|
 espite
the fact that the September 11 hijackers appear to have been exactly
who they said they were, a large number of people want us to believe
that safety lies in issuing all Americans national-I.D. cards linked
to databases packed with personal information. The latest group
to climb on the national-I.D. bandwagon is the American
Association of Motor Vehicle Administrators.
It wants drivers'
licenses to be the foundation of a national-I.D. system in the U.S.
and Canada and plans to ask Congress for $100 million to develop
a scheme to number and track citizens in order to "secure a
safer America." (Robert O'Harrow Jr. January 14, 2002. San
Jose Mercury News online edition.)
Many people, like the Motor Vehicle Administrators and Oracle's
Larry Ellison, have huge and obvious business incentives to foster
a national-I.D. card. Others simply admire surveillance for its
own sake. Whatever their motive, each of them assumes that secure,
accurate, databases exist and that national-I.D. cards will cause
few problems for individuals. Practical experience, however, suggests
the opposite. Even with the best of intentions, governments do a
poor job of maintaining databases, and there is little evidence
to suggest that a national-I.D. card would either promote safety
or protect privacy
Consider the
problems with Colorado's Central Registry of Child Protection, a
small database run by a state government that is relatively efficient,
fair, and respectful of privacy.
In existence
in one form or another for about 30 years, the registry is now an
automated database used to track all reports of child abuse or neglect
and to conduct background checks on people working with children.
In theory, the registry allows employers to instantly determine
whether they are hiring people prone to child abuse and helps state
welfare agencies separate habitual child abusers from those who
are victims of malicious charges. In May 2001, the Colorado State
auditor's office examined the registry. It contained 107,848 records
with information on 113,681 confirmed or alleged perpetrators, 907
unknown third-party perpetrators, and 144,334 children. It received
about 450 new reports a month.
Despite the state's best efforts, the registry has a high-error
rate. When the auditor's office compared a sample of 31 incident
reports with their registry entries, it found 44 data-entry errors.
Fifty thousand of the 107,848 records were incomplete. Forty percent
of a sample of 48 registered sex offenders known to have committed
crimes against children were not listed in the registry. As of June
1, 2000, Colorado a law required the registry to delete records
for anyone acquitted of child abuse charges or whose case was dismissed.
Of 1,589 people who listed as having been acquitted of child-abuse
charges in judicial records on or after June 1, 2000, 191 were still
illegally listed in the registry.
Although the registry tracked people for minor transgressions, it
apparently had little effect on successful prosecutions for child
abuse. Over half of the reports of abuse in 2000 were for neglect,
and nearly half of all the reports were listed as "minor."
Under
Colorado statute, child abuse is broadly defined and leaves
a great deal of room for interpretation. Children are abused by
any act or omission that leaves bruises that may not be accidental,
any act or omission that denies services, including supervision,
that a "prudent" parent would provide, or any act or omission
that creates living conditions that cause or pose a substantial
risk of impairing a child's intellectual or psychological functioning
or development. Registry staff and county representatives told the
auditor's office that "very few individuals listed on the registry
as perpetrators are ever arrested, charged, or convicted of any
child abuse crime."
The "instant"
background checks required for child-care workers and foster and
adoptive parents took as long as three months to complete, despite
a state law requiring completion within ten days. Delays caused
severe disruptions for families and child-care providers. Four of
nine child-care facilities contacted about positive matches had
to fire people already working for them. Another facility was able
to move the employee to a position not involving contact with children.
The registry is designed to track a small subset of people in a
state population of just over 4 million. With the July 2001 resident
U.S. population estimated at roughly 285,000,000, a national-I.D.
database would be a much more difficult database to maintain. Roughly
16 percent of the U.S. population changes residences every year,
and an error rate of just 1 percent would affect almost 3 million
households.
Even considerably smaller federal databases have error rates higher
than 1 percent. In 1998, the General Accounting Office reported
that the Social Security Administration administered records on
50 million beneficiaries. In 1997 it processed information on approximately
225 million wage and tax statements for about 138 million workers.
In 2000, the
Inspector General of Social Security Administration reviewed a sample
of 455 child Social Security beneficiaries, and found that 86 percent
were not eligible for the program. The
Inspector General also estimated that 1.31 million records of
those receiving disability payments were incomplete because the
records lacked information on the disability for which the payment
was being made.
In 1995, John
J. Miller and Stephen Moore of the Cato Institute reported Social
Security files have been found to contain errors in 5 to 20 percent
of cases.
