Ten days after the terrible day September 11, after attacks on Pentagon and the World Trade Center Larry Ellison, who at the time was chief executive officer at Oracle Corporation, started a political and technological debate. He stated that none of the airline traveling would never be safe again until all the citizens of the United States and also foreigners were required to show national ID card before entering a plane.
We need a national ID card with our photograph and thumbprint digitized and embedded in the ID card,” Ellison said in an interview with San Francisco’s KPIX-TV.
Immediate reactions had followed Ellison’s suggestion that primarily focused on the issues of social privacy and civil liberties. Almost instantly, it seemed, an ad hoc alliance of strange bedfellows—archconservatives, libertarians and civil libertarians—spontaneously formed in opposition to the idea of the government issuing a national ID.
Then American Attorney General John Ashcroft, brought up the idea the government should be welcoming this idea several day later, but White House and President Bush were not even considering anything like that.
However, several other groups were considering National ID card as the way to safety, among them was a Harvard Law School professor Alan Dershowitz that was promoting civil liberties and democracy.
Professor Alan Dershowitz had put a start for many opinions in favor of liberty when he published his popular argument in The New York Times. This article was asking what was the reason of fearing and not accepting national ID card. He was arguing for an optional way national identity card on the merits of social trade off, according to him it was a little less anonymity for a lot more security.
As a civil libertarian, I am instinctively skeptical of such trade-offs,” Dershowitz said, but added that a national ID “could be an effective tool for preventing terrorism, reducing the need for other law enforcement mechanisms—especially racial and ethnic profiling—that pose even greater dangers to civil liberties.”
Traditional political ideologies were confronted by a sense of national emergency and that was keeping the national identity card idea alive. However as it often happens, the social part of the argument played itself out, attentions soon shifter to an IT technological implication. Question discussed where about the kind of card that should be used, what kind of database or network should be created and how expensive would this all be.
That was not surprising when Ellison offered to supply Oracle database software for creating a national ID system at no cost and them all the mass media switched on him and his offer. He said that this offer was made to avoid any possibility of getting profit of war. Sun Microsystems Inc. CEO Scott McNealy quickly backed the notion of a national ID—but one built on distributed smart devices using Java to execute authentication algorithms.
It is not clear, if the government could legally take Ellison up on his offer—or if Oracle’s software would even be the right solution. Nevertheless, as technologists and government bureaucrats got down to the business of investigating what it would take to implement a national ID card, it quickly became apparent that database software and network architecture were the least of their worries.
The real challenge,” said John Moore, program analyst with the General Services Administration’s Office of Electronic Government, in Washington, “is getting all the various vendors and contractors to agree on interoperability issues—not to mention finding a way to ensure that the data you put in the card is credible in the first place. Neither of those is as simple as it might seem.”
Moore spoke from unique experience. The GSA is overseeing a $1.5 billion project to issue 3 million digital IDs to the U.S. military by the end of 2003. The experience gained from that initiative—and, just as important, the standards that result from it—is widely expected to determine the future of global identification systems.
In many ways, instituting a national ID would amount to a typical IT initiative riddled with frustratingly mundane issues: card durability and data capacity; cost and availability of readers; ubiquitous connectivity to an array of government and private-sector databases; and, of course, the ever-present bogeyman in any network architecture: the security of the technology itself.
Of all these potential stumbling blocks, the card itself is the most important because it determines the kind of reader that will go with it. But, alas, there’s no unanimity yet on the best type of card.
“Asking which is the best kind of card is kind of like asking what’s the best religion,” said Tate Preston, vice president for government sales at Datacard Group. The Minneapolis-based company, which supplies various kinds of national IDs for 15 nations, remains agnostic about competing technologies, Preston said, because each kind of card has its own strengths and weaknesses.
For example, the typical mag, or magnetic, stripe encoding used on credit cards can hold only about 275 bytes of information, and as millions of frustrated consumers can attest, mag stripes often lose data, typically at the most inconvenient times, and have to be shipped back to the bank for data recovery. On the other hand, the cards are inexpensive to produce, and readers are inexpensive and ubiquitous among retailers and service providers throughout the world.
One alternative, the two-dimensional bar-code card, can hold as much as 2KB of data, enough to encrypt a thumbprint, plus other identifying information. It is also cheap to issue and rarely becomes unreadable. But unlike linear bar codes that have become familiar on consumer products, 2-D bar codes require readers that are relatively expensive and not widely available.
