---

Smart ID card advocates call for government action

SEPTEMBER 14, 2005 (IDG NEWS SERVICE) - WASHINGTON - Imagine a so-called smart card that contained your U.S. government-checked identity, complete with biometric identifiers, plus your three credit-card accounts, your check card account, possibly even your health records.

Such a card, containing a small chip that could store kilobytes of data, could let you zoom through the toll stations on your local highway, act as a passport when you cross international borders and contain your passwords to a number of e-commerce Web sites. If this sounds a little far-fetched, it is, at least at the moment.

But advocates of government-mandated smart cards envisioned multiple uses for a small piece of plastic in the name of protecting the U.S. from illegal aliens and terrorists, during a discussion in Washington yesterday.

Many privacy advocates have protested proposals to create a national identification card, saying a card could be used to track U.S. residents and amass databases full of information.

Backers of the Real ID Act, passed by Congress in May, are careful to say it doesn't create a national ID, but it would set up some minimum standards that states must follow in order for their driver's licenses to remain valid federal identification.

In passing the Real ID Act, Congress did not intend to create a series of hard-to-comply-with rules, but to encourage minimum standards for states to verify the identities of driver's license holders, said U.S. Rep. Tom Davis, a Virginia Republican. "We weren't trying to carve out artificially high standards," said Davis, speaking at a biometrics policy forum sponsored by the Center for Strategic and International Studies (CSIS), a Washington think tank. "This is not an unfunded mandate [to states]."

Even Davis' call for moderate standards didn't stop other backers of nationally used smart ID cards from dreaming of a wide number of uses for a card with machine readable memory capacity. There could be some privacy risks if smart ID cards are implemented badly, but smart card technology holds much promise, said Paul Rosenzweig, senior legal research fellow at the Heritage Foundation, a conservative think tank.

Regulations attached to the Real ID Act could allow a variety of commercial uses, including a link to credit cards or check cards, Rosenzweig said. "The start-up cost borne by the government will be the seed money for commercial enterprise," he predicted of smart cards.

The Real ID Act, passed as part of a defense and antiterrorism funding bill, mandates that states require several forms of verifiable identification before issuing driver's licenses. States can decide not to comply with the law, but then their driver's licenses could not be used by residents as an accepted federal ID, required for activities such as boarding commercial airplanes.

The act also allows the Department of Homeland Security to define "machine-readable" technology used in federal IDs as well as any biometric data such as fingerprints or retina scans that should be part of the smart cards.

With these regulations still to be determined, the act could be the beginning of a smart card boom, Rosenzweig said. If implemented correctly, smart cards could also provide a level of anonymity for users, he said. For example, a smart card connected to a credit card could assure a retailer that the credit card has money enough to pay for a pair of dress pants without disclosing much additional personal information to the retailer, unless law enforcement agents dug into the transaction.

Rosenzweig called possible data masking by smart cards "pseudonymity." Smart card users could walk around with "practical obscurity" if the cards are implemented correctly, he said.

Joining Rosenzweig in calling for powerful smart cards was Rob Atkinson, vice president of the Progressive Policy Institute (PPI), a think tank aligned with moderate Democrats. Atkinson called for government smart cards to have open standards that would allow businesses to "automate all kinds of processes."

Atkinson went further than Davis by calling for tough standards under the Real ID Act. Multiple states with driver's licenses that aren't accepted as national IDs would create major confusion and allow terrorists with state-issued IDs to open bank accounts or rent cars, he said. Smart cards with biometic data would make fake IDs or driver's licenses purchased using fraudulent documents harder to get, he said.

Under the old system, where there are no national standards for issuing state driver's licenses, fake IDs are easy to get over the Web, Atkinson said. He recently interviewed several college students for internships at PPI, and they either had fake IDs or knew where to get one, he said.

"If a college student can get it, a dedicated terrorist certainly can get it," he added.

Although most of the speakers supported smart ID cards, they could create privacy and security concerns if implemented improperly, said Nancy Libin, staff counsel at the Center for Democracy and Technology, a privacy advocacy group. Most people, if given a choice of one key that would open their house, open their car, start their car and open several other locks, would likely choose to carry multiple keys because of the fear of losing the one multi-use key, Libin said.

Likewise, a smart card that includes a national ID, multiple credit card accounts and other data could cause many problems if it was lost, she said.

Libin also noted that biometric scans that some people want linked to smart cards are not fool-proof. Fingerprints could possibly be digitally copied and duplicated, she said.

"Unlike passwords, biometrics aren't secret, and they cannot be easily modified," she added. "Once that biometric has been ... compromised, it's done. It cannot be reissued, it's finished."