Important corollary: it may well be possible to reduce fraud much closer to zero (then the currently accepted rate) without negative effects on legitimate business.
For example, the USA's lack of a national ID (and the resulting adoption of realldy ba substitues like SSNs, driver's licenses and "two photo IDs") has made a plethora of fraud techniques ridiculously easy. In many other countries, "identity theft" so rare there is not even an established term for it.
Passkeys will hopefully turn into a similar case regarding computer security.
To be a bit more general about this, I have found that the returns to combatting fraud are highly nonlinear.
Having a better national ID than SSNs would have effectively no negative impact while being a huge benefit for security and fraud prevention. It would also, if implemented well, be hugely beneficial for privacy. For instance things like Signal could move from requiring phone numbers to a ZKP using a national ID.
The problem is that the people in the USA who think "national ID" is code for "they want to put us all into pods and use our bodies as batteries" really really don't want national unified identification, and the people who aren't crazy don't consider it anywhere near their top 10 issues that would sway their vote. So no politician with any actual power is going to push for it.
There's tons of issues like this, where there's a clear technical right answer, but the only people who are foaming at the mouth over it are on the crazy side, so it doesn't happen.
The answer isn’t as clear as you think.
https://www.aclu.org/documents/5-problems-national-id-cards
It seems pretty clear. That article is just an example of the craziness I was describing. Notably: having a unified ID structure has a ton of upsides, and "preventing terrorism" seems fully orthogonal. Additionally, we already have IDs that register humans into databases and are tracked when people travel, it's just that the databases are disjoint and thus even more error prone because they're run individually by states.
The way you can tell this article is crazy is by noticing lines like this:
> When a police officer or security guard scans your ID card with his pocket bar-code reader, for example, will a permanent record be created of that check, including the time and your location?
This is already what happens. The police officer logs your interaction alongside your drivers license (or non-driver ID) number. Transposing a nationally-unified ID scheme for the current state-based scheme doesn't increase the amount of logging, it substitutes one log for another.
Part of the problem here is America's shitty privacy laws.
You can get ID scanners for nightclubs which check dates, parse dozens of different designs of ID correctly, detect some types of fake IDs, and record banned patrons. That's a thing you can get in Europe as well as America.
But only in America are they allowed to save the patron's address and use it for marketing purposes.
How you feel about reliable national ids really comes down to "do you trust the state or not".
Error-prone-ness is a feature for people who want the state to be less powerful.
Personally I think that for purely practical reasons national ids are good infrastructure.
I don't think in 2023 a "weak" national identity system offers much protection against an adversarial government.
Forget trusting the state, do you trust the endless parade of crappy companies that will demand your national ID verification to but everything from house insurance to fortnight skins to prevent fraud, and then promptly lose it in a data breech without ever receiving meaningful punishment? Because that is the state of things.
Isn’t this just already the case? It’s not clear to me why it would get worse for the drivers license I give everybody as proof of identity to be issued by the federal rather than state government.
This is especially true given that for many applications, I can already use my passport as an ID.
Actually, the more I think about this the weirder it is as a threat model. Photo ID pictures are basically only worth the value of the info printed on them to an attacker. They’re likewise not really valuable to retain as a business, because you might as well retain the information as tabular data, and then have a checkbox for “we saw this on a physical ID”. The only upside of storing the photo of the ID is if a business doesn’t trust its own employees, so having the photo provides them a way to make sure their employee really checked it.
An attacker who pops my bank’s network doesn’t need to look for ID photocopies: my identifying info is in the database in an already parsed format.
Yep this is a fair concern. Proponents would say that a good implementation would mitigate a lot of the data loss issues we currently see (I work in the digital id space so not entirely disinterested here).
Right now the way we verify identity is "dumb" in the sense that we prove identity using document ids or photos. This is "too strong" - to prove I am over 18 or just "the account holder" I must present valuable document IDs or scans which disclose other things about me such as my exact date of birth or my legal name. It is also "too weak" in that any verifier who receives these things can present them to someone else and impersonate me.
Today, every entity we deal with who verifies our identity can also impersonate us. There are billions of ID scans absolutely everywhere, in realtor's offices and lawyer's cabinets, at car rental agencies, etc ad nauseum.
A good "digital id" scheme allows for cryptographic proofs of identity which are non-transferable between verifiers. It allows things like proving that I am John Smith who is over 18 and holds a driver's license in a way that does not allow the verifier to then present those to someone else and impersonate me. It can allow for proofs of uniqueness, e.g. I can prove that I'm a person you've seen before with id xxxyyy in your database without disclosing my name (if the verifier chooses not to collect that). It can allow "blinding", e.g. I can hand over a token to someone who doesn't need to "see" my actual identity details unless they initiate legal process (say car rental scenario) and then I can be notified if that happens.
It is likely that a lot of verifiers might choose to "over collect" (say, request up-front proof of my legal name when strictly speaking they don't need that to rent me a car) but this can at least be discouraged by measures like tuning service charges so that more invasive verifications cost them more and ensuring that verifiers are subject to different regulation tiers based on the scope of data they collect. Even if the entity loses my PII e.g. my name, DOB, phone number, the systems are designed to not allow anyone accessing that information to impersonate me.
Strictly speaking digital id schemes / properties are orthogonal to "national ids". There are centralised, de-centralised and more or less anarchic (p2p) "versions" of digital identity. However, a government operated scheme at the national level could reduce a lot of commercial capture and the kind of "waste" that happens when you need to stitch together many disparate data sources.
> it's just that the databases are disjoint and thus even more error prone because they're run individually by states.
