Our reporter demonstrates the weakness of ID cards
In the first weeks after 11 September, with diverse figures calling for creation of a national identity card, New Yorkers recognized a need for greater personal identification. At the IEEE Spectrum editorial offices (about 5 km from Ground Zero, and two blocks from the now-tallest building in the city), building ID cards, previously optional, are now obligatory. In many offices, visitors are required to either be listed in advance by name, sign a logbook, or produce a photo ID that matches the name.
Identification cards, though, are only as good as the systems for producing and using them. It soon became obvious that the building ID card I had to get a few days after the collapse of the twin towers wasn't being required. It seemed any photo-containing card would do. Even more disturbingly, at a local hospital, where I’m receiving therapy for a recent injury, it was, after four visits, becoming increasingly difficult to resist the suspicion that while one had to produce an ID card, it wasn’t being examined, nor was it being compared with the name one signed to get in.
So I decided to put this new security to a test. Like every kid from Queens who started exploring the streets of Manhattan as an adolescent, I knew just where to go–the nameless storefronts of indeterminate businesses on the still slightly disreputable streets of Eighth Avenue, just north of the Port Authority bus terminal–in other words, Times Square, or what’s left of it. I walked into the first place with a sign that said "Photo ID." For US $20 and about 15 minutes of conversation about the relative merits of DSL and cable modems (the youth of New York City still share some common interests with those of us twice their age), I found a process that’s as painless as it is security-free. In order to stress-test every aspect of the modern identity process, I diligently entered a false name, address, and social security number. Then a wrong age, eye, and hair color. I gave myself my sister’s birth date. For good measure I added 25 pounds to my weight while subtracting two inches from my height.
Test No. 1 consisted of looking over the information with Mr. DSL on the computer screen. He asked me if it was all correct. Only if I had entered my gender wrong could it have been more manifestly incorrect, but I said yes, and he printed and laminated my new badge, which was chosen to be less obviously authentic than the very real-looking school IDs (Montclair University, Hunter College, and so on) that I could have chosen.
Test No. 2, Thursday morning. The office lobby. I produced–for the same guard who had looked at my building picture ID for the past three weeks (and, admittedly, a thousand other people’s)–my new New York State generic ID. There was a little hesitation (or did I imagine it?), but he waved me on. Perhaps he recognized me. For good measure, I used it again coming back from lunch with a different guard, without a hitch.
The big test, No. 3. My physical therapy appointment. Here I actually put the badge down on the guard’s table as I signed the book with one name while the ID said another. Though the picture was accurately me, virtually none of the information was. In the newly security-conscious New York, this turned out not to be a problem.
National ID: Better or Worse Security?
Would a national identity card provide better security than what you can buy in Times Square? Oracle's Larry Ellison and civil liberties lawyer Alan Dershowitz, among others, think so. But even if such an ID were harder to obtain, surely it would not be very difficult for a determined criminal. Aren't sufficiently authentic-looking passports, drivers licenses, and currency in circulation today?
The insecure security systems I encountered in New York City had everything to do with guards who had no particular thing they were charged to look for, and the inevitable boredom and laxity of doing the same thing all day. George Washington University Law School professor Jeffrey Rosen, in an October article in The New York Times, reported the same thing in an examination of street camera surveillance systems in London.
By creating a single system of identification, especially one that doesn’t require alertness, we risk reducing security, not increasing it. Once one has a card, one easily gets through doors that might otherwise be blocked. No one can look at cards for four hours straight and continue to examine them closely. My card described a husky short black-haired individual, all fine qualities, none of which are mine.
If what is needed is a card that reliably connects a name to a photo, that card need not be a national ID. What could serve that purpose are simple federal guidelines for drivers licenses, to ensure that some of the same information was on all of them, and that they were all photo IDs (my New Jersey license, for example, is not). Such guidelines have been proposed for some time now. (And many states already permit nondrivers to receive a license-like ID card through their motor vehicle departments.)
ID cards and ID systems
The national ID card that database manufacturer Larry Ellison wants is only the front end to a national ID system that has a database behind the card. The card connects a picture and physical description (such as race, age, height) to a name, and both are then connected to a unique identifier, such as a fingerprint or iris scan. The database requires a unique number, such as a social security number, and it’s inevitable that it appear on the card as well–every proposal for a national ID card has included one.
The problems and temptations involving such a project are great. The database itself is a sitting duck for careless or greedy clerks, even in the unlikely event it could resist hacker attacks. More and more information will get aggregated–surely the medical community will want our known allergies added and emergency contact information as well. Credit and other financial agencies will use the unique number to improve their databases. Everyone from supermarkets to magazine subscription agencies will join in. Why allow a convicted pedophile to enter a children’s museum? Why allow a parent who is behind on child-support payments to buy $90 theatre tickets?
The potential usefulness of such a system will be irresistible. Europeans, with genuine and effective privacy protections, are, perhaps, immune to such charms. But the relentlessly efficient U.S. marketplace has wanted for 40 years to eliminate the information friction that privacy laws are designed to instill.
Alan Dershowitz suggests that the card can be voluntary. Such a card would be voluntary, though, only in what we might call the Robert Crandall sense of the term. Crandall, the retired chairman of American Airlines, recently suggested that air travelers use a "smart card," which would be obtained only after an extensive background check. "If somebody says, 'I don't want you to be able to have my fingerprints,’ " he said, "that's not a problem, you don't have to do that. But you can't fly."