STATEMENT
OF
KATIE CORRIGAN
LEGISLATIVE COUNSEL
AMERICAN CIVIL LIBERTIES UNION
WASHINGTON NATIONAL OFFICE
ON
DRIVER’S LICENSE SECURITY ISSUES
BEFORE
HIGHWAYS AND TRANSIT SUBCOMMITTEE OF THE
HOUSE OF REPRESENTATIVES COMMITTEE ON TRANSPORTATION
SEPTEMBER 5, 2002
My name is Katie Corrigan and I am the legislative counsel on privacy at the American Civil Liberties Union (ACLU). The ACLU is nationwide, non-partisan organization with nearly 300,000 members dedicated to protecting the individual liberties and freedoms guaranteed in the Constitution and laws of the United States. I appreciate the opportunity to testify today on driver’s license security and, specifically, on recent proposals to establish a national identification system (“”national ID””) through the standardization of state driver’s licenses.
Today I will explain how recent proposals that would federalize state-issued driver’s licenses will not stop terrorists and will threaten privacy and equality. I will conclude by suggesting alternatives that will enhance security and preserve freedom.
One reaction to the terrible events of September 11 last year was renewed discussion about instituting a national ID as a counter-terrorism measure. Although national ID proposals received fierce debate in the fall, the Administration and Congress wisely rejected them. Direct passage of a national ID card, however, is only one possible path to such a system. H.R. 4633, the “”Driver’s License Modernization Act of 2002,”” and other proposals to require the standardization of state driver’s licenses would establish a national ID bureaucratically through an existing form of government-issued ID.
To be clear, there is no doubt that Federal, state and local governments have a compelling interest in protecting their citizens against terrorist attack. Certain security measures may be necessary. Before implementing any security measure, however, the government must answer two basic questions. First, does the proposed security measure actually work? And, second, is there an alternative, equally effective security measure that would be less intrusive on civil liberties? The government must ensure it is meeting its obligation to make America both safe and free.
The standardization of state driver’s licenses, including the “”smart card”” proposed in H.R. 4633, would not produce as advertised. [1] Such proposals would not be effective counter-terrorism measures or solve the problem of identity theft. And, they would come at a high cost to Americans’ fundamental freedom. The Congress should reject proposals to create a national ID through the backdoor of state driver’s licenses and consider more effective, less intrusive alternatives.
I. Standardization of state driver’s licenses would create a de facto national ID.
H.R. 4633, the “”Driver’s License Modernization Act of 2002″” (the “”Moran-Davis bill””), requires each state to standardize driver’s licenses and identification cards pursuant to federal guidelines within five years. Section 3, the core of the bill, requires states to embed a computer chip in each new or renewed driver’s license or ID card. The computer chip would contain the cardholder’s biometric identifier, security features, and interoperability components that would enable multiple government and private industry uses for the card.[2]
The Moran-Davis bill includes many of the same elements proposed by the American Association of Motor Vehicle Administrators’ (AAMVA) Special Task Force on Identification Security.[3] The AAMVA proposal also seeks federal legislation to require all states to conform to uniform standards for driver’s license eligibility, proof of identity, license content, and document security, including biometric identifiers.
Both of these proposals would result in a massive identification system that would enroll over 200 million drivers and state ID card holders into a uniform system of identification that would be used across the country as individuals’ primary identity document. In a recent report, the nonpartisan National Research Council plainly called the AAMVA proposal a “”nationwide identity system.””[4]
II. A national driver’s license would not establish identity or stop terrorists from using government-issued ID.
As a practical matter, the national driver’s license should be rejected because it would not be an effective security measure.
The rationale for creating a national ID after September 11, no matter what the form, is to create a line between “”us”” (innocent people engaged in lawful activity) and “”them”” (dangerous terrorists). Proponents argue a national ID would prevent terrorists from using government issued documents, such as the driver’s license, to further terrorist activity. Unfortunately, none of the proposed identification systems would effectively sort out the good from the bad.
