Page 3

  • What legal structures protect the system's integrity as well as the data subject's privacy and due process rights, and determine the government and relying parties' liability for system misuse or failure?

Each of these issues is elaborated on in the report. And each of the above questions evokes a larger set of issues and questions that must be resolved. In addition, many of these issues are interdependent, and choices made for each will bear on the options available for resolving other issues.

Decisions made at this level will also have ramifications for the technological underpinnings of the system, including what levels and kinds of system security will be required. In fact, “system” may be the most important (and heretofore least discussed) aspect of the term “nationwide identity system,” because it implies the linking together of many social, legal, and technological components in complex and interdependent ways. The success or failure of such a system is dependent not just on the individual components but also on the ways they work—or do not work— together. The control of these interdependencies, and the mitigation of security vulnerabilities and their unintended consequences, would determine the overall effectiveness of the system.

The committee believes that given the complexity and potential impact of nationwide identity systems, more analysis is needed with respect to both desirability and feasibility. In particular,

  • Given the potential economic costs, significant design and implementation challenges, and risks to both security and privacy, there should be broad agreement on what problem(s) a nationwide identity system would address. Once there is agreement on the problem(s) to be solved, alternatives to identity systems should also be considered as potential solutions to whatever problem(s) is identified and agreed upon.

  • The goals of a nationwide identity system must be clearly and publicly identified and deliberated upon, with input sought from all stakeholders; public review of these goals prior to selecting a proposed system is essential.

  • Proponents of such a system should be required to present a very compelling case, addressing the issues raised in this report and soliciting input from a broad range of stakeholder communities.

  • Serious consideration must be given to the idea that—given the broad range of uses, security needs, and privacy needs that might be contemplated—no single system may suffice to meet the needs of potential users of the system.


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement