There is much to commend in the op-ed on immigration reform that Senators Chuck Schumer (D‑NY) and Lindsey Graham (R‑SC) published in this morning’s Washington Post. Unfortunately, they lead with their worst idea: a biometric national ID card, mandatory for all American workers.


Here’s the good: “Americans overwhelmingly oppose illegal immigration and support legal immigration,” they say. “Throughout our history, immigrants have contributed to making this country more vibrant and economically dynamic.”


Their plan includes problem-solving proposals: “creating a process for admitting temporary workers” and “implementing a tough but fair path to legalization.” The latter would reduce the population of illegal aliens in the U.S.—good—and the former would reduce the need to enter illegally in the first place—also good.


Joined with the enhanced border security they propose, these ideas would address the immigration challenge as well as anyone knows how. (Details matter, and my colleagues will have more to say, I’m sure.)


But then there is their gratuitous national ID proposal for all American workers, and stepped up interior enforcement. “Interior enforcement” is a euphemism for “rounding up illegal workers” under some administrations and “raiding employers” under others.


This is the most specific Senator Schumer has ever been about his biometric national ID proposal, though he’s had it in mind since at least 2007. But it is hardly satisfactory, and the claim there will be no national ID database is almost certainly not true.


Here is the paragraph that captures the senators’ plan:

We would require all U.S. citizens and legal immigrants who want jobs to obtain a high-tech, fraud-proof Social Security card. Each card’s unique biometric identifier would be stored only on the card; no government database would house everyone’s information. The cards would not contain any private information, medical information, nor tracking devices. The card will be a high-tech version of the Social Security card that citizens already have.

I’ll parse the senators’ description of their national ID plan here. In a later post, I’ll examine how the Schumer-Graham biometric national ID stacks up in terms of privacy, cost, and other considerations. Of course, in the decade or two it will take to build this extravagant national identity system, we will learn much more than I can predict.

We would require all U.S. citizens and legal immigrants who want jobs to obtain a high-tech, fraud-proof Social Security card.

First, let there be no doubt that this is a national ID card. As I’ve written in past, a national ID has three characteristics: It is national—this is. It’s practically or legally required—this is. And it’s for identification—yep.


Students of card security will recognize one of the adjectives in the sentence as rather extravagant. No, it’s not “high-tech”—that’s a throwaway. The extravagant claim is “fraud-proof.”


The senators may mean one of three things, only one of which might be true. All three have to be true or their implication of a bullet-proof card system is false:


1) Impervious to fraud in issuance. Issuance is the weakest link in card security. Today at the hundreds and hundreds of DMVs across the country, ingenious young people (under 21—understand their motivation?) regularly submit identity documents falsely—siblings’ birth certificates or driver’s licenses, for example, or fake Social Security cards, utility bills, and such. Illegal aliens do too. Many DMV workers are gulls. Some can be made willing gulls for the right price. The same will be true of Social Security Administration workers. If the motivation is high enough, there is no practical way of making a national identity document fraud-proof in issuance.


2) Impervious to alteration. With various printing methods, secure card stocks, and encryption, card security is the easiest to do. It is possible to create a card that can’t be altered except at extraordinary expense.


3) Impervious to forgery. Odd though it may seem, technology does not govern whether a card can be forged—motivation does. Any card can can be forged if the price is right. Were a single card to provide entrée to work in the United States, it’s virtually guaranteed that criminal enterprises would forge the physical card and defeat the digital systems they need to.


The idea of a “fraud-proof” card (in whatever sense the senators mean) sounds nice. But it doesn’t bear up under the stresses to be encountered by a national ID system that governs whether people can earn a living (and probably much more). During the decade or more that this system is being designed and implemented, new ways of attacking biometrics and encryption will emerge. A reasonably “fraud-proof” card today is not still fraud-proof in 2020.

Each card’s unique biometric identifier would be stored only on the card; no government database would house everyone’s information.

It is possible to have a biometric card without a biometric database. The card would hold a digital description of the relevant biometric (such as fingerprint or iris scan). That algorithm would be compared by the card or by a reader to the person presenting it, determining wether it should be accepted as theirs.


The promise not to create a biometric database is a welcome one. The senators should require—in law—that the enrollment process and technology be fully open and transparent so that non-government technologists can ensure that the system does not secretly or mistakenly collect biometrics.


But the promise not to create a national identity database is almost certainly false.


Let’s review how an identity card is issued at a motor vehicle office today: People take the required documents to a DMV and hand them over. If the DMV accepts their documentation, the DMV creates a file about the person containing at least the material that will be printed on the card—including the person’s photograph. Then the DMV gives the person a card.


What would happen if DMVs didn’t keep this file? A couple of things—things that make the senators’ claim not to be creating a national identity database highly doubtful.


If there were no file and a card were lost or stolen, for example, the person would have to return to the card issuer again—with all the documents—and run through the entire process again. Because they have databases, DMVs today can produce a new ID and mail it to the address of record based on a phone call or Internet visit. (They each have their own databases—much better than a single database or databases networked together.)


If no file exists, multiple people could use the very same documents to create ID card after ID card after ID card in the same name but with different biometrics. Workers in the card issuing office could accept bribes with near impunity because there would be no documents proving that they had issued cards wrongly. Criminal use of the system would swamp it.


So that they can provide customer service, and for security reasons, state DMVs keep information about license holders, including a biometric of a sort—a photograph. Senators Schumer and Graham may think that they are designing a database-free biometric identity system—such a thing can exist—but the realities they confront will drive it to become a full-scale biometric national identity database.

The cards would not contain any private information, medical information, nor tracking devices.

This is a welcome pledge, and to fulfill it, they should bar—in law—the use of writeable chips or RFID chips. And there is no way to prevent the card itself from acting as a tracking device. It will be a pointer to private medical information, financial information, and much more.


Understand that the Social Security number is an identifier. It is already used in government, throughout the financial services system, and in much of health care to administer services and benefits, and to perform surveillance (both for good or for bad).


With a uniform biometric Social Security card in the hands of every worker, the card would be demanded at more and more points in society. Americans would have to present their national ID when they use credit cards, when they check into hotels, at bars, in airports, pharmacies, doctors’ offices, and so on.


A card may contain only a biometric algorithm and a Social Security number—unlikely though that may be. It will still act as a tracking device when it integrates with the card readers and databases that grow up around it.

The card will be a high-tech version of the Social Security card that citizens already have.

This claim—to be making a simple, sensible change to the Social Security card—is wrong. The biometric national identification scheme Senators Schumer and Graham propose is much, much more than a “high-tech” Social Security card. It’s the biggest, most difficult identity system ever proposed. It will take decades and tens or hundreds of billions of taxpayer dollars to build.


About the only similarity between today’s Social Security card and the biometric national ID card these senators propose is that they’re both rectangular.


In an earlier post, I called Senator Graham’s support of Schumer’s national ID plan inexplicable (before taking a stab at explaining it). Seeing the outline of their entire proposal, which would alleviate various pressures and begin a welcome transition back toward the rule of law in the immigration area, I am truly at a loss to understand why they would attach this grauitous and punitive plan to force law-abiding American citizens into a biometric national ID system.


Senators, why not do it without the national ID?