Law in the Internet Society
-- JohnPowerHely - 18 Dec 2008

The Dangers of a National ID System

 

A certain professor at this university encouraged the adoption of nationwide identification cards. He saw nothing wrong with this proposal, no risks whatsoever. He based his statements on what he felt was a duty of a citizen, and commented that he was confused as to why people would take umbrage at the government having access to information that they would give away freely to banks and corporations. While I obviously contend whether we give that information to corporate actors freely, I would like to discuss some of the risks I see with his proposed ID card system. I will even adopt his minimal system for my arguments: an ID card containing only name, address, SSN, and emergency medical information. I will examine these risks through the following small vignettes.

The Karl Rove

This is the risk most often shouted out by those valuing information privacy, and thus I’ll discuss it quite briefly. Imagine an individual or small group of individuals in government intent on using information garnered from such an ID system for improper purposes. They could try to reduce government medical treatment for certain health risks based on voting in those districts (remember, they have your emergency medical data in this hypothetical). They could easily track your movements. Think of the places you already swipe your license: airports, rental car agencies, even some bars. Imagine how many more such locations could be added if there was one centralized ID system.

This is not to say that the government does not already have, or could not readily get, all the information that could be placed on such an ID card. The point is that now such information is contained in a number of systems and requires the navigation of large amounts of red tape to consolidate it. Those lauding centralized ID systems laud the ease of access, but it is this red tape that provides for accountability against those who would use it improperly. 

I find this to be the least likely risk, but it is also the one that could cause the greatest damages to human liberty.

The Monica Goodling

Here I imagine someone who is attempting to use a consolidated system for what they think are valid and appropriate purposes, but whose actions cause malicious results either through ignorance of their inherent illegality or an inability to foresee the consequences. What if a government servant were to publish a report regarding populations most in need of medical professionals, and decided to note which areas had dwindling numbers by remarking that doctors like Doctor X were moving from Detroit to Los Angeles? They’ve just released confidential information to make a point which ended up not only compromised that person’s privacy but also labeled him a carpetbagger, making him a subject of public discussion and possible ridicule. And all from the most innocent motives.

Even with the most stringent rules regarding confidentiality, the easier a government agent’s access to confidential information, the more likely that it could be inadvertently misused.

The Absentminded Government Employee

This is a risk which is popping up in the news more and more frequently. A certain government agent has personal information on a laptop which is then stolen or lost. Advocates of ID card systems and consolidated government databases often fail to note that the more information is consolidated, the greater the risks of these sorts of losses. The risks of identity theft, fraud, etc. should be readily apparent, especially given the fact that most individuals tend not to be very conscious of proper information security measures.

The Terrorist

This leapt into my head the moment that this certain professor mentioned his minimal ID system. One would obviously imagine that any such nationwide ID would be distributed by the states Bureaus of Motor Vehicles. These are not exactly highly desired occupations, and the level of security, I imagine, is not overly high.

Imagine a terrorist agent with a clean record applies for a low-level job at a BMV in a small town in Middle America. While working there he runs two simple quick searches, neither of which would be likely to raise flags if his job involved data entry. First he searches for individuals with a certain allergy to a common method of treatment for contagious biological agent X (e.g. streptomycin and smallpox), sorted by metropolitan area. He chooses an allergy that would come up in a large number of medical issues to avoid easy notice of the search. After noting which locations have the highest occurrence of this allergy, he then runs a search for all individuals with the salutation ‘Dr.’ in those locations, noting the ones with the lowest numbers and jotting down those individual’s names and addresses.

With two simple searches performed at a low security location by a poorly screened low-level employee, this agent now has a target list for dispersal of a weaponized biologic. He knows which locations would have the highest number of people who could not be vaccinated or otherwise treated and also has the lowest amount of individuals to deal with the emergency. He can even directly target these few medical professionals to further increase the damage done.

Conclusion

These examples are brief to the point of being sparse, but I hope they show some of the risks that can come with information consolidation. One might argue that even in today’s current system the government possesses too much information on individuals. But I hope that I have made clear that for every risk corrected by providing police and others with easy and rapid access to consolidated systems of information, for every cry that such a system could prevent another 9/11 (though these claims are contested), there are new risks created. Red tape forces deliberation, interaction, and accountability when data is accessed, and reduces the risks of data loss or theft. To me these are advantages that should be encouraged, not eliminated.

 

Navigation

Webs Webs

r1 - 18 Dec 2008 - 00:47:05 - JohnPowerHely
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM