How Much Identity Management Do We Want?

Identity management, from both national security and personal security standpoints, could well be the next big policy debate we have in the United States.Whether it's a matter of identifying people at our borders, or ensuring that banks don't give our money to the wrong person, the combination of international and domestic threats to our physical and economic well-being means we all have a stake in the discussion.

But security measures (both private and public) are already being taken without much discussion. Cell phone companies can track our movements and sell information to third parties. Government can track us with video cameras placed in and around public thoroughfares (not to mention EZ Pass cards on our cars).

What's surprising to me is that a lot of our fellow citizens seem well-disposed to biometric identification systems like fingerprint readers and eye scanners. According to a study authored by global technology vendor Unisys, a majority of Americans (58 percent) would be willing to provide biometric data in order to verify their identity.

The survey of around 1,000 adults, had some other surprising results: Americans remain very concerned about a host of security issues, from the flu to phishing attacks, but the level of hysteria has toned down.

For instance, Americans are almost as concerned about identity theft now (65 percent) as they were in 2007 (69 percent), when the survey was first conducted. But those who are "extremely" concerned has dropped significantly (from 41 percent to 26 percent) while those who are "very" concerned rose from 28 percent to 39 percent.

What this tells Unisys vice president Mark Cohn is that "there's a nuanced shift from people being highly agitated to more of a middle ground. We're getting closer to rational responses and not emotional, fear-based responses."

That, in turn, explains why the survey also shows that people are more willing than expected to provide biometric information: there's enough evidence to indicate that other measures aren't effective.

But if we simply allow more personally-invasive means of identity detection to become ubiquitous without adequate discussion, we're going to find ourselves in the middle of yet another rancorous debate with misinformed claims made on all sides (if that sounds familiar).

The benefits of better identity management include a healthier Internet economy, fewer fraud-related costs to retailers and financial institutions, and of course a lower risk of terrorist attack. But "we need a strategy for identity management," Cohn told me, rather than an ad hoc and almost covert approach.

"We're going to have to have a real public policy debate about identity management," Cohn said.

Let's start here. What are your thoughts?