Identity Crisis

DHS chief Janet Napolitano treads a fine line between security and privacy in the push to get federal ID programs off the ground.

When Janet Napolitano was awaiting confirmation as secretary of the Homeland Security Department, one of the senators she stopped in to visit on Capitol Hill was Republican George Voinovich of Ohio.

He had some blunt questions for the Arizona governor about the 2005 REAL ID Act, the controversial law that requires all American driver's licenses to meet federal anti-fraud standards. A former governor himself, Voinovich saw the $4 billion REAL ID program as a massive, unfunded mandate.

To his delight, Napolitano didn't raise a finger to defend the program, enacted under President Bush. On the contrary, she wholeheartedly agreed with the senator's complaints, Voinovich recalls. In fact, as governor she signed legislation barring her state from fully cooperating with REAL ID. "She gets it," he says.

Now Napolitano, who was sworn in as the head of DHS in January, is front and center in the federal ID wars, where security concerns also run smack in the face of privacy and civil liberties protections, and a host of stakeholders have drawn lines in the sand.

One of her first moves has been to help draft a bill to replace REAL ID with a new law dubbed PASS ID (the Providing for Additional Security in States' Identification Act), which would give states more flexibility and federal funding. PASS ID "will enact the same strong security standards set out by REAL ID, [but] provides a workable way to get there," Napolitano told the Senate Homeland Security and Governmental Affairs Committee in July. She noted that more than 26 states have opposed REAL ID, rendering the beleaguered program virtually dead on arrival.

The National Governors Association has applauded PASS ID, but the fight is far from over. The program is under fire from critics of all stripes. Privacy advocates say it differs little from REAL ID and still raises the specter of a national identity card. Others argue it weakens national security by loosening requirements for verifying "breeder" documents such as birth certificates.

The ongoing battle over REAL versus PASS ID is just one of several identity verification fights Napolitano has taken on as head of Homeland Security. Also brewing is a battle over E-Verify, another controversial program that allows employers to confirm their employees' eligibility to work by cross-checking their Social Security numbers against federal databases. Napolitano announced in July that DHS would finally implement a Bush-era order that requires all federal contractors to participate in the program, despite the objections of some business groups.

Sen. Charles Schumer, D-N.Y., who's pushing to overhaul immigration laws, has called E-Verify "a half-hearted and flawed system." But his solution-a unique, biometric ID for all American workers-raises the stakes even further. A biometric ID has fans in some quarters, but alarms civil liberties defenders and could come with a huge price tag.

From cybersecurity to immigration and health care policy, a host of Obama administration priorities raise the same thorny question: How can the government verify that Americans are who they say they are without treading on their privacy or security?

"Addressing the issue of identity, and identity management, and identity authentication, is going to be critical to the success of these programs," says Kelli Emerick, executive director of the Secure ID Coalition, an advocacy group representing companies that make high-tech ID cards.

Emerick represents a growing industry whose players see substantial national security benefits-and healthy profits-in the much broader use of secure ID cards. Technologically sophisticated credentials, such as smart cards that contain biometric or other complex data on computer chips, they note, are increasingly used all over the world by foreign governments, commercial retailers and banks, to name a few.

But privacy and civil liberties activists insist that Americans are uniquely resistant to a national ID card. Centralizing identity information actually makes citizens less secure, they argue, by creating a dangerously valuable target for identity thieves. Skeptics point to security concerns dogging existing federal ID programs, including the Transportation Worker Identification Credential, or TWIC card, port workers use, and the patchwork of travel IDs required by the Western Hemisphere Travel Initiative.

"Identity papers become a tool for arbitrary detention, for harassing people, they become a tool for tracking," says Christopher Calabrese, counsel for the American Civil Liberties Union's technology and liberty project. "Identification cards can be used for a lot of very bad things. And it's not at all clear that there is a commensurate security or societal benefit."

Easier Said Than Done

Caught in the middle is Napolitano, who championed public safety and homeland security issues as chairwoman of the National Governors Association, and who previously served as the Arizona attorney general. She has said point-blank that the department is not pursuing a national ID program and that PASS ID does not create one. But she also says PASS ID is needed to fulfill a key recommendation by the 9/11 commission: That the federal government set security standards for identifications such as driver's licenses. One of the commission's oft-repeated findings was that all but one of the 19 Sept. 11 hijackers had obtained a driver's license or some other form of U.S. ID document, at least seven by fraud.

That call for secure licenses seemed simple enough when the commission issued it in 2004. But it has proved easier said than done. Governors rebelled against REAL ID, which required states to electronically verify birth certificates and other underlying documents against federal databases, some of which were not yet set up. The law also required states to electronically share motor vehicle data to ensure that no driver was licensed in more than one state. This would create a de facto national database loaded with sensitive personal information, privacy advocates warned.

According to Napolitano, PASS ID fixes these problems by still requiring state officials to validate underlying documents, but giving them the leeway to decide how to go about it. The program would not require states to share driver's license data and details an array of privacy protections. PASS ID also allows states to issue an alternative card: the enhanced driver's license, which includes a scannable radio frequency identity chip. Privacy proponents warn that such RFID cards are too easily hacked.

Napolitano "seems to be taking the national ID tar baby in a loving embrace," says Jim Harper, director of information policy studies at the Cato Institute. He adds, "PASS ID is REAL ID with a new name, and a few of the sharpest corners taken off."

At the opposite extreme, critics such as Rep. Jim Sensenbrenner, R-Wis., say PASS ID's weaker verification requirements will make it easy for forged birth certificates and other underlying documents to slip through. They also object that PASS ID would no longer require Americans boarding commercial airplanes to carry a federally compliant ID.

