The National ID Card

It’s been almost 15 years since I last considered forging a driver’s license but, thanks to modern technology, it’s easier than ever. Scan a real license, import it into Photoshop, change the name, birth date, and picture, and print to photo paper on a color printer. Add your state’s watermark on transparency film and laminate it all together. You’re all set—go buy yourself a beer, son. Or, more to the point, go get on an airplane. As proof of identity, today’s ID cards are a joke.

As Oracle Corp. CEO Larry Ellison recently pointed out, any credit card is substantially more sophisticated than most government-issued IDs. He went on to propose that the United States adopt a system of “digital IDs” backed by Oracle database software, which he would provide for free. Modern technology can vastly improve the field of personal identification. The question is, will it do enough to help the fight against terrorism?

When civil libertarians heard the phrase “national ID card,” they dived into their bunkers. But Ellison only proposed the following:

• That a single digital ID replace the many government ID cards currently issued, such as driver’s licenses and Social Security cards.
• That these IDs be instantly readable, so they could be used, say, by airline passengers who volunteered to carry them to speed the process of clearing airline security.
• That existing governmental databases be combined to make access to information easier and faster.

Ellison isn’t alone in proposing a national ID. The new terrorism bill just signed into law requires digital IDs for all travelers arriving in the United States, and the Defense Department has ordered “smart cards” as IDs for all 4.3 million military personnel.

Should the nation commit itself to deploying national ID standards or requiring citizens to carry them, as some members of Congress urge? Webhead will leave it to the lawyers, politicians, and civil libertarians to argue it out. But how they work and whether or not they’re practical—given today’s technology—is Webhead’s meat and potatoes.

Building the National ID Card
Proponents of a national ID card envision a “smart card” the size of a credit card and probably a little thicker and somewhat more durable. What makes a smart card smart is the capacity to store digital information, often rerecordable. A standard credit card actually qualifies as smart, because it encodes your card number, expiry date, and name on the magnetic strip on the back. The New York City subway’s MetroCard is also a smart card, but both are pretty dumb as smart cards go. Moving up the IQ ladder, you find smart cards equipped with “flash” memory (the kind used in digital cameras), a microprocessor, or other electronics that aid in scanning the card and storing vast quantities of information. Many corporations (Microsoft among them) and governmental agencies issue smart cards to employees as IDs so they can enter secure buildings by waving their cards near a scanner.

An ID such as Ellison proposes must match the ID to its holder. The easiest way to do this is to use a PIN, as ATM cards do. The U.S. military is taking this approach. But PINs can be stolen, so something more reliable is desirable. Driver’s licenses and passports use photographs, but photographs can easily be altered and depend on fallible humans to make the matches.

The best way to match an ID to an individual is to record his unique “biometric” information—fingerprint whorls, the shape of the bones in his hand, voiceprint, or the pattern of his retina—onto the ID. Fingerprint scanning is widely available at reasonable cost from Digital Persona, Identix, Sony, and others. Because biometrics are statistical in nature—”this thumbprint looks 97 percent like the one on record”—the wrong person might be matched to an ID. But even with today’s technology, this is already statistically very unlikely. I’d trust my bank account (and my family’s safety) to a modern fingerprint reader if IDs must be unforgeable (and otherwise what’s the point?). Thanks to encryption technology, which allows issuers to “lock” the contents (biometric data, name, age, date and place of birth, and other information) and allows only authorized users to read it, the best of today’s cards are unforgeable. But building the card itself is only the beginning. Ellison wants to link ID cards to databases maintained by the Immigration and Naturalization Service, the military, FBI, and state and local police. Is modern database technology up to the job of maintaining such a gargantuan storehouse of data?

Let’s say we go whole hog with our national ID and store 50 pages of text per U.S. resident in the database. That would be more than adequate to accommodate the information kept on each individual by the various branches and agencies of government. Fifty pages translates into 100 kilobytes of data, so given a resident population of 280 million, the national ID database would contain 28 terabytes of data (a terabyte is a trillion bytes). That’s big, but demonstrably within the realm of today’s technology. For instance, SBC Communications (one of the Baby Bells) maintains a 125-terabyte data warehouse. To be of any use in airport security or immigration clearance, authentication of the card against a national database would have to be fast. But today’s databases are very fast—consider how quickly Amazon.com customizes a home page for each of its tens of millions of customers. A recent Wall Street Journal article speculated that maintaining an entry and exit database for foreign visitors would swamp current database technologies, but that’s not really the case. Some 350 million visitors enter the United States every year. On an extremely busy day at the border, the authorities would have to make 10 million database changes. That sounds like lots of transactions, but it’s no more than a medium-sized bank handles daily.

While the underlying technology of a national ID card system is largely proved, I have grave doubts about whether or not it would deliver as promised. Consider:

Digital IDs can’t be faked, but identity can. The data in a digital ID can only be as good as its source. The people entering the data into the cards can be deceived by forged birth certificates or they can be bribed to issue fake IDs. The problem is compounded when you produce ID cards for visitors arriving from countries where visas, passports, and driver’s licenses are easily forged.

Technology is wonderful. Technology implementations are not. If every thumbprint reader at the U.S.-Canadian border goes on the fritz, do you stop traffic until new units are flown in? No, you revert to the time-consuming, error-prone manual checks that we know and now fear, and then the bad guys slip in. I’d be reluctant to switch to a national ID card system before I was convinced that it was 99.999 percent reliable, like the telephone system. And I think we’re a long way from there.

You can have it good, cheap, or fast—choose two. Large systems take time to design and implement well. Building an effective ID system quickly would require the information technology equivalent of the Manhattan Project, and even then I’d worry that civil liberty concerns were being overlooked.

So, Larry, I applaud your effort to improve national security by replacing our current slapdash system. And I’ll even give you the benefit of the doubt that you aren’t pitching the idea to line the pockets of the Oracle database experts who’d maintain the system. But I fear that the time for a national ID card system has not yet come. It would be grossly expensive to build and maintain, and I have no confidence that it would work as promised. Worst of all, I worry that its fancy technology would give us a false sense of security and breed dangerous overconfidence in the security personnel who should be most vigilant. It will take something more than technology to make me feel safe again.