One solution would be to make driver’s licenses and other state-issued IDs usable online by adding electronic chips. Just imagine: no more passwords to access your bank account, to buy something at Amazon, or to bid on eBay. Just insert your card. And if you lost the card, you could report it missing and get a new one. Instantly, all your online accounts would recognize the new credential and refuse to honor the old one.
Similar proposals have been made in the past: in the 1990s the U.S. Postal Service began working toward a system called the “U.S. Card.” But the project never really got off the ground–partly because the technology wasn’t quite ready, but also because of significant public opposition. In fact, in the United States every attempt to improve identification credentials has provoked significant public opposition. Many privacy activists see mandatory ID cards as one of the hallmarks of a police state. And many state governments fear the costs.
Though a stronger identification system would undoubtedly harm some citizens through errors, I think the opposition is unfortunate. We’re already being identified every time we use an online banking service, or make an online purchase, or even use Facebook. We’re just being identified through ad hoc,broken systems that are easy for bad guys to exploit. If we had a single strong identity system, we could adopt legislation to protect it from inappropriate use. A California law enacted in 2003, for example, prevents bars, car dealers, and others from collecting information swiped from a driver’s license for any purpose other than age verification or license authentication.
For more than 100 years, American jurisprudence has recognized privacy as a requirement for democracy, social relations, and human dignity. For nearly 50, we’ve understood that protecting privacy takes more than just controlling intrusions into your home; it also requires being able to control information about you that’s available to businesses, government, and society at large. Even though Americans were told after 9/11 that we needed to choose between security and privacy, it’s increasingly clear that without one we will never have the other.
We need to learn how to protect privacy by intention, not by accident. Although technology can help, my belief is that such protections need to start with clearly articulated polices. Just as Nixon created the Environmental Protection Agency to protect our environment, we need some kind of Privacy Protection Agency to give our rights a fighting chance. Our piecemeal approach is no longer acceptable.
Simson Garfinkel is an associate professor at the Naval Postgraduate School in Monterey, CA. The views expressed in this article are those of the author and do not necessarily reflect the views of the U.S. government or the Department of Defense.
Gain the insight you need on security at EmTech Digital.
Watch video from the event