"The no-fly requirements are the teeth in REAL ID," Sensenbrenner says.

Napolitano says it's time to break the logjam that has blocked the 9/11 commission's long-overdue recommendations from being enacted. Though well-intentioned, the REAL ID Act "has caused a stalemate on an issue where we can't afford to wait any longer," she said during the Homeland Security panel's recent hearing.

More Bickering Ahead

The debate over E-Verify has proved no less contentious. As governor, Napolitano required all Arizona employers to use the E-Verify system, which compares information from an employee's I-9 (Employment Eligibility Verification) form with federal databases, including Social Security records. At DHS, Napolitano initially postponed action on a Bush executive order requiring all federal contractors to use E-Verify, in the face of pressure from business groups.

The U.S. Chamber of Commerce and allied groups, including the Associated Builders and Contractors Inc., have challenged the government's authority to require E-Verify for contractors in federal court. But Napolitano forged ahead, announcing on July 8 that the administration would fully implement the rule, which takes effect governmentwide on Sept. 8.

Napolitano's E-Verify plan has met with mixed reviews. Some on Capitol Hill say errors in federal databases threaten to bar millions of eligible employees from work. A 2006 report by the Social Security Administration's inspector general pointed to errors in 17.8 million records, affecting 12.7 million citizens. In addition, U.S. Chamber officials object that the administration's rule applies to subcontractors, as well as contractors, increasing risks to employers.

"There are always going to be flaws in this system," says Angelo Amador, executive director for immigration policy at the U.S. Chamber of Commerce. "So one of the things we've clearly asked for was to have protections for the workers, in case they get wrongly terminated, and protections for the employers, if they make the decisions in good faith."

Napolitano defends the program as "a smart, simple, effective tool" that's assisted more than 122,000 employers nationwide. The free Web-based program is available to employers on a voluntary basis as part of a federal pilot program. DHS has improved the program's accuracy, she says, by adding new database checks along with a photo screening tool.

Bold Visions, Big Challenges

Some say that the real problem with E-Verify is it doesn't go far enough. Schumer, for one, has proposed a biometric-based employer verification system as part of a broader immigration overhaul. He's not the only one calling for more wide-scale use of biometric identity cards.

Leaders in the secure ID industry maintain that federal ID requirements are scattered among disparate federal and state programs, with no coordination or consistent enforcement. Perhaps predictably, given the lucrative market it would create, they endorse a single, national card.

"We have what I call an identity crisis in the United States right now," says Neville Pattinson, vice president for government affairs at Gemalto Inc. and vice president of an educational nonprofit called the Smart Card Alliance. "And this will, I think, touch many programs-health care is one, cybersecurity, e-government programs, certainly [programs to combat] identity theft."

He sees the solution in "a federal credential that can help with your identity, both in the physical world and in the virtual world." Pattinson, who serves on a DHS advisory committee on data privacy and integrity, stressed that his views do not represent those of the panel.

It's a bold vision that goes beyond anything Napolitano is proposing. Yet administration officials acknowledge that federal ID policy raises big questions outside the scope of immediate controversies involving PASS ID and E-Verify.

Napolitano played a major role in the administration's 60-day cyberspace policy review, which outlines steps for securing the nation's digital and communications infrastructure. That review's near-term action plans include building "a cybersecurity-based management vision and strategy" that addresses privacy, civil liberties and security.

But Napolitano is learning firsthand how tough it is to translate ambitious ID policy visions into workable programs. Existing programs for travelers, port workers and even federal employees have consistently faced administrative, political and budgetary hurdles.

Take the TWIC card being issued to all U.S. port workers. The Transportation Security Administration bills the TWIC card as the most advanced, widely used, interoperable biometric card in the world.

But federal officials have barely started rolling out the biometric readers needed to verify the credentials of 1.3 million port workers enrolled in the TWIC program. Without the readers, the card is arguably no more secure than a commercial driver's license. But TSA officials say fraudulent cards are easily identifiable to the trained eye.

Similar problems have plagued efforts to outfit millions of federal workers and contractors with biometric, machine-readable ID cards required by a Bush administration directive in 2004. Five years later, some agencies are in the advanced stages of issuing ID cards to workers, while others are just beginning. And most agencies have barely begun to install biometric readers for the cards-something a Government Accountability Office report identified as a security weakness in 2008.

Security gaps also are undermining the Western Hemisphere Travel Initiative, critics say. In June, the program began requiring travelers entering the U.S. by land or sea to show an ID. The IDs already were required for air travelers. Approved IDs include the enhanced driver's license and the passport card, a smaller, cheaper alternative to the U.S. passport. Both use a scannable RFID chip.

Privacy experts and secure ID manufacturers deplore the RFID cards as unacceptably vulnerable to hackers, since they can be scanned at a distance of up to 30 feet by anyone with the right technology. Yet governors and Congress members from border states applaud the cards' ability to facilitate trade and allow travelers to cross borders quickly and conveniently-precisely because they can be scanned.

It's just one more example of the Catch-22 Napolitano faces as she labors to carve out a coherent federal ID policy. She's taken aggressive steps to strengthen and standardize travel document security, yet some stakeholders will invariably remain unsatisfied.

The lack of consensus on national ID standards actually could be a good sign, according to David Quam, federal relations director for the National Governors Association. With PASS ID, he said at the July Senate meeting, "to a degree, no one is completely satisfied. And in Washington, that means we probably have found the right solution."

Eliza Newlin Carney is a contributing editor for National Journal.