home > archive > 2002 > this article
National ID: Who will protect us from the "The System?"
By Dave Jansen
The American Association of Motor Vehicle Administrators (AAMVA) proposes to set uniform standards for driver's licenses for all states and to link the state driver's license databases. Reps. Jim Moran (D-VA) & Tom Davis (R-VA) have introduced it as "Driver's License Modernization Act of 2002." On the surface this sounds feasible technologically. However, it has three major problems: creating an infrastructure for a national identification system, securing the data and maintaining data integrity. It also creates a data collection system.
The AAMVA contends this is not a proposal for a national identification system but would merely link all state ID systems in one federal data store.
"The recent AAMVA proposal to link state motor-vehicle databases is a nationwide identity system," says a recent National Academy Press report, "IDs--Not That Easy: Questions About Nationwide Identity Systems. [see: http://www.nap.edu/books/030908430X/html/ ] It could allow for other federal and private data to be linked as well such as driving history, criminal records, financial records, tax records, health information, library activity, etc. Is it necessary to have this information publicly and easily accessible?
"I've done nothing wrong, I have nothing to hide" is a common refrain. Due to security flaws and data integrity issues, you may be accused of wrongdoing anyway. Would a national ID system increase national security and stop terrorists? By creating an identification system on the federal level, we only make fraud and forgery easier.
Securing the data simply refers to making sure the data in this national system is not used for fraudulent or malicious means. A person attempting to gain access to anyone in the United States would only need to circumvent one security standard. Creating an easier target for our personal information will only lead to an increase in fraud and identity theft-in effect making it easier for terrorists to create or steal ID's. The AAMVA proposal would "put all your eggs in one basket" with your personal information.
Most computer fraud and security breeches come from within an organization, as opposed to terrorists half a world away or 14 year olds with too much time on their hands. According to "Information Security: Serious Weaknesses Place Critical Federal Operations and Assets at Risk" (AIMD-98-92) and other GAO reports, all federal agencies have serious security weaknesses "with inadequately restricted access to sensitive data being the most commonly cited problem." Not only do serious security problems exist within federal systems, but most malicious activity is undetected "because agencies have not introduced effective controls to identify suspicious activity in their networks and computer systems."
Abuse from inside is common. It may not be terrorists accessing the system, but it may be government or private employees snooping through our personal information. Without safeguards or controls in place, it is only a matter of time before information is read, altered or copied without our knowledge or consent.
According the General Accounting Office, most federal computer systems are not secure. Yet in the name of national security and thwarting terrorism, we want to create and verify identities using a federal system.
Data integrity refers to the validity of data and can be compromised in a number of ways. The most common forms of generating inaccurate data:
1. Software bugs or viruses
2. Hardware malfunctions
3. Data entry errors (occurring when data is first being recorded into a computer and most often dismissed as typos), and
4. Errors that occur when data is transmitted from one computer to another.
The National ID systems would exist across several computers and computer networks minimizing the impact of disk crashes and other hardware failures. However, any data that was corrupted due to these factors would generally be impossible to detect and correct.
Computer bugs and viruses would be an enormous threat to the National ID system due to the standardization necessary for the system to exist. Once a virus infects one part of the system it could easily spread to the entire system.
Errors in data entry are common and accepted in most industries with error rates as high as 10% but usually acceptable around 3%. Errors that occur when data is transmitted from one computer to another are also fairly common. With such a large scale, the number of errors will be compounded.
The AAMVA proposal does not correct these problems. Data integrity can be corrected, but the task is daunting. Personal information will be replicated across multiple systems. As this occurs, it will be difficult to track and correct.
Most National ID data errors will be detected by the individual. Correcting data errors about yourself could be akin to playing a lifetime game of "Whack-A-Mole". One error pops up, you correct it only to have another show up someplace else-even assuming you can see all errors all the time.
Linking all state databases in one federal database does nothing to stop terrorism but increases the likelihood of fraud, forgery, abuse and misuse.
Dave Jansen is a Cincinnati-based computer consultant.
Get weekly updates about new issues of ESR!
© 1996-2013, Enter Stage Right and/or its creators. All rights reserved.