Tech Industry

Perspective: Closer to a national ID plan?

CNET News.com's Washington watcher Declan McCullagh tracks the progress of a little known company in providing a standardized ID check technique.

WASHINGTON--A little-known company called EagleCheck is hoping to provide a standardized identity check technique that governments and corporations will use to verify that you are who you claim to be.

EagleCheck, a privately held firm in Cleveland, proposes that whenever someone uses a driver's license or a passport for identity verification, the ID's authenticity will be checked through EagleCheck's network, which is tied to state motor vehicle and federal databases. The databases will respond by saying whether the ID is valid.

I ran into David Akers, EagleCheck's president, last week in a Senate office building where he was hawking his system to a crowd of politicians understandably nervous about , Osama bin Laden, and possible terrorist attacks sparked by a looming of Iraq. Stacked on a table were brochures warning in stark crimson letters that "EagleCheck could have flagged" 14 of the 19 terrorists who hijacked planes on Sept. 11, 2001, because some had used expired visas and stolen passports.

Akers has had some success so far. In December, the Transportation Security Administration gave permission for EagleCheck to link its systems "to government databases" in a pair of test projects at the Cleveland and Akron, Ohio, airports.

But EagleCheck isn't limiting its marketing plan to airport security. "We are certainly looking at a variety of other applications other than airports," said Akers, listing bars, banks, government buildings--in short, wherever ID is required--as possible customers.

If EagleCheck or a similar system succeeds, it raises the specter of something akin to a national identity card, a concept that Americans have shunned in the past but could return in a more high-tech form. (In a column last summer, I wrote about how the White House was pressuring state governments to move in this direction by standardizing on driver's licenses.)

Last week, Sen. Hillary Clinton, D-N.Y., suggested that the United States might have to move toward a national identity card for U.S. citizens, according to a report at Newsmax.com. "Although I'm not a big fan of it, we might have to move toward an ID system even for citizens," Clinton was quoted as saying.

In the days after Sept. 11, Oracle CEO Larry Ellison began touting the idea. "The government could phase in digital ID cards to replace existing Social Security cards and driver's licenses," Ellison wrote in the Wall Street Journal. "These new IDs should be based on a uniform standard such as credit card technology, which is harder to counterfeit than existing government IDs, or on smart-card technology, which is better but more expensive."

If EagleCheck or a system like it succeeds, it becomes eerily possible to imagine a future in which ID readers are omnipresent, girding us in a constant mesh of surveillance.
National IDs come in many forms, and some are admittedly less invasive than others. According to , other countries that do not have national identity cards include Australia, Ireland, New Zealand, and Sweden; those that do include Germany, France, Greece, Portugal and Spain.

Denis Coderre, Canada's immigration minister, said this month that a card would reduce identity fraud by linking digitized fingerprints to a central database. (No wonder Canada's privacy commissioner, in his recent annual report, said: "We are on a path that may well lead to the permanent loss not only of privacy rights that we take for granted but also of important elements of freedom as we now know it.")

It's true that many of us already use our driver's license as a general form of identification. But a true national ID would be different in two important ways: First, it would be tied to a back-end database so all verifications would be logged with the time, date and location. Second, you likely would be required to show it on demand to police, shrinking our sphere of anonymity even more.

One problem with such a system is that it would not thwart terrorists who--if you believe the FBI--are already living in the United States and likely could obtain a valid identity card either legally or illegally. Administering such a database would require a massive bureaucracy, and the inevitable errors or glitches would eliminate an innocent person's freedom to travel from one place to another until they were corrected.

If EagleCheck or a system like it succeeds, it becomes eerily possible to imagine a future in which identity card readers are omnipresent, girding us in a constant mesh of surveillance. Want to pick up your car from the parking garage? Insert your identity card and forefinger in the reader first. Going to work at the office or coming home to an apartment building? Better make sure you have that microchipped card with you. Have any unpaid parking tickets anywhere in the United States? Better just stay at home.

Needless to say, this massive database would end up bursting with detailed records of all our life's activities. It would be incredibly valuable to police and create an irresistible temptation for misuse, either through corrupt officials or through electronic intrusions. I'm not saying that such a scenario is happening today. It isn't. But it's possible, and if there's another terrorist attack on the United States, all bets are off.

For now, the key question about EagleCheck is whether its records of our electronic comings-and-goings will be purged or stored. When used at airports, it makes sense to keep the information on hand for a day so--until planes safely land--before deleting it, but in other situations the justification for any data retention is much weaker.

The problem is that given such an informational gold mine, the FBI and the Justice Department won't let that happen. "We would have within the system the information that's in your ID and where and when it was swiped, what database it went to, and what response was delivered," Akers said. "From our perspective, as soon as 24 hours (elapse) after you get on the plane at Reagan National Airport or wherever, if we could purge that, we would like to. The question is how quickly are we legally allowed to purge that information. Ultimately we believe a legislative body and or a court is going to make that determination."

I trust Congress with my privacy. Don't you?