National ID card gaining support

National ID Card Gaining Support

By Robert O'Harrow Jr. and Jonathan Krim
Washington Post Staff Writers
Monday, December 17, 2001; Page A01

Second in a series of occasional articles

Navy Petty Officer Wellington Jimenez walked into the identification room
at Fort Hamilton in Brooklyn one day recently and gave his name, rank and
fingerprint. In return, he got a token of the future: a plastic ID card
embedded with a computer chip.

The card -- with two photos, two bar codes, a magnetic stripe and the
etched gold chip -- looks like a driver's license on steroids. More than
120,000 active duty military personnel, selected reserves, Defense
Department civilians and some contractors have received the cards in recent
months.About 4 million are to be issuedover the next two years.

When Jimenez sits down at a computer on his next ship, the USS George
Washington, he will slip the card into a device that will electronically
scramble, or encrypt, his e-mail to prevent outsiders from reading it. The
same card will automatically give him access to secure rooms across the
world. At a military hospital, its chip will one day summon his medical
records. Used as a debit card, it may even buy him a sandwich at a base
cafeteria.

And more than ever, the cards will enable Defense Department officials to
look into their databases and know the doorways he passes through, the
computer he accesses, the doctor he sees, all of which is fine with Jimenez.

"I know the government will have more access to my information," Jimenez
said. "But I know it's going to be used in the right way. I feel protected."

The high-tech IDs, the latest in "smart cards," were designed for tracking
personnel across the globe and running more secure and efficient military
operations. But now they are models for something that was unthinkable
before Sept. 11: national identification cards for all U.S. citizens.

Almost from the day the planes hit the World Trade Center and the Pentagon,
members of Congress, security experts and high-tech executives have
endorsed the idea of some new form of identification system as a critical
weapon in the fight against terrorism. They believe the cards, linked to
giant databases, would be invaluable in preventing terrorists from
operating under assumed names and identities.

Any such proposals in the past foundered on a distrust of centralized
government as old as the American republic. Opponents raised the specter of
prying bureaucrats with access to databases full of personal information,
of Gestapo-like stops on the street and demands to produce papers, and the
kind of unchecked police authority that would erode constitutional
protections.

The nation's new consciousness of terrorism, a product of both the fear and
anger engendered by Sept. 11, has markedly changed the way Americans think
about security, surveillance and their civil liberties. For many people,
the trade-off of less privacy for more security now seems reasonable.

As Alan M. Dershowitz, a Harvard University law professor, wrote in October
in endorsing a national ID card, the "fear of an intrusive government can
be addressed by setting criteria for any official who demands to see the
card."

"Even without a national card, people are always being asked to show
identification," he said. "The existence of a national card need not change
the rules about when ID can properly be demanded."

Airport Security Needs
The new enthusiasm for ID cards is not the only example of a changed
attitude toward privacy issues. Face recognition systems that link
computers and cameras to watch passing crowds spurred so much controversy
last summer that many public officials refused to consider using the
technology. Now airports across the country are clamoring to test and
install such systems. Congress in October approved a sweeping
anti-terrorism bill that gives authorities much broader powers to monitor
e-mail, listen to telephone calls and secretly gather records. And the Bush
administration, led by Attorney General John D. Ashcroft, has proposed a
series of other measures with wide public support.

In a recent Washington Post-ABC News poll, almost 3 of 4 people said they
support government eavesdropping on telephone conversations between
terrorist suspects and their lawyers. For the first time, there is also
strong support for secret tribunals for terrorist suspects and more
government wiretapping. On the specific question of a a national ID card,
about 70 percent of those recently polled by the Pew Research Center said
they favor a system that would require people to show a card to authorities
who request it.

"We're willing to accept this immense flow of data to law enforcement and
their proxies to make sure we feel safe and secure," said Marty Abrams, an
information technology specialist at the law firm Hunton & Williams and
former senior credit bureau executive. "The equilibrium point shifted. It
was a massive movement by society."

