With hacks on the rise, is it time to revisit a national ID?
- By Derek B. Johnson
- Sep 13, 2019
A national identification system has been pitched as a potential alternative to a current identity system that experts say is broken and makes it too easy for criminals and other bad actors to trick financial institutions and engage in fraud, but the idea has traditionally run up against fierce resistance. However, it is becoming more popular over the past decade as countries like India, the Philippines, Estonia and others have developed their own national ID systems.
Rep. Bill Foster (D-Ill.), who chairs the House Financial Services Committee Task Force on Artificial Intelligence, said he believes a wave of high-profile data breaches over the years combined with an epidemic of identity-based fraud has provided an opening to revisit the idea.
"I think that the political ground has been shifting on this," Foster told FCW following a Sept. 12 hearing on identity and authentication challenges. "I think that, historically, there's been a big aversion in this country to anything that smelled like a national ID card, and there's been opposition from the ACLU on the left and the 'Red Dawn' contingent on the right. But in between, there's a big hunk of people who are just sick and tired of having to replace their credit cards every time their numbers get stolen."
As an example, he pointed to an amendment that passed through the House appropriations process earlier this year that overturned a decades long ban on funding a unique patient identifier for electronic health records. While that provision still needs Senate and White House approval, Foster noted that he was able to get a Republican co-sponsor and "a pretty strong bipartisan vote" – the measure passed 246 to 178. A similar coalition, he argued, could develop around creating more trusted forms of identity and authentication, including a possible federal ID system.
"This is a thing where's there's a good chance that both sides of the aisle will be able to hold hands and jump together," said Foster.
Something most experts agree on: The status quo is not working. Data breaches and other compromises have made personal data so widely available on the black market that government-issued credentials like Social Security numbers are longer suitable for identity validation.
Financial institutions are looking to emerging tools like artificial intelligence to suck up data from sensors, transactions, phones, social media and other digital traces to identify and authenticate a customer's identity. Anne Washington, assistant professor of data policy at New York University, testified to Foster's task force that such algorithms "are not ready to disambiguate enormous sets of people," often do not require end-user authentication of scraped information and have led to individuals finding themselves unable to convince institutions they are who they say they are.
In an interview, she told FCW that organizations in the public and private sector are, by and large, unprepared to deal with situations where their data is wrong or certain groups slip through the cracks, and this needs to be addressed before larger policies or regulatory actions can be considered.
"I don't think you're going to regulate how AT&T is going to handle an identity conflict, or the DMV is going to handle an identity conflict," Washington said. "Those are going to be internal business decisions, so my point is that organizations need to start themselves figuring out what these dispute resolution processes are."
A national ID card or number will continue to face opposition from a number of civil liberties and limited government groups, who view it as a stalking horse for greater abuses by government authorities down the line.
"Just as the original restrictions on the use of the Social Security card have been all but eliminated, limits on a national I.D. number or card would be ignored or legislated away," the ACLU wrote in a policy statement on the issue. "There would be an irresistible temptation to use the data for purposes for which it was never intended, including government surveillance."
It's not just ideological groups that take issue. Jeremy Grant, a coordinator with the Better Identity Coalition, told FCW his organization doesn't support the idea, calling it a "highly politically charged" issue that tends to stop the debate around better identity practices in its tracks and doesn't address the underlying problem: the need to modernize our current identifications.
"The point we make … is that the country already has a number of nationally recognized, authoritative ID systems that we use today: driver's license, passports, Social Security numbers as well," said Grant. "We don't need a new card, in fact the biggest problem is we have too many cards, we have too much paper, and the way we're doing business these days is digital."
Rather fight over a national ID card, Grant said policymakers would be better served convincing or compelling state Departments of Motor Vehicles to develop digital versions of their own ID cards and to develop a way to "vouch for [licensees] online."
Grant, who led the Obama administration's Strategy for Trusted Identities in Cyberspace initiative, acknowledged that nothing is unhackable and some security tradeoffs could be involved, but he argued that paper-based IDs have not helped prevent an epidemic of identity-based fraud, and a digital ID would provide a trusted identifier for organizations and individuals to leverage more modern tools.
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.
Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at firstname.lastname@example.org, or follow him on Twitter @derekdoestech.
Click here for previous articles by Johnson.