The technology that many expect will eventually win out as a form of secure identification is the smart card, which incorporates an embedded chip that can hold up to 64KB of data, though most in use today offer only 4KB to 16KB. Datacard’s Preston predicted they will eventually store many times more than 64KB.
Smart cards are expensive to produce, and in the United States, readers are costly and rare. But those drawbacks are likely to be overcome soon because Europe is quickly standardizing on the smart card, and American Express Co. is making a strong push domestically with its Amex Blue smart card.
High-volume production is likely to push costs down for both smart cards and readers if, as expected, the technology is rapidly embraced for applications in telecommunications, financial services, retail, transportation, health care and perhaps even by state governments for driver’s licenses and welfare program IDs.
In 2000, the last year for which data is available, the total number of smart cards manufactured for use in the United States and Canada grew 37 percent, to 28.4 million, according to a report issued this year by KPMG’s Information Risk Management practice. Growth numbers for this year will be released in the first quarter of next year by the Smart Card Alliance, an industry association founded to accelerate standardization and acceptance of smart-card technology, but the total is still expected to add up to little more than the equivalent of a rounding error in tabulating the number of mag stripe cards in use today. On the other hand, said Donna Farmer, the alliance’s president and CEO, in New York, the cost of a technology cannot be measured without weighing its relative value compared with other technologies. When things such as security, privacy and storage capacity are balanced against the rapidly dropping prices of cards and readers, Farmer said, the smart card is clearly superior. In fact, she wondered if Ellison’s Oracle database software would be needed at all for a national ID, since the essential data would be embedded in the card.
The GSA’s Moore said it’s not quite that simple because the interaction between the card and the network can involve highly complex architectures. For the most part, he agreed with the essence of Farmer’s assertion: All data relevant to identification can—and for security reasons should—be encoded in the card itself.
“But identification isn’t the same as authorization,” Moore said. For authorization under a variety of situations—to vote, for example, or to board a plane—it would be in the nation’s best interest for the ID card to interact with continuously updated databases linked to the ID network, he said.
To a large extent, political questions about a national ID will dictate technology solutions—not exactly a recipe for best practices, especially when the division of responsibilities between states and the federal government is factored in.
Airline travel offers a prime example of this, a paradox resulting from the historical reluctance of the federal government to issue a national ID.
During the Gulf War, the Federal Aviation Administration made it official policy that airlines had to require passengers to show a form of “government-issued identification” in the form of a photo ID to board a flight.
In effect, that meant passengers had to present either a passport or a driver’s license. But no attempt was ever made to standardize state-issued driver’s licenses, by far the most common boarding ID.
And since the FAA does not require that ticket-counter personnel receive training in how to spot phony or doctored driver’s licenses, almost none do.
While it’s easy to point fingers at past and present deficiencies, the path to the future is anything but clear. Should a national ID simply be established by congressional mandate? If so, should it be required, like a Social Security number, or should it be a voluntary but official government identification like a passport or driver’s license? Should it incorporate the functions and embed the data of all those IDs in a single digital device that adds biometric information such as fingerprints or iris scans and encodes it all in a securely encrypted form? Or would it be more socially and politically acceptable to encourage a public/private-sector collaboration?
For example, sundry identification and database technologies, combined in a single personal smart card, could replace multiple bank cards and serve as secure identification for myriad retail transactions that now require a driver’s license—renting a car or truck, for instance, or boarding a plane.
Whether produced by the federal government or some confederation of interested public and private parties, there would almost certainly be greater efficiency than in the present creaky system. In his Times op-ed piece, Dershowitz wrote: “A national card would be uniform and difficult to forge or alter. It would reduce the likelihood that someone could, intentionally or not, get lost in the cracks of multiple bureaucracies.”
The problem is that many Americans cherish the ability—or at least the illusion of the ability—to lose themselves in the cracks. For many, in fact, being able to remain lost until they want to be found is the very definition of privacy.
The tension between that widely cherished right and the need for social order and security will probably never be fully resolved, according to Professor Emeritus Gary Marx of the Massachusetts Institute of Technology. In a recent essay titled “Identity and Anonymity: Some Conceptual Distinctions and Issues for Research,” Marx wrote, “At best, we can hope to find a compass rather than a map and a moving equilibrium rather than a fixed point.”