Identity Crisis

By Shane Harris

May 15, 2005

Can a driver's license prevent terrorism?

If you want to understand why proponents of tougher laws for obtaining driver's licenses are working so hard these days, take a look at a video produced by the Coalition for a Secure Driver's License, a New York-based group founded after the Sept. 11 terrorist attacks and partly comprised of victims' family members. The video, available at www.securelicense.org, opens with a handsome blond man kissing his wife and young daughter goodbye as he leaves their modest but well-appointed home for the airport. As they part, a female narrator tells viewers, "Every day, families all across America depend on a national security system of many interlocking pieces. But if one piece fails . . ." The video abruptly jump-cuts to the infamous mug-shot montage of the 19 Sept. 11 hijackers. The narrator continues, "Weak state laws allowed the terrorists responsible for 9/11 to get valid driver's licenses-all the identification they needed to get on flights and carry out their deadly attacks."

The narrator goes on to cite how easy it is for some people, even those in the United States illegally, to obtain a driver's license or a state-issued identification card. Then, the video shows an olive-skinned man entering a department of motor vehicles office, his eyes furtively darting at bystanders. He obtains a driver's license, which he uses to pass through a security checkpoint at an airport-moments before the blond man from the beginning of the video passes through.

The ad was produced by media firm Stevens Reed Curcio & Potholm, the Alexandria, Va.-based outfit that created TV ads for the Swift Boat Veterans for Truth attacking former presidential candidate John Kerry. Those videos resonated strongly with voters and lawmakers who believe homeland security should be at the top of the national agenda. The secure license coalition is pushing a tough message in the media and to members of Congress: The federal government must shore up the porous system of state-issued driver's licenses and identification cards, which are the most commonly accepted forms of identification in the United States.

For the coalition and like-minded groups, relief is on the way. Under the recently enacted intelligence reform law, the Homeland Security and Transportation departments would set minimum standards regulating the amount and type of personal information that must be provided on driver's licenses and state ID cards, the types of documentation applicants must show to obtain those cards, and how states will use technology that allows the cards to be read. (As of late April, a tougher set of rules, contained in the Real ID Act, sponsored by Rep. James Sensenbrenner, R-Wis., was pending before Congress.)

The post-9/11 driver's license moves have pitted secure ID activists against civil libertarians, who contend the new regulations are the first steps toward a national ID card. Opponents argue that such a card could allow government to monitor citizens' movements and keep closer tabs on legal immigrants. "The use of state motor vehicle agencies as agents of the federal immigration service would further the growing trend, alarming both conservatives and progressives, of transforming driver's licenses into de facto national ID cards," the American Civil Liberties Union said in a February statement.

Far from protecting Americans from terrorists, critics argue, standardized ID cards could divide citizens into two classes-the trusted and the not trusted. Today, driver's licenses are required for boarding airplanes and entering federal buildings. Some counterterrorism experts believe it's conceivable and likely that another terrorist attack would compel the federal government to require people to show IDs to use other modes of transportation and to enter public spaces, such as shopping malls. A closer look at the elements of a secure ID, as well as steps the federal government is taking to standardize its employees' identity cards, shows that a national ID might indeed be in the cards.

Bound to a Card

Proponents of secure IDs say it's too easy to obtain ID cards today. At a minimum, they say, state-issued cards should contain proof of legal residence, proof that the holder has a valid Social Security number and some biometric identifier, such as a fingerprint or digital photo, which would be used to more concretely verify identity and to reduce the risk of identity theft. In such a secure system, ID card applicants would have to provide documentation to prove their identity and legal status. The biometric would be imprinted and the bearer, to use ID parlance, would be "bound" to the card.

If all states put the same data on their ID cards and required the same documentation to bind a card to its bearer, then all states, in theory, could trust the authenticity of each other's cards. Card experts say the system then would afford a number of benefits. For starters, the cards would impart greater security, because a commonly accepted standard would govern what they contained and how they would be used, explains Randy Vanderhoof, executive director of the Smart Card Alliance, an industry consortium pushing for wider use of standardized cards by companies and government agencies. Also, Vanderhoof says, having a common card increases the level of trust in the bearers, because they've submitted to a more rigorous binding process.

Secure cards also would be machine readable-that is, they could be scanned or swiped through a mechanism that would verify the card's authenticity and match it to the bearer using the biometric identifier. "When an ID card is simply a visual device, then it's really up to the individual who is looking at it . . . [to] validate whether it's a legitimate credential," Vanderhoof says. "Effectively, it's a subjective decision."

Machine readability also makes a card interoperable so it can be read by anyone or any agency with the necessary machinery, regardless of location or jurisdiction. Today, a police officer in Lawrence, Kan., for instance, might have no way of knowing whether a New Jersey driver's license is valid or a fake. Interoperability, secure ID proponents emphasize, is the key to making a credential truly secure and useful. But it also could be the first step toward creating a national identification system, if not a national ID card.

Uncle Sam's Model

States can look to Uncle Sam for a road map on how to build licenses and ID cards based on federally accepted standards. A presidential directive on homeland security issued last August requires the federal government to issue uniform identification cards to all employees and contractors. In March, the Federal Identity Credentialing Committee, which promotes cross-government ID initiatives, issued policies on ID cards and instructions on how to implement them. The new "smart cards" will contain electronic chips that house cardholders' personal data. The smart chips will create what ID experts call a common platform and will make it harder to issue fake cards.

The government cards will have the key attribute ID proponents seek for state cards: interoperability. Cards must function across "the entire federal enterprise," the new policy says, regardless of which agency issued them or which agency is screening them. Agencies must adopt practices that will ensure privacy when personal information is collected and when IDs are scanned by card readers.

The ultimate purpose of a government smart card is to allow bearers, no matter their agency, to gain access to sensitive information, computer networks and facilities. They'll be able to do that, in theory, because they already will have submitted to a background screening and they will have been bound to their cards. In this sense, the card bearers will comport to what the smart card policy calls the "trust model." They will have provided the same kind of information, submitted to the same checks, and the cards will contain the same data that can be read by all parties, which, in turn, agree to abide by the same policies. In essence, the government-itself a collection of disparate organizations-would use a common set of identification practices.

Federal smart card policies could extend the trust model to the 50 states. Today, states require various kinds of documentation to prove identity, and they don't all put the same data on their ID cards. There is limited ability to read one state's card in another state. Adopting federal standards could change that, requiring that states include either a base of personal information on ID cards or demand the same documentation from applicants to obtain a card. The intelligence law requires that the federal government work with states to set those policies for driver's licenses. But federal ID cards could serve as "a very important benchmark" in that effort, says David Temoshok, director of identity policy and management for the General Services Administration's Office of Government-wide Policy, which led to the creation of the federal ID card policies. "We would encourage [the states'] adoption of what we've done." Vanderhoof says Temoshok's committee has "created a blueprint for how states can employ a statewide ID card."

E Pluribus Unum

So, if all state ID cards contained the same data, and if they could all be read in the same way, then doesn't that create a national ID system? The Coalition for a Secure Driver's License, which produced the TV ad, says critics of ID standards "absurdly assert" that federal involvement is a precursor to government surveillance. "We're not asking for a national ID card," says Amanda Bowman, the coalition's president. "We want to be able to authenticate the identity of the card-holder," and ensure that states are "all playing off the same songbook."

But the key to a stronger state system is interoperability. After all, if one state can't verify another's card, then the system is no more secure than it is now. So, if all states issued interoperable cards, they arguably would create a national ID system, albeit decentralized. Federal standards for state driver's licenses would create a "national ID standard," Bowman says. But questions remain about how much access the federal government would have to state driver's license data, and to what degree states would be required to share information with each other. That also raises concerns about ensuring that states don't use one another's data inappropriately.

The ID debate also begs the question of whether common and interoperable cards can prevent terrorism. After all, some of the 9/11 terrorists legally obtained driver's licenses, as the coalition notes in its ad. Standardizing cards is "not a silver bullet," says Mark Krikorian, executive director of the Center for Immigration Studies in Washington. But the cards could deter would-be criminals, he argues. Standardization would make it harder to obtain a driver's license or other state-issued form of ID and that might keep people who fear they're wanted by the authorities from trying to get one. "The first objective of security is to screen out the stupid bad guys and shrink the universe of bad guys who can get through the system," Krikorian says.

Bowman concedes that even the toughest and most well-enforced ID system remains vulnerable to anyone clever and persistent enough to foil it, and that the ID itself can't prevent someone from committing a crime. "I started looking at this from a point of view of homeland security," Bowman says. But she has become more realistic about the power of ID cards. "My bottom line is, this does significantly mitigate the risk, significantly make it harder" to obtain an ID, she says of stricter laws. "But if someone is bound and determined to do harm," she says, "you could never protect yourself."


By Shane Harris

May 15, 2005

http://www.govexec.com/magazine/features/2005/05/identity-crisis/19294/