Privacilla.Org

Home
Past Releases and Reports
Coverage
About Privacilla
Privacy Fundamentals
Privacy and Government
Privacy and Business
Online Privacy
Financial Privacy
Medical Privacy
Report your thoughts to Privacilla!
Your Source for Privacy Policy from a Free-market, Pro-technology Perspective


Click to return to list of releases and reports

Home > Past Releases and Reports > Remarks to the Consumer Data Industry Association Annual Conference Entitled "A National ID: Government Initiatives and the Private Sector"


Prepared Remarks of Jim Harper, Editor of Privacilla.org, to the Consumer Data Industry Association Annual Conference, Entitled "A National ID: Government Initiatives and the Private Sector"

January 27, 2005

Thank you for that very kind introduction, Stuart [Pratt, President of CDIA]. Stuart and I do sit down to talk about issues affecting your industry fairly often, and I always enjoy our conversations. But I have one beef with Stuart that I want to share with you, and that's his use of the phrase "As you know."

Invariably, in our conversations, Stuart will talk in detail about some regulatory proposal or other. "Jim, as you know, the Federal Trade Commission has issued a direct final rule under FACTA and a portion of it deals with furnisher responsibilities and, as you know, blah blah blah, blah blah, as you know, the reseller industry and blah blah blah blah. It says so, as you know, on page 52,331 of the Federal Register, first column of the page, about half way down. As you know."

No, I think that was in the last sentence of the second full paragraph, wasn't it, Stuart?

Stuart is a deeply engaged association head and you're lucky to have him.

Last night, Stuart said he was working at the job he always wanted, so I'm glad to report that I have the best job ever. I work at a think-tank called the Cato Institute. For those of you not from Washington, a think-tank is a unique institution, mostly in D.C. but there are a few in state capitols, where our job is to figure out the right answers to public policy problems. The Cato Institute is a free-market liberal, or libertarian, think-tank. We believe that the market is the best mechanism there is for figuring out people's interests and serving those interests.

I do have the best job in the world. Why, just the other day, I was writing about a particularly difficult problem, and I was struggling to conceive of the issue in the right way, and write about it clearly. I had to stop a minute and stare at the wall to think it through. Then I stopped that, and looked out the window, and thought to myself, "I'm getting paid to stare at the wall!" What a fantastic job.

I have been with Cato just since September, but for more than four years now I have been the Editor of Privacilla.org. Privacilla is a Web-based think-tank devoted to privacy as a public policy issue. We cover privacy from government and privacy in the private sector, including online, medical, and financial privacy.

I started Privacilla because while I was working on Capitol Hill, I saw a lot of law and regulation being passed in the name of privacy, but didn't sense that Congress understood what interest or interests were being served by the bills they were considering. I wanted to help rationalize the debate and bring some intellect to it. I know it's a fool's errand to try to do anything intellectual in Washington, D.C., but I try.

One of the innovations I like to think I've brought to the privacy debate is the idea that concepts like privacy can be defined and distinguished from other information issues. People use the word "privacy" to describe a variety of different concerns about information, like security, fairness, prevention of crimes like identity fraud, and many others. Each of these problems is separate from the others. They each have different solutions. Lumping them all together as privacy prevents the right solutions from coming forward. I like to think that by defining each concern on its own terms, we're helping to get a better product out of policy-makers.

My topic today is national identification, and there is a lot going on. You all are very familiar with the uniform national identifier we have in the Social Security Number. And almost all of you are carrying what is for all intents and purposes our national ID: the driver's license.

There is a very interesting series of dualities in the national ID area. In the U.K. right now, they are debating whether to formally adopt a national ID. In the U.S., a national ID would be a political non-starter, so our formal policy is not to have one. Yet, our informal policy is very much to have a national ID, and it's going forward very quickly indeed.

Intelligence reform legislation passed by Congress this past December will "strengthen" the driver's license by making it conform to national standards. And the Chairman of the House Judiciary Committee, Chairman Sensenbrenner, introduced legislation yesterday to further tighten our national ID system.

