Security Vs. Privacy

Calls for creating a national ID card system, which advocates say would make it harder for terrorists to move undetected within U.S. borders, have drawn criticism for their totalitarian overtones. Now, a group representing state motor-vehicle departments is about to unveil a proposal that could turn the average driver's license into a technology-laden ID. Yet privacy concerns remain, and the IT challenges may be even greater.

The American Association of Motor Vehicle Administrators, which represents motor-vehicle departments and law-enforcement officials and serves as their data-sharing intermediary, will introduce its idea this week. On its surface, the proposal seems to be a scaled-down version of national ID card proposals floated by Oracle CEO Larry Ellison and others after the terrorist attacks last fall. "This isn't about creating a new national ID card, nor is it about developing one centralized megadatabase that houses everyone's personal data," Sen. Richard Durbin, D-Ill., told the Senate last month. Durbin, who supports the association's plan, is circulating a draft bill in the Senate with a similar goal.

The proposal would bring greater uniformity and control to the process of issuing drivers' licenses, and licenses themselves could increase security by using biometrics--fingerprints or iris scans, for instance--to validate the identity of people who carry them, the association says. It might also close procedural gaps that let seven of the Sept. 11 hijackers carry Virginia state IDs and five fraudulently obtain Social Security numbers. "If people continue using licenses as identification documents, we would like to make sure from a safety perspective that they are good, credible documents," says Jay Maxwell, president and chief operating officer of AAMVAnet, the subsidiary that runs the DMV group's IT systems.

But the plan could involve a data-management and data-integration undertaking of major proportions. Even though the association would serve as a clearinghouse for data sharing among the states, the plan would still require the modernization of state records and the linking of numerous state and federal systems. "Whenever you pull data in from other systems, there are things you need to do to make them communicate well together," says Nathan Root, the association's standards program director. A big part of the job for states will be establishing uniform administrative procedures for handling license paperwork and related documents, along with the work needed to format data according to the same specifications and ensure compatibility among multiple databases, Root says.

California provides a lesson in just how hard it can be to create a foolproof system. According to an audit requested by the California Legislature, the state's DMV issues 100,000 fraudulent licenses a year, even though it's been routinely collecting thumbprints from license applicants for 20 years. The auditors blamed the problem on the DMV's not reviewing documents adequately, not properly identifying applicants via photographs or thumbprints, and insufficient oversight of DMV staff.

Privacy is another prickly issue in the new plan. The databases would be available to DMVs in multiple states, law-enforcement officials, certain federal agencies, and, on a limited basis, to businesses for validating identities of customers.

Privacy watchdog groups opposed to the plan contend that the broad data-sharing arrangements open the door to abuse of confidential data. "We don't see a very great distinction between a national ID card and a coalition of 50 states issuing drivers' licenses," says Lee Tien, senior staff attorney with the Electronic Frontier Foundation in San Francisco. "To the extent that the databases are highly integrated, there may be even more of a risk from human error or human malfeasance."

American Civil Liberties Union associate director Barry Steinhardt says "unified state IDs are, in fact, backdoor national IDs, and they're going to have all the problems of national IDs," which include tracking of citizens' movements and racial profiling. If the concept is taken too far, "it's going to create the demand for people to have this biometric data to identify themselves,'' he says. "It's going to be impossible to go anywhere without your identity being checked."

But at least one state CIO who's been working on security-enhancement measures downplays the risks of confidentiality breaches. "We worry about privacy up front," says Richard Varn, Iowa's CIO. "This is database technology, after all. It's pretty basic stuff, but it will take some time and require a little bit of effort and some goodwill" to work as described by the plan's proponents.

Iowa started a project called Identity-Security Clearinghouse two years ago to verify the authenticity of documents used by people to establish identity in the state or with a federal agency. In one facet of the project, Iowa digitized the state's 11 million birth records, dating back to 1880. Iowa can use that data now to verify a license applicant's identity and share it with other states and the feds so they can do the same. A lot of the work underpinning the AAMVA plan has been done, Varn says, "and now it's only a matter of making some tweaks to the databases and setting up some processes for sharing data."

It will be important for proponents of tech-enabled drivers' licenses to convince doubters of the system's value and security. Opposition to national ID cards goes back to 1971, when the Social Security Administration rejected the use of Social Security numbers for that purpose, according to Privacy International, a privacy group. Implementation of the plan would require new laws from Congress, as well as from individual state legislatures.

The motor-vehicle association hasn't specified which biometric features would be used, but it's looking at fingerprints, face recognition, and iris scans. Although more than half of the states already employ machine-readable features such as bar codes or magnetic strips on licenses, the new plan would make that standard practice.

While stopping short of calling AAMVA's proposal a national ID, Maxwell acknowledges the licenses could be used to verify identities. An airline could check in passengers carrying biometric-equipped IDs quickly, letting them board first, while others would move through a slower, manual process. "We don't see that as being invasive from a privacy perspective," Maxwell says.

The question is, will millions of Americans agree?

--With Sandra Swanson and Jennifer Maselli

Photo of Maxwell by D.A. Peterson