Alberto Mingardi  

A digital ID for all?

Robert Murphy Helps Resolve an... The Best of Econlib: 2017...

digital ID.jpg Does a national ID strike you as an encroachment on individual liberty? Would it be just another nuisance? What if this nuisance is compensated with substantial benefits...

The Wall Street Journal ran an interview by Tunku Varadarajan with former Estonian President Toomas Hendrik Ilves. A side note: I came to enjoy Varadarajan's writings, especially his interviews, a lot. He has an eye for the new and the profound.

Writes Varadarajan:

Mr. Ilves wants America to be more like Estonia. Since 2001, every Estonian has had a digital ID card with a chip, as well as a code number known only to the individual. That enables a "two-factor authentication for every transaction, requiring your chip and your code," he tells me. He scoffs at the more common practice of requiring an email or username plus a password. "All identities based on this 'one-factor' model," he says, "are hackable through brute force. You simply need enough computing time, and really not that much of it."

If he were appointed America's digital czar, he'd "implement a digital ID system for everyone, but do it at the state level." He'd expect political opposition. Estonia logs its residents' digital identities in a national registry, but "citizens in Anglo-Saxon countries regard that sort of thing as Orwellian. They say that this would diminish privacy. But where's the logic in it?" The state, he contends, is "already validating who you are in your passport and your driver's license."

There's no doubt that many Americans would find Mr. Ilves's ideas uncongenial, particular his belief that the successful digitization of a society can happen only if digital IDs are mandatory and universal. "It is a matter of behavioral economics," he says. "Everyone must have one. They need not use it, but they need to have one. Because, if the digital ID isn't universal, digital services will not be developed." Where digital IDs aren't mandatory--including most European Union countries--"neither the public sector nor the private has made efforts to invest in these services. Administration remains a 'paper' affair, and banks don't invest in genuinely secure banking." In most EU countries without a mandatory card, "the e-ID uptake is 15% to 25%. Why bother developing a service if 75% to 85% of the population can't even use it?"

In a way, it seems to me that President Ilves is saying: if you need to do it, do it better. Paper identity cards are easy to counterfeit; I suppose this creates costs for checking and enforcing their authenticity, plus of course counterfeit IDs create a burden for society, as they allow for transactions that shouldn't be happening, and at some point will create further problems and uncertainty.

Still, I would be interested in your reaction to the proposal of a national ID, albeit a digital one. As a libertarian and a paranoid, I find these arguments put forward by the American Civil Liberty Union instinctively plausible. The Electronic Frontier Foundation also has an interesting collection of arguments against going in that direction.

At the same time, as a European, I understand Ilves' more or less implicit argument: we are basically used to having IDs; it seems by now "natural" to us, like the sun rising in the morning, why not have a smarter system of identification then?

A counter-argument is that, in any country bigger than little Estonia, where collective decision making is more intensively prone to special interest groups' influence and generally speaking more opaque, chances are good that a government monopoly can't evolve in a smarter system simply by digitising it.

Another counter-argument could be that we do not know what is the "right" amount of identification, and we are not going to know it if it keeps being entrusted to a monopoly. At the same time, particularly now, we have tons of ways in which we can identify ourselves (isn't a phone with face ID more reliable than any document for that?) and it is debatable that one which is blessed by the government is ipso facto better. Moreover, a government monopoly of identification tends to be able to "talk" only with other government monopolies of identification: which creates problems, particularly with migrants who may come from jurisdictions where the public administration is either very inefficient or very corrupt (or both) and thus, lacking documents, are by definition pushed in the underground economy.

But, as I said, I'd be particularly interested in other people's reactions. Does a national ID still strikes you as an encroachment on individual liberty? Would it be just another nuisance? What if this nuisance is compensated with substantial benefits, as Mr Ilves seems to believe? Thanks in advance for your comments.

Comments and Sharing

COMMENTS (8 to date)
Lawrence D'Anna writes:

I think we're already living with all the disadvantages of a national ID, so we may as well have the advantages too.

People used to worry that IDs would lead to a world where the government could track everything you do, everywhere you go, every purchase you make, every road, bus, train, or airplane you get on. The fear is twofold. First that all this surveillance will lower the cost of law enforcement and government will respond by passing more laws. Second, that once everything in the economy requires an ID, the government will be able to instantly cut individuals off from the formal economy by flagging their ID in a database.

