Tag: national id system

“We’re Going to Have to Come Up with Something.”

And that something is a national ID.

The quote is Senator Chuck Schumer’s (D-NY), speaking about immigration reform at Politico’s Playbook Breakfast. The national ID gloss is mine, based on the immutable logic of “internal enforcement.”

Senators Schumer and McCain (R-AZ) say that the “Gang of Eight” senators who are working up an immigration reform package are united on the idea of making it impossible for illegal immigrants to get work in the United States. The only way to do that is to put all working Americans—if you work, that means you—into a national ID system.

“People say, ‘National ID card,’” Senator Schumer says. They do because that is what he’s talking about.

Now, they haven’t gotten all the way through the logic of their plans. Senator Schumer talks about a “non-forgeable [Social Security] card,” but a Social Security card only proves that a certain name is linked to a certain number. If a system is going to prove that a given person is entitled to work in the United States, it must be an identity system. It must compare the identifiers of the person to the identifiers in the system, whether held on a card or in a database, so that it can assess their legal status, including natural-born citizenship.

This is why Senator Schumer also talks about biometrics. The system must biometrically identity everyone who works—you, me, and every working American you know. There is no way to do internal enforcement of immigration law without a biometric national identity system.

It looks as though E-Verify, an incipient national ID system, will be a part of most or all comprehensive immigration reform proposals. Ironically, immigration reform that aligns the law with our country’s economic need for labor would obviate the need for E-Verify and a national ID. 

There are lots of ways to become familiar with the national ID issues that have yet to bubble up in this early stage of the immigration reform debate. My 2006 book, Identity Crisis, is a decent primer on identity and national ID generally. I examined the direct line between internal enforcement of immigration law and a national ID in my 2008 paper: “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration.” And my article in last year’s special Cato Journal on immigration reform was called: “Internal Enforcement, E-Verify, and the Road to a National ID.”

You Can Say it All You Want

…but that doesn’t make it true.

One of the laws recently signed by the president, which Congress quietly passed before leaving town to campaign, was Public Law 112-176. Among other things, it extended the authorization the national background check system, E-Verify.

A line tacked on to the end of the law speaks to an issue with E-Verify:

Nothing in this Act may be construed to authorize the planning, testing, piloting, or development of a national identification card.

Well, you can say it all you want, but that doesn’t make it true.

Maybe Congress is playing a little trick, saying “no national ID card,” knowing that E-Verify is a cardless national ID system.

National Surveillance Programs and Their State Impediments

Having originally come to Washington to defend federalism, I am always delighted to see the division of powers among the states and the federal government have its proper effect: to protect liberty and limited government.

As with REAL ID, the E-Verify federal background check system is meeting up with state resistance. The Republican Liberty Caucus of New Hampshire reported yesterday:

This afternoon, the House passed HB 1549, which would prohibit the state’s participation in the E-Verify system, with a nearly unanimous voice vote. The House also killed HB 1492, which would require employers to verify an employee’s eligibility to work in the United States using the E-Verify System, with a 226-59 vote.

E-Verify is essentially a national identification system that requires employers to verify all job applicants’ citizenship in a national database system before they can employ them. If the state agreed to participate, all citizens would have to be listed in this national database as a U.S. citizen in order to get a job.

You want to fix immigration, feds? You do it without putting American citizens into a national ID system. Good message.

Here’s the clear language of HB 1549, which the New Hampshire House has approved to govern release of motor vehicle records. It embraces legitimate law enforcement while rejecting national identification schemes.

III. Motor vehicle records may be made available pursuant to a court order or in response to a request from a state, a political subdivision of a state, the federal government, or a law enforcement agency for use in official business. The request shall be on a case-by-case basis. Any records received pursuant to this paragraph shall not be further transferred or otherwise made available to any other person or listed entity not authorized under this paragraph. No records made available under this section shall be used, directly or indirectly, for any federal identification database. (New language in bold.)

To learn more about E-Verify and its role as a nascent national identification scheme, read my Cato Policy Analysis: “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration.”

Don’t BELIEVE the Hype—Though Unformed, the Democrats’ National ID Plan Is Rife With Threats to Privacy and Civil Liberties

Senate Democrats have solidified and given more definition to their plan to create a biometric national ID, the centerpiece of their immigration reform proposal. (For reasons unrelated to the national ID plan, Senator Lindsey Graham (R-SC) has dropped out of the picture for now.) The “Conceptual Proposal for Immigration Reform” they released last week gives much more detail to the sketchy plans I previously reviewed.

In my Cato Policy Analysis, “Electronic Employment Eligibility Verification: Franz Kafka’s Solution for Illegal Immigration,” I wrote about the possibility of a work authorization document limited to that purpose—and my doubts that the government would adopt one.

