acm-header
Sign In

Communications of the ACM

Inside Risks

Risks of National Identity Cards


In the wake of September 11th, the concept of a national identity (NID) card system has been getting considerable play, largely promoted by persons who might gain financially or politically from its implementation, or by individuals who simply do not understand the complex implications of such a plan. Authentic unique identifiers do have some potentially useful purposes, such as staving off misidentifications and false arrests. However, there are many less-than-obvious risks and pitfalls to consider relating to the misuse of NID cards.

In particular, we must distinguish between the apparent identity claimed by a NID and the actual identity of an individual, and consider the underlying technology of NID cards and the infrastructures supporting these cards. It's instructive to consider the problems of passports and driver's licenses. These supposedly unique IDs are often forged. Rings of phony ID creators abound, for purposes including both crime and terrorism. Every attempt thus far at hardening ID cards against forgery has been compromised. Furthermore, insider abuse is a particular risk in any ID infrastructure. One such example occurred in Virginia, where a ring of motor vehicle department employees was issuing unauthorized driver's licenses for a modest fee.

The belief that "smart" NID cards could provide irrefutable biometric matches without false positives and negatives is fallacious. Also, such systems can still be cracked, and the criminals and terrorists we're most concerned about will find ways to exploit them, using the false sense of security that the cards provide to their own advantage—making us actually less secure as a result.

Another set of risks arises with respect to the potentials for abuse of the supporting databases and communication complexes necessary to support NIDs—card readers, real-time networking, monitoring, data mining, aggregation, and probably artificially intelligent inference engines of questionable reliability. The opportunities for overzealous surveillance and serious privacy abuses are almost limitless, as are opportunities for masquerading, identity theft, and draconian social engineering on a grand scale.

The RISKS archives relate numerous examples of misuses of law enforcement, national crime information, motor vehicle, Social Security, and other databases, by authorized insiders as well as outsiders. RISKS readers may be familiar with the cases of the stalker who murdered the actress Rebecca Schaeffer after using DMV data to find her, and the former Arizona law enforcement officer who tracked and killed an ex-girlfriend aided by insider data. The U.S. General Accounting Office has reported widespread misuse of National Crime Information Center data and other data. Social Security Number abuse is endemic.

Seemingly high-tech, smart-card technology has been compromised with surprisingly little high-tech effort. Public-key infrastructures (PKI) for NID cards are also suspect due to risks in the underlying computer infrastructures themselves, as noted in the January/February 2000 "Inside Risks" columns on PKI risks. Recall that PKI does not prove the identity of the bearers—it merely gives some possible credence relating to the certificate issuer. Similar doubts will exist relating to NID cards and their authenticity. The November 2000 "Inside Risks" column warned against low-tech subversions of high-tech solutions via human work-arounds, a major and highly likely pitfall for any NID.

The NID card is touted by some as a voluntary measure (at least for U.S. citizens). The discriminatory treatment that non-card holders would surely undergo makes this an obvious slippery slope—the cards would likely become effectively mandatory for everyone in short order, and subject to the same abuses as other more conventional IDs. The road to an Orwellian police state of universal tracking, but actually reduced security, could well be paved with hundreds of millions of such NID cards.

We have noted here before that technological solutions entail risks that should be identified and understood in advance of deployment to the greatest extent possible, regardless of any panic of the moment. The purported (yet unproven) benefits of an NID card system notwithstanding, these risks deserve to be discussed and understood in detail before any decisions regarding its adoption in any form should be made.

Back to Top

Authors

Peter Neumann (neumann@pfir.org) and Lauren Weinstein (lauren@pfir.org) moderate the ACM RISKS Forum (www.risks.org) and the PRIVACY Forum (www.privacyforum.org), respectively.


©2001 ACM  0002-0782/01/1200  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2001 ACM, Inc.


 

No entries found