ID-Based Security Is Broken - and Can’t Be Fixed

The Government Accountability Office testified to the Senate Finance Committee today that investigators were easily able to pass through borders using fake documents. Indeed, sometimes documents were not checked at all.

“This vulnerability potentially allows terrorists or others involved in criminal activity to pass freely into the United States from Canada or Mexico with little or no chance of being detected.”

That’s true, but shoring up that vulnerability would add little security while devastating trade and commerce at the border.

Identity-based security works by comparing the identity of someone to their background and determining how to treat them based on that. To start, you need accurate identity information. That’s not easy to come by from people who are trying to defeat your identity system.

Here’s a schematic of how identification cards work from my book Identity Crisis.

As you can see, proof of identity involves three steps: Info goes from the person to the card issuer; info goes from the issuer to the verifier via the card; and the verifier checks to make sure the person and the card match.

Each of these steps is a point of weakness. Let’s take them in reverse order:

Obviously, as the GAO found, if nobody looks at the ID card, the “verifier check” can’t be done and the system fails. If the verifier is careless, the system will also fail. This weakness can be fixed with machine-read biometrics, but that is time-consuming and it typically subjects everyone to monitoring, tracking, surveillance – whatever you prefer to call it.

If the card can be forged or altered, this compromises card security, the second point of weakness in the process. Weakness in card security (non-obvious forgery) is what GAO sought to expose when it stumbled across the fact that border agents weren’t checking IDs at all. Card security can also be fixed various ways, though the best, such as encryption, will also tend to increase monitoring, tracking, and surveillance of every card-holder.

The first step is the hardest by far to fix: getting accurate information about people onto cards. For anyone wanting to defeat the current U.S. identification system, there is a substantial trade in documents that are false but good enough to fool Department of Motor Vehicle employees into issuing drivers’ licenses and cards. Criminals also regularly use the option of corrupting DMV employees to procure false documents. Can this problem be curtailed? Yes. Solved? No.

For the sake of argument, let’s fix all these things with a cradle-to-grave, government-mandated, biometric tracking system. Enough to make even the irreligious think “mark of the beast.” Even then, we will not have effective security against serious criminals and terrorists. The greatest weakness of identification-based security remains.

Knowing who a person is does not reveal what they think or what they plan to do. Examples are legion in terrorism, and routine in crime, of people with no record of wrongdoing being the ones who act.

For example, Al Qaeda selected operatives for the 9/11 attacks who had no known records of involvement in terrorism. (See 9/11 Commission report, page 234.) It was operating in a mode to defeat watch-listing well before the spasm of watch-listing that underlies identification-checks like the ones GAO has found so flawed.

If we were to have a comprehensive, mandatory, biometric identification system, it would help find bad people after they are identified, but do little to secure against attackers who are not already known. Al Qaeda planners would have to continue factoring in a risk they have already accounted for.

And having such a system should be a big “if.” Subjecting all Americans to increased monitoring, surveillance, and tracking, then delaying their lawful trade and travel at the borders, would do a lot of damage to liberty and commerce. It would provide only a tiny margin of security – almost no margin against sophisticated threats.