That is a huge advantadge if the federal governments ever gets taken over by totalitarians. Surely at least some states will refuse to authenticate their ID cards when requested by the feds, some may even issue fake IDs to resistance members. If the feds have a centralized database with updated information on residences etc, they can quietly disappear people.
Driving policy decisions based on this fanfic seems like a poor move. The federal government already has several centralized databases of residences (to pick a boring one: income tax forms).
I lived in Spain and never understood how the DNI/NIE's weren't an easy vector for identity theft. You need to give the number to do the simplest things, and many people wanted to see the card (and possibly make a copy). As far as I know the smart chip on my card wasn't used once in 2.5 years. I suspect the digital certificates you could get from the government likely aren't as well protected by the general (non-technical) populace as they should be. What makes it harder for someone to steal identity via a DNI/NIE in Spain than someone could use a drivers license + SSN in the US?
(For what it's worth, I actually liked the national identity card, and didn't hear too much about identity theft - I'm just curious).
Things may have changed since you were here. Currently, there's additional digital systems built around the e-DNI and much of the administration -national and local- uses that for most of the things where you previously just used your DNI number and a smile.
The certificates themselves in the DNI are used only occasionally, but it's mostly your decision: you can stick to using the certificates and not activate other means and then you can't access a bunch of things unless you use the certificates.
But still, this is mostly for the public administrations. Private entities, such as banks or whatever, don't really make use of it and build their own systems (most of the time quite stupid ones [0]).
--
[0] Fortunately they changed it, but for about a year or so my bank decided that instead of sending a 4-digit code through SMS -which you then typed to verify whatever transaction you were doing- it was "more secure" to just show 5, 10, or 20 4-digit codes on the transaction site and then send you a single number through SMS, say "7", to select the code from the list.
And somehow this was applauded and got them some newspaper headlines as the bank investing the most in advanced security in the country or some shit like that.
Spanish ID card has multiple layered security in them. The obvious and difficult to commit fraud with is the chip which is just a cryptographic one, but you also have RFID in them (with I assume appropriate FNMT signatures), but also physically the patterns in the print, the different textures in different areas of it, holograms, transparencies and the like.
For most ID-requiring processes people undergo training to identify these security features, to the level of fraud that it's worth detecting for said process.
When the post office asks for your ID to retrieve a package, they won't check much, but I don't think it's unusual for banks to pass your card through the RFID reader and have a high res picture of your face on screen even if only to recognize you properly (btw you have apps to read such data).
In Australia, drivers licenses and passports are defacto national IDs. And we felt the sting of that when Optus (2nd largest telecom provider) leaked half of the population's IDs.
Not to mention before this there was almost no way to get a new drivers license number, so if it got stolen good luck, a new license is issued under the same number.
Are AU drivers licenses issued by the national government, or by states? The thing that makes DLs wonky in the US is that while you can basically use a DL as a national ID, it is issued, managed, and operated by the state. So no two state's DLs look the same or have the same info. This makes them amazingly easy vectors for fraud.
As two amusing anecdotes:
A while back, I went to buy some beer in a state other than where I lived. I was asked for my ID, and provided my drivers license. The employee pulled out this comically thick three ring binder, flipped to the page for my state, and had to read through a list of compiled identifying factors for a legitimate ID from my state.
Even further back, I worked at a company where a small slice of my job was verifying ID for new signups flagged as high-risk. Except... we were an online business. Our users were global. So if somebody happened to upload a passport or US DL, I could at least eyeball it. But if somebody uploaded an ID issued by basically any other country on Earth... I guess that's what IDs from The Confederacy of Independent Systems look like? The only surefire way to get rejected was either not uploading anything, or the many, many bots that uploaded random pictures of flowers or trains or random nonsense.
AU drivers licenses are issued by each state, but same as the US they can be used as a national ID. And yep, they all have unique designs as well. However there is a baseline for the information they have to have on them, which is: Address, date of birth, first/middle/last name, card number, and license number.
The issue here is the license number is the one used for most verification, and that one is static. The card number changes every time the card is re-issued.
Examples of them are here: https://www.mygovid.gov.au/verifying-your-drivers-licence
A funny anecdote along the same lines:
A friend of mine recently moved from WA to NSW. If you move state, you have to apply for a new license within three to six months depending on the state. So he got a NSW license, it's a trivial process to convert your license thankfully.
He came back to WA to visit for a while, and tried to go clubbing. One bouncer read the post code from the address (like a ZIP code, only 4 digits instead) as his birth year because he had no clue what he was looking at... NSW post codes start at 2000, so you can see how this mistake could come up. WA post codes start with 6000 so there's no possible confusion there, until we reach the year 6000 at least!
Of course, the Date of Birth is still clearly labeled on every states driver licenses so this bouncer may also have been a bit daft.
Ah, the shared information is actually a low, though it was not set until the Real ID Act of 2005, which has required: full name, date of birth, gender, photograph, address, signature, and the license number.
>The employee pulled out this comically thick three ring binder, flipped to the page for my state, and had to read through a list of compiled identifying factors for a legitimate ID from my state.
This is literally the core gameplay of Papers, Please, a game designed to make you feel bad. (A great game, I hasten to add, and surprisingly enjoyable -- though allowing yourself to enjoy it means turning off empathy more consciously than in anything I've played before.)
> For example, the USA's lack of a national ID (and the resulting adoption of realldy ba substitues like SSNs, driver's licenses and "two photo IDs") has made a plethora of fraud techniques ridiculously easy. I
US federal government provides passports with passport numbers. All the infrastructure is already in place, it’s just a question of political will to implement an API to use this for identity verification.
The problem is that only about a third of all Americans have a passport.