they would be allowed to move quickly through airport security checkpoints while other travelers are subjected to more thorough searches.
But shortening lines at airports and ensuring the identities of driver's license holders is just a fraction of what the ID cards and their associated computer systems can do, according to the National Academy of Sciences' Committee on Authentication Technologies and Their Privacy Implications.
Every time a driver's license or trusted traveler card is used, it could create another footprint in an electronic trail left by its owner, compiling a record of individuals' travel, purchases and other activities. The cards would permit "a tremendous amount of tracking," said Stephen Kent, the committee's chairman.
To Kent, that raises serious questions: "Under what circumstances would you be required to present the ID? Every time you use a credit card? When you pay for something with a check? When you use cash to make certain purchases?"
From a law enforcement perspective, the enormous amount of data that could be collected might open a vast front for investigation. Data mining could detect "abnormal or suspicious patterns of behavior that accompany the planning or execution of a terrorist act," the committee wrote.
An unusual series of gun purchases, atypical sales of explosive materials or suspicious money transfers uncovered by data mining could point police toward potential terrorists or criminals, Kent said. It could also, however, cast suspicion on entirely innocent activity. Such data collection and analysis would also constitute an enormous invasion of privacy that "the country as a whole would have to buy into," Kent said.
To alleviate worries about high-tech driver's licenses, AAMVA officials are urging Congress to strengthen the Driver's Privacy Protection Act of 1994 to prohibit private entities from collecting data from the smart licenses, according to Jay Maxwell, president of AAMVA.net, a telecommunications affiliate of the association.
For example, a bar might require patrons to swipe their smart driver's licenses through a card reader to verify that they are old enough to drink. But while the electronic card reader is checking the holder's age, it can also record name, address and other personal information. Using the card for age verification is fine, Maxwell said, but AAMVA wants to make collecting other information illegal.
AAMVA officials also want states to do a better job of verifying the accuracy of personal information license applicants submit before licenses are issued. That means more thorough background checks. Over time, making driver's licenses more secure could improve the reliability of other documents as well, Maxwell said. Social Security numbers, passports and other official documents are issued, in part, on the strength of identification provided by driver's licenses.
But today, driver's licenses can be bought on street corners and the Internet. "A tremendous amount of counterfeiting goes on now," Maxwell said. "The average slob in his basement can whip [up a driver's license] in a moment, and they do. We've got to close that down."
Still, the current driver's license debate never strays far from the subject of national security.
Sen. Richard Durbin (D-Ill.), who also intends to introduce legislation based on AAMVA's plan, said better driver's licenses are needed to "help us seal some of the cracks in our internal security systems."
"We learned that some of the terrorists who were responsible for the Sept. 11 tragedy carried driver's licenses issued to them by states that had extremely lax application processes," Durbin told Senate colleagues last winter.
"A driver's license is a key that opens many doors," Durbin said. "In America, anyone who can produce a valid driver's license can access just about anything. It can get you a motel room, membership in a gym, airline tickets, flight lessons and even the ability to buy guns, all without anyone ever questioning you about who you are. If you can produce a driver's license, we just assume that you are legitimate and you have a right to be here.
"My bill is about making the driver's license, which some consider a de facto national ID card, more reliable and verifiable as a form of personal identification than it is today."
Durbin's law would have AAMVA set standards that states would follow to verify identities before issuing driver's licenses. He would also give state motor vehicle officials limited access to Social Security Administration and Immigration and Naturalization Service databases to check identifications.
But will better ID cards really improve national security?
"No one really knows if a nationwide identity system could detect or deter terrorism," the National Academy of Sciences committee wrote. "Unless the database of suspects includes a particular individual, the best possible identity system would not lead to apprehension."
Better identification probably would not have prevented the Sept. 11 attacks, conclude computer scientists from Computer Professionals for Social Responsibility, a public interest alliance.
Most of the terrorists were in the United States legally, most had no records to trigger suspicion of the FBI or other security agencies, and the terrorists apparently made no effort to hide their identities, the group said. Thus, verifying their identities would not have aroused suspicion or led to their arrests.
"Knowing the identity of people will not prevent crime," the group said.
Ironically, high-tech driver's licenses themselves could create new opportunities for crime, according to Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center. Greater use of driver's licenses — not just as permits to operate motor vehicles, but for access to government and commercial services — "dramatically raises the incentives to forge or steal such credentials," Hoofnagle said.
"The economic incentive to counterfeit these cards could turn out to be much greater than the economic incentive to counterfeit U.S. currency," warns the National Academy of Sciences committee.
But there is another reason Moran's proposal to use chip-bearing smart cards as driver's licenses is alarming, Schwartz said. "Smart cards can be easily hacked." In May, two computer security researchers disclosed that they were able to retrieve protected information from smart cards using a camera flashgun and a microscope.
And there is a constant game of "hack and patch" played in the chip card industry, Schwartz said. Suppliers of satellite TV service, for example, have found that they must frequently switch smart cards to foil hackers. "It's one thing if a hacker is getting free satellite TV. But once someone's biometric is stolen, that's major trouble," he said.
Consider what would happen if one person's personal information was stolen and linked to another's biometric identifier. "It would be extremely difficult for victims of identity theft to prove their identity once a biometric other than theirs is associated with their driver's license," Hoofnagle said.
Licenses using magnetic stripes and other forms of memory, electronic chips and even biometric identifiers are all, to some degree, susceptible to forgery, the National Academy of Sciences committee said. Even if the cards themselves were foolproof, the large numbers of state employees needed to create the cards and maintain the databases would offer numerous opportunities for error and fraud.
But Kent said his committee is not ready to recommend against smart driver's licenses, trusted traveler cards or even national IDs. "We expressly did not take sides in this debate," he said, but called for much greater public scrutiny and a thorough engineering analysis of any proposed national ID system.
"We felt that the right thing to do was come up with set of questions," Kent said. Thus committee members, who include university faculty members and industry researchers and executives, raised dozens of questions about matters ranging from legal to technical concerns:
When must the ID be carried? When must it be presented to a government official? What happens if the holder refuses to present it?
May only the government use or request an ID? Under what circumstances? Which branches of the government? May any private person or commercial entity request presentation of an ID within the system? May any private person or commercial entity require presentation of an ID?
What happens if the ID has been lost or stolen? What if the infrastructure is down and the ID cannot be verified?
So far, there are few answers. "We felt at the time we were preparing the report that hardly any of the questions had been addressed," Kent said.