The Case Against the National ID Card
In the wake of the terrorist attacks on the United States
in 2001, a number of
parties have called for a national ID card to help identify American citizens
as "us" and everyone else as "them".
If everyone in the country carries a
common identification document, it is argued, that document can be tied to a
centralized database providing information that may help the government decide
whether a given person is, is not, or may be a terrorist. This feat
accomplished, proponents believe the nation's security will be enhanced.
This report presents the case against a national ID system. An initial
review and examination of existing government databases is followed by an
assessment of the technical and financial hurdles of introducing a national
ID; finally, the constitutional issues raised by mandatory identification
documents are addressed.
ABUSE OF AND FUNCTION CREEP IN EXISTING SYSTEMS
Before considering the special problems presented by a national ID system, we should first examine the problems experienced with similar, existing systems. We class these problems into two categories: those of abuse, and what is known as "function creep".
It is in the nature of government to accrue data on the citizenry, as much
personal information is needed in order to provide benefits and services for
which government exists. Unfortunately, we have seen even recently that
collections of personal information held by the government are subject to
egregious abuses. In 1997, a federal appellate court reversed the conviction
of an IRS employee who had engaged in a practice so widespread at the IRS that
it had a name. "Browsing" is what IRS insiders called the unnecessary and
unofficial review of personal tax return information by IRS
bureaucrats, and although it was against IRS regulations, it was
entirely legal. The employee in question had perused the personal financial
information of political opponents and of a prosecutor involved in the trial
of his father.1 As recently as 2000, major problems were
identified at the Veterans Administration-- whose databases contain personal
financial and medical data, as well as benefit records. Employees had long
been able to snoop each other's medical histories and identifying information
and fraudulently collect benefits, all due to lax security in the VA's
computer systems.2 Such abuses are not flukes, having
occurred also in Australia and Canada, among other countries.3,4 The type of aggregation that would be possible with a national ID number provides an even richer target for abuse, and there is no reason to believe that a national-ID-enabled system could be made any more secure.
"Function creep" is the term given to the seemingly inevitable growth in the
number and variety of uses of an originally intentionally limited system. One
would fully expect that were a national ID to be created, the scope of its use
would initially be carefully limited by law. However, it is
worthwhile to examine the history of the closest thing we have to a national
identifier-- the Social Security Number. The SSN was created in 1935 with a Congressional promise to the American people that it
would not be used for identification purposes, but solely so that the
Treasury could account for each worker's
contribution to the Social Security Fund. Only 26 years later, that
promise was broken as the Civil Service Commission began identifying all
federal employees with the number. One year later, the IRS required that all tax returns include it, and thus the financial
information of everyone in the nation was tied to their Social Security
Numbers.5 In fact, since its inception, Congress has authorized
nearly 40 uses of the SSN "as an identification number for non-Social Security
programs."6 We stand on strong precedent, then, when stating that
initial limitations on the uses of a national ID card are not likely to hold,
and in fact are likely to crumble spectacularly. No number of guarantees or
promises change that fact, and therefore when considering the matter of a
national ID, it is of utmost importance to consider the detrimental effects of
the broadest possible use of such a system-- effects as
disparate and horrific as use as an internal passport and massive potential
for comprehensive identity theft (already seen with the weaker SSN).7,8
IMPLEMENTATION PROBLEMS: ACCURACY AND COST
Two major factors in the debate over whether to implement a national ID system are, obviously, whether it is technically feasible and, if so, how much it would cost to construct and maintain.
It is probably technically possible to build a database system and require
that everyone in the country be registered in it and carry papers identifying
them as such if they wish to receive certain services and benefits. However,
the possibility of comprehensive enrollment and of maintaining a
database of such a size and of reasonable accuracy and integrity must be
called into question, as any inaccuracy in the database could have grave
consequences for affected individuals. Furthermore, it is worth noting that
such a system would almost certainly come to be relied upon
as not only a primary but often the sole source of identification and
verification for the people; thus inaccuracies should be readily remediable.
Alas, this is a catch-22, as the same means used for correcting inaccuracies present opportunities for fraud and identity theft, and a national ID system is a rich target for both.7
Any attempt at comprehensive enrollment is quite simply bound to fail,
especially if by "comprehensive" we include immigrants and illegal aliens. To illustrate this failure, note that in 1996 there
were roughly five million undocumented illegal immigrants were living in the
United States.9 Furthermore, the U.S.
Census, which is tasked with counting citizens, reports a net
undercount of four million people in 1990.10 Clearly, neither
requiring a national ID for benefits nor simply delivering one to each citizen is a feasible means of ensuring comprehensive enrollment, and we can expect millions of people to lack a national ID due to evasion or simple oversight.
