Note: This page contains a SPECIAL EXPANDED VERSION of this article. It includes content that was not able to be fit into the space available in the printed magazine. The new material is marked with yellow highlighting, as this paragraph has been marked.

The controversy over the national ID card persists; can the industry transcend the privacy vs. security issue?

The adoption of a National ID Card is a major topic both inside and outside the security industry. For some businesses, there is strong interest at the prospect of being a provider of National ID Card technology and supplies, including computer systems. For many individuals, it raises serious concerns about the encroachment of privacy and the possible misuse or abuse of a national system, accidental or otherwise.

Biometric Based ID
A biometric-based National ID Card system has been proposed as a reaction to the terrorist attacks of September 11. The majority of Americans favored the idea when smoke was still rising from the televised site of the World Trade Center. Several months later, only a minority of Americans favored a National ID Card system. If another terrorist incident were to occur, it is likely that support for a National ID Card would (at least temporarily) rise again.

Before the National ID issue can be raised in that context, let us answer a few basic questions: Is it possible to prevent all future acts of terrorism by systematically registering the American population, and then severely restricting those who refuse to register or who turn out to be non-citizens? If not, can many future acts of terrorism be prevented by such a registration, and if so, will the benefits be worth the costs?

Assessing Threat and Vulnerability
Security professionals know that answering questions knowledgeably about the safety and security of people and property begins with threat and vulnerability assessments. A good understanding of the full spectrum of vulnerabilities is required in order to effectively evaluate countermeasures.

A knee-jerk countermeasure reaction to a single type of threat or attack often does very little to strengthen overall security. It can also instill a false sense of security that lowers security awareness, and in so doing can increase risk. Robert Gellman, a privacy and information consultant based in Washington, says that a 99% accurate National ID database (a level of database quality never achieved in a large government system) still poses significant risk. Gellman explains that if 300 people go to board a plane, that means that three people, on average, will either be misidentified or will go undetected every time.

If an expensive countermeasure is implemented, the entirety of available security funds and resources can be used up, creating an inability to protect against other non-obvious threats that appear later. This applies not only to home, school, corporate and other environments, but also to national security. Despite the large size of federal budgets federal money is not unlimited, and neither is the money in the taxpayer pocketbooks from which the funds are ultimately taken.

Is it possible to prevent all future acts of terrorism? Obviously no single countermeasure could prevent all possible terrorist acts, except the broad but impossible measure of eliminating all potential terrorists. Terrorists already reside legally in our country who have jobs or attend school, who have committed no criminal offenses, and who will remain indistinguishable from non-terrorists until the moment they begin to engage in terrorist actions. Such persons would easily qualify for National IDs, which would then subject them to less scrutiny than they might otherwise receive. Neither would the possession of a valid National ID prevent a disturbed individual from joining the ranks of terrorists subsequent to registration. There are many ways that a National ID system would not prevent terrorist acts, and some ways in which it would facilitate them. Note that 13 of the 19 terrorists involved in the September 11 atrocities used their real names and legitimate IDs for business and travel in the United States.

Will enough future acts of terrorism be prevented by a National ID system that it will be worth the costs? Robert Ellis Smith is a lawyer and privacy specialist who publishes the Privacy Journal . "One way to predict the effectiveness of a national ID number or document is to look at environments where the true identity of all residents is known: prisons, the military, many workplaces, many college campuses," writes Smith. "And yet these places are far from crime free."

Anticipating Terrorist Response
Determined terrorists are not likely to give up their goals and objectives simply because a National ID system has been established. They would be more likely to respond as terrorists and criminals have responded to ID countermeasures in the past. They find ways to obtain a legitimate ID, develop ways to counterfeit or defeat the technology, and change strategies to employ actions that can be performed without an ID requirement. The latter move is likely to cause a vicious cycle of continually expanding ID requirements in response to terrorist avoidance of ID-requiring venues. There could be "no way out" of the dwindling spiral of deteriorating privacy rights and expanding violations of the constitution.

During the McCarthy era, the proposed institution of a com­pul­sory National ID system utilizing extensive background in­vest­i­ga­tions was thought to be an absolute requirement to fight domestic communism and save our country. We survived that era without such an extreme measure and instead kept our freedoms relatively intact. However, the majority of our voting age population did not live during that period, and has not been taught that lesson.

The Role of Security
Two functions of security are to obviate threats and manage risks. Instituting a countermeasure that is permanent (as a government based measure would be) and that introduces significant new risks would ordinarily be considered extremely bad advice on the part of a security practitioner.

In contrast, why are many people willing to accept a National ID system, some willingly and some reluctantly? Here are some common reasons:

• Desire to obtain one or more of the stated benefits of a National ID system either for oneself or for a larger group
• Lack of knowledge concerning the full security picture
• Belief that sufficiently advanced technology can provide a complete solution
• Intention to profit from the manufacture or sale of specific ID technology
• No knowledge of the true status and history of failed government ID initiatives
• Little or no knowledge of the abuse to which government database systems have been and continue to be subjected
• Unfamiliarity with the germane constitutional rights and the probable consequences of their surrender
• Belief that there is "no other choice" in order to accomplish the stated objectives of a National ID system

Security practitioners have a responsibility to educate their customers and clients regarding security measures, programs and technologies under consideration. That includes drawbacks as well as positive benefits, dollar costs as well as operational costs. Loss of freedom and convenience are "operational" costs to members of society for systems that are implemented on a city, county, state or national level. As taxpayers, they would be the ultimate purchasers of such as system. As citizens, they would also be the end users.

Yet many of the intended benefits of a National ID system are desirable and are worth pursuing. List 1 below contains some of the reasons why National ID Card systems have been proposed.

List 1. Intended Benefits Of A National ID Card System:

• Immigration control
• Improvement of health care management and service
• Preventing/detecting underage drinking
• Prevention of identity theft using Social Security Numbers and other Identifiers
• Prevention of drivers license and ID document forgery
• Prevention of welfare fraud
• Reduction of credit card theft and fraud by tying issuance and use to a national ID
• Facilitation of the detection of terrorists

Except for national health care delivery, these are all valid and important security issues.

Success, Not Just Action
Stressing the importance of addressing key problems and focusing on the intended benefits of solving them can sidestep a very important principle: The more desirable the benefit, the more important it is that correct and workable measures are employed to obtain it. No amount of rhetoric about the importance of a solution can make an unworkable approach workable.

Matching Problems and Solutions
It is appropriate to consider the "people, process, technology" aspects of security. The majority of security failures are human failures. Changing technologies alone usually won't solve problems in the people and process portions of the picture. However, revising the people and process portions, and also using technology to strengthen them, can be very successful.

The problems contained in List 1 above are primarily people and process problems. Security technology can be successful in their solution only as part of appropriate people and process solutions.

The Unique Position Of The Security Industry
Those of us in the security industry are in the unique position of having the best understanding of security technologies and their appropriate uses as well as their limitations. We are also aware of the fact that security solutions must take into account the whole picture, including the nature of the activity and personnel to be secured, and their functional needs since those may be impacted by security measures.

Benjamin Franklin said, "Those who would sacrifice a little freedom for a little security deserve neither." In contrast, history shows that people have generally been willing to sacrifice a little freedom for a lot of security, or for a lot of convenience. But the general consideration, both inside and outside of the security industry, is the view that Security vs. Freedom, and Security vs. Convenience (or service) are diametrically opposed conditions where more of one automatically means less of the other.

Rather than viewing these issues as pairs of diametrically opposed options, it is possible to approach them in a more productive fashion, as shown in Figure 1 below. Some situations call for maximizing security and minimizing freedom and convenience, such as access to Top Secret national security documents. Other situations call for maximum freedom and convenience, and only a small dose of security, such as the receipt of donations for food at a church picnic.

It is a typical task of security practitioners to optimize security planning and procedures to be consistent with the operational needs of the organization that will implement the security measures. If 20 trucks of merchandise must be loaded daily at each shipping dock, then security measures that would cut the loading rate in half are not operationally and financially viable, and thus are not acceptable.

Figure 1. Creating a blend of freedom, security and convenience issues.

Security measures also must support, not weaken or interfere with, the infrastructure of the organization they are supposed to serve.

These are issues that security professionals are used to dealing with. Thus security practitioners already have an orientation toward identifying things that need to remain intact (in this case, citizen constitutional rights), and designing security solutions that help keep them intact. When approached from the right perspective, applied security technology won't create more problems than it solves.

Protections Against Document Fraud
For example, in the mid-1990s an entire network developed among government employees through which government-issue IDs were sold to illegal immigrants and criminals. The IDs had verifiable database entries, actual fingerprints, true digitized photos, and false but real-looking Social Security numbers. Social Security employees have also been caught selling SSNs (that have database entries to back them up) to illegal immigrants including at least one suspected terrorist.

Employee crime is one of the issues that security professionals address, and technology exists to support its prevention. For example, Werner-Pegasus makes a forgery-proof document ID Code label that can't be photocopied because it uses varying ink densities to print the code and requires multiple light wavelengths to read it. The physical label design prevents it from being removed intact from a document or ID badge. What's more, the secure ID code system requires biometric identification of the operator who issues the ID Code, and that operator's ID information is embedded in the issued code itself. If an operator is found to be compromised, in an instant all ID Codes issued by that operator can be nullified. Thus the system enforces accountability on the part of the issuing operators, and provides an effective means of response in the event of a compromise. This system is being employed to issue vehicle registrations in Jalisco, Mexico, where according to the first report the state's recovery rate of stolen automobiles had risen as a result to a record high of 80%.

After this article was originally written, the three States of Mexico, Morelos and Sonora have purchased and started operating the Werner-Pegasus system, and other states are scheduled to get started this year.

Avoiding Single Point of Failure Risks
The Werner-Pegasus labels can be applied to any existing document or ID card system. This is much more important than it may seem at first. Widespread use of centrally issued IDs increases both the risk of ID theft and the scope of harm when ID theft occurs. These are known as "single point of failure" risks.

