You’ve Got Identity
Why a national id is a bad idea.

By Linda Gorman & Dave Kopel of the Independence Institute
February 5, 2002 11:45 a.m.

espite the fact that the September 11 hijackers appear to have been exactly who they said they were, a large number of people want us to believe that safety lies in issuing all Americans national-I.D. cards linked to databases packed with personal information. The latest group to climb on the national-I.D. bandwagon is the American Association of Motor Vehicle Administrators.

It wants drivers' licenses to be the foundation of a national-I.D. system in the U.S. and Canada and plans to ask Congress for $100 million to develop a scheme to number and track citizens in order to "secure a safer America." (Robert O'Harrow Jr. January 14, 2002. San Jose Mercury News online edition.)

Many people, like the Motor Vehicle Administrators and Oracle's Larry Ellison, have huge and obvious business incentives to foster a national-I.D. card. Others simply admire surveillance for its own sake. Whatever their motive, each of them assumes that secure, accurate, databases exist and that national-I.D. cards will cause few problems for individuals. Practical experience, however, suggests the opposite. Even with the best of intentions, governments do a poor job of maintaining databases, and there is little evidence to suggest that a national-I.D. card would either promote safety or protect privacy

Consider the problems with Colorado's Central Registry of Child Protection, a small database run by a state government that is relatively efficient, fair, and respectful of privacy.

In existence in one form or another for about 30 years, the registry is now an automated database used to track all reports of child abuse or neglect and to conduct background checks on people working with children. In theory, the registry allows employers to instantly determine whether they are hiring people prone to child abuse and helps state welfare agencies separate habitual child abusers from those who are victims of malicious charges. In May 2001, the Colorado State auditor's office examined the registry. It contained 107,848 records with information on 113,681 confirmed or alleged perpetrators, 907 unknown third-party perpetrators, and 144,334 children. It received about 450 new reports a month.

Despite the state's best efforts, the registry has a high-error rate. When the auditor's office compared a sample of 31 incident reports with their registry entries, it found 44 data-entry errors. Fifty thousand of the 107,848 records were incomplete. Forty percent of a sample of 48 registered sex offenders known to have committed crimes against children were not listed in the registry. As of June 1, 2000, Colorado a law required the registry to delete records for anyone acquitted of child abuse charges or whose case was dismissed. Of 1,589 people who listed as having been acquitted of child-abuse charges in judicial records on or after June 1, 2000, 191 were still illegally listed in the registry.

Although the registry tracked people for minor transgressions, it apparently had little effect on successful prosecutions for child abuse. Over half of the reports of abuse in 2000 were for neglect, and nearly half of all the reports were listed as "minor." Under Colorado statute, child abuse is broadly defined and leaves a great deal of room for interpretation. Children are abused by any act or omission that leaves bruises that may not be accidental, any act or omission that denies services, including supervision, that a "prudent" parent would provide, or any act or omission that creates living conditions that cause or pose a substantial risk of impairing a child's intellectual or psychological functioning or development. Registry staff and county representatives told the auditor's office that "very few individuals listed on the registry as perpetrators are ever arrested, charged, or convicted of any child abuse crime."

The "instant" background checks required for child-care workers and foster and adoptive parents took as long as three months to complete, despite a state law requiring completion within ten days. Delays caused severe disruptions for families and child-care providers. Four of nine child-care facilities contacted about positive matches had to fire people already working for them. Another facility was able to move the employee to a position not involving contact with children.

The registry is designed to track a small subset of people in a state population of just over 4 million. With the July 2001 resident U.S. population estimated at roughly 285,000,000, a national-I.D. database would be a much more difficult database to maintain. Roughly 16 percent of the U.S. population changes residences every year, and an error rate of just 1 percent would affect almost 3 million households.

Even considerably smaller federal databases have error rates higher than 1 percent. In 1998, the General Accounting Office reported that the Social Security Administration administered records on 50 million beneficiaries. In 1997 it processed information on approximately 225 million wage and tax statements for about 138 million workers.

In 2000, the Inspector General of Social Security Administration reviewed a sample of 455 child Social Security beneficiaries, and found that 86 percent were not eligible for the program. The Inspector General also estimated that 1.31 million records of those receiving disability payments were incomplete because the records lacked information on the disability for which the payment was being made.

In 1995, John J. Miller and Stephen Moore of the Cato Institute reported Social Security files have been found to contain errors in 5 to 20 percent of cases.

