National ID Card Debate
Bloggers I Have Met

Privacy Policy

National ID Card Flaws

For years there has been talk of "improving" our drivers licenses and even creating a national ID card using biometrics to improve the security.  The proponents of a nationally issued card call this a Universal Biometric Identification (UBID) card. I opposed these plans after only a few seconds of thought because they failed my Jews in the attic test.  No further effort was really needed to discern this was a really bad idea.  Unfortunately it wasn't nearly as simple as that to convince other people.  I debated this issue online on the Biometric Consortium's electronic discussion group.  The history of my debate can be viewed in all it's "glory" and errors.  In my mind at least -- I won the battle.  The following is to express the flaws in a more concise and understandable manner.

As outlined by a participate on Biometrics Consortium Email Discussion List  the UBID would required for such a great number of day-to-day activities that would be virtually impossible to function in society without it.  Furthermore when it was used a remote central database would be contacted to confirm the validity of the card.  These two things are what give the card it's supposed power and are it's fatal flaws:

  1. If the card and it's contact with the central database is required for day-to-day activities then the creators of this system will have created a single point failure system for the entire country.  That database, it's power supply, it's communication lines, it's software, everything about it will be a means to bring this country to a halt.  This database, by necessity, must have hundreds of thousands of entry points accepting millions of connections each day.  The more access points the more vulnerable the system is to attacks.  Any building that requires the card for access, any business that requires the card for transactions will be vulnerable to having it's communication channel severed.  A UBID as envisioned by it's proponents will have created a huge vulnerability to our society that cannot be allowed to exist. 
  2. Any central database that has the ability to track every move, every transaction of a person will be a tool of tremendous potential for abuse.  It will dramatically fail my Jews in the attic test.  No rules, regulations or laws can prevent abuse by those people that enforce the laws.  This has been repeatedly proven not only in the classic cases of Nazi Germany and the USSR, but in our own country with such examples as the illegal access of census records to find and detain American citizens of Japanese descent during WWII.

If a system were devised such that it does not have a central database that can track everyone and is not required for day-to-day operation then the above fatal flaws might disappear and only minor flaws, such as those listed below, would exist.  I suggested such a system and described how it might work but it was essentially ignored by the proponents of a UBID.

There are several lesser flaws that will negate any advantages and may actually result in a net negative "benefit" although certainly not as catastrophically as the fatal flaws listed above.

  1. The more data and functionality associated with the card and the more secure and trustworthy the card is perceived to be the greater value there will be in forging it and/or bribing or otherwise corrupting the people that are authorized to modify the data in the central database.  There will be, of necessity, thousands of people with such privileges.
  2. All biometrics fail with some individuals or people that take effort to disguise their biometric identifiers.  Iris scans don't work on people without eyes, people with particular disorders of the eye, and designer contact lenses.  Fingerprint biometrics don't work on people without some skin disorders or people that soaked their fingers in bleach the night before.  There must exist a backup mechanism.  The backup mechanism must be as strong as any other point in the system or it will be exploited to the exclusion of attacking the more primary verification mechanisms.
  3. Nearly all the problems UBID advocates hope to solve result in the equivalent of putting an iron door on a grass hut.  The existing systems may be represented as a wooden door on the same grass hut.  The wooden door may have failed sometimes but the grass walls of the hut are far weaker points to attack and the iron door will not make the contents of the hut any safer.
  4. People may refuse to participate.  The firearms registry in Canada is a failure for this very reason.  It is so unpopular that most of the provinces have refused to enforce it, an estimated 1 million firearms are not registered and yet only person has been convicted of failing to register his firearms.
  5. A black market will spring up to supply the goods and services to those willing to pay a premium for their privacy.  Black markets result in increases of other types of crime, frequently violent crime, as so dramatically shown by this nations war on some recreational drugs.

Various organizations have attacked the National ID Card scheme as well.  Here are links to some of their web sites:

American Civil Liberties Union (Do a search for "national id card" on their site)
Electronic Privacy Information Center
Privacy International

horizontal rule

Last update: January 15, 2004
Email: Joe Huffman