A credential such as eligibility for employment under [the immigration laws] can be proved without creating a nationwide biometric tracking scheme. In fact, templates already exist. But it is unlikely to see adoption… . [I]dentification and tracking … shift the risk of error in the card-issuance process from the government to the citizen… . [T]racking preserves government power. A work-eligibility and tracking system … makes the individual’s employment eligibility subject to revision at a later time, if the government wants to change the rules or adapt the system to new purposes, for example.

Those doubts are validated by this plan, which appears to be a full-fledged national ID and national biometric database. Assurances that it won’t be used for purposes beyond immigration control are not persuasive. This is national identity and surveillance infrastructure that will be “switched on” by later policy changes.

They’re calling it “BELIEVE,” short for “Biometric Enrollment, Locally-stored Information, and Electronic Verification of Employment.” They can call it that. We’ll study it, and give credence to what we learn.

The plan is confusing, disorganized, repetitive, and sometimes contradictory. Summarizing it is a little like trying to piece together the egg when all you have is the omelet, but three themes emerge: First, this summary backs away from an earlier claim that there would not be a biometric national identity database. There will be a national biometric database. Second, repeating the word “fraud-proof” does not make this national ID system fraud proof. Third, this national ID system definitely paves the way for uses beyond work authorization. This is the comprehensive national identity system that people across the ideological and political spectrum oppose.

The national ID part of the Democrats’ proposal begins at the bottom of page eight. It’s a veritable word-cloud, suggesting a violation of the rule of thumb that simple solutions are usually the best. But let’s look at it, line by line.

Not later than 18 months after the date of enactment of this proposal, the Social Security Administration will begin issuing biometric social security cards.

That’s pretty darn ambitious. Watch for any national ID plan to take several years to get started, decades to complete. The REAL ID Act—a simpler proposal than this one—has been law for five years and not a single compliant card has yet been issued. Not one.

These cards will be fraud-resistant, tamper-resistant, wear resistant, and machine-readable social security cards containing a photograph and an electronically coded micro-processing chip which possesses a unique biometric identifier for the authorized card-bearer.

All these things are easier said than done. And “fraud-resistant”? That’s unlikely. We won’t know until we see details.

The card will also possess the following characteristics:

We’ll take them in chunks.

(1) biometric identifiers, in the form of templates, that definitively tie the individual user to the identity credential;

Cards have biometrics today—low-tech ones like your picture and a copy of your signature printed on it. Here, “biometric identifiers” probably refers to machine-readable biometrics like fingerprints or iris scans. The card wouldn’t have an image of the biometric itself, but rather a mathematical description of its key features—the arches, loops, and whorls in your fingerprint and their distances from one another, for example. Research continues into how secure these algorithms are against future high-tech versions of identity fraud.

(2) electronic authentication capability;

This is pretty opaque, but it confirms again that the card will have a computer chip. “Authentication” is a word without a distinct meaning—what fact will be proven to whom, and how will it be proven? We have to learn more.

(3) ability to verify the individual locally without requiring every employer to access a biometric database; (4) offline verification capability (eliminating the need for 24-hour, 7-days-per-week online databases);

This is two ways of saying roughly the same thing. How will this goal be achieved? Without more information, the privacy and security issues are hard to assess. 

A freestanding ability to verify individuals without accessing a biometric database implies that there will be a biometric database, a likelihood I noted earlier.

(5) security features that protect the information stored on the card; (6) privacy protections that allow the user to control who is able to access the data on the card;

Security protects privacy so these two features are siblings if not one feature. But these opaque claims don’t tell us much at all. Knowing what exact card security features the plan envisions would allow an assessment of their quality. They could be anything from distributing RFID-chipped cards with a metallic sleeve that many users will lose or fail to use—almost no protection at all—to using a card that will only reveal data when the biometric of the authorized bearer is presented to the card.

The best protection for privacy and data security is not collecting people’s identity information in one place at all, nor organizing it uniformly on a card everyone must have. A technically secure national ID card isn’t privacy protective when the bearer is practically or legally required to release the information on it. Pushing card security as a privacy feature is like looking for your keys under a lamp post. The light may be better there, but you haven’t solved the privacy issues by securing the card.

(7) compliance with authentication and biometric standards recognized by domestic and international standards organizations.

This feature conflicts with the privacy claims in the previous bullet. Compliance with standards increases the likelihood that the national ID system will interoperate with other national governments’ systems and with corporate systems. Picture a future not too far off when every government collects and shares data on every citizen and foreigner using a consistent identity system. This is an efficiency feature with huge privacy and liberty costs for individuals.

The new biometric social security card shall enable the following outcomes:

One by one:

(1) permit the individual cardholder to control who can access their information;

This is the same as characteristic (6) above.