I think it's time to admit we have a national ID and to decide what we want to do about it.

People want the benefits that come from ID, of course, but there are a lot of things wrong with it. Let me go briefly through the benefits and drawbacks. I'm going to give a lot more weight to the drawbacks because I think they win out. I don't want to lie to you and tell you I'm impartial.

The reasons to have a national ID include the fact that it makes it easier to catch bad people. Obviously, if everyone has to show ID all the time, you can put out an alert to pick someone up and they will be nabbed pretty quickly. Now, we've gone for a couple of years waiting for there to be a uniform terrorist watch list. If such a list were ever to exist, and if you IDed people all the time, you could pick up all the terrorists, assuming they hadn't gotten a fake ID.

Second, and maybe more important, a national ID system will scare off bad guys. That is, people who think they would get caught in an ID dragnet might never even try things that they would otherwise try. Knowing that you could be identified places social pressure on people to conform to laws and norms.

Finally, I think convenience is a benefit of national IDs. If everyone carries one card, it's easy to adopt that card to multiple purposes. We all know that the Social Security Number, our national identifier, has streamlined many economic processes by uniformly and distinctly identifying most every American. It's unfortunate that the government had to issue our main identifier, but the benefits and conveniences of it can't be overlooked and I'm unimpressed with proposals to stuff the genie back in the bottle by banning many uses of SSNs.

The harms from a national ID outweigh these benefits, I think. The first is the likelihood that showing ID will be required in an increasing number of places as you access more and more goods and services throughout society.

I'd like each of you to just stop and think, when you leave town, about how it feels to show ID to federal authorities. You're used to it at the airport, but how many other places would you be willing to show ID to government authorities. Soon, I hope the scales will fall from people's eyes and they will recognize that federal authorities are performing suspicionless searches of airline passengers at our airports today. I don't want you to be rude to your TSA agent, but do you really think that's OK?

The second harm from a national ID, related to the first, is that it creates the framework for dossier-building. We have a lot of that already, hinging on the Social Security Number, but it would grow by leaps and bounds if institutions could rationally expect people all to be carrying the same documents all the time.

This harkens back to a problem that many of us are familiar with from the public records area: practical obscurity. You all know that the movement of court records online, for example, does away with their "practical obscurity." You all, frankly, make quite a bit of your living from undoing practical obscurity.

But consider it in all its forms. We can walk the streets of New York City today enjoying practical obscurity. Nobody knows your name unless you tell them. You're anonymous. There is an individual power there that we don't want to give up too lightly. So a national ID would continue and accelerate the large reductions in practical obscurity that are already underway.

Finally, a national ID would centralize power over us and create the possibility of official seizure. If all our access to goods and services, privileges and infrastructures hangs on an ID, officialdom could take the ID away and quickly deprive us of our standing in society. We want to be very careful about whether we centralize control of our economic lives to one form of ID. This is also true of a non-ID environment where a notation in a database could deprive people of access. Centralization puts quite a bit of power in a small number of hands, subject to abuse.

The little brother of official seizure is unofficial seizure, that is, wrongful seizure by private actors. I'm talking about identity fraud, which is made easier by the fact that only a very few keys grant very broad access to our financial lives. To fight identity fraud, and limit the power of authorities, we need to resist throwing too many purposes onto a uniform identification scheme.

So these are the good and especially the bad with a national ID. But, in the work I am doing now, I am trying to go much deeper in search of solutions. I'm trying to get the benefits of identification without the drawbacks.

I am drawing on wider sources to really capture what it means to be identified, and then what the consequences of being identified are.

So let me take you on a quick run through identification. This is stuff a lot of you are going to be familiar with because of the work that you do. But a lot of it is interesting and some of it may be new.

When you all arrived at this conference, you saw people you knew, of course, and you walked right up to them and said Hello. Maybe you picked up on conversation you had the last time you saw them. Did you ever stop to consider how you know who they were? The identification processes we use every day are so instinct and innate that we barely ever think about them. But we should understand natural identification processes so we can understand other, manufactured identification processes.