There are two ways in which large databases of information tied to simple
personal identifiers become corrupted: In one, the database is rife with
inaccuracies which are difficult to correct; in the other, the database is
rife with inaccuracies simply because they are intended to be easy to correct,
and thus fraudulent data is easy to introduce into the system. As an example
of the first problem, consider credit bureaus in the United States. Nearly a
third of all credit reports in the United States contain major errors, and
corrections are notoriously difficult to obtain; thus the system remains full
of incorrect personal data about individuals which can have very serious
consequences in the real world.11 To illustrate the second problem, we have
only to observe current practices in obtaining false identification papers
from state agencies. It is not uncommon for criminals to obtain false driver's licenses, for example, by
presenting Departments of Motor Vehicles with
false credentials (with or without the assistance of a corrupt DMV official).
Once obtained, the driver's license becomes itself a powerful tool for committing fraud and obscuring identity.12
A further barrier to national ID implementation is cost. Both the United
Kingdom and Canada recently performed studies with an eye toward issuing national ID cards to their citizens, and each estimated a cost of about US$5 billion.13,14 These estimates are for two countries with populations less than a third the size of ours, and at a time when our projected national deficit for the next year is over US$300 billion.15,16 Neither of these cost estimates appear to take into account private-sector adaptation costs, nor do they provide estimates for yearly maintenance budgets.
Having seen the pitfalls inherent in a national ID system and
considered the technical and financial difficulties in implementing the same,
we must now consider the prospect of national IDs with reference to the Constitution. We first assume the existence of a national ID and examine its Fourth Amendment implications; afterward, we analyze the question of whether a national ID can constitutionally be created in the first place.
The Fourth Amendment protects the people against sweeping
searches, requiring that warrants be issued only upon probable cause and
"particularly describing the place to be searched, and the persons or things
to be seized."17 This makes it illegal, for instance, for the
police to stop a citizen on the street and demand identification--
exactly what a mandatory national ID would allow. As the Cato Institute puts it, the Fourth Amendment requires that the police justify themselves to the people, but a national ID system would "turn that important legal principle upside down."18 This is the clearest-cut conflict between the requirement of a national ID and the Fourth Amendment. Unfortunately it is not the only one, as Fourth Amendment protection does not extend to information contained in the types of databases likely to be linked by a national ID.
In 1967, the Supreme Court ruled that the Fourth Amendment applies only where
someone has a "reasonable expectation of privacy," and established the "plain
view" exception.19 In essence, the Court stated that any
information shared by a person with another entity is no longer protected, and
such information may be acquired by the government without a warrant.
There have been various privacy laws passed by Congress in the intervening
years, but nearly all of them have exempted the government from the rules
protecting individuals from each other. Bear in mind that the government need
not coerce a second party into presenting this information-- it may simply
provide incentive. In effect, the government can simply buy personal
information from private aggregators-- and does so regularly.20 As
stated in the testimony of prominent lawyer Paul Rosenzweig before the House
Committee on the Judiciary Subcommittee on the Constitution:
An individual's banking activity, credit card purchases, flight
itineraries, and charitable donations are information that the
government may access because the individual has voluntarily
provided it to a third-party. According to the Supreme Court, no
one has any constitutionally based enforceable expectation of
privacy in them. The individual who is the original source of this
information cannot complain when another entity gives it to the
A national ID number assigned to every person in the country would only serve
to facilitate searches on these databases by effectively linking all of them together,
providing the government with a means of dodging the Fourth Amendment and
making general sweeps of the population for evidence of incriminating behavior.
Though this is exactly the sort of oppressive behavior the Fourth Amendment was
intended to protect against, its 18th-century language and a pre-Internet Supreme
Court ruling have ensured that it does not.
There are two ways by which the Federal government might create
a national ID system: It might do so directly, by simply establishing a
database and issuing cards; or it might try to leverage the existing but
disjointed State identification systems by coordinating them and requiring
that a common unique identifier be used by all. It is instructive, then, to
examine a 1997 law and 1998 federal court case which together illustrate the
unconstitutionality of both options.
The last attempt at establishing a National ID system was in 1997, when
the Immigration Reform and Immigrant Responsibility Act of 1996 was rolled
into an omnibus Act and passed into law. One provision of the Act, section
656(b), defined standards for "state-issued drivers licenses and comparable
identification documents"-- requirements which included the use of the Social
Security Number as a universal identifier.22 Section 656 was slated to go into
effect in 2000, but was repealed by section 355 of the 1999 DOT appropriations Act.23
Both the nature and the fate of this attempt present a series of interesting
questions. If the Congress wanted to establish a national ID, why didn't it
just create one and be done with it? Why bother with the States' driver's licenses?
And why did Congress reverse itself so quickly, aborting its cleverly-enacted
National ID system before it effectively got off the ground? The answers to
all of these questions lie in our highest law-- the Constitution-- and in its
interpretation by the Federal judiciary.
To begin, the Congress lacks the authority to create a national ID system.
