Industry Comment: National ID Card Commentary Enters The Silly Season
It's not that Bob Rubin thinks there aren't real issues related to the proposals for a national ID card. But, he says, the participants are trading insults instead of considering the facts.
Some sports announcers insist on spouting meaningless commentary when they have nothing to add to the action on the field. It seems that we may have reached that point in our discussions on national ID cards and allied tools for authenticating identities. Instead of debating the issues involved, we are busy trading bombastic opinions.
For example, the American Civil Liberties Union has written a special report, "Drawing a Blank," in which it declares that facial-recognition systems really don't work, "are premised on a Wizard of Oz-style strategy of hiding the truth," and "the technology does not deliver security benefits sufficient to justify the Orwellian dangers that they present."
When the U.S. Transportation Department announces it is investigating ways to encode data onto drivers' licenses to prevent them from being used as false identification, what is the reaction? According to USA Today, a former official of the Privacy Foundation stated, "If we do this ... come up with a national standard ... there's no difference between a driver's license and a national ID card."
Orwellian dangers from a technology that you claim doesn't work? Newspaper quotes about the dangers of a more difficult-to-forge driver's license? We must improve the dialogue around the need for better personal identity verification if we're to guarantee respect for personal freedom while significantly improving individual security.
Logic dictates that we rationally evaluate the best approach. To state that a proposed method of criminal or terrorist identification is too dangerous because it gives the government more information about the rest of us--without providing examples of the risks of abuse--is as silly as saying that we should do something just because our brethren in the warrens of Washington, D.C., promise it is good for us.
The Real Questions There are legitimate concerns about the deployment of certain technologies in the fight against evildoers. We should be discussing the issues, as opposed to assuming the answers:
Does the technology work?
Will it give us a false sense of security and therefore detract from other, better, means?
Is it cost-effective?
What is the risk that the information obtained will be used illegally?
How secure is it against hacking?
Obviously, whether the technology is facial-recognition systems, iris scans, or encrypted-cards technology, let's make sure that what we pick actually works. While this country has a tremendous depth of money and talent, it would be potentially disastrous for us to divert our resources to ineffective ways of providing security.
Nor should we ignore possibilities of misuse of information by officials or the very real danger of hacking. It is proper and fitting to concern ourselves with these issues--sensibly. This country has a long history of protecting its freedoms, not by clever sound bites, but by vigilance and serious dialogue.
While we do so, let us not forget the perfectly valid reasons for investigating information technology as a means of improving our security. These include the obvious ones, such as narrowing the number of people to screen in an airport or tracking the whereabouts of suspected terrorists. They also include some very real advantages to citizens, such as protection against identity theft and instant access to medical records.
As individuals, we have voluntarily given up tremendous information about ourselves for our own convenience or financial benefit. Credit-card companies and supermarkets that use affinity cards know an amazing amount of information about us: what we buy, when we travel, and where we go. Turnpike drivers who use toll transmitters, such as E-ZPass, provide a detailed record of their trips, including average speed and route.
Can such information be used in ways the individual did not anticipate? Certainly. Recently in Philadelphia a person was apprehended for murder after his whereabouts were traced from his monthly transit pass. Do you view that action as infringement on his rights, or good police work? Personally, I was delighted with the competence of the police officers involved.
Technology can improve our personal security. At the same time, it can allow the collection of more information about our individual actions than anyone before in history could obtain. The discussion around personal identity verification is a serious issue. Let's not pollute it with foolish hyperbole.
Robert M. Rubin is CEO of Valley Management Consultants, a firm specializing in E-business and information-technology strategy, organizational design, and evaluation. Prior to joining VMC, he was senior vice president and CIO for Elf Atochem North America, a $2 billion diversified chemical company. The recipient of multiple industry awards, he is a contributing editor to InformationWeek and a member of its advisory board. You can discuss the issues raised in this column (nicely, now!) in his discussion forum.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.