Personal tools
neumann.html
Volume 19, Number 4 | The CPSR Journal | Fall 2001 |
Risks of National Identity Cards |
by Peter G. Neumann
neumann@pfir.org & Lauren Weinstein lauren@pfir.org |
This article can also be found as: Inside Risks 138, CACM 44, 12, December 2001 In the wake of September 11th, the concept of a National Identity (NID) Card system has been getting considerable play, largely promoted by persons who might gain financially or politically from its implementation, or by individuals who simply do not understand the complex implications of such a plan. Authentic unique identifiers do have some potentially useful purposes, such as staving off misidentifications and false arrests. However, there are many less-than-obvious risks and pitfalls to consider relating to the misuse of NID cards. In particular, we must distinguish between the apparent identity claimed by an NID and the actual identity of an individual, and consider the underlying technology of NID cards and the infrastructures supporting those cards. It's instructive to consider the problems of passports and drivers' licenses. These supposedly unique IDs are often forged. Rings of phony ID creators abound, for purposes including both crime and terrorism. Every attempt thus far at hardening ID cards against forgery has been compromised. Furthermore, insider abuse is a particular risk in any ID infrastructure. One such example occurred in Virginia, where a ring of motor-vehicle department employees was issuing unauthorized drivers' licenses for a modest fee. The belief that “smart” NID cards could provide irrefutable biometric matches without false positives and negatives is fallacious. Also, such systems will still be cracked, and the criminals and terrorists we're most concerned about will find ways to exploit them, using the false sense of security that the cards provide to their own advantage—making us actually less secure as a result! Another set of risks arise with respect to the potentials for abuse of the supporting databases and communication complexes that would be necessary to support NIDs—card readers, real-time networking, monitoring, data mining, aggregation, and probably artificially intelligent inference engines of questionable reliability. The opportunities for overzealous surveillance and serious privacy abuses are almost limitless, as are opportunities for masquerading, identity theft, and draconian social engineering on a grand scale. The RISKS archives relate numerous examples of misuses of law enforcement, National Crime Information, motor vehicle, Social Security, and other databases, by authorized insiders as well as total outsiders. RISKS readers may be familiar with the cases of the stalker who murdered the actress Rebecca Schaeffer after using DMV data to find her, and the former Arizona law enforcement officer who tracked and killed an ex-girlfriend aided by insider data. The US General Accounting Office has reported widespread misuse of NCIC and other data. Social Security Number abuse is endemic. Seemingly high-tech smart-card technology has been compromised with surprisingly little high-tech effort. Public-key infrastructures (PKI) for NID cards are also suspect due to risks in the underlying computer infrastructures themselves, as noted in the January/February 2000 columns on PKI risks. Recall that PKI does not prove the identity of the bearers—it merely gives some possible credence relating to the certificate issuer. Similar doubts will exist relating to NID cards and their authenticity. The November 2000 RISKS column warned against low-tech subversions of high-tech solutions via human work-arounds, a major and highly likely pitfall for any NID. The NID card is touted by some as a voluntary measure (at least for U.S. citizens). The discriminatory treatment that non-card-holders would surely undergo makes this an obvious slippery slope—the cards would likely become effectively mandatory for everyone in short order, and subject to the same abuses as other more conventional IDs. The road to an Orwellian police state of universal tracking, but actually reduced security, could well be paved with hundreds of millions of such NID cards. We have noted here before that technological solutions entail risks that should be identified and understood in advance of deployment to the greatest extent possible, regardless of any panic of the moment. The purported (yet unproven) “benefits” of an NID card system notwithstanding, these risks deserve to be discussed and understood in detail before any decisions regarding its adoption in any form should be made. Peter Neumann and Lauren Weinstein moderate the ACM RISKS Forum http://www.risks.org and the PRIVACY Forum http://www.privacyforum.org , respectively. They are co-founders of People For Internet Responsibility: http://www.pfir.org. Peter Neumann was honored at the 1997 Annual Meeting with the Norbert Wiener Award for his contributions to our knowledge about the risks and reliability of computing technology. NOTE: Over 5 years ago, Simon Davies quite rationally addressed many common questions relating to such ID cards. See his Frequently Asked Questions, August 24, 1996: http://www.privacy.org/pi/activities/idcard/idcard_faq.html. See also Chris Hibbert's FAQ on SSNs: http://cpsr.org/cpsr/privacy/ssn/ssn.faq.html. |
What’s inside...
© Computer Professionals for Social Responsibility |
[ top ] | Newsletter Index |
Created before October 2004