Abrams, privacy advocates and some lawmakers wonder whether all the
implications are being considered. "We haven't really looked at what this
means in the long run," Abrams said. "In our rush to make ourselves feel
safer, have the appropriate due processes been worked out?"

To be sure, the political hurdles to a national ID card remain huge.
President Bush has publicly downplayed their benefits, saying they're
unnecessary to improve security. Bush's new cyberspace security chief,
Richard Clarke, recently said he does "not think it's a very smart idea."

Logistical problems and the potentially enormous costs make it unlikely
that a mandatory, national ID system could soon be adopted. In recent
testimony before Congress, former Wyoming senator Alan Simpson, a supporter
of more secure identification methods, warned against using the phrase
"national ID" at all because of the political sensitivities. "That's a
diversion for people who like to talk about . . . Nazi Germany," he said.

But a range of steps now underway could lead to a de facto national ID
system that could accomplish many of the same goals.

The American Association of Motor Vehicle Administrators, for example, a
group of state officials, is devising a plan to create a national
identification system that would link all driver databases to high-tech
driver's license cards with computer chips, bar codes and biometric
identifiers.

Technology specialists at the Justice Department and General Services
Administration have acknowledged they are working with motor vehicle
officials and commercial vendors to develop a standard for some sort of ID
system, mandatory or not.

The Air Transport Association, meanwhile, has called for the creation of a
voluntary travel card for passengers that would include a biometric
identifier. They proposed linking the card to a system of government
databases that would include criminal, intelligence and financial records.
Passengers who agree to use the card would have easier access to airplanes.

A bill introduced in Congress by Rep. Stephen Horn (R-Calif.), would
establish a Commission on Homeland Security to study the federal
government's efforts to protect U.S. security, including the use of
national identification systems.

"This commission is not intended to resolve the national identification
issue," said Horn. "It is merely to advance the debate in light of the
September 11 attacks and the changed world in which we now live."

Fighting Fraud
Much of the momentum for a card has been generated by the fact that five of
the 19 terrorists involved in the attacks on New York and at the Pentagon
were able to obtain Social Security numbers, even with false identities.
The other 14 probably made up or appropriated other numbers and used them
for false identification, according to Social Security officials.

At least seven of the hijackers also obtained Virginia state ID cards,
which would serve as identification to board a plane, even though they
lived in Maryland motels. "If we can't be sure when interacting that
someone is who they purport to be, where are we?" said James G. Huse Jr.,
the Social Security Administration's inspector general.

Over the years, the government has found myriad ways to get involved in the
identity business -- passports, for one, or state-issued driver's licenses.
A Social Security number is a ubiquitous identifier, now used far beyond
its original purpose.

Still, there is broad recognition that existing forms of identification are
inadequate, an awareness that has been fueled by an explosion in the number
of financial crimes in which fraud artists adopt the identity of their
victims.

Social Security cards contain no authenticating information, such as
pictures, and they can be easily forged. Pilot licenses are often printed
on paper. Driver's licenses, even those now designed to be tamper-proof,
also are vulnerable to abuse because they can be obtained with fraudulent
birth certificates, Social Security cards and other documentation.

Tamper-proof smart cards don't necessarily worry privacy advocates, who
have made identity theft a banner issue in recent years. What does trouble
them is the more complex question of whether a national ID system should go
beyond simple authentication of an individual's identity.

Proponents argue that security can be achieved only with a smart card that
can cross-check various storehouses of personal data to determine whether
someone should be viewed with suspicion. That would mean, for example, that
an airline ticket agent swiping a card would be warned, by law enforcement,
intelligence and some private databases, about an individual who overstayed
a tourist visa, is on a government watch list or who is wanted for a crime.

In the world before Sept. 11, a large majority of Americans expressed
concerns about personal privacy in surveys, and those concerns focused on
the increasing collection of data -- names, addresses, buying habits and
movements -- by businesses interested in developing ever more sophisticated
marketing campaigns.

