During the past two weeks, while you weren't looking, Congress turned your driver's license into a national I.D. card. Amended to a "must pass" spending bill that authorizes $82 billion primarily for the war in Iraq, both the Senate and the House passed the Real I.D. Act, which asks states to issue licenses only to people who can prove they're U.S. citizens or legal immigrants. The law also dictates that licenses be "machine readable" -- probably through the kind of RFID radio tag that's now on American passports -- so that people seeking your I.D., anyone from cops to a bouncer, can quickly scan the license to obtain your name, address, photograph and other personal information.
Hundreds of immigration rights and civil-liberties groups have criticized the bill. They argue that the national I.D. card will allow cops and corporations to spy on citizens and worry that new databases of personal information will aid identity thieves. Opponents also point out that the new bill could create even longer lines at your local DMV, where clerks will scrutinize everybody who applies for and renews a license. The legislation now awaits President Bush's signature, and despite the criticism, he's certain to sign it. But one aspect of the Real I.D. Act should give Bush pause: According to security experts, the new I.D. cards won't make the country any safer and will likely make terrorists harder to catch.
Real I.D. supporters insist the act is a critical weapon in fighting terrorists. Chief proponent Rep. James Sensenbrenner, the Wisconsin Republican who shares Pat Buchanan's stay-off-my-land worldview on immigration issues, believes that today's driver's licenses are chinks in the nation's armor. Because many states issue driver's licenses to people without checking their immigration status, and because driver's licenses are accepted as valid identification for a wide range of federal purposes -- notably to get on airplanes -- illegal aliens, Sensenbrenner says, could easily attack us.
Sensenbrenner and other Real I.D. supporters point to the 9/11 attacks as Exhibit A in their argument. The 9/11 hijackers obtained driver's licenses using fake names and addresses, and at least two were in the country illegally. Caroline Espinosa, a spokeswoman for Numbers USA, a lobbying group that aims to reduce the number of immigrants, says that if provisions of the Real I.D. Act had been in place in September 2001, "those two hijackers would not have been able to have driver's licenses," and the attack would not have taken place.
It's a simple and seductive argument: Of course we want to institute something that could prevent another 9/11-like attack. But the argument is also misleading and deceptive.
First of all, say critics of the Real I.D. Act, it's naive to think that an I.D. requirement will keep terrorists off planes. Whatever security measures are used in the new driver's licenses, the licenses will inevitably be forged, stolen or tampered with by terrorists who aren't citizens. Also, it's possible terrorists could draft legal Americans, who already possess I.D.'s, to slip past screeners and do the dirty work.
This speaks to the second failure of the Real I.D. Act -- the "failure of imagination," to borrow the 9/11 Commission's phrase. Depending on whom you ask, the act will cost tens to hundreds of millions of dollars to implement. By focusing our resources on a plan to prevent a repeat of 9/11, we may be failing to anticipate and prevent a different attack -- one in which the attackers aren't foreigners but American citizens, whose weapons aren't airplanes but buses, and whose target isn't an office building but a shopping mall.
"Here's the question to ask," says security expert Bruce Schneier, whose book, "Beyond Fear: Thinking Sensibly About Security in an Uncertain World," argues against the implementation of national I.D. cards. "If we spend $20 billion to stop people from attacking airplanes and then terrorists start blowing up shopping malls, did we become any safer?"
The act is not worth the trade-off, Schneier says. We get no additional security while expending enormous costs to institute the national I.D. system. The cost is measured not only in money but also in the loss of privacy. Critics of the bill imagine a future in which machine-readable I.D.'s are scanned in public places without your permission (an RFID-enabled card can be scanned from a few feet away and, depending on the technology, possibly further). The Real I.D. Act will result in the creation of a nationwide database of personal information that would be a juicy target for attackers. "There isn't a database on the planet that isn't vulnerable to attack," says Schneier, an expert on database security. "Maybe they'll manage to create the first safe database -- but that isn't the way to bet."
And here's one more cost: The law could make the DMV an even greater nightmare. When you get your license renewed, you will need to bring along a birth certificate, a photo I.D., a utility bill, and a document, such a passport or naturalization certificate, showing that you're in the country legally. State government associations, including the National Conference of State Legislatures and the National Governors Association, have opposed the bill because they're afraid they'll need to spend millions to build systems capable of authenticating all these documents. "If you think a trip to the division of motor vehicles is a bad experience today, wait until the Real I.D. takes effect," Sen. Dick Durbin, D-Ill., told reporters last week.
