ID cards are inevitable, so let's discuss content
The first scenario is classic Big Brother, right from George Orwell. The second is the
triumph-of-the-Net scenario. Let's see how they compare.
It's not hard to describe a Big Brother ID card. The card would be government-issued
and would have an individual's photo. It is too early to predict which biometric
identifier would be used, but you can bet one would be included. To address illegal
immigration, the Big Brother card would be mandatory for getting a job. To satisfy the
anti-terrorism police, you would need the card to travel.
Big Brother would also demand that the card store other personal information. A Social
Security number is one obvious choice. The card might also include birth certificate
information and, who knows, mother's maiden name. Draft registration data (remember that?)
would also fit. If you have borrowed money from the federal government--such as a student
loan--that information might also go on the card. After all, if you apply for another
government benefit, Big Brother would want to know if you are a deadbeat.
State and local governments would want the card to record a holder's welfare history.
These governments might add voter registration, occupational license, driver's license,
library privilege and similar data on the card.
That's not all. If Big Brother wins on the ID issue, then it's likely that the national
security types will win the encryption wars. Key escrow then would be mandatory. The ID
card would be a wonderful place to store information that prevents you from using
unapproved encryption--that is, encryption where the FBI doesn't also have a key.
So the Big Brother scenario calls for a mandatory, multipurpose, government-issued ID
card. Such a card would identify the holder, manage encryption codes and contain lots of
personal data for other uses. Of course, Big Brother will tell everyone not to leave home
without the card.
Let's turn to the other scenario. This time, it would be the Internet folks who won the
encryption wars. People would be free to use any encryption they like, and your 200-digit
public and private encryption keys would fit neatly on a smart card so that you could send
and receive messages anywhere. The new smart card would also handle your personal credit
and financial activities. It would be the repository for digital cash.
For in-person financial transactions, the card would have a picture and biometric
identifier to let vendors verify that it has not been stolen. The protection would be
important for a card that would work like cash and that supported both anonymous and
Let's not forget medical records. If you become sick or injured far from home, your
smart card would let doctors learn your medical history, emergency contact numbers, and
related information. So the triumph-of-the-Net scenario would lead to a voluntary,
multipurpose, privately issued smart card. It would identify the holder, manage encryption
codes and contain lots of personal data.
The law might not force you to carry this new card, but you wouldn't have much choice
here, either. It would be impossible to communicate or spend money without the card. To
prevent fraud, card issuers and carriers would demand standards for card activities so it
would be impossible to avoid at least some federal rules.
Some time in the near future, we will be carrying a multipurpose card. Whether
government-mandated or privately developed, there will be a piece of plastic in your
pocket that you will be hard-pressed to live without.
Such a card is not a great technical leap. Many of us already carry credit and
insurance cards. Like it or not, we have moved beyond debating the need for a new ID-type
card. It is time to begin discussing the contents of the card and the rules that will
govern its use.
I don't like the idea of a government-issued, mandatory identification card. But a
carefully designed card can benefit citizens as much as a badly designed one can harm
them. We have much to do to make sure that the card will be a tool that promotes personal
freedom and not surveillance by governments or businesses.
Robert Gellman, former chief counsel to the House Government Operations Subcommittee on
Information, Justice, Transportation and Agriculture, is a Washington privacy and
information policy consultant. His e-mail address is email@example.com.