At the same time, they also demonstrated a willingness to surrender
personal information for discounts or conveniences, such as cheaper
groceries, faster passage through toll booths and upgrades on airline
travel, one reason for an enormous growth in databases in recent years.

"It's massive,"said Judith DeCew, a Clark University professor and author
of "In Pursuit of Privacy: Law, Ethics and the Rise of Technology." "It's
financial information. It's credit information. It's medical records,
insurance records, what you buy, calls you make. Almost every action or
activity you participate in while living a normal life potentially
generates a huge database about you."

Tapping Data
State and federal governments alsoexpanded their data networks and use of
personal information. Nearly every time policemake a traffic stop, for
example, they tap into National Crime Information Center databases to check
whether the driver is a known criminalor suspect.And as part of a new and
aggressive effort to track down parents who owe child support, the federal
government created a vast computerized data-monitoring system that includes
all individuals with new jobs and the names, addresses, Social Security
numbers and wages of nearly every working adult in the United States. Under
the system, banks are obligated to search through lists of accounts for
deadbeats, or turn the data over to the government.

Government agencies have also contracted with private companies for
information. The Internal Revenue Service, for example, hired a data
company called ChoicePoint Inc. to give about 20,000 employees instant
access to 10 billion public records containing housing, financial and other
personal information about individuals. ChoicePoint provides data to the
FBI and other agencies as well.

Privacy groups are troubled by the evolving uses agencies, marketers and
others find for the new databases. Law enforcement authorities and private
attorneys, for instance, regularly use subpoena power now to gain access to
grocery, toll and a bonanza of other kinds of privately collected data for
use in civil and criminal cases. And many of the databases that grew so
quickly in recent years are now being studied for their potential value to
law enforcement authorities.

Acxiom Corp. is lobbying Congress to change a relatively new law that
limits their use of driver's license numbers. Acxiom wants to use those
numbers to create a new authentication system at airports, improving the
ability of clerks to ask travelers personal questions about their lives
that would help verify who they are.

A centralized ID database system would dramatically speed verification and
make life more convenient for travelers, airlines and others. The
disadvantage, according to civil liberties activists, is that agencies
would gain access to unprecedented amounts of aggregated data. They also
would have to be relied upon to ensure the database is current and
accurate. Questions about who would maintain the database and gain access
to it would be thorny ones.

An alternative would be to configure databases to allow certain pieces of
information, or fields of data, to be accessed by the smart card. This
approach would limit the amount of information contained in a single
database.

"Any national ID system, regardless of who controls it, has a tremendous
potential for misuse and abuse," said John Berthoud, president of the
National Taxpayers Union in Alexandria.

Even a de facto national ID system, of the sort proposed by motor vehicle
administrators, would dramatically ease the collection of sensitive
personal information about individuals by linking it all to a single,
unique identifier: A smart card with a fingerprint or other biometric.

Simon Davies, director of Privacy International, a London-based advocacy
group that has studied national IDs, said the computers and networks in a
centralized system would also become targets of hackers. In recent years,
scores of private and government databases, containing financial, medical
and other personal information, have been breached by hackers, some who
publicized the data or used it in fraud schemes.

It also could make it easier for a successful forger or hacker to maintain
a false identity, since authorities would be so trusting in a new,
high-tech system. A lost or stolen card under such a system "will paralyze
your card or your identity for days or weeks," he said.

"At this point, you created a huge technological infrastructure of such
massive proportions it trips over its own shoelaces," he said.

Global Roots
More than 100 nations have a form of national identification and use them
in a variety of ways to improve security, assist law enforcement and make
the delivery of services more efficient.

In Spain, for example, an ID card is mandatory for all citizens older than
14, and they're required for many government programs. Argentinians must
get a card when they turn 8 and then re-register at 17. Kenya requires its
citizens to carry an ID at all times. Germany likewise requires all
citizens over 16 to carry a card that's similar to a passport.