(2) allow electronic authentication of the credential to determine work authorization;

We got this from characteristic (2) above.

(3) possession of scalability of authentication capability depending on the requirement of the application.

This jargon cloud doesn’t mean anything discernible, but it does suggest that this national ID system is being designed for multiple uses. Let’s start with some terms:

“Scalability” is the idea that a technology still works well “at scale.” A system that works will with 10 users may not work well with 10,000, and a system that works well with 10,000 users may not work well with 10,000,000 or 100,000,000. So the idea here is that it will work well with many users. It’s not enough just to say that, of course. We should know specifically how it would meet the challenges of scale.

“Authentication”—again, a poorly defined term—means adequately proving some fact, such as a person’s identity, his or her work authorization, and so on.

“Application”—another favorite word in the tech lingo—simply means “use.” A hammer has many different applications: pounding in nails, denting metal, bonking intruders on the head, and so on.

So the sentence translates roughly to: “The card system will handle large numbers of people no matter what it’s used for.”

That’s telling, because the next line in the plan claims that the system will only be used for work authorization. If it’s only used for work authorization, why would it need to handle large scale for other authorization applications?

Possession of a fraud-proof social security card will only serve as evidence of lawful work-authorization but will in no way be permitted to serve—or shall be required to be shown—as proof of citizenship or lawful immigration status.

Repeat: If this is true, why does the card work at scale for other authorization applications?

The use of the word “permitted” suggests that the card will be capable of other uses, but such uses will be barred by law. Once again, if the plan is to use the cards only for work authorization, why not design the cards to serve only that purpose and no other?

And there’s “fraud-proof” again. The plan says little or nothing about what makes the card fraud-proof. In my earlier assessment of the national ID plan as it stood then, I discussed the three different meanings the concept of “fraud-proof” may have in an identity system, and the difficulties of achieving all three.

It will be unlawful for any person, corporation; organization local, state, or federal law enforcement officer; local or state government; or any other entity to require or even ask an individual cardholder to produce their social security card for any purpose other than electronic verification of employment eligibility and verification of identity for Social Security Administration purposes.

Confirmed: This will be a multi-purpose identity card. Most of the public will be barred by law from asking for the cards, but it will perform “verification of identity for Social Security Administration purposes.” That means, at the very least, that it can display Social Security Number and probably name. It will be convertible to lots of other purposes when mission creep takes hold.

Legal rules against using the card for new purposes don’t mean very much. If you create a system with rules like that in place, they might be in place for a while, but policymakers will think of new uses for the card, people and organizations use the card unlawfully for a while, and the weight of these “misuses” will break down the legal barriers. The national ID system created for one limited purpose will be “switched on” and it will become the full-scale surveillance device that freedom-loving Americans abhor.

No personal information will be stored on the electronic chip contained within the social security card other than the individual’s name, date of birth, social security number, and unique biometric identifier.

What more do you need? Presenting these identifiers allows organizations, public and private, to easily identify people distinctly in their data stores. Highly accurate tracking systems will grow up around this identity system, many of which provide convenience and other benefits, but the sum total of which will be a federal-government-fostered surveillance society.

And, by the way, an encrypted work authorization (see below) can act as an identifier—that’s more personal information—unless the card’s design takes some very impressive steps to prevent that.

Under no circumstances will any other information, including medical information or position-tracking information, be contained within the card.

This is nice protection—and if it’s a bar on radio frequency identification, fine—but putting these protections in law is rather quaint, though. A bar on additional data going on the card may hold up for a few decades, but it will ultimately give way to new demands for data on the card to fix some new policy problem.

And, remember, the card itself is not the only source of privacy concern. The card will facilitate highly accurate record-keeping about people’s locations when they use the cards. Location tracking may not be integral to the card, but the card will be integral to location tracking.

The Secretary of Homeland Security shall work with other agencies to secure enrollment locations at sites operated by the federal government.

Yes, you need to secure enrollment facilities or people will break in and steal equipment and data. I’m not impressed that DHS will be involved in providing physical security to SSA, and I bet SSA isn’t either.

Prior to issuing an individual a new fraud-proof social security card, the Social Security Administration will be required to verify the individual’s identity and employment eligibility by asking for production of acceptable documents to be provided by the individual as proof of identity and employment eligibility.

Yes, that’s how you do it. This is the step in the card issuance process that is probably the weakest. Forgery and corruption attacks are a function of the value to which the card controls access.

(Again with the unsubstantiated “fraud-proof”!)

The Secretary of Homeland Security will work with the Commissioner of the Social Security Administration to verify non-citizens’ employment authorization.

As they must. DHS has the info on naturalized citizens and non-citizens legally in the country.