First, the standardization of state driver’s licenses would not establish the identity of the cardholder – the fundamental goal of any ID system. Individuals apply for state driver’s licenses using birth certificates, Social Security Numbers (SSNs), utility bills and other so-called “”breeder”” documents. This past spring over 2,300 blank birth and death certificates were stolen from the Denver County Vital Statistics Office.[5] Any one of these blank documents could be used to establish a false ID. In California, the state government actually sold its state birth index, containing personal information on about 24.6 million people, to an online Web company.[6] And, the Inspector General of the Social Security Agency testified last fall that six hijackers on September 11 had fraudulently obtained SSNs.[7] An identification system is only as “”smart”” as the information that establishes identity in the first place. Standardizing state driver’s licenses would cement false identities onto national ID cards.
Second, a national ID system would not eliminate basic fraud. In 1990 several DMV employees in Virginia were indicted for selling possibly thousands of driver’s licenses in violation of the law. And, it was widely reported in the press that eight of the September 11 hijackers obtained driver’s licenses in Virginia by buying false affidavits to satisfy the state’s residency requirement.[8] A recent report from a grand jury convened by the Florida Attorney General confirmed a black market in phony driver’s licenses exists in that state.[9] And in Oregon, a man was arrested for illegally obtaining driver’s licenses to establish fake identities. His computer contained the 1997 records from the Oregon Driver and Motor Vehicle Services and blanks, samples, or actual examples of licenses from each of the 50 states.[10] Enhancing the value of these documents will only make it more lucrative to sell documents (or even whole databases of information) under the table.
Third, standardized driver’s licenses would not solve the problem of identity theft. Identity theft is one of the fastest growing crimes in America. Experts report there could be as many as 700,000 victims of identity theft a year and the problem is only growing worse. But, the vast majority of identity theft is the result of credit card fraud and the misuse of SSNs, not fake driver’s licenses. In fact, it is the over-reliance on the government-issued SSN that has made it easier for the perpetrators of ID theft to insinuate themselves into other people’s lives and take over their identities.
And, biometric technology is not a magic solution to the problem; there are always ways to beat the system. Recently, a German magazine tested several different types of biometrics, including facial recognition, fingerprint devices, and iris scans and was able to circumvent all of them. The fingerprint scanner was outsmarted by a person who breathed on the sensor’s surface and was also duped through the use of adhesive film (similar to scotch tape) and some resin; the iris scan was fooled by a photo image of one person’s iris held up in front of another’s person’s eye. In addition, in every biometric application there is an inherent tension between security and convenience. Manufacturers of biometrics must decide up front whether to “”set his fault tolerance limits very narrowly, this increases the system’s security[;] the user-friendliness of the system, however, is likely to decline in proportion.””[11] Thus, the more secure a system is, the less useable the ID card.
Another example of biometrics gone wrong came out of a Japanese researcher’s lab. Using the same substance as found in gummi bears and some cheap kitchen supplies the researcher was able to fool a fingerprint detector about 80% of the time.[12] And, in Boston, several researchers defeated smart card technology using a camera flashgun and microscope to extract secret information widely used in smart cards.[13]
Finally, a national ID card would make the problem of identity theft even more difficult to remedy. Victims of identity theft find that it takes years to correct their credit records and clear their names. Based on one unique identifier, a perpetrator of identity theft could access a broader range of information – from tax information to medical records. And, what would happen if an ID card had your name on it, but someone else’s biometric identifier? If the system depends on a thumbprint how to do you reclaim your identity once the digital version your thumbprint has been spread across the Internet?
Congress should implement measures to stop identity theft. But, neither the Moran-Davis bill nor the AAMVA proposal would achieve this goal. Instead, these proposals would divert resources to an identification system built on a faulty foundation of false documents and dependent on vulnerable technologies.[14] Congress should consider other more effective measures to achieve driver’s license security.[15]
III. National driver’s licenses would become internal passports and undermine core American values, including freedom and privacy.
The proposals to standardize state driver’s licenses go beyond narrow questions about DMV licensing procedures and threaten to tip the balance away from individual freedom and toward an intrusive government bureaucracy.
Creation of an internal passport
No matter what limitations are put on the collection of information up front, history has shown that databases created for one purpose are almost inevitably expanded for other uses. Social Security Numbers – which were originally issued exclusively for the tracking of social security accounts – are a prime example.
Once the national driver’s license is in place, it would be the ideal tool for organizing and tracking all types of data used by the government and private industry. How long before office buildings, doctors’ offices, gas stations, highway toll roads, subways and buses incorporate the ID card into their security or payment systems for greater efficiency? Day to day, individuals will be asked for ID more and more often. Every time a police officer, security guard, or store scans your ID it will create a permanent record of that check, including time and location. The result will be a nation where citizens’ movements inside their country are monitored through these “”internal passports.””
