National Academy of Sciences
National Academy of Engineering
Institute of Medicine
National Research Council
Office of News and Public Information
National Academy of Engineering
Back | Home
News from the National Academies
Date: April 11, 2002
Contacts: Jennifer Burris, Media Relations Associate
Chris Dobbins, Media Relations Assistant
(202) 334-2138; e-mail <news@nas.edu>

EMBARGOED: NOT FOR PUBLIC RELEASE BEFORE 4 P.M. EDT THURSDAY, APRIL 11

GOALS OF NATIONWIDE IDENTITY SYSTEMS MUST BE CLEAR
BEFORE ACTION CONSIDERED

WASHINGTON -- The goals of a nationwide identity system must be clearly stated and a compelling case must be made before any proposal can move forward, says a new report from the National Academies' National Research Council. Given the broad range of potential uses, security needs, and privacy concerns, no single system may suffice to meet the needs of all users, added the committee that wrote the report.

"The technical challenges, the expense, and the strong potential for infringement on the civil liberties of ordinary citizens demand that any proposed identity system undergo strict public scrutiny and a thorough engineering review," said committee chair Stephen Kent, chief scientist for information security, BBN Technologies, Cambridge, Mass. "Care must be taken to completely explore issues and ramifications beforehand, because the social and economic costs of fixing or redesigning such systems after deployment would be enormous."

In light of the Sept. 11 terrorist attacks, nationwide identity systems have been proposed to, among other things, better track the movement of suspected terrorists. However, questions arise as to who would use the system and how, if participation would be mandatory, the type of data that would be collected about individuals, and the legal structures needed to protect privacy and due-process rights and to address the failure or misuse of the system. The committee's report highlights these and other significant policy, procedural, and technological issues. Its goal is to foster a broad and deliberate discussion among policy-makers and the public about the form of nationwide identity system that might be created, and whether such a system is desirable or feasible.

Much public attention has been given to the potential uses of a national identification card, which might be one component of a larger system for collecting and managing personal information on the U.S. population. Before addressing any components, it is first necessary to determine the objectives of the system, and then decide what information would be collected to establish "identity," the committee said. A centrally managed, nationwide system, if implemented and run effectively, would make it difficult for a person to have multiple identities and would aid in tracking or finding people, such as potential terrorists. However, if counterterrorism is a goal, security and data integrity challenges will be more significant than in systems with less ambitious goals.

While other countries have nationwide identity systems, no universal model exists for creating them. Before deciding whether to put a system into practice, its goals, structure, and uses must be considered, and input should be sought from all stakeholders, the report says. Public review is essential prior to selecting a system. Concerns include potential loss or invasion of personal privacy, misidentification, and high deployment costs.

Counterterrorism proposals include creating a database for security at airports, requiring foreigners to use ID cards to enter the United States, and maintaining centralized databases for visa holders and other noncitizens. Other proposals related to security include linking the records of state departments of motor vehicles and conducting quick background checks on gun buyers.

This report is part of a larger study on authentication technologies -- which involve verifying an individual's assertion of identity -- and the privacy implications of these technologies. In response to the Sept. 11 attacks and subsequent discussions specifically about nationwide identity systems, the committee issued this brief report; a final report is expected in late 2002.

The study is being sponsored by the National Science Foundation, Office of Naval Research, General Services Administration, Federal Chief Information Officers' Council, Social Security Administration, and Vadasz Family Foundation. The National Research Council is the principal operating arm of the National Academy of Sciences and the National Academy of Engineering. It is a private, nonprofit institution that provides science and technology advice under a congressional charter. A committee roster follows.

Read the full text of IDS - Not That Easy: Questions About Nationwide Identity Systems for free on the Web, as well as more than 1,800 other publications from the National Academies. Printed copies are available for purchase later this spring from the National Academy Press Web site; tel. (202) 334-3313 or 1-800-624-6242. Reporters may obtain a copy from the Office of News and Public Information (contacts listed above).


JB: K, L, O

NATIONAL RESEARCH COUNCIL
Division on Engineering and Physical Sciences
Computer Science and Telecommunications Board

COMMITTEE ON AUTHENTICATION TECHNOLOGIES AND THEIR PRIVACY IMPLICATIONS

STEPHEN T. KENT (CHAIR)
Chief Scientist
Information Security
BBN Technologies
Cambridge, Mass.

MICHAEL ANGELO
Staff Fellow
Compaq Computer Corp.
Houston

STEVEN M. BELLOVIN*
Fellow
AT&T Laboratories Research
Florham Park, N.J.

BOB BLAKLEY
Chief Scientist
Security and Privacy Unit
Tivoli Systems Inc.
Austin, Texas

DREW DEAN
Computer Scientist
SRI International
Menlo Park, Calif.

BARBARA L. FOX
Senior Architect
Digital Rights Management and Cryptography
Microsoft Corp.
Redmond, Wash.

STEPHEN H. HOLDEN
Assistant Professor
Department of Information Systems
University of Maryland, Baltimore County
Baltimore

DEIRDRE K. MULLIGAN
Director
Samuelson Law, Technology, and Public Policy Clinic, and
Acting Clinical Professor
Boalt Hall School of Law
University of California
Berkeley

JUDY S. OLSON
Richard W. Pew Chair in Human-Computer Interaction, and
Professor
School of Information; School of Business; and Department of Psychology
University of Michigan
Ann Arbor

JOE PATO
Principal Scientist
Trust, Security, and Privacy
Hewlett-Packard Laboratories
Cambridge, Mass.

RADIA PERLMAN
Distinguished Engineer
Sun Microsystems Laboratories
Burlington, Mass.

PRISCILLA M. REGAN
Associate Professor
Department of Public and International Affairs
George Mason University
Fairfax, Va.

JEFFREY I. SCHILLER
Network Manager
MIT Campus Computer Network
Massachusetts Institute of Technology
Cambridge

SOUMITRA SENGUPTA
Assistant Professor
Department of Medical Informatics
Columbia University, and
Security Officer
New York Presbyterian Hospital
New York City

JAMES L. WAYMAN
Director
Biometrics Test Center
San Jose State University
San Jose, Calif.

DANIEL J. WEITZNER
Director, Technology and Society Activities
World Wide Web Consortium
Cambridge, Mass.

RESEARCH COUNCIL STAFF

LYNETTE I. MILLETT
Study Director

JENNIFER M. BISHOP
Sr. Project Assistant


* Member, National Academy of Engineering