All of this has already come to pass without a national ID. What do we have to lose?

If you're worried about IDs you should be a lot more worried about attacks on cash instead.

patrick k writes:

Drivers licenses, Passports, and credit cards, all collectively add up to a big ID card. The ACLU objections all seem so yesterday. What I would like to see is a list of the advantages. I do think at some point we will all have a single chip that takes care of the three functions and then some, that I mentioned above.

Admittedly the things China is doing with their surveillance data is disturbing but that has more to do with their system of central planning. Naive perhaps but I trust our system.

Kevin L writes:

I don't like the idea, though as Lawrence D'Anna above pointed out, we already have all the downsides. I think a move like this would be necessary for a cashless formal sector, and probably would have the consequence of a larger informal sector.

I'd prefer a market-based approach to this. I think the idea of having a biometrically-verifiable portable credential to validate major financial transactions is on net a good thing. I'd like to see the credit bureaus move this way. In order to initially establish one, you go to a reputable bank or similar institution that verifies your identity the old-fashioned way (government ID, pay stub, address verification, etc.), then directs you to a kiosk that connects to one or more credit bureaus which takes your fingerprint, multiple facial pictures from different angles, asks for a PIN and password, and prints out a revocation/recovery card which you can store yourself or in a safe-deposit box at the bank while you're there. Then it gives you a smart chip card with your bio information (which if they are smart they will not store themselves), private key, and signature from the bureau's key. The technical aspects of the digital signatures is well-understood today and I won't get too far into it here.

A major advantage is that the bureaus can store anonymized records. All they have to do is store a one-way hash of your typical registration information (name, address, DOB, passport or driver license number, SSN, etc.) to make sure no one tries to register twice. But without the smart card or revocation/replacement code you possess, along with the PIN/password you set, it would be very hard for anyone else to use your credit history. Whenever you want to apply for credit, you can use your card and PIN/password rather than the usual litany of personal information.

I see credit fraud as the major identity problem of our time, and this sort of technical solution could largely mitigate it with minimal expansion of the political system into our affairs.

adam writes:

It seems to me that the private sector could develop and administer a digital ID system for financial transactions. Credit agencies already maintain large files on people, and they could theoretically issue some kind of digital ID using that information and/or information provided by an applicant. The reason that doesn't happen now, I think, is that financial companies are allowed to place significant amounts of the costs of identify theft on consumers. There are some decent protections for identify theft in connection with existing credit cards, but very few for other types of identity theft schemes, and even then you can get put through the ringer in trying to prove it wasn't actually you. If financial companies were held strictly liable for proving that you are you when they loan money, etc., I think they'd have a large incentive to work together to build a system to solve the problem.

robc writes:

I was just reading a proposal to use a block chain for a form of ID that only allowed the person needing to see ID to only get the info they needed: For example, a liquor store would get your age (or just 21+ or not). They don't need any other information. Starbucks would get your first name, but not your last. Amazon would get your name and address but not your SS.

Etc, etc.

As was said, if we are going to do it right, lets do it right.

Alan Goldhammer writes:

This cat is already out of the bag. We already have a national ID in the form of the Social Security Number. It's required for banking, brokerage accounts, tax payments, Medicare, and a number of other records keeping activities as well. Since it is recognized by the US government, just build off of it with newer technologies that prevent identity theft.

Thomas Boyle writes:

At this point, my biggest concern is the potential for "un-personing". We saw, recently, how Google (apparently accidentally) shut down some accounts for "improper usage", cutting the affected individuals off from their email, calendar, file storage (Google Drive) and documents (Google's application suite, which uses Google Drive for storage). This could be quite devastating to an individual, but at the moment we can work around it by keeping copies of key documents on another service, and not tying that service to the Google identity. But, if a single identity - government or private - becomes the defacto standard used everywhere, un-personing could be a truly powerful weapon against an individual.

As others have noted, we are already close to this: the government can freeze assets, making bank accounts inaccessible, and a person without access to their resources is pretty quickly powerless.

Neither, I think, has been sufficiently discussed in terms of the potential for abuse.

Mikk Salu writes:

I am Estonian and I have an ID-card. But I also have passport, drivers license and credit card. In Estonia Id-card (though owned by everyone) has not replaced other identification forms. There are benefits to have Id-card, but Mr.Iles, I think, exaggerates.


Return to top