Such power is not explicitly laid forth anywhere in the Constitution, and the
Tenth Amendment reserves to the States and the people any powers not delegated
to the Federal government.24 Ah, but Section 656 was clever, and followed our
hypothesized second path to a national ID. With the States already maintaining
databases on the citizenry and issuing identification papers, all that was
lacking was a simple, standardized identifier which worked across all such
systems. The Congress need not create a national ID to get a national
ID-- it only had to set rules for the States' heretofore individual systems,
and a national ID system would magically appear. The authority to do this
came, reckoned the Congress, from the famous Commerce Clause in Article I
Section 8. As a bonus, such a system would be essentially free of charge to the
Federal government, the bill footed almost entirely by the States.
Fortunately, the Constitution does not fold so easily, as was made clear in
1998 by a court ruling on another Federal law on States' driver's licenses-- a
law ironically meant to protect individual privacy. In September of that
year, the Federal Court of Appeals for the Fourth Circuit ruled in favor of
the Attorney General of the State of South Carolina, who had sued to challenge the
constitutionality of the 1994 Driver's Privacy Protection Act. The DPPA
essentially forbade States from selling information collected for driver's
licenses-- something South Carolina contended the Federal government had no
authority to do. The Federal government's case was based primarily on the
Commerce Clause, but the court-- standing on precedent-- rejected this argument:
Although Congress may regulate entities engaged in interstate
commerce, Congress is constrained in the exercise of that power
by the Tenth Amendment. As a result, when exercising its
Commerce Clause Power, Congress may only "subject state
governments to generally applicable laws." New York v. United
States, 505 U.S. 144, 160 (1992).25
According to this very straightforward reading of the Constitution, not only is the Federal government forbidden from itself establishing a national ID system, it also lacks constitutional wherewithal to force the States to do its bidding and organize one themselves. There is therefore no constitutional means by which the Federal government may establish a national ID system.
A review of existing large database systems has revealed
failures, vulnerabilities, and corruption-- a track record that inspires no
confidence in the government's ability to properly manage a national ID
system. The inability of the government to account for millions of people in
the country belies the idea that a national ID card can be used to reliably
separate American citizens from others. Even the estimated cost of
implementing this doomed system is astronomical, without mentioning
maintenance or management. Finally, not only would a national ID system, were
it to exist, undermine our Constitution-- it is unconstitutional to even
establish one in the first place. It is therefore clear that the problems
inherent in a national ID system would be endemic and epidemic, and equally
clear that the cost-- economic, but more importantly societal-- is entirely
- United States v. Czubinski, No. 96-1317 (1st Cir. 1997).
- Privacilla, The Veterans Administration Computer System,
<http://www.privacilla.org/government/va.html>, April 17, 2002.
- Independent Commission Against Corruption, Report on Unauthorized Release
of Government Information, Vol 1 3, 1992, Sydney.
- Federal Privacy of Medical Information Act, S Rept96-832 Part 1 p. 24-26,
96th Congress, March 19, 1980.
- The Cato Institute, The National ID Card: It's Baaack!, September 23,
- Paul, Ron. 1999. Representative Ron Paul introducing the Freedom and
Privacy Restoration Act. 106th Cong., 1st. sess. Cong. Rec., 6 Jan
- Privacy International, Identity Cards: Frequently Asked Questions,
- Federal Trade Commission, ID Theft: What It's All About,
- Immigration and Naturalization Service, Illegal Alien Resident Population,
- U.S. Census Bureau, Net Undercount and Undercount Rate for U.S. (1990),
- Public Interest Research Groups, Mistakes Do Happen: Executive Summary,
- National Conference of State Legislators, Driver's License Integrity,
<http://www.ncsl.org/statefed/DLRCSG.htm>, accessed 2003.
- CBC News, National ID would cost billions: study,
<http://www.cbc.ca/stories/2003/10/07/privacy031007>, Oct. 08,
- Privacy International, UK National ID Cards,
<http://www.privacyinternational.org/issues/idcard/uk/>, Jan. 12,
- Central Intelligence Agency, The World Factbook 2003,
- U.S. Office of Management and Budget, Budget of the U.S. Government, FY
2004: Summary Tables,
- U.S. Const. amend. IV.
- The Cato Institute, Cato Handbook for Congress: Policy Recommendations for
the 108th Congress, p.125-126, 2001.
- Katz v. United States, 389 U.S. 347 (1967).
- Rotenberg, M. and Hoofnagle, C. to Rep. A. Putnam and Rep. W. Clay, EPIC
Submission to the House Government Reform Committee on Data Mining, March 25,
- US House of Representatives, Committee on the Judiciary, Anti-Terrorism
Investigations and the Fourth Amendment After September 11, 2001, 108th Cong.,
1st Sess., May 20, 2003, p. 66.
- Illegal Immigration Reform and Immigrant Responsibility Act. U.S. Public
Law 104-208. 104th Cong., 2d sess., 1996.
- Department of Transportation and Related Agencies Appropriations Act. U.S.
Public Law 106-69. 104th Cong., 2000.
- U.S. Const. amend. X.
- Condon v. Reno, 97-2554, ¶2 (4th Cir. 1998).