SSA will also be required to engage in background screening verification techniques currently used by private corporations that use publicly available information that can be derived from the individual’s social security number.

This is a new one—doing database background checks on applicants for the new national ID. Rather than using only the documents proffered by the applicant for the card, the Social Security Administration would look up the claimed SSN of the applicant and see if his or her story checks out. For example, the system might compare the address claimed by the applicant to addresses that are found in public or private records. (“Publicly available” is ambiguous.)

This is a way of reducing fraud in the issuance of cards. (Mind you, it doesn’t make the process “fraud-proof!”) But it also raises new issues, particularly if the background check on the applicant will be run against private commercial data. The DHS Privacy Committee has twice issued cautionary documents about using commercial data in government applications. There are many issues, including privacy and due process, if indeed the intent is to use private databases to run background checks on applicants for a government benefit.

An administrative adjudication process can be invoked in the event that an individual is unable to establish his or her identity or lawful immigration status. Adverse decisions can be reviewed in the federal courts.

You’re gonna need it. The full range of appeals will be required if this card indeed will be used to control access to work. Some important decisions have to be made about whether a person can work while their appeal is pending. If an appeal fails, should the appellant be arrested and deported as a presumptive illegal immigrant? Expect to see stories of people who lack documentation and fixed addresses—the very poor, recovering drug addicts, and so on—who cannot prove their existence to the SSA or who don’t pass their background checks. They will find themselves unable to work because their government has denied them an officially recognized identity.

There will be a multi-stage process of re-verification if an individual claims he lost his previously issued fraud-proof social security card to ensure that there is no identity-theft or unlawful collaboration of identity.

I noted in my previous analysis that a database-free identity system is very difficult to administer, such as for replacing lost cards. The plan to address this challenge is unclear. Someone who has lost a card will have to return to the SSA and take part in this “multi-stage process of re-verification”—whatever it is—perhaps waiting to work until it has been completed. I have no idea what “unlawful collaboration of identity” is.

There will also be a multi-stage process for resolution of proper identity if an individual claims an identity tied to a social security number that has been claimed by another individual.

More undefined, but “multi-stage” processes, when a person comes to the Social Security Administration and finds that someone else has already claimed the same identity. Will they be able to work during the pendency of their “multi-stage” processing?

Tough penalties will be put in place for fraud in procurement of a fraud-proof social security card.

This raises a metaphysical question: Can there be fraud in a “fraud-proof” card? Of course there can. There is no fraud-proof card, which is why you have to penalize fraud, hoping to suppress it.

The same penalties shall apply for conspiracy to commit fraud if false information is intentionally provided.

Let’s spend just a moment on the capacity of criminal penalties to suppress fraud. It’s easy for people like us—wealthy and highly educated—to assume from the comfort of our offices that criminal penalties will suppress fraud. After all, prison looks pretty awful compared to an office. But an illegal immigrant has a different calculus. Going to jail and getting “three hots and a cot” is not a bad outcome compared to repatriation to a life of hunger and political instability in one’s home country. Committing fraud in the interest of “legitimate” work is preferable to theft or violence aimed at getting money and food here. Criminal penalties won’t suppress fraud as well as many might imagine.

Employers hiring workers in the future will be required to use the newly created Biometric Enrollment, Locally-stored Information, and Electronic Verification of Employment (BELIEVE) System as a means of verification. There will be strict employer penalties for failure to participate in the BELIEVE system after being notified of a requirement to do so by the Secretary of Homeland Security or after the BELIEVE system has been fully implemented nationwide such that it is required to be used by all employers.

E-Verify has too many problems. Renaming it will help!

Prospective employees will present a machine-readable, fraud proof, biometric Social Security card to their employers, who will swipe the cards through a card-reader to confirm the cardholder’s identity and work authorization.

More than two pages into the summary, we’re back to the basics of the card and what it does. We already know that the card is not fraud proof. What’s new here is that employers will have to have card readers—an additional inconvenience, expense, and barrier to hiring new employees.

What this fails to mention is that the machine will have to be able to process machine biometrics—fingerprint reading or iris scanning, for example. These are not inexpensive machines, their use will probably require training, and they must have very high accuracy in all conditions or they will produce a mountainous administrative burden on employers and workers.

We also learn from this—again—that this will not be a simple work authorization system, but a national identity system. Running the card through a machine (and checking the bearer’s biometrics) will reveal identity.

Again, we’re looking at mission creep: With all these cards and machines in place, able to prove identity, why wouldn’t they be applied to new purposes like airline security? Checking in at hotels? Confirming identity at office building entrances? Administration of government benefits? Proof of identity in credit card transactions? Night and weekend access to office buildings and parking lots? Traffic stops?

