A certain professor at this university encouraged the
adoption of nationwide identification cards. He saw nothing wrong with this proposal,
no risks whatsoever. He based his statements on what he felt was a duty of a citizen,
and commented that he was confused as to why people would take umbrage at the
government having access to information that they would give away freely to
banks and corporations. While I obviously contend whether we give that
information to corporate actors freely,
I would like to discuss some of the risks I see with his proposed ID card
system. I will even adopt his minimal system for my arguments: an ID card
containing only name, address, SSN, and emergency medical information. I will
examine these risks through the following small vignettes.
The Karl Rove
This is the risk most often shouted out by those valuing
information privacy, and thus I’ll discuss it quite briefly. Imagine an
individual or small group of individuals in government intent on using
information garnered from such an ID system for improper purposes. They could try
to reduce government medical treatment for certain health risks based on voting
in those districts (remember, they have your emergency medical data in this
hypothetical). They could easily track your movements. Think of the places you
already swipe your license: airports, rental car agencies, even some bars.
Imagine how many more such locations could be added if there was one
centralized ID system.
This is not to say that the government does not already
have, or could not readily get, all the information that could be placed on
such an ID card. The point is that now such information is contained in a
number of systems and requires the navigation of large amounts of red tape to
consolidate it. Those lauding centralized ID systems laud the ease of access,
but it is this red tape that provides for
accountability against those who would use it improperly.
I find this to be the least likely risk, but it is also the
one that could cause the greatest damages to human liberty.
The Monica Goodling
Here I imagine someone who is attempting to use a
consolidated system for what they think are valid and appropriate purposes, but
whose actions cause malicious results either through ignorance of their
inherent illegality or an inability to foresee the consequences. What if a government
servant were to publish a report regarding populations most in need of medical
professionals, and decided to note which areas had dwindling numbers by
remarking that doctors like Doctor X were moving from Detroit to Los Angeles? They’ve
just released confidential information to make a point which ended up not only compromised
that person’s privacy but also labeled him a carpetbagger, making him a subject
of public discussion and possible ridicule. And all from the most innocent
motives.
Even with the most stringent rules regarding confidentiality,
the easier a government agent’s access to confidential information, the more
likely that it could be inadvertently misused.
The Absentminded Government Employee
This is a risk which is popping up in the news moreandmorefrequently. A certain
government agent has personal information on a laptop which is then stolen or
lost. Advocates of ID card systems and consolidated government databases often
fail to note that the more information is consolidated, the greater the risks of
these sorts of losses. The risks of identity theft, fraud, etc. should be
readily apparent, especially given the fact that most individuals tend not to
be very conscious of proper information security measures.
The Terrorist
This leapt into my head the moment that this certain
professor mentioned his minimal ID system. One would obviously imagine that any
such nationwide ID would be distributed by the states Bureaus of Motor
Vehicles. These are not exactly highly desired occupations, and the level of
security, I imagine, is not overly high.
Imagine a terrorist agent with a clean record applies for a
low-level job at a BMV in a small town in Middle America. While working there
he runs two simple quick searches, neither of which would be likely to raise
flags if his job involved data entry. First he searches for individuals with a
certain allergy to a common method of treatment for contagious biological agent
X (e.g. streptomycin
and smallpox), sorted by metropolitan area. He chooses an allergy that
would come up in a large number of medical issues to avoid easy notice of the
search. After noting which locations have the highest occurrence of this
allergy, he then runs a search for all individuals with the salutation ‘Dr.’ in
those locations, noting the ones with the lowest numbers and jotting down those
individual’s names and addresses.
With two simple searches performed at a low security
location by a poorly screened low-level employee, this agent now has a target
list for dispersal of a weaponized biologic. He knows which locations would
have the highest number of people who could not be vaccinated or otherwise
treated and also has the lowest amount of individuals to deal with the emergency.
He can even directly target these few medical professionals to further increase
the damage done.
Conclusion
These examples are brief to the point of being sparse, but I
hope they show some of the risks that can come with information consolidation. One
might argue that even in today’s current system the government possesses too
much information on individuals. But I hope that I have made clear that for
every risk corrected by providing police and others with easy and rapid access
to consolidated systems of information, for every cry that such a system could
prevent another 9/11 (though
these claims are contested), there are new risks created. Red tape forces
deliberation, interaction, and accountability when data is accessed, and
reduces the risks of data loss or theft. To me these are advantages that should
be encouraged, not eliminated.