December 9th, 2012
Perhaps you’ve watched “Person of Interest”, a television program based on the fiction that the government has built a huge computer system that accesses every digital source of information in the country and integrates it all to assess national security threats. Such a system was pushed by that infamous enemy of human rights, Mr. Richard Cheney, while he was Vice President. Fortunately, his proposal was not acted upon – we think.
But in the decade since Mr. Cheney proposed his scheme, something similar has been coalescing out of the cybersphere, for entirely innocent reasons. Our smartphones are now being equipped with services based on a knowledge of your location. You could ask your phone where the nearest Chinese restaurant was, and it would tell you where the five nearest ones were – and provide reviews of each, if you asked. Systems like these are expanding, worming their way into our lives by offering useful information precisely tailored to your interests.
But there are two sides to this coin: the companies that run these services are also harvesting information about your behaviors, assembling monster databases of great commercial value. The goal is simple: to produce such a precise characterization of each owner that marketers can hit you with spam so perfectly matched to your needs that you’ll appreciate it as useful information rather than spam.
All of this requires increasing integration of different sources of information, and that integrative process is well under way. Extrapolate this process another decade or two into the future and it should be possible for anybody to purchase an extremely detailed file on your personal life. Currently this information is being used for entirely innocent commercial reasons, but there’s nothing to prevent it from being used for other purposes.
The Telltale Thumbprint
Now let’s turn to another television meme, this one from Star Trek: the thumbprint used for identification purposes. If you wanted to buy something from Quark, you just pressed your thumb onto his little techie-doodad, and, poof, the transaction was signed and sealed.
The thumbprint is an ideal form of personal identification: fairly secure, unique, and convenient. Imagine a world in which we replaced all personal identification with thumbprints. No more credit cards, no more keys, no more passwords. No more mother’s maiden name, first school you attended, name of the street you lived on as a kid, name of your favorite pet, or even deciphering those cryptograms to post your blog comment. It’s not perfect, of course, so for high-security tasks we might add some other biometrics, but the concept is so much better than our current security systems.
Think about some of the benefits of such a system: identity theft would become much harder to pull off and easier to foil once begun. After all, if your thumbprint is used to purchase gas in Idaho 30 minutes after you bought a magazine in Arizona, it’s pretty obvious that something is seriously wrong. If you’re carried unconscious into a hospital, they don’t have to make wild guesses about allergies, blood types, next of kin, or other such stuff: a quick swipe of the thumb and they know everything they need to give you appropriate care.
Uh-oh: National ID
Of course, these great services will only be possible if we establish a national identification system -- and that is anathema to progressives and libertarians, who fear its abuse by government. The problem is, such a national identification scheme will creep in the commercial backdoor whether we like it or not. Commercial operations will want to integrate databases, and that integration will work smoothly only if some sort of standard identification is put in place. With Mastercard you have one identification number; your bank has another; PayPal a third, and let’s not forget your Joe’s Hardware Supersaver membership ID. It’s only a matter of time before some enterprising chap comes up with a scheme for amalgamating all these different IDs into a single ID, so that another enterprising marketing chap can combine your Mastercard purchase history with your Joe’s Hardware purchase history to find new ways to sell you things.
Indeed, such systems are already being developed in various forms. For example, suppose that PayPal equips millions of stores with thumbprint readers and permits payments with just a thumbprint. Meanwhile, it’s buying lots of data about you from every other source it can, integrating that data, and selling database queries for it. It all makes perfect sense, because it’s a win-win-win for PayPal, the retailer, and you.
So here we come to the irony: if we block a government-based national ID system, then we’ll end up with a commercial-based national ID system, one over which we have absolutely no control. The government will be able to purchase any information about you, and you’ll have zero rights in that process.
Grabbing Taurine Horns
It therefore seems necessary for us to take the lead on this, rather than playing catch-up after it’s too late. We need to establish a national ID system based on biometric information.
Lots of other countries have done so or are doing so. India is implementing such a system; in that case, their motivation is to reduce the amount of corruption that plagues Indian society. About a hundred countries all over the world have national ID card systems. They include authoritarian states such as China, Zimbabwe, Vietnam, and Iran (not reassuring, that) as well as many liberal democracies such France, Belgium, Germany, Spain, and Greece. English-speaking countries, however, are reluctant to issue national identification cards.
The argument in favor of a national ID system that I find most compelling is its ability to provide only the information necessary for a particular action. If I have to present my ID to get into some venue, I don’t have to let somebody know my home address. If my doctor needs to know whether I’m allergic to penicillin, he can get his answer without learning anything about, say, my many STDs.
There are, of course, lots of arguments against national ID systems, and I’m sure that many readers here already know them. All of the ones I have seen are slippery slope arguments; they acknowledge that a national ID system is per se unobjectionable, but it could be put to evil use. Certainly our experience with the Bush Administration supports those fears. The Electronic Privacy Information Center (EPIC) at epic.org presents a huge amount of information on the debate over national ID systems. The most powerful argument, in my opinion, concerns “rogue access” to such a system for nefarious purposes. Hackers could break into the system and steal data or, worse, alter it. You don’t find out until you’re at the airport and they won’t let you board because you’re on the terrorist watch list. Or, more likely, an employee of the system takes advantage of privileged information for nefarious purposes.
I acknowledge all of these arguments, and readily admit their seriousness, but I think that the cat is already slipping out of the bag. Like it or not, there’s already megabytes of information about you stored in databases ranging from Amazon.com to your dentist. The commercial value of integrating databases is so great that we simply cannot sweep back this tide. It’s already coming in.
So the real question here is this: do we want to assert control and standards for this process by making it a government-run system, or do we want to let it evolve naturally from commercial processes, without any input from the public?