Increasing reliance on any single ID, such as a driver's license, dramatically raises the incentives to forge or steal such credentials. Adopting a single National ID card would necessarily cause such an unwanted side effect, and make matters worse. A similar effect would occur if the currently proposed national standards for driver license ID and national sharing of driver license database information are put into effect.

A better approach would be to keep the systems separate for each state as they are now, and to greatly increase document security and establish strict and traceable accountability for issuing employees. This would also put states in a better position to more stringently enforce identity theft laws. It can and must be done in a way that doesn't enable nationwide profiling and tracking of licensed drivers in violation of established rights.

Security and privacy interests are best addressed by documents that serve limited purposes and by relying on multiple and decentralized systems of identification. That reduces the scope and impact of errors, and provides truly manageable accountability for the issuing organizations. And although it may seem like a minor point, it also enables the customization of documents and IDs to suit local operational and functional needs. This lets "the dog wag the tail" so that security technology is serving the organizations to which it is applied, instead of the other way around.

The Challenge For The Security Industry
In order for governments and other organizations to deploy systems in a more secure manner, and in accordance with the protected rights of individuals, the security industry must:

• Design systems that include the means to establish auditable accountability for data entry, data viewing and data exchange whether manual or automated
• Develop document and ID issue systems that include auditable accountability, including the ability to cancel authorization of documents and IDs issued by compromised operators
• Include rollback features in data-based systems, to allow the quick restoring of a system from a compromised state to a known secure state
• Enable effective use of multiple independent systems so that rules-based system collaboration (data sharing) can be easily managed in accordance with citizen rights and customer preferences
• Develop open standards for secure and accountable data exchange and privacy rights management
• Popularize the use of high-security features by making them easy to use, and wherever appropriate basing them on open standards
• Be proactive in leading the way to the deployment of security technology using policy and procedures that ensure an appropriate balance of security, freedom and convenience

Don Sturgis, CPP, of Claremont, California, an independent security consultant and 27-year veteran of the security industry, is formerly the product manager for three major access control systems manufacturers. "If the security industry is going to step up to the plate to help shape the way that security technologies are utilized in our society," says Sturgis, "manufacturers will have to look beyond the limited proprietary think, for example, with biometrics, and develop standards that ensure interoperability in order to enable the development of broadly acceptable solutions. What advances the overall health of the industry will also advance the health of the businesses that contribute to the overall advancement."

A good start in this direction would be the development of sound solutions to accomplish what the proponents of the National ID Card system would hope to accomplish, beginning with the items described in List 1 above. It's not necessary to have a nationalized system to solve those problems. It may require technology features that don't yet exist or are not in widespread use.

One deterrent to the widespread adoption of features that support privacy rights and highly secure use of data-based systems, is that some manufacturers may hope to maintain a cost advantage by avoiding the development expense of implementing such features. That discourages other manufacturers who would invest in such product development except for concern over cost-competitive issues. One way around this dilemma would be the establishment and popularization of security standards that support higher security, privacy rights protection, and open standards for interoperability. Customer demand for such features can and typically would develop once the customers themselves learned about their benefits and understood their value.

Eagerness to provide technology for widespread use, especially for government-sponsored or government-mandated systems, can shorten one's view so that the larger, more long-term opportunity for development of the security industry as a whole may be missed. It would be very unfortunate if the rush to sell security technology resulted in broad implementations of security systems that place individuals and society at a great disadvantage. A More Dangerous Situation The environmental disasters of the past, caused by short­sighted­ness and even bull-headed­ness on the part of part the business sector, were overcome by an alliance of out-crying public and outraged government. We are facing a more dangerous situation now with regard to security and privacy issues. Short­sighted­ness in some parts of the business sector could ally itself with self-serving interests of some in government who see a national ID system as a easy means to transfer responsibility and get themselves out of their hotseats. Such an alliance may not be so easily overcome by the disadvantaged public, who could be facing widespread "denial of service" by intentional misuse of the very security technologies designed to protect them. The primary difference between the environmental crises of the 1960's and the impending security ID crises of the current decade is that an eroded state of citizen rights and freedoms will be much harder to restore than the damaged portions of the ecology were. The environment was restored with full government support (see Figure 2 below), but the restoration of lost rights and freedoms would have to be accomplished in the face of fully entrenched government opposition (see Figure 3 below). Figure 2. What happened in the fight against pollution. Figure 3. What could happen in a fight to regain abandoned individual rights and freedoms. That's why instituting any national system that requires giving up individual rights and freedoms to one or more government agencies is a highly dangerous solution.

Strengthening Our Freedoms
On the brighter side, the current need for security technology provides a great opportunity for long-term individual business growth and overall industry growth. Done wisely, it can be a significant contribution to the strengthening of those freedoms and rights on which our country was founded, and which today still set us apart from any other nation in the world.

Perhaps for the first time in the history of our nation, the security industry is in the position to play the greatest role in keeping those rights and freedoms safe.