A driver's license as national ID?
New national standards for drivers licenses have some privacy advocates worried.
It's already used as the ID of choice through out most of the United States.To write a check, open a video-store account, or board a plane, you must flash your driver's license.
And now that small card tucked in your wallet is about to get more sophisticated. A piece of the new National Intelligence Reform Act signed into law last week requires national standards for state licenses.
It's another ripple from 9/11, when seven of the hijackers used fake driver's licenses to board the planes.
The standards, to be hammered out over the next 18 months by state and federal officials along with technology specialists and "interested parties," are raising concerns among privacy experts who see the move as the first step down the road to a national ID or centralized information on individuals.
It's a development - described by one congresswoman as "radioactive " - that has long been opposed by privacy advocates in the public and government alike.
What several analysts question is why this standardizing IDs makes us more secure?
"How does identification really relate to security?" asks Daniel Solove, a law professor at George Washington University and author of "The Digital Person: Technology and Privacy in the Information Age." "People just assume it [improves security] as if it was a fundamental truth."
The new law focuses heavily on how a license is obtained, systematizing the list of documents needed to apply and how to verify them. In some states, like New York, it's a long list.
"In other states it's a fuzzy copy of a birth certificate," says Pam Dixon, executive director of the World Privacy Forum, who testified in Washington last week on new ID standards for federal workers.
Some predict the new standards will simplify the application process and thus reduce the likelihood of fraud.
"There are hundreds of immigration forms that can be used in many states to get licenses," says Melissa Savage, a transportation analyst at the National Conference of State Legislatures in Denver. "That's a lot to expect of DMV employees - to be familiar with all those different documents."
The law is vague, however, in defining what shape the new standards should take. It only specifies a digital photo "or other unique identifier" and means to make the card resistant to "tampering, alteration, or counterfeiting."
Stories about electronic chips, and biometrics, and centralized databases are swirling on the web. But Jason King, spokesman for the American Association of Motor Vehicle Administrators (AAMVA), says they are a lot of red herrings. "There is no call for biometrics in this legislation; there is no call for smart chips; there is no call for a central database."
In fact, his organization won't be recommending a biometric, even though a handful of states already use them. After conducting a study of the latest technologies through the International Biometric Group, Mr. King says AAMVA wants to see the technology become more foolproof first.
But the trend in security in general is toward biometrics, says Professor Solove. "I would be surprised if they don't discuss and push in that direction."
And paradoxically, the new standards "could amplify the problems of losing a driver's license," Solove says. "When you go with a biometric identifier, as opposed to a number, the difficulty is if someone gets hold of that identifier. You can't get new fingerprints. You can't get a new eye replacement."
Biometric systems can be fooled, he explains. People can make fake fingerprints or hold up a high-resolution picture of an eye to an eye-scanner and breech the security.
"The same people who are forging state-issued driver's licenses today will be forging federalized driver's licenses after this provision goes into effect," says Gregory Nojeim, of the ACLU's Washington Legislative office. "The price will go up, but the incentive to make the forgery will go up as well."
Nor is the lack of a centralized database any comfort, Mr. Nojeim says. "The privacy-invasive effect of a centralized database can be accomplished by standardization of the identity document, because it becomes interoperable."
It's that bigger picture that alarms Solove and others - what he calls the first step in a "your papers, please" society.
Information tends to spread beyond its original purpose, Solove says. "It's a rule that works as well as gravity ... whenever the government gets information, it invariably uses it for new purposes in the future."
He gives the example of the government's requirement to fingerprint everyone in the armed services. The stated purpose was to help identify remains. "Then at some point the FBI asked to have all those fingerprints added into their fingerprint database" - where the criminals are, he says.
World Privacy Forum's Ms. Dixon adds, "I always get very nervous when someone builds a technology and then decides how to use it later."