The cardholder’s work authorization will be verified by matching a digital encryption key contained within the card to a digital encryption key contained within the work authorization database being searched.

Here’s a new notion—the use of encryption. But how encryption would be used is far from clear. Presumably, a signal that the bearer of the card is work authorized (referred to here as an “encryption key”) would be released by the card and matched against information (also referred to as an “encryption key”) in a database. It is highly doubtful that either item of data is actually an encryption key, as an encryption key is the code used to encrypt or decrypt the information you are trying to work with. Most likely, work authorization data will be encrypted on the card. Somehow or another, once presented, that encrypted data will be decrypted and show that the bearer of the card is work authorized.

This contradicts statements above saying that the system won’t require access to a central database. Perhaps it envisions public key encryption, in which a private key scrambles the work authorization data and a public key de-scrambles it. I doubt that PKI is up to this. If the private key were released or reverse-engineered, the system would fail because forgery of work authorizations would then be easy.

This project has a long way to go before it articulates a card system that can securely confirm work authorization without connecting to a database.

The cardholder’s identity will be verified by matching the biometric identifier stored within the micro-processing chip on the card to the identifier provided by the cardholder that shall be read by the scanner used by the employer.

This is confirmation that it is not just a card reader, but a biometric reader. It is also confirmation that the system will confirm identity, not just work authorization. Prepare for mission creep.

Two-and-a-half pages of summary information reveals little more than the wall of complexities behind the Democrats’ plan for a national identity system. It repeats as an incantation the words “fraud-proof” even while it admits that criminal penalties are needed to tamp down fraud. The summary ratchets back from the dubious claim made earlier that there wouldn’t be a national biometric database—there almost certainly would be. The summary confirms that the card system would be used to confirm identity, not just work authorization. That sets it up for mission creep—expansion to new uses and data collections that plunge us into a surveillance society.

Indeed the mission creep begins with this very plan. When employer sanctions don’t sweep the country clean of visa overstayers, these ID cards will be used to hunt them down inside the country. From page five:

In addition to increasing border enforcement, this proposal will substantially enhance our capabilities to detect, apprehend, and remove persons who entered the United States unlawfully and persons who entered lawfully on temporary visas but failed to leave the country when designated.

Will these removal plans be carried out through a system of checkpoints at which all Americans have to present their national ID card? Will private providers of financial services, health care, housing, or retailing be required to check a person’s national ID card? Or will the entire nation adopt an Arizona-style law that requires law enforcement to examining the papers of people “reasonably suspected” of remaining in the country illegally?

The Democrats’ national ID plan raises all these questions and many more. My colleague Dan Griswold has the true answer:  To control the border, you must first reform immigration law.

University of Denver Panel Recommends You Have a National ID

If you have a job, a panel convened by the University of Denver thinks you should have a national ID card.

DU’s “Report of the Strategic Issues Panel on Immigration” says:

The idea of a national card for identifying citizens and non-citizens has become the third rail of immigration politics. But in truth, without a means of positive identification, it makes very little difference what immigration policies are adopted because they can’t be effectively enforced. A means of positive identification is essential to prevent the employment of illegal immigrants.

Only the panel’s narrow framing leads to this conclusion.

Restrictive immigration policies may require a national ID and federal background check system because such policies are so at odds with employers’ and workers’ interests. The federal government will have to continually investigate workers and employers to maintain them.

But policies that align immigration rates with our country’s demand for new workers would foster the rule of law naturally—without a national ID, worker surveillance, and an overweening federal government.

Much hand-waving animates the report. It imagines a card system that is “extremely difficult or impossible to counterfeit.” But that’s a product of how much value your card system controls—the more value, the more effort goes into forging it—and access to employment in the U.S. is worth a lot. The report says nothing about fraud in the card issuance process.

Nor does it calculate the expense to our nation’s seven million employers—many of them small businesses, families, and individuals—for getting card readers. Their proposal to hold employers harmless is an embossed invitation to fraud on the system—unless those inexpensive card readers are also fingerprint or iris scanners. If the system is going to work, someone legally responsible has to verify that the card belongs to the person presenting it. And if you’re going to use biometric scanners, there is a lot of work yet to be done to control error rates.

Of privacy concerns, the panel says it listened to “experts and advocates on all sides.” But the advisors listed in the report do not include any privacy expert or civil liberties advocate. They do include an advocate for restrictionist immigration policies, a police chief, a former U.S. attorney, a federal Immigration and Customs Enforcement official, a Colorado state homeland security official, a federal Department of Homeland Security official, a sheriff, the Colorado Attorney General, and a CIA officer. It is unlikely that the one “immigrant rights” advocate addressed the privacy issues for U.S. citizens, much less the technical and data security problems.