Indeed, the Moran-Davis bill explicitly points to broader usage of the card both within and outside of government by requiring state DMVs to include interoperability functions on the card itself and by providing grant money to fund research into new and different applications of the card technology – from voting and obtaining welfare benefits to e-commerce.[16] In AAMVA’s “”Customer Focus White Paper,”” AAMVA membership (i.e. DMV administrators) are only one of almost twenty “”user communities”” of its proposed national ID card.[17] Other users include law enforcement, government agencies at the Federal, state and local level, restaurants and bars, employers, insurance providers, the healthcare industry, airlines, building and facility security, storeowners, schools, the retail industry generally, and even the gaming industry. And, the national ID would be used for functions beyond simply establishing identity. For example, AAMVA suggests that many of these stakeholders would be able to gather and record demographic information to create “”mailing and marketing lists, purchase histories, etc.”” or use the ID “”for personal banking, and securing online transactions ?.””
Finally, Juki Net, the national identification system in Japan, provides a relevant and timely example of how quickly the uses of a national ID would expand. Juki Net was implemented in early August with 93 administrative functions. Already, after only a month, a bill has been proposed that would increase the number of functions by 175.[18]
A threat to privacy
As discussed, a national driver’s license would go far beyond a license to drive. Perhaps an even more radical shift, however, would be hidden inside computer networks and databases. The national driver’s license effectively establishes a whole new way of collecting, using, and storing personal information. This change would pose a serious threat to individual privacy.
Information privacy has become an even more important issue to Americans largely because of two technological developments. First, vast increases in computing power now make it possible to collect enormous amounts of personal information. Not only are medical records and financial records stored online but detailed records of consumer purchasing are also stored online. Secondly, distributed networks like the Internet allow lightning-fast communication of personal data, too often for reasons that are entirely unrelated to the purpose for which it was collected. The days when sensitive information was safely deposited in paper files — practical obscurity — are long over.
Individuals’ unique identifier would be the key that unlocks personal information in all types of databases. Once the first step is taken in setting up the national ID infrastructure, the pressure for expansion of the system would be intense. Law enforcement and other government agencies would of course link into it. Soon employers will want access too, and landlords, and credit agencies and mortgage brokers and direct mailers, and so on and so on.
And, based on the uniform unique identifier (whether it is biometric or is a number) it would be easy to mix and match information stored in separate databases. For example, in South Korea, national ID numbers were used to track down 13,000 South Korean drivers when the state health insurer informed police the drivers had been treated for mental illness. According to news reports, one taxi driver lost his job and another lost his wife.[19] More complete and nuanced dossiers could be developed on the particular habits or activities of each and every American because every database would be organized according to the same ID. Already law enforcement agencies have enhanced authority to cast broad nets for information related to terrorism investigations. Suspicious activity reports document personal financial transactions, data mining under the new FBI guidelines depends on huge commercial databases of personal information compiled from supermarket “”loyalty”” cards and junk mail marketing, and easier access to student records and credits reports under the USA PATRIOT Act, put everyone’s personal information under suspicion.[20] And this trend will continue. The government will seek more data and engage in more sophisticated types of profiling and data analysis for the purposes of homeland security and law enforcement.
Beyond the very real problem of the inevitably growing number of authorized uses, there will be a problem of unauthorized abuses. Thousands and thousands of government officials would have access to the massive database of personal information required to support a national system of driver’s licenses. Even now internal breaches of database information occur on a regular basis at both the federal and state levels. In 1997, the General Accounting Office found serious weaknesses in the IRS’s computer security and privacy protections.[21] An investigation by the Detroit Free Press documented how Michigan law enforcement personnel regularly abused their access to the so-called crime computer to help their friends or themselves stalk women, threaten motorists, track estranged spouses – even to intimidate political opponents.[22]
Any one of these privacy violations would be magnified in the context of a national ID system. With data increasingly tied together thanks to the national ID standard, fraud or error would no longer be limited to one state law enforcement database.
