Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

One solution would be to make driver’s licenses and other state-issued IDs usable online by adding electronic chips. Just imagine: no more passwords to access your bank account, to buy something at Amazon, or to bid on eBay. Just insert your card. And if you lost the card, you could report it missing and get a new one. Instantly, all your online accounts would recognize the new credential and refuse to honor the old one.

Similar proposals have been made in the past: in the 1990s the U.S. Postal Service began working toward a system called the “U.S. Card.” But the project never really got off the ground–partly because the technology wasn’t quite ready, but also because of significant public opposition. In fact, in the United States every attempt to improve identification credentials has provoked significant public opposition. Many privacy activists see mandatory ID cards as one of the hallmarks of a police state. And many state governments fear the costs.

Though a stronger identification system would undoubtedly harm some citizens through errors, I think the opposition is unfortunate. We’re already being identified every time we use an online banking service, or make an online purchase, or even use Facebook. We’re just being identified through ad hoc,broken systems that are easy for bad guys to exploit. If we had a single strong identity system, we could adopt legislation to protect it from inappropriate use. A California law enacted in 2003, for example, prevents bars, car dealers, and others from collecting information swiped from a driver’s license for any purpose other than age verification or license authentication.

For more than 100 years, American jurisprudence has recognized privacy as a requirement for democracy, social relations, and human dignity. For nearly 50, we’ve understood that protecting privacy takes more than just controlling intrusions into your home; it also requires being able to control information about you that’s available to businesses, government, and society at large. Even though Americans were told after 9/11 that we needed to choose between security and privacy, it’s increasingly clear that without one we will never have the other.

We need to learn how to protect privacy by intention, not by accident. Although technology can help, my belief is that such protections need to start with clearly articulated polices. Just as Nixon created the Environmental Protection Agency to protect our environment, we need some kind of Privacy Protection Agency to give our rights a fighting chance. Our piecemeal approach is no longer acceptable.

Simson Garfinkel is an associate professor at the Naval Postgraduate School in Monterey, CA. The views expressed in this article are those of the author and do not necessarily reflect the views of the U.S. government or the Department of Defense.

2 comments. Share your thoughts »

Credit: Istvan Banyai

Tagged: Computing, Business, security, privacy, social networking, social media, data privacy, identity theft

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me