The building blocks of identification, of course, are identifiers. A lot of literature on identification and identifiers comes from the online world, where they call it authentication. There are essentially three categories of identifiers and I will run through them quickly. The three categories are: "something you are"; "something you know"; and "something you have."

The "something you are" category is most epitomized by biometrics. And it's biometrics that we use to identify one another. People associate the word "biometrics" with the modern, machine-readable biometrics like iris scanning and facial recognition software, but biometrics is a lot less new and exciting than that. We take a quick measure of each other's faces and use the facial structure, hair, eye color and a bunch of other cues to figure out who others are.

And "something you are" is a lot bigger than biometrics. We use "something you are" identifiers in a lot of different ways. A person's title, a phone number, an e-mail address these are all examples of something people are. In fact, when you meet someone in person for the first time, you use some very temporary identifiers like "I will be in the coffee shop at eleven, wearing a yellow hat." "In the coffee shop" and "wearing a yellow hat" are each identifiers, and they reduce the error rate to tolerable levels so that you can almost always find the person you're looking for on the first try.

"Something you know" is the next category, and we all think of passwords first, right? Of course, passwords are a manufactured identifier from the "something you know" category. But there are many more natural examples. Think back to when Odysseus came back from the Trojan War. He had been away for some twenty years, so his wife and servants didn't recognize him by face. He ultimately proved who he was by pointing out that his bed couldn't be moved because it was made of olive wood. He had made it, so he knew damn well. And this is how he proved who he was.

Finally, there is the category of "something you have." Our starting point is the ID card, but there are many other examples. The signet ring, worn by kings in medieval times, is a great example. In early history, precious metals and metallurgy were only available to the very rich, so having a ring with a certain symbol on it essentially proved who you were. And a signet ring was able to make an impression on wax, proving that a certain person had sealed a document. It was a very sophisticated identifier because it was a combined security, communication, and identification device.

So identifiers come in a variety of forms. In these three major categories, there are a variety of different identifiers with different meanings and purposes.

Once you understand identifiers, identification is pretty simple. It amounts to comparing identifiers in whatever combinations are appropriate to a known identity. When identifiers line up in the way you expect, you have identified someone and you can go forward with whatever transaction you're planning on doing.

That's a lot, but that's a pretty quick run through identification. And in this case, in the case of national ID, identification is the easy part. The real problem is the next step: What do you know when you know who someone is? What do you know when you know who someone is?

I have debated national IDs before, and the first time I did, I did some quick research beforehand that I think reveals the problem with using ID as a security tool. I went to the Web site of a group called the Violence Policy Center. It's a gun control group, I think. And they had studied the number of incidences of murder-suicide. I think it was the first half of 2001. It might have been 2002, or 2000. They found that in a six-month period there were over 200 murder-suicides in the United States.

Now, a murder-suicide means that someone is willing to kill themselves and kill others. They have the same mindset as the 9/11 attackers, though, of course, they got to it a very different way. But over 200 times in half a year, people in the United States get to where they will kill others and themselves.

We can assume that in most of these cases, the victim and the perpetrator knew each other. What good do you think it did the victim to know the attacker? None at all, of course. Having the identity of people doesn't tell you anything. The promise of identification cards as a security measure is false.

So, to continue my study, I am looking at identification cards as communications devices. What facts are conveyed when you use an ID card?

And I've been doing a comparison between two major kinds of cards. The first is the government-issued ID. [Inevitably, the wallet comes out.] Here's my driver's license. What can you tell by looking at it? I'm a Californian - even though I haven't lived there for almost ten years. It gives my name, my permanent address, and some basic biometric information including a picture. Might say something about where the card was issued.

What are the facts inferable from the card? I went to a DMV 20 years ago and showed some foundational documents, went to a DMV ten years later for a new picture, and I probably live at the address to which the license was mailed. That's not a lot of information.

