Page 32

ized, mandated identities for everyone. Identity theft is an individual's fraudulent claim that he or she is the person to whom the information in the system refers, allowing him or her to derive some benefit from another party who is relying on that claim. It might involve theft of a physical ID token or it might involve the thief's learning some secret or personal information and using this in lieu of the token. One reason for the problem is the broad misuse of SSNs, coupled with the fact that the number itself is small enough to be easily memorized. In addition, birth and death data in the United States are not subject to stringent accuracy requirements nor are they highly correlated, making it relatively straight-forward to exploit a deceased person's birth certificate in order to establish credentials as a basis for an identity.

Given the attendant risks, a nationwide identity system would need to provide much better protection against identity theft than do current systems of identification. 28 Additional questions arise in the context of a nationwide system of how to recover from identity theft. Who would have the authority to restore or create a new identity for someone when necessary? And what safeguards would be needed to prevent this authority from being abused?

While offering better solutions to some problems surrounding identity theft, a nationwide identity system poses its own risks. For example, it is likely that the existence of a single, distinct source of identity would create a single point of failure that could facilitate identity theft. The theft or counterfeiting of an ID would allow an individual to “become” the person described by the card, in very strong terms, especially if the nationwide identity system were to be used for many purposes other than those required by the government. Paradoxically, it could be that a robust nationwide identity system makes identity theft more difficult while at the same time making its consequences more dire. The economic incentive to counterfeit these cards could turn out to be much greater than the economic incentive to counterfeit U.S. currency.

28One strategy might be for the system to avoid displaying human-readable ID “numbers” or other unique identifiers to private organizations. This would, in effect, make it impossible for anyone to read another person's information off his or her card. (Imagine, for example, a credit card that does not have the account number embossed on the front but makes it available only to machines that read magnetic stripes, thereby reducing opportunities for casual theft). The strategy would instead require that agents use cryptographic techniques to authenticate individuals or enable transactions. See Figure 2.1 for a description of the kinds of information in an identity system and where the information might end up.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement