What's Wrong With A One-Size Fits All Identity?

Fri May 25 10:28:48 PDT 2007

<http://www.cato.org/pub_display.php?pub_id=8182>

Cato Institute

by Jim Harper

Jim Harper is director of Information Policy Studies and the author of
Identity Crisis: How Identification is Overused and Misunderstood.

The REAL ID Act is a federal law passed in May 2005 under which the federal
government seeks to standardize state-issue ID cards and drivers' licenses.
The bill says that as of May 11, 2008, "a Federal agency may not accept,
for any official purpose, a driver's license or identification card issued
by a state to any person unless the state is meeting the requirements" of
the law.

But opposition to the law at the state level is strong and growing. Three
state legislatures have already passed resolutions declining to participate
in the REAL ID system (which the law says they are free to do, at some
inconvenience to their citizens, who may need other forms of
identification, such as a passport or birth certificate, for federal
purposes). More than half the states have legislation in the works to
reject this unfunded surveillance mandate. It may turn out that no state
will comply with REAL ID by the law's May 2008 deadline.

Opposition to REAL ID is well founded. The Department of Homeland Security
estimates at least $17 billion in costs to get REAL ID up and running.
There are huge, and probably incurable, privacy and data security problems
with the nationally accessible databases of sensitive personal information,
and with the nationally uniform card system, called for by the law.

The nominal purpose of REAL ID was protecting national security, but this
justification continues to fade as people learn the weaknesses of
identity-based security. The remaining support for REAL ID comes from
anti-immigrant groups who have yet to realize what a small margin of
immigrant control they would get for the price they would pay. REAL ID
would exact a heavy toll in dollars, convenience, privacy, and liberty from
law-abiding, native-born American citizens.

Granted, something must change with identification. The growth of large
institutions over the last century and the explosion of remote commerce in
the last few decades have overwhelmed the identification systems we have.
The Social Security number and the driver's license were not designed for
the purposes we now put them to. They are accidental identifiers, and it
shows: They fail to provide institutions sufficient proof of identity, and
they fail individuals by depriving us of information control.

So what is the way forward? We should start by actually devising some
identification polices, rather than stumbling forward on our current path
merely because it's the path we're on.

If a variety of private identification providers were to compete in terms
of price, quality, ease-of-use, and even privacy, we'd get a lot better
than we're getting from the DMV.Think of identification as an economic
service like payments or telecommunications. There are a plethora of
payment systems, each with strengths along certain dimensions and
weaknesses along others. Most of us choose among cash, checks, credit
cards, and other methods as they fit our purposes. So it is with
telecommunications: mobile phones, instant messaging, email, landlines-each
meets the different needs we have in different communications.

What about identity and credentialing? Proving who someone is, or proving a
particular qualification, are essential parts of transacting that are
somewhat difficult over long distances or with strangers. But here's how we
deal with it: Need to prove your age? Show government-issued ID. Need to
prove that credit card is yours? Show government-issued ID. Need to prove
you're not a security risk? Show government-issued ID. The list goes on.

Identification has long been assumed a government function, but that's only
because, at some point, government assumed that function. Alternatives to
government-issued ID are needed-and they're coming.

At the Orlando, Florida airport, for example, the U.S. Transportation
Security Administration accepts the Clear Card issued by New York's
Verified Identity Pass as proof that a person is part of the TSA's
Registered Traveler program. The Clear Card comes with a key
anti-surveillance feature: Users aren't identified to the government and
their uses of the cards aren't recorded and stored. Biometric data stored
on the Clear Card (but not in a database) ensure that only the owner can
use it, and the proof that a person is a Registered Traveler is enough
information for the TSA. That's all the information TSA gets. No database
of Americans' travels is created.

Future identification cards and credentials could act as proof of age when
that is needed, as movie tickets or other bearer documents when that is
needed, or as payment cards when that is needed. They could provide
identity information only when identity is actually relevant, which is not
as often as people often think. This would bring information about us under
our control-privacy protection by design. If a variety of private
identification providers were to compete in terms of price, quality,
ease-of-use, and even privacy, we'd get a lot better than we're getting
from the DMV.

Government isn't always part of the problem. It can be part of the
solution. Governments should accept, and permit businesses to accept,
identification cards and credentials that meet sufficient standards. They
should stop requiring "government-issued ID" by rote.

There is an alternative to the REAL ID Act and the national ID on our near
horizon. It's identification systems and credentials that are high in
quality, easy to use, and privacy protective. This idea isn't just a
feel-good. These systems will be huge enablers of secure but private
commerce. Identification and credentialing is a multi-billion dollar market
if governments can be made to relinquish control of it.

This article appeared on American.com on April 11, 2007.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'