Belgium first used ID cards during the German occupation in World War I.
Today every citizen older than 15 has to carry one, and it is used as proof
of age and identity for an array of consumer and financial transactions. It
also allows Belgians to travel to several countries without a passport.
Police officers in Belgium can request to see the card for any reason, at
any time.

Finland has one of the most sophisticated systems in the world, including a
voluntary smart card that comes with a computer chip and serves as a travel
card, or "mini-passport," in at least 15 European countries.

Much like the Defense Department card, which is officially called the
Common Access Card, the Finnish ID enables users to electronically sign and
encrypt online documents. Eventually, it would allow users to improve the
security of cell phones by scrambling calls. To protect against fraud or
misuse, officials limit the amount of personal information contained on the
chip.

If a new ID card system is developed in the United States the initial users
are likely to be immigrants and foreign visitors. Last month, Sen. Dianne
Feinstein (D-Calif.) and Sen. Jon Kyl (R-Ariz.) introduced legislation that
would require foreign nationals to use high-tech visa cards containing a
fingerprint, retinal scan or other unique identifier. It also would create
a centralized "lookout database" containing information about known
terrorists and other U.S. visitors deemed threatening.

Larry Ellison, chief executive of Oracle Corp., the world's largest
database software maker, favors a voluntary card for all citizens, much
like what the Air Transport Association endorsed. But he agrees that such a
system might ultimately serve the same purpose as a national ID, if people
found that travel and other activity was too inconvenient without it.

To critics such a card would open the door to a host of difficult questions
over when and where it would be used. Could Greyhound require it, even if a
person wants to pay cash? A hardware store? A hardware store if you buy
only certain things, such as large quantities of fertilizer? Who decides?
How would an individual's name be shared? And what if a database is
mistaken -- what kind of access and recourse would an individual have?

"Those are political decisions that need to be made," said Ellison, who was
among the first to promote a national ID system and pledged to donate
computer software to make it possible. "I just think people need to ask
themselves who they trust more, terrorists or the government?"

The driver's license proposal stands as an alternative to a single national
card. A technical standard would define the security features of the card,
but it would allow states the freedom of creative design and put the burden
on them for administering it. Proponents of this approach acknowledge it
could easily assume all the features of a national ID card once other
government agencies and private companies begin tailoring their computers
to capture information from the card.

And even if it were approved today, proponents say, the card would take
years to unveil, as motor vehicle administrators arranged funding and
drivers reapplied for licenses.

Deirdre Mulligan, director of the Samuelson Law, Technology and Public
Policy Clinic at the University of California at Berkeley, said she
believes a single ID system would be overly intrusive and ineffective. She
said any decision to adopt such a system should be made by elected
officials, not motor vehicle bureaucrats or private companies. "The debate
about a national ID card is not something that should occur in the darkroom
of some administrative process," Mulligan said.

Robert Ellis Smith, a lawyer and privacy specialist, said the push for a
national ID card is based on the false belief there can be a simple,
high-tech solution to an immensely complex problem. "One way to predict the
effectiveness of a national ID number or document is to look at
environments where the true identity of all residents is known: prisons,
the military, many workplaces, many college campuses," he writes in a new
paper about national ID cards. "And yet these places are far from crime
free."

A national identification system would raise privacy questions, said Tate
Preston, vice president at Datacard Group, which creates high-tech IDs. But
the need for a better identification system is beyond question.

"In the 19th century, it was sufficient to ask who you are," he said. "In
the 20th century, it was sufficient to show who you are," he said. "In the
21st century, you will have to prove who you are."

In accordance with Title 17 U.S.C. Section 107, any copyrighted work in this message is distributed under fair use without profit or payment for non-profit research and educational purposes only. [Ref. http://www.law.cornell.edu/uscode/17/107.shtml]