• United States

Identity management is of national importance

Jan 13, 20033 mins
Access ControlEnterprise ApplicationsSecurity

* A brief review of privacy

Last week, I mentioned the FBI’s problem with identity management in the alleged case of the five men who were supposedly smuggled into the U.S. from Canada on Christmas Eve. I compared finding them to finding a particular needle in a package of needles but with no description of how the needle you are looking for differs from the other needles around it. It now turns out that the entire incident was fabricated by a document forger who is now in Canadian custody.

It still hasn’t been revealed how the forger came to be in possession of a photograph of a Pakistani jeweler whose protestations of innocence began the unraveling of the story. Evidently, document forgers are able to pass around various pictures, markings and other goods and paraphernalia to lend verisimilitude to their forged documents (that’s a different kind of ID management, though, far beyond what we discuss here). It does point up one more reason why good ID management is necessary in a quickly shrinking world.

Two hundred years ago, a criminal could board an ocean liner bound for the U.S. in Southampton, England and be sure that – as long as his “thief taking” pursuers weren’t on the same boat – he could most likely evade capture. One hundred years later, the authorities could telegraph pictures, warrants and details from London to New York faster than the boat could travel and be fairly confident that the criminal would be apprehended when he disembarked. Today, the criminals appear to have the edge once again. Law enforcement only gets the identity information after the bad guys have escaped. One reason for this is that there’s no universal identity management scheme. But a second and more insidious reason is that the technology we do have is being thwarted by attempts to preserve privacy and anonymity.

The privacy advocates believe that using technology to monitor and track activity – whether it’s a camera watching red-light violators at an intersection or the super-secret U.S. National Security Agency watching e-mail for code words – is in and of itself a violation of privacy.

There have been a number of proposals in the U.S. to create a national identity database using data already existing in various state databases such as driver’s license records, voter registrations and the like. Oracle’s Larry Ellison put forward such a plan in the days following the Sept. 11, 2001 attacks (see “Ellison’s national ID idea is good for travelers”). Ideas like this are consistently attacked not because they would gather too much information, but because they would make it easier to relate the details to a particular person – in other words, identity management.

The citizens of the U.S., at least, have indicated through polls that they’re quite willing to give up a small amount of privacy if it will lead to more security. Europeans, for the most part, already have national identity cards so the question there is moot. It may arise, though, when the European Union tries to merge all the ID databases (the directories, that is) into a single European identity repository.

Next issue, I’ll wind up this brief review of privacy so we can get back to the more mundane task of creating better directories. See you then.