September 11 was quickly followed by calls from some lawmakers and business leaders for a more robust national identification system: ID cards that possess sophisticated biometric data, making them harder to forge than today’s driver’s licenses. Privacy advocates are strongly opposed, arguing that such cards, while enabling the government to track individuals and access personal data, would do little to separate the innocent citizen from the walking security threat. For now, the Bush administration is cool to the idea, but it’s not hard to envision the Department of Homeland Security re-examining the concept if further terrorist attacks occur. More than 30 countries, from Italy to Malaysia, have already introduced “smart” ID cards. If you’re eventually issued a national card, it will likely incorporate several of the technologies shown here, combined to make the card readable by both high- and low-tech devices.
1. Your USID number
Most logically your Social Security number. Although the federal government has rejected using the SS card as an ID card, the number is already used by the IRS. If a card is introduced, it’s a good guess the Department of Homeland Security would manage it, possibly issuing different classes of cards for citizens, green card holders, and others.
2. Optical Memory Strip
An optical memory data strip (like a small CD laminated onto the card) locks in 4MB of read-only data, which can be read
by an optical scanner. The strip can contain a digitized image of a fingerprint and a photo, along with essential personal data such as previous addresses, mother’s maiden name, and, optionally, medical data such as allergies. Room remains for scanned documents, X rays, or digital signatures. LaserCard of
Mountain View, California, adds an embedded hologram.
Standard printing technology, which lays down ink on the card material, easily succumbs to skilled forgers. One step up is laser engraving: Machines permanently etch
a photo into the card material, usually a polymer such as polycarbonate. It’s virtually impossible to erase or alter a laser-engraved image without leaving telltale marks. But a trained person is still needed to examine the card for sophisticated tampering. Another step up: Integrate a radio frequency identification (RFID) device, which would automate the authentication process. An RFID chip and antenna would be placed beneath the photo. If the image is altered, the chip and antenna are disturbed, and a portable reader will register a problem.
4. Smart card technology
With the addition of an integrated circuit microprocessor, the card can perform data manipulation and run cryptographic algorithms. The processor makes it possible to limit the amount of data any one official can access. For example, an ER
doctor could view medical information and enter data about treatment (if the card’s data storage device is read-write capable), but could not see security-related data (such as a traveler’s flight history, or a non-citizen’s visa status) that an airport or INS official might require. But how secure are smart cards? Detailed instructional hacking sites can be found on the Web, many focusing on European cards. And
the more data on a card, the more valuable the card becomes to an identity thief.
5. Internal Memory Strip
Currently manufactured only by UltraCard of Los Gatos, California, this rewritable internal strip can store 20MB of data, roughly the capacity of 14 floppy disks-essentially giving the card a (tiny) hard drive. The capacity may soon grow by a
factor of 10, according to the manufacturer. A high-capacity device could store rich biometric data such as several fingerprints, iris scans, face scans, heartbeat characteristics, or DNA sequences. In a relatively simple application, law enforcement officials access the card data using a portable reader and match it to the biometrics of the
person presenting the card. Or an entry control system might be developed that automatically matches, for example, the iris scan on the card with the cardholder’s iris.
**6. 2-D Bar Code **
This low-tech info coding could be used by officials who don’t have more sophisticated optical reading devices. A big step up from the simple 20-byte-capacity bar code you see on cereal boxes, the 2-D bar code stores information in vertical and horizontal lines-up to 2KB or more of data, potentially including text, a photo, and a limited amount of biometrics. These bar codes are already used on driver’s licenses in several states, generally to code the same information that’s on the face of the card. The technology is virtually tamperproof. The main problem: relatively small capacity per inch of card real estate. Datastrip Inc. of Exton, Pennsylvania, says it can cram 2.8KB of data into a space the size of a conventional thin magnetic strip. The company also sells a portable reader with an integrated fingerprint identifier.
WHOSE DATABASE, ANYWAY?
The biggest challenge for a
national ID system is ensuring the accuracy of the information used to build a database of names, biometrics, and the like. There are more than 200 million state driver’s licenses in the country, representing the largest collection of data of its kind. The most pressing question: How accurate are these databases? How easy is it to obtain a license fraudulently? As the American Association of Motor Vehicle Administrators points out, al Qaeda terrorists used licenses to build U.S. identities. In January
the AAMVA proposed beefing up the system by establishing uniform standards for licenses, coordinating data between states, and improving security and biometrics. A national
ID initiative could be a springboard for this effort.