Is a National ID Card Coming? -- Microsoft Certified Professional Magazine Online

Is a National ID Card Coming?

Like it or not, Big Brother will soon know exactly who you are.

By Russ Cooper
06/15/2005

Governance
Last month, President Bush signed into law a bill that, among other provisions, will require all Americans to obtain federally approved, machine-readable ID cards approved by the U.S. Department of Homeland Security. The law, known as the "Real ID Act of 2005," was attached to an Iraq/Afghanistan military spending bill. Enforcement starts in May 2008.

This will create a national ID card, no matter what anyone might say to the contrary. If DHS has approved a machine-readable identification card, it is unlikely that some other card will be created which serves a similar purpose. According to supporters, the Real ID card is intended to ensure that illegal immigrants won't be able to get driver's licenses. However, once created, it's likely that it will make an attractive replacement to Social Security numbers, passport numbers and other credentials which would be more easily trackable in a national database.

Read more on the Real ID Act:

A summary of H.R.118
The U.S. House of Representatives Committee on the Judiciary's press release
Technology security expert and author Bruce Schneier's blog

Malicious Code
Anti-virus firm F-Secure confirmed it was unable to infect an automobile, a Toyota Prius, with variants of the Cabir worm, despite rumors to the contrary.

Privacy
According to a report published by the Boston, Mass.-based research firm Aite Group, the United States is the most prone to identify theft among developed countries. Identity theft occurs seven times more frequently in the U.S. than in other industrialized regions.

The biggest challenge financial institutions face is the regulatory and business pressure to rely on commercially available data to identify customers. That data is extremely vulnerable. To reduce the current level of identity theft, financial institutions need to shift the ID verification paradigm. That means relying less on credit bureaus and information brokers, and more on third parties who do not trade consumer data and whose core business is fraud management and ID verification.

(Note: Cybertrust does not use the term "identity theft" if we can avoid it. Identity theft is actually identity fraud, since the victim continues to have the use of his identity after being attacked.)

This finding is akin to saying that more people have car accidents on the road versus those who have them in pastures. Given the per capita use of computers in the U.S., coupled with the American willingness to purchase online, it's no surprise that they would be the most prone to identity fraud.

Also, there are unlikely to be third parties who don't trade consumer data if they have a lot of it, given the very high demand for that type of information. This isn't to say that trading or selling such data is a good thing—only that it is a major business driver and extremely marketable.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.