What legal structures protect the system's integrity
as well as the data subject's privacy and due process rights,
and determine the government and relying parties' liability for
system misuse or failure?
Each of these issues is elaborated on in the report. And each of the
above questions evokes a larger set of issues and questions that must
be resolved. In addition, many of these issues are interdependent, and
choices made for each will bear on the options available for resolving
Decisions made at this level will also have ramifications for the
technological underpinnings of the system, including what levels and
kinds of system security will be required. In fact,
“system” may be the most important (and heretofore least
discussed) aspect of the term “nationwide identity
system,” because it implies the linking together of many social,
legal, and technological components in complex and interdependent
ways. The success or failure of such a system is dependent not just on
the individual components but also on the ways they work—or do
not work— together. The control of these interdependencies, and
the mitigation of security vulnerabilities and their unintended
consequences, would determine the overall effectiveness of the system.
The committee believes that given the complexity and potential impact
of nationwide identity systems, more analysis is needed with respect
to both desirability and feasibility. In particular,
Given the potential economic costs, significant design and
implementation challenges, and risks to both security and
privacy, there should be broad agreement on what problem(s) a
nationwide identity system would address. Once there is
agreement on the problem(s) to be solved, alternatives to
identity systems should also be considered as potential
solutions to whatever problem(s) is identified and agreed upon.
The goals of a nationwide identity system must be clearly and
publicly identified and deliberated upon, with input sought from
all stakeholders; public review of these goals prior to
selecting a proposed system is essential.
Proponents of such a system should be required to present a very
compelling case, addressing the issues raised in this report and
soliciting input from a broad range of stakeholder communities.
Serious consideration must be given to the idea that—given
the broad range of uses, security needs, and privacy needs that
might be contemplated—no single system may suffice to meet
the needs of potential users of the system.