It’s not new for people focusing on one issue to think that a national ID is their solution. In fact, it’s typical for people to think that sprinkling technology over economic and social problems can solve them.

Assessing the Claim that CDT Opposes a National ID

It was good of Ari Schwartz to respond last week to my recent post querying whether the Center for Democracy and Technology outright opposes a national ID or simply “does not support” one.

Ari says CDT does oppose a national ID, and I believe that he honestly believes that. But it’s worth taking a look at whether the group’s actions are consistent with opposition to a national ID. I believe CDT’s actions – most recently its support of the PASS ID Act – support the creation of a national ID.

(The title of his post and some of his commentary suggest I have engaged in rhetorical excess and mischaracterized his views. Please do judge for yourself whether I’m being shrill or unfair, which is not my intention.)

First I want to address an unusual claim of Ari’s – that we already have a national ID system. If that is true, his support for PASS ID is more sensible because it is an opportunity to inject federal privacy protections into the existing system (putting aside whether it is a federal responsibility to manage a state system or systems).

Do We Already Have a National ID?

I have heard a few people suggest that we have a national ID in the form of the Social Security Number. I believe the SSN is a national identifier, but it fails the test of a national identification card or system because it is not used for identification. As we know well from the scourge of identity fraud, there is no definitive way to tie an SSN to a person. The SSN is not used for identification (at least not reliably and not alone), which is the third part of my national ID definition. (Senator Schumer might like the SSN to form the basis of a national ID system, of course.)

But Ari says something different. He does not claim any definition of “national ID” or “national ID system.” Instead, he appeals to the authority of a 2003 report from a National Academy of Sciences group entitled “Who Goes There?: Authentication Through the Lens of Privacy.” That report indeed says, “State-issued driver’s licenses are a de facto nationwide identity system” – on the second-to-last substantive page of its second-to-last substantive chapter

But this is a highly selective use of quotation. The year before, that same group issued a report called “IDs – Not That Easy: Questions About Nationwide Identity Systems.” From the beginning and throughout, that report discussed the many issues around proposals to create a “nationwide” identity system. If the NAS panel had already concluded that we have a national ID system, it would not have issued an entire report critiquing that prospect. It would have discussed the existing one as such. Ari’s one quote doesn’t do much to support the notion that we already have a national ID.

What’s more, CDT’s own public comments on the proposed REAL ID Act regulations in May 2007 said that its data-intensive “one person – one license/ID card – one record” policy would ”create a national identification system.”

If a national ID system already existed, the new policy wouldn’t create one. This is another authority at odds with the idea that we have a national ID system already.

Support of PASS ID might be forgiven if we had a national ID system and if PASS ID would improve it. But the claim we already have one is weak.

“Political Reality” and Its Manufacture

But the heart of Ari’s claim is that supporting PASS ID reflects good judgment in light of political reality.

Despite the fact that there are no federal politicians, no governors and no appointed officials from any party publicly supporting repeal of REAL ID today, CDT still says that repeal is an acceptable option. However, PASS ID would get to the same outcome, or better, in practice and has the added benefit of actually being a political possibility… . I realize that Harper has invested a lot of time fighting for the word “repeal,” but at some point we have to look at the political reality.

A “Dear Colleague” letter inviting support for a bill to repeal REAL ID circulated on the Hill last week. How many legislators will hesitate to sign on to the bill because they have heard that the PASS ID Act, and not repeal of REAL ID, is CDT’s preferred way forward?

The phrase “political reality” is more often used by advocates to craft the political reality they prefer than to describe anything truly real. Like the observer effect in experimental research, statements about “political reality” change political reality.  Convince enough people that a thing is “political reality” and the sought-after political reality becomes, simply, reality.

I wrote here before about how the National Governors Association, sensing profit, has worked diligently to make REAL ID a “political reality.” And it has certainly made some headway (though not enough). In the last Congress, the only legislation aimed at resolving the REAL ID impasse were bills to repeal REAL ID. Since then, the political reality is that Barack Obama was elected president and an administration far less friendly to a national ID took office. Democrats – who are on average less friendly to a national ID – made gains in both the House and Senate.

But how are political realities crafted? It has often been described as trying to get people on a bus. To pass a bill, you change it to get more people on the bus than get off.

The REAL ID bus was missing some important riders. It had security hawks, the Department of Homeland Security, anti-immigrant groups, DMV bureaucrats, public safety advocates, and the Bush Administration. But it didn’t have: state legislators and governors, privacy and civil liberties groups, and certain religious communities, among others.

PASS ID is for the most part an effort to bring on state legislators and governors. The NGA is hoping to broker the sale of state power to the federal government, locking in its own institutional role as a supplicant in Washington, D.C. for state political leaders.