You might argue that even if it doesn't stop terrorism entirely, the Real I.D. Act would at least make the attackers' jobs more difficult. If terrorist groups must forge documents, or choose new targets, or must now recruit people with solid immigration documents to carry out their deeds, then planning an attack, and remaining hidden while planning it, could be more difficult for them -- and for a few hundred million dollars, why wouldn't we want to frustrate terrorists' plans?
But the Real I.D. Act doesn't call for greater security measures at airports or other possible targets. Under the new rules, the nation will have the same number of airport screeners using the same procedures to inspect the same number of passengers as we do today. The act doesn't improve luggage bomb-screening devices, which are now both buggy and slow. The act doesn't harden nuclear plants or address the holes at seaports. Those kinds of improvements, says Schneier, "would have been a wise use of my terrorism dollar."
In terms of security, the only thing the act would change is what happens when you present your I.D. In the future, instead of a person inspecting your I.D., which is done today at an airport or a federal building, a machine will read it. If you pass the machine's scan, you're in. Schneier points out that the new rules tell terrorists what we're looking for at airports: I.D.'s capable of passing a machine's scan.
How will they obtain these I.D.'s? Terrorists are resourceful; that's why they're so pernicious. They're also not law-abiding citizens. "I mean, they're murderers!" says Jeff Deist, a spokesman for Rep. Ron Paul, a Texan who was one of the few Republicans to vote against the Real I.D. Act. If an attacker wants to get an I.D. by hook or by crook, Deist says, "I don't think someone intent on murder is going to follow the law on this. Why can't a DMV official be bribed?"
Indeed, such incidents are not unheard of. In April, police in Florida uncovered a scheme in which three DMV workers sold thousands of licenses to drivers in the state, including licenses to operate fuel tankers and haul hazardous materials. Recently, U.S. Customs officials have made similar busts in Michigan and Maryland.
Some security analysts believe a national I.D. system can be a good idea. But they warn that such a system must be strong enough to prevent bad guys from getting a card. John Pike, director of GlobalSecurity.org, a military affairs think tank in Washington, says that he supports a national I.D. card system as long as it's "robust"; that is, as long as it includes a good way to authenticate that a person is who he says he is. The Real I.D. Act, though, does nothing to stem what Pike says is the current "gray market" in driver's licenses. The act would not provide substantial resources to states to allow them to check on applicants for licenses; many state officials are calling the act an "unfunded mandate."
You can imagine bad guys working hard to get their hands on these new I.D.'s, Schneier says. Once they do, they'll be able to roam freely because I.D.'s carry the presumption of innocence. Otherwise, what would be the point of the I.D.? And once you have a machine-readable security apparatus in place, all sorts of locations would begin adding it to their security infrastructure -- courts, banks, subways, bars, schools, shops, maybe even your workplace, would begin scanning your I.D. to let you in. They'd do this because it would be an easy way to secure the place. Carrying an I.D. means you're a good guy.
Forget about the civil-liberties violations for a moment, says Schneier, and focus on the security implications. A society in which threats were assessed by machines would be one in which people become less vigilant. If you've checked everyone's I.D. at the subway entrance, nobody's going to watch out for bad guys in the subway car. If you've scanned people as they come through the bank, you're assuming that people who've made it inside have good intentions. They passed the test, so they can't be evil.
And that's the main problem with a national machine-readable I.D. system. It would lull us all into a false sense of security. An I.D. system causes us to place more stock in what Schneier calls "dumb guards" -- the scanners that read our I.D.'s -- than in "smart guards" -- human beings, whether they're cops or intelligence officers or bouncers or all the rest of us, people armed with intuition and experience who can better spot a bad guy, even if he does carry a valid-looking I.D.
On Dec. 14, 1999, Ahmed Ressam, a 28-year-old Algerian man who had obtained a legitimate Canadian passport under the name Benni Noris, attempted to cross from Victoria, B.C., to Port Angeles, Wash. Customs agents ran his passport -- an old-style passport that wasn't machine readable -- through the computer and found nothing odd. But something about Ressam's demeanor didn't sit well with the agents in Port Angeles, so they began searching his car. They found 100 pounds of nitroglycerin explosives stashed in his trunk. He had planned to blow up LAX.
Had Ressam been carrying a new I.D. card, one that could have been easily scanned by a machine from a few feet away, would anyone have noticed his odd behavior?