Errors can
wreak havoc in the lives of those affected, as anyone who has been
denied Social Security benefits or mistakenly pursued by the IRS
can attest. Because the bureaucracies involved seldom suffer for
their mistakes, correcting them can be a nightmare. On November
8, 1996, a nursing-home clerk mistakenly checked the "expired"
box on Deborah A. Hawkins's nursing-home discharge papers. Ms. Hawkins,
50, had just had her hip replaced and was also on the waiting list
for a kidney transplant. Despite a letter from the nursing home
trying to correct the error and a personal visit to the Social Security
Administration by the disabled Ms. Hawkins, Medicare began refusing
to pay her medical bills. She contacted her congressman and regulatory
oversight agencies. The February 26, 1997, Washington Post
reported that, as far as the government was concerned, Ms. Hawkins
was still dead 3 months and 17 days later. (Courtland Milloy. February
26, 1997. "Correcting a Grave Mistake," Washington
Post. B1).
Currently, an error in one database can have terrible consequences,
but the error will not necessarily spread to other databases. If
Medicare believes that you died several months ago, you can still
travel on an airplane, purchase a firearm, or get hired at a new
job. But with a national-I.D. card serving as the information hub
of an individual's life, a catastrophic error in one spoke will
quickly spread to all the other spokes, making it impossible for
an error victim to live a normal existence. In France, for example,
a clerk's typographical spelling error in the national-I.D. entity
database sometimes becomes impossible to correct, and thus a person
turns into a non-person.
Besides the inadvertent errors that are inevitable in any large
human administered system, deliberate fraud is, and will continue
to be, an enormous problem. One product of the matching program
that the Social Security Administration (SSA) runs with the IRS
is a pool of invalid Social Security Numbers created either by mistake
or by people using false identities to get a job. Each time a name
and SSN fail to match on an annual W-2, the record is placed in
an Earnings Suspense File created to hold "voluntary social
security contributions" whose owners cannot be identified.
There are currently more than 227 million records in the file, about
11 percent of which refer to SSNs that were never issued. Enforcement
is hopeless. In fiscal year 2000 the Social Security Administration
received 46,840 allegations of SSN misuse. Between 1997 and 2001
the Administration's Office of the Inspector General investigated
a grand total of 5,655 cases.
Although national-I.D. proponents tout embedded microchips laminated
in ID cards as sure fraud protection, the world is full of technically
trained people able to program microchips and laminate documents.
In fact, the unforgeable document has yet to be invented. The roughly
6 million passports issued each year are the most technically challenging
generally available ID documents produced by the U.S. government.
Counterfeits capable of passing foreign examination are not uncommon,
and in 1998, the
FBI reported that prices ranged from $2,000 to $12,000.
Counterfeits of foreign documents, which allow people to legally
enter and operate in the U.S., cost even less. According
to a 2000 report from the California Department of Justice,
counterfeit Russian passports were generally available from "travel
agency" "document facilitators" for $120 to $200.
Some crooks use fraudulent means to obtain the genuine article.
One alien trafficking syndicate got genuine U.S. passports by buying
birth certificates from U.S. citizens at methadone clinics. (Testimony
of John Hotchner, Director, Office of Passport Policy, Planning
and Advisory Services, Bureau of Consular Affairs, Department of
State. July 22, 1999. "Counterfeiting and Misuse of the Social
Security Card and State and Local Identity Documents," Subcommittee
on Immigration and Claims, Committee on the Judiciary House of Representatives.)
Crooked government employees present another practical problem.
In 1997, 29 Social Security Administration employees were convicted
of crimes ranging from creating fictitious identities, to fraudulently
selling Social Security Administration cards to abusing confidential
information.
In 2000,
an employee was imprisoned for issuing 125 Social Security cards
to an accomplice. Another was convicted of browsing the SSA database
for information on people whose replacement credit were stolen while
en route to them. The stolen information was used to activate 63
replacement cards. It is worth noting that the employee browsing
the Social Security database was detected only after The Traveler's
Bank notified the Social Security Administration that the bank was
seeing suspicious patterns in the bank's credit card issuance data.
If the stakes are high enough, and they would be under a national-I.D.
system because one card would be the key to everything else, there
is no reason to believe that people could not also be bribed to
create false records.
Rather than focus on intensive surveillance and prosecution of likely
miscreants, terrorists, and illegals, national-I.D. supporters want
authorities to undertake the impossible task of pretending to manage
an unmanageable database filled with inaccurate information on millions
and millions of innocent people. Since evildoers are a small fraction
of the general population, this boils down to building a security
system that concentrates its limited resources on monitoring the
innocent. Freed from intensive surveillance, real criminals should
have no problems hiding in the system's inefficient cracks.
|