But look who else was hanging around the bus station looking for rides! – CDT, the nominal civil liberties group. Alone it jumped on the bus, communicating to others less familiar with the issues that PASS ID represented a good way forward.

Happily, few have taken this signal. The authors of PASS ID were unable to escape the name “REAL ID,” which is a far more powerful beacon flashing national ID and all the ills that entails than CDT’s signal to the contrary.

This is not the first time that CDT’s penchant for compromise has assisted the national ID effort, though.

Compromising Toward National ID

The current push for a national ID has a short history that I summarized three years ago in a righteously titled post on the TechLiberationFront blog: “The Markle Foundation: Font of Evil II.”

Briefly, in December 2003, a group called the Markle Foundation Task Force on National Security in the Information Age recommended “both near-term measures and a longer-term research agenda to increase the reliability of identification while protecting privacy.” (Never mind that false identification was not a modus operandi of the 9/11 attacks.)

The 9/11 Commission, citing Markle, found that “[t]he federal government should set standards for the issuance of birth certificates and sources of identification, such as drivers licenses.” In December 2004, Congress passed the Intelligence Reform and Terrorism Prevention Act, implementing the recommendations of the 9/11 Commission, including national standards for drivers’ licenses and identification cards, the national ID system recommended by the Markle Task Force. And in May 2005, Congress passed a strengthened national ID system in the REAL ID Act.

An earlier post, “The Markle Foundation: Font of Evil,” has more – and the text of a PoliTech debate between myself and Stewart Baker. Security hawk Baker was a participant in the Markle Foundation group, as was national ID advocate Amitai Etzioni. So was the Center for Democracy and Technology’s Jim Dempsey.

I had many reservations about the Markle Foundation Task Force and its work product, and in an April 2005 meeting of the DHS Privacy Committee, I asked Dempsey about what qualified people to serve on that task force, whether people were invited, and what might exclude them. A month before REAL ID passed, he said:

I think the Markle Task Force at least sought balance. And people came to the table committed to dialogue. And those who came with a particular point of view, I think, were all committed to listening. And I think people’s minds were changed… . What we were committed to in the Markle Task Force was changing our minds and trying to find a common ground and to try to understand each other. And we spent the time at it. And that, I think, is reflected in the product of the task force.

There isn’t a nicer, more genuine person working in public policy than Jim Dempsey. He is the consummate honest broker, and this statement of his intentions for the Markle Foundation I believe to be characteristically truthful and earnest.

But consider the possibility that others participating on the Markle Foundation Task Force did not share Jim’s predilection for honest dialogue and compromise. It is even possible that they mouthed these ideals while working intently to advance their goals, including creation of a national ID.

Stewart Baker, who I personally like, is canny and wily, and he wants to win. I see no evidence that Amitai Etzioni changed his mind about having a national ID when he authored the recommendation in the Markle report that ultimately produced REAL ID.

Other Markle participants I have talked to were unaware of what the report said about identity-based security, national identity standards, or a national ID. They don’t even know (or didn’t at the time) that lending your name to a report also lends it your credibility. Whatever privacy or civil liberties advocates were involved with the Markle Task Force got rolled – big-time – by the pro-national-ID team.

CDT is a sophisticated Washington, D.C. operation. It is supposed to understand these dynamics. I can’t give it the pass that outsiders to Washington might get. By committing to compromise rather than any principle, and by lending its name to the Markle Foundation Task Force report, CDT gave credibility to a bad idea – the creation of a national ID.

CDT helped produce the REAL ID Act, which has taken years of struggle to beat back. And now they are at it again with “pragmatic” support for PASS ID.

CDT has been consistently compromising on national ID issues while proponents of a national ID have been doggedly and persistently pursuing their interests. This is not the behavior of a civil liberties organization. It’s why I asked in the post that precipitated this debate whether there is anything that would cause CDT to push back from the table and say No.

Despite words to the contrary, I don’t see evidence that CDT opposes having a national ID. It certainly works around the edges to improve privacy in the context of having a national ID – reducing the wetness of the water, as it were – but at key junctures, CDT’s actions have tended to support having a U.S. national ID. I remain open to seeing contrary evidence.

Would PASS ID Really Save States Money?

The proposed PASS ID Act is a national ID just like REAL ID, and it threatens privacy just as much. Some argue that a national ID under PASS ID should be palatable, though, because it reduces costs to states.

But savings to states under PASS ID are not at all clear. Let’s take a look at the costs of creating a U.S. national ID.

The REAL ID Act, passed in May 2005, required states to begin implementing a national ID system within three years. In regulations it proposed in March 2007, the Department of Homeland Security extended that draconian deadline. States would have five years, starting in May 2008, to move all driver’s license and ID card holders into REAL ID-compliant cards.

