Skip to main content

Currently Skimming:

2 Policy Considerations
Pages 16-33

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 16...
... about a person that can be used to tell who that person is. Confirmation 1In the Philippines, for example, the social security system ID card project has been under active development and deployment for 6 years and has only reached an enrollment of just over 2 million, en route to the goal of enrolling 40 million social security beneficiaries, members, and dependents.
From page 17...
... Multiple identities (that is, multiple sets of information corresponding to a single individual) may allow individuals to control who has access to what kinds of information about them, and the use of multiple identities can be a legitimate strategy for controlling personal privacy in an information society.
From page 18...
... Splitting the record, therefore, might require additional personal information. 4A current example of a system that attempts to disallow multiple identities is the Commercial Driver's License Information System (CDLIS)
From page 19...
... Thus, any proposal for a new identity system requires a discussion of what sorts of identity information would be relevant and helpful to the stated goals of the system.5 It also requires taking into account the levels of confidence with which information was associated to an individual, since basing a system on fragile or unreliable data poses numerous risks. In addition, in some cases there are legal restrictions on what sort of information may be asked of an individual (presumably to include in that person's associated identity information)
From page 20...
... even if a country indicates that an individual seeking admission to the United States has a problematic background record, that doesn't mean the United States would consider such a person a risk (for example, a country might provide warnings about political dissidents)
From page 21...
... Broader, and perhaps more important, is the meaning of the ID (that is, the identity information about a person in the identity system and its associated token)
From page 22...
... 14The European Data Protection Directive mandates a limited right of individuals to know what algorithms are used to make decisions about them on the basis of personal information.
From page 23...
... The information associated with an individual identity could be distributed within the identity system in multiple ways. Parts of it may be machine-readable, parts may be readable by humans.
From page 24...
... of the information associated with an ID is a major concern, underscoring the importance of the initial policy choices related to the purpose of the system. Management and Operations Determining how any nationwide identity system should be managed and operated will be a key issue.
From page 25...
... The Privacy Act and the Government Information Security Reform Act in particular impose significant public notice and comment requirements on federal agencies to ensure public participation in the appropriateness of planned agency uses of data. The Computer Security Act imposes a risk-based standard for agencies to ensure they protect the confidentiality, integrity, and availability of sensitive federal information and supporting systems.
From page 26...
... If private entities are allowed to use the nationwide identity system for their own purposes, it is likely that IDs would be linked to a wide range of information, including bank accounts, credit cards, airline tickets, car rentals, hotel stays, retail transactions, purchases of controlled items (guns, explosives, For example, it may be useful to correlate instantly the renting of a large truck in one state with the purchase of a large amount of fertilizer a day later in another state.
From page 27...
... That is, two different digital representations of an iris or fingerprint could be compared to see if they might have come from the same eye or finger.20 21 Finally, privacy is of serious concern to many, especially when information linkages extend across the boundaries of multiple identities for example, in the linking of health data, credit ratings, or organizational memberships with our employment records. Of greatest concern to most people is the creation without authorization of such linkages by others, particularly those in positions of authority governments or employers, for example.
From page 28...
... . Clearly, minimization runs counter to the kinds of information collection and correlation needed for the preemptive and retrospective analyses contemplated by proposals for a nationwide identity system meant to counter terrorism and unlawful activities.
From page 29...
... The constitutional limitations on an agent's ability to require presentation of IDs,23 along with the limitations on the ability of Congress to enact a nationwide identity system, should be explored before any such enactment to avert the costs of imposing the system and then having to revise or abandon it in the face of its unconstitutionality, to say nothing of its effects on civil liberties. Depending on implementation details and policy decisions, a nationwide identity system could be used to compile and store large amounts of information on individuals, so that the legal restrictions on compiling and using dossiers would have to be strictly obeyed.
From page 30...
... Current systems have many characteristics that pose a challenge to meeting the goals expressed by proponents of a more uniform nationwide identity system. For example, the documents in current systems are not standardized in form or information content, so that a person inspecting an offered document often cannot determine if it even resembles an authentic document (much less whether it actually is authentic)
From page 31...
... The correlation and aggregation of personal information thus raise a variety of policy questions about the use of such information and constraints on it. As Garrett Hardin wrote in 1968, "You can't do just one thing."25 The introduction of a nationwide identity system would create ripples throughout society and the legal system.
From page 32...
... In addition, birth and death data in the United States are not subject to stringent accuracy requirements nor are they highly correlated, making it relatively straightforward to exploit a deceased person's birth certificate in order to establish credentials as a basis for an identity. Given the attendant risks, a nationwide identity system would need to provide much better protection against identity theft than do current systems of identification.
From page 33...
... Any proposed system must be examined to determine whether the net result with respect to identity theft would be better or worse than it is now. It may be that more robust security in a nationwide identity system, along with increased attention to data integrity (for example, correlating birth and death records, as discussed above)


This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.