So let's look at this other card. [credit card] This card is issued based on research into my background using information that many of the companies in this room develop. This card issuer has a better handle on my address, has done better research into whether I am who I say I am, and has done an infinitely better risk-profile of me by looking into my financial habits. This card is tuned to financial habits, not security, of course. But there are overlaps between the two and security algorithms could be run right alongside credit algorithms in the issuance of cards like this, to adjust the benefits or access they provide.

Which card is the superior communications tool? Which one tells you some deeper information about me? It's the privately issued card. There is a substantial installed base of card issuers who could deploy themselves to the purpose of providing security verification.

Naturally, the government is in this business and the phrase "government-issued ID" is an established part of the security lexicon. Government agencies want to be much more involved in this and they use their apparent monopoly on identification to get into many other lines.

The American Association of Motor Vehicle Administrators has long been active in promoting a national ID. When illegal immigration has been a hot concern, the AAMVA has been there saying they've got the solution to illegal immigration and working. When terrorism became the top priority, there they were saying that a national ID was the solution for terrorism.

Of course, many government programs want to do risk-analysis of the type credit issuers do. The CAPPS II program and its successor SecureFlight, depend to one degree or another on using privately held data to determine the identity of people or their suitability for travel.

I know that many of you in this room are with companies that are selling services to the government, or considering selling services to the government. Now, I don't fault you for wanting to make money, but I want to warn you about pursuing the government as a market.

Where you make that connection, where you sell your products into the government, that is a connection over which money will flow to you, but it is also a connection through which regulation will flow to you. If you think the FCRA is tough to deal with, or the amendments under the FACT Act, you ain't seen nothing compared to what you could get if your data is used in government decision-making. We're talking about public-utility style regulation.

When the government makes decisions about people, they have Due Process rights to fairness and an opportunity to contest those decisions. These are the stumbling blocks over which CAPPS II and SecureFlight have fallen, and probably all the successors will too.

If you doubt that regulation is on its way, I want to point out a book that I am reading write now. This is No Place to Hide by Robert O'Harrow, who is a reporter for the Washington Post. It is as good a survey of your industry as I've ever read. This guy is no friend of your industry, but he's gone through all the different ways people like you are trying to work with government on these surveillance programs. And, frankly, it's got me pretty freaked out! This book provides the intellectual ammunition for broad regulation of your industry.

Many of you are probably also aware of the action by the Electronic Privacy Information Center against ChoicePoint. I take it they claim that some products out of ChoicePoint should be subject to the FCRA, though ChoicePoint says they're not. It doesn't make much difference to me. I see this as a relatively clever way of highlighting what ChoicePoint is doing and scaring people about it. Hard to fault that strategy because ChoicePoint is a bit scary.

So the groundwork is being laid for broader regulation of your industry. You have a choice as an industry. Will the small number of your members who are pursuing this government market bring public utility regulation to your doorstep, or will you disavow the surveillance business and focus on helping consumer markets function?

I wish I had a solution for the identification conundrum. I do know that identification should never be the exclusive security tool. It is far too brittle. Once a terrorist knows that he can get on a plane using only his ID, the jig is up.

People obviously want the best of both worlds: they want the security and convenience a uniform system provides, without tracking and surveillance. So I want to show you one other card that I think is just fascinating. This card [Flexcar] gives me access to an automobile whenever I want to use it. It doesn't have my name on it, or any other identifier. It is a bearer card and I need a code to start the car so it is not good for highly secure environments, but this is the direction we need to go.

We need to take the focus off of identification and move it to authorization. Systems are available that could communicate, "This person is OK to enter your building" or get on your plane or whatever, without saying "This is Joe Smith." Through a diverse array of privately issued cards, people should be able to access goods, services, and infrastructure that they are qualified to access without giving up identifying information.

Identification is overused today, and I think it will be overused even more if trends continue. We need to focus on moving from identification to authorization. Whether you like it or not, your industry is going to be at the center of these issues.

Thank you for hearing my views today.


©2000-2005 Privacilla.org. All content subject to the Privacilla Public License.