The Department of Homeland Security estimated the costs for this project at $17.2 billion dollars (net present value, 7% discount). Costs to individuals came it at nearly $6 billion – mostly in wasted time. Americans would spend more than 250 million hours filling out forms, finding birth certificates and Social Security cards, and waiting in line at the DMV.

The bulk of the costs fell on state governments, though: nearly $11 billion dollars. The top three expenditures were $5.25 billion for customer service at DMVs, $4 billion for card production, and $1.1 billion for data systems and IT. Getting hundreds of millions of people through DMVs and issuing them new cards in such a short time was the bulk of the cost.

To drive down the cost estimate, DHS pushed the implementation schedule way back. In its final rule of January 2008, it allowed states a deadline extension to December 31, 2009 just for the asking, and a second extension to May 2011 for meeting certain milestones. Then states would have until the end of 2017 to replace all cards with the national ID card. That’s just under ten years.

Then the DHS decided to assume that only 75% of people would actually get the national ID. (Never mind that whatever benefits from having a national ID drop to near zero if it is not actually “national.”)

The result was a total cost estimate of about $6.85 billion (net present value, 7% discount). Individual citizens would still spend $5.2 billion worth of their time (in undiscounted dollars) on paperwork and waiting at the DMV. But states would spend just $1.5 billion on data and interconnectivity systems; $970 million on customer service; and $953 million on card production and issuance—a total of about $2.4 billion. (All undiscounted—DHS didn’t publish estimates for the final rule the same way it published their estimates for the proposed rule.)

Maybe these cost estimates were still too high. Maybe they weren’t believable. Or maybe Americans’ love of privacy and hatred of a national ID explains it. But the lower cost estimate did not slow the “REAL ID Rebellion.” Given the costs, the complexity, the privacy consequences, and the dubious benefits, states rejected REAL ID.

Enter PASS ID, which supposedly alleviates the costs to states of REAL ID. But would it?

At a Senate hearing last week, not one, but two representatives of the National Governors Association testified in favor of PASS ID, citing their internal estimate that implementing PASS ID would cost states just $2 billion.

But there is reason to doubt that figure. PASS ID is a lot more like REAL ID – the original REAL ID – in the way that most affects costs: the implementation schedule.

Under PASS ID, the DHS would have to come up with regulations in just nine months. States would then have just one year to begin complying. All drivers’ licenses would have to be replaced in the five years after that. That’s a total of six years to review the documents of every driver and ID holder, and issue them new cards.

How did the NGA come up with $2 billion? Maybe they took the extended, watered-down, 75%-over-ten-years estimate and subtracted some for reduced IT costs. (The NGA is free to publish its methodology, of course.)

But the costs of implementing PASS ID to states are more likely to be closer to $11 billion than the $2 billion figure that the NGA puts forward. In just six years, PASS ID would send some 245 million people into DMV offices around the country demanding new cards. States will have to hire and train new employees to handle the workload. They will have to acquire new computer systems, documents scanners, data storage facilities, and so on.

There is another source for cost estimates that draws the $2 billion figure into question: the National Governors Association itself. In September 2006, it issued a report with the National Conference of State Legislatures and the American Association of Motor Vehicle Administrators finding that the costs to re-enroll drivers and ID holders over a 5-year period would cost states $8.45 billion (not discounted).

Just as with REAL ID, re-enrollment under PASS ID would undo the cost-savings and convenience that states have gained by allowing online re-issuance for good drivers and long-time residents. As the NGA said:

Efficiencies from alternative renewal processes such as Internet and mail will be lost during the re-enrollment period, and states will face increased costs from the need to hire more employees and expand business hours to meet the five year re-enrollment deadline.

Angry citizens will ask their representatives why they are being investigated like criminals just so they can exercise their right to drive.

PASS ID does reduce some of the information technology costs of REAL ID, such as requirements to use systems that still do not exist, and requirements to pay for driver background checks through the Systematic Alien Verification for Entitlements system and the Social Security Online Verification system.

But PASS ID still requires states to “[e]stablish an effective procedure to confirm that a person [applying] for a driver’s license or identification card is terminating or has terminated any driver’s license or identification card” issued under PASS ID by any other state. How do you do that? By sharing driver information. The language requiring states to provide all other states electronic access to their databases is gone, but the need to share that information is still there.

A last hope for states is that the federal government will come up with money to handle all this. But the federal government is in even tougher financial straights than many states. The federal deficit for this fiscal year is projected to reach $1.84 trillion.

Experienced state leaders recognize that the promise of federal money may not be fulfilled. The weakly funded PASS ID mandate will likely become a fully unfunded mandate.

So, does PASS ID really save states money? I wouldn’t put any money on it … .