Errors can wreak havoc in the lives of those affected, as anyone who has been denied Social Security benefits or mistakenly pursued by the IRS can attest. Because the bureaucracies involved seldom suffer for their mistakes, correcting them can be a nightmare. On November 8, 1996, a nursing-home clerk mistakenly checked the "expired" box on Deborah A. Hawkins's nursing-home discharge papers. Ms. Hawkins, 50, had just had her hip replaced and was also on the waiting list for a kidney transplant. Despite a letter from the nursing home trying to correct the error and a personal visit to the Social Security Administration by the disabled Ms. Hawkins, Medicare began refusing to pay her medical bills. She contacted her congressman and regulatory oversight agencies. The February 26, 1997, Washington Post reported that, as far as the government was concerned, Ms. Hawkins was still dead 3 months and 17 days later. (Courtland Milloy. February 26, 1997. "Correcting a Grave Mistake," Washington Post. B1).

Currently, an error in one database can have terrible consequences, but the error will not necessarily spread to other databases. If Medicare believes that you died several months ago, you can still travel on an airplane, purchase a firearm, or get hired at a new job. But with a national-I.D. card serving as the information hub of an individual's life, a catastrophic error in one spoke will quickly spread to all the other spokes, making it impossible for an error victim to live a normal existence. In France, for example, a clerk's typographical spelling error in the national-I.D. entity database sometimes becomes impossible to correct, and thus a person turns into a non-person.

Besides the inadvertent errors that are inevitable in any large human administered system, deliberate fraud is, and will continue to be, an enormous problem. One product of the matching program that the Social Security Administration (SSA) runs with the IRS is a pool of invalid Social Security Numbers created either by mistake or by people using false identities to get a job. Each time a name and SSN fail to match on an annual W-2, the record is placed in an Earnings Suspense File created to hold "voluntary social security contributions" whose owners cannot be identified. There are currently more than 227 million records in the file, about 11 percent of which refer to SSNs that were never issued. Enforcement is hopeless. In fiscal year 2000 the Social Security Administration received 46,840 allegations of SSN misuse. Between 1997 and 2001 the Administration's Office of the Inspector General investigated a grand total of 5,655 cases.

Although national-I.D. proponents tout embedded microchips laminated in ID cards as sure fraud protection, the world is full of technically trained people able to program microchips and laminate documents. In fact, the unforgeable document has yet to be invented. The roughly 6 million passports issued each year are the most technically challenging generally available ID documents produced by the U.S. government. Counterfeits capable of passing foreign examination are not uncommon, and in 1998, the FBI reported that prices ranged from $2,000 to $12,000.

Counterfeits of foreign documents, which allow people to legally enter and operate in the U.S., cost even less. According to a 2000 report from the California Department of Justice, counterfeit Russian passports were generally available from "travel agency" "document facilitators" for $120 to $200. Some crooks use fraudulent means to obtain the genuine article. One alien trafficking syndicate got genuine U.S. passports by buying birth certificates from U.S. citizens at methadone clinics. (Testimony of John Hotchner, Director, Office of Passport Policy, Planning and Advisory Services, Bureau of Consular Affairs, Department of State. July 22, 1999. "Counterfeiting and Misuse of the Social Security Card and State and Local Identity Documents," Subcommittee on Immigration and Claims, Committee on the Judiciary House of Representatives.)

Crooked government employees present another practical problem. In 1997, 29 Social Security Administration employees were convicted of crimes ranging from creating fictitious identities, to fraudulently selling Social Security Administration cards to abusing confidential information.

In 2000, an employee was imprisoned for issuing 125 Social Security cards to an accomplice. Another was convicted of browsing the SSA database for information on people whose replacement credit were stolen while en route to them. The stolen information was used to activate 63 replacement cards. It is worth noting that the employee browsing the Social Security database was detected only after The Traveler's Bank notified the Social Security Administration that the bank was seeing suspicious patterns in the bank's credit card issuance data.

If the stakes are high enough, and they would be under a national-I.D. system because one card would be the key to everything else, there is no reason to believe that people could not also be bribed to create false records.

Rather than focus on intensive surveillance and prosecution of likely miscreants, terrorists, and illegals, national-I.D. supporters want authorities to undertake the impossible task of pretending to manage an unmanageable database filled with inaccurate information on millions and millions of innocent people. Since evildoers are a small fraction of the general population, this boils down to building a security system that concentrates its limited resources on monitoring the innocent. Freed from intensive surveillance, real criminals should have no problems hiding in the system's inefficient cracks.