from: jerome svigals, director, smart card institute 221 yarborough lane, redwood city, ca 94061 650 365 5920 fax 650 363 2198 cphone 650 465 0120 email smartcard@sprynet.com Subject: Is there a Case for a National ID Card ? September 11, 2001, changed our security perspective 13 of 19 foreign hijackers had USA drivers licenses Drivers licenses are defacto national IDs licenses easy to forge, defraud, obtain illegally Why is identification important ? To individual - allows control of personal information To commerce - targets marketing and personalized sales To enterprise - controls usage of information Americans have numerous national id's Social security numbers, debit/credit card numbers driver's licenses, phone numbers, internet id's, medicare id's, credit records, checking accounts, corporate and government ids (e.g. police, FBI) government agencies have direct access without court orders bank accounts, medical records, driver's licenses None of the current defacto national id's are now fraud resistant ID theft was 42% of 2001 consumer complaints heavy portion tied to internet usage id theft expected to double in 2002 IDs are copied, counterfeited, misdirected, misused National id's are well accepted in other countries Finland, Sweden, Hong Kong, Italy, Germany, Spain, others HK to use fingerprint Bio ID, 5 Million per year European Union has working group and tests underway Proposed national ID solutions have these elements counterfeit resistant cards, shared rules and data bases why the Smart Card ? stored program microprocessor chips have been counterfeited - but lack keys pins copied but not biometrics (finger, retina) use of biometrics for unique identifiers supporting laws and supervision, e.g. outlaw copy/counterfeit stripes or bar codes require central data base controls lack any content copy protection at card microprocessor chips free of central system dependency encryption/biometric protected at card 1.8 billion cards in use, 50 % Europe, 25 % Asia one half are memory only: phone, mass transit requires low cost entry/response device How to protect privacy ? how to avoid government abuse ? privacy - societal LAWS limiting personal data access abuse - requires enforced LAWS, e.g.currency protect a good national id is expected to reduce profiling goal to penetrate anonymity, but not privacy national id (e.g. trusted traveler's card) will speed access israel airlines used successfully for several years will public accept/use ? 95 % do not understand card functions public wants convenience, speed and function Current USA national efforts include: defense department's smart ID: 4.3 mln cards in next 18 mos building, computer and on line access could reach 23 million worldwide for defense department driver's licenses: American Assoc of Motor Vehicle Admins states continue issue - but of a standard card/content strong corporate and political support. 70% of population asking for $ 100 million to link all depts and data bases flier's access: proposed for all employees, initially tests in sfo, jfk and logan airports. fingerprint to be tested for frequent fliers at jfk faa considering tying all data bases with data mining Future - microchip under the skin available now for pets/pedigrees - radio activated sensing being marketed in south america and europe - VeriChip significant medical market: patient ID, remote sensing three year contract in so calif to track paroled prisoners Summary: a national id program has advantages for all participants Laws will be needed to define and supervise privacy limits offers significant border protection and national security