Secure ID?
I have written before on the idea of a secure National ID here, here and here, and my opinion can be summed thusly: "I am strongly in favor of creating a secure national ID card, despite potential for misuse. My reason is that the current insecure SSN is already being misused - constantly."
In this discussion about how requiring a secure national ID may have doomed this week's attempt to revive a "comprehensive" (and if a 1,000 page bill with a 300 page amendment isn't comprehensive, what is?) immigration bill in the U.S. Senate, reference was made to this article against a national ID card written by Glenn Harlan Reynolds (the Instapundit) two months after 9/11.
I found the article interesting from a security and computer science perspective, because it tries to argue the impossibility of creating a secure ID for all Americans within a reasonable amount of time at a reasonable cost:
"There will be a lot of long lines, a lot of paper shuffled, a lot of computer files created and - no doubt - gotten wrong (credit reports are full of errors, and they have a financial incentive to get things right). But at the end of the day, the national identification card will be exactly as secure as a driver's license and birth certificate, which is to say, no better than what we have now."
...
"The transition to a National ID would be painfully difficult for those on the other side of the window, too. If 280 million people need National ID cards, who will process them? In this quantity, it won't be the folks who do security checks for the military and intelligence agencies.
They may not be perfect (can you say Aldrich Ames? Robert Hansson?), but they take weeks or months to clear people."
...
"Add to this the certainty that some people involved in processing the documents will be corrupt or corruptible (or even terrorist sympathizers) and even a successful transition to a National ID system would leave fake documents readily available."
Reynold's argument has a lot going for it. However, the same could be said about locks on houses. If anyone leaves their home unlocked and is robbed as a result, we now assign them some of the resulting blame for not taking basic precautions, even though a pre-teen can now defeat almost any home door lock with a simple technique I won't describe further.
So why is it good to deprive ourselves of even minimal security of identification when all agree at least minimal security is reasonable to expect in our homes?
I also think Reynolds may not be giving sufficient credit to the help computers offer this process by making it quick and easy to cross-check information.
For instance, our church child care program now uses a computer to sign kids in each Sunday. It includes a way to look folks up via a fingerprint scanner. Is it perfect? Definitely not! But without a doubt it is better than our previous system of just looking up names on a printed list and assuming whoever gave that name was in fact that person.
Could a fingerprint be faked? I expect so, although many of the known ways of doing so wouldn't work with our volunteer watching each attempt to log in.
Could the database be hacked? Definitely, although again, perhaps not easily. You'd have to know where do go and what to alter and how, all the while hoping nothing in the security of the system would notice.
So, if a child care program can build a reasonably-secure biometric database of families attending a church run by volunteers over the course of a few months, why must it be impossible for government to apply any of the same techniques to improve the currently-nonexistent "security" of the Social Security card?
Leave a comment