Last month's RSA Conference held in San Jose, Calif., on electronic security covered many topics, spanning personal identification, electronic signatures, hack prevention, cryptography, and more. But the most controversy swirled around the issue of a national electronic identification (ID) card. Such a card raises justified concerns regarding privacy, yet promises to provide better services and improved security.
Over the last few years, identity theft has become all too commonplace. Once someone gains access to your social-security number, birthdate, and driver's license, that person can "become" you and pretty much destroy your life by ruining your credit rating, stealing your money, or even committing crimes for which you might be held responsible.
Various techniques can be used to provide a more secure identity. But because they're not in widespread use, they offer limited value for now. If the government moves forward and creates a nationwide identity card and infrastructure to support it, that could change. The advent of digital signatures and their use to authorize transactions makes it even more critical to prevent false use of the signature and have confirmation that you are indeed you.
Multiple biometric approaches, including fingerprint, voice, face, or eye recognition, can be used to define an identity. Even differences in typing patterns can be used to differentiate identities. The selected identity definition can then be stored in a secure encrypted environment, such as a smartcard.
The challenges, though, are many, with reliability being paramount. That means the verification system can't be fooled into recognizing an unauthorized person, or fail to recognize an authorized person. Whatever the approach taken, it must be minimally intrusive and low in cost to ensure broad adoption of the technology.
Many applications could greatly benefit from secure ID cards. Healthcare particularly makes a lot of sense. Secure cards can hold much more than just a personal identity. Health data like blood type, allergies, and medications could make the difference in emergency situations. In addition, such cards could potentially reduce the fraud that significantly drains the medical insurance system.
Further, the same card could also be used to verify voter identification. This might be the first step toward a nationwide standardized voter-registration system, which, in turn, could reduce voter fraud and ease voter registration.
Presently, no perfect biometric solutions exist. Much work must still be done to improve reliability. More accurate recognition algorithms, faster response times, and lower system costs are essential. But how far should we go to secure our personal identity, and how much privacy will we sacrifice in the process?