Dependence on the DMV
A national ID system would depend on both the issuance of an ID card and the integration of huge amounts of personal information included in state and federal databases. H.R. 4633 requires States to issue a standardized “”smart”” card with a biometric that is interoperable with other government and private industry databases. As the card is used for more and more government and private applications, individuals would become more dependent on the bureaucracy of state DMVs to get it right. One employee mistake, an underlying database error rate, or common fraud could take away an individual’s ability to move freely from place to place or even make them unemployable until a government agency fixed their “”file.””[23] Anyone who has attempted to correct an inaccurate credit report can imagine the difficulty of getting an over-extended government agency to correct a mistake that precludes an individual from getting a valid ID. But, in the case of a government issued identity documents, the experience could go beyond merely a hassle of not being able to drive a car. Innocent individuals could be told they are not in fact who they say are and be denied access to many services they must access on a daily basis. This would radically shift the relationship between the government – and specifically the DMV – and the individual. In a sense, individuals would be required to get a hall pass from the government to go about their daily lives and depend on the efficiency of the bureaucracy to exercise basic rights and daily activities.
Equality at risk
In addition to privacy concerns, the national driver’s license would be used as a tool of discrimination. Any type of government card that purports to establish legal presence in the United States is nothing less than a citizenship card. Some people have argued that national ID would end racial profiling and other discriminatory practices. History proves otherwise. The Immigration Reform and Control Act of 1986 required employers to verify the identity of potential employees and their eligibility to work in the United States. The Act also established sanctions for failing to comply with the verification requirements. As a result, there has been widespread discrimination based on citizenship status against foreign-looking American workers, especially Asians and Hispanics. A 1990 General Accounting Office study found almost 20% of employers engaged in such practices.[24]
An identification card could be used as an excuse to subject Latinos, Asians, African-Americans and other minorities to more and more status and identity checks – not just from employers but also from police, banks, merchants, and others. The failure to carry a national ID would likely come to be viewed as a reason for suspicion. This would mean that certain individuals, including immigrants, would be increasingly vulnerable to a system that subjected them to the stigma and humiliation of constantly having to prove their citizenship or legal immigrant status.
IV. There are more effective, less intrusive alternatives available.
The national driver’s license would not prevent identity theft or prevent terrorists from getting a driver’s license. Congress should consider the alternatives, however, that would cut down on fraud but would not cut to the core of civil liberties.
State governments are already addressing driver’s license security issues. At least 40 states are considering legislation on driver’s license security, including application procedures, qualifications, and internal security.[25]
In June, two House Judiciary subcommittees held a joint hearing on homeland security and identity theft. Two identity theft experts suggested a variety of tools to stop identity theft and, more specifically, to secure state driver’s licenses. [26] Many of the following suggestions are taken from their testimony.
First, Congress should take steps to eliminate the root cause of identity theft – stolen SSNs and insecure credit information. These steps could include:
— Requiring credit bureaus to provide free credit reports annually on request (six states already do);
— Improving address change verification at credit reporting agencies; and
— Establishing fair information practices for the use and disclosure of the SSN.
Second, Congress should work with state governments, including state legislatures, to provide DMV employees with necessary tools and training on renewal and issuance of state driver’s licenses and to assist with anti-fraud programs. For example:
— Any errors in replacement requests for driver’s licenses and state ID cards, such as misspelling of the applicant’s name or street name, should be considered a significant reason to flag an application for further evaluation.
— All DMV employees that deal with the issuance and renewal of identifying documents should receive comprehensive and on-going training.
— Requests for duplicate or replacement driver’s licenses or ID cards should only be presented in person, not by phone or the internet.
— A testing program should be employed to identify fraud and abuse within the DMVs’ systems and to verify that procedures are being followed.
Conclusion:
Congress should reject recent proposals to standardize state driver’s licenses because they would substantially infringe on the rights of privacy and equality of Americans and would not prevent terrorist attacks. Instead, Congress should consider targeted approaches to the problem of identity theft and adopt common-sense measures to prevent fraud and misuse of the SSN, credit reports, and state driver’s licenses.
ENDNOTES
[1] A broad and diverse coalition of over 40 national organizations, including the Citizens Committee for the Right to Keep and Bear Arms, the American Conservative Union, and the National Council of La Raza, wrote letters opposing both the American Association of Motor Vehicle Administrators’ (AAMVA) proposal to standardize state driver’s licens
Related Issues
Stay Informed
Every month, you'll receive regular roundups of the most important civil rights and civil liberties developments. Remember: a well-informed citizenry is the best defense against tyranny.