The problem is that the people in the USA who think "national ID" is code for "they want to put us all into pods and use our bodies as batteries" really really don't want national unified identification, and the people who aren't crazy don't consider it anywhere near their top 10 issues that would sway their vote. So no politician with any actual power is going to push for it.
There's tons of issues like this, where there's a clear technical right answer, but the only people who are foaming at the mouth over it are on the crazy side, so it doesn't happen.
The answer isn’t as clear as you think.
https://www.aclu.org/documents/5-problems-national-id-cards
It seems pretty clear. That article is just an example of the craziness I was describing. Notably: having a unified ID structure has a ton of upsides, and "preventing terrorism" seems fully orthogonal. Additionally, we already have IDs that register humans into databases and are tracked when people travel, it's just that the databases are disjoint and thus even more error prone because they're run individually by states.
The way you can tell this article is crazy is by noticing lines like this:
> When a police officer or security guard scans your ID card with his pocket bar-code reader, for example, will a permanent record be created of that check, including the time and your location?
This is already what happens. The police officer logs your interaction alongside your drivers license (or non-driver ID) number. Transposing a nationally-unified ID scheme for the current state-based scheme doesn't increase the amount of logging, it substitutes one log for another.
Part of the problem here is America's shitty privacy laws.
You can get ID scanners for nightclubs which check dates, parse dozens of different designs of ID correctly, detect some types of fake IDs, and record banned patrons. That's a thing you can get in Europe as well as America.
But only in America are they allowed to save the patron's address and use it for marketing purposes.
How you feel about reliable national ids really comes down to "do you trust the state or not".
Error-prone-ness is a feature for people who want the state to be less powerful.
Personally I think that for purely practical reasons national ids are good infrastructure.
I don't think in 2023 a "weak" national identity system offers much protection against an adversarial government.
Forget trusting the state, do you trust the endless parade of crappy companies that will demand your national ID verification to but everything from house insurance to fortnight skins to prevent fraud, and then promptly lose it in a data breech without ever receiving meaningful punishment? Because that is the state of things.
Isn’t this just already the case? It’s not clear to me why it would get worse for the drivers license I give everybody as proof of identity to be issued by the federal rather than state government.
This is especially true given that for many applications, I can already use my passport as an ID.
Actually, the more I think about this the weirder it is as a threat model. Photo ID pictures are basically only worth the value of the info printed on them to an attacker. They’re likewise not really valuable to retain as a business, because you might as well retain the information as tabular data, and then have a checkbox for “we saw this on a physical ID”. The only upside of storing the photo of the ID is if a business doesn’t trust its own employees, so having the photo provides them a way to make sure their employee really checked it.
An attacker who pops my bank’s network doesn’t need to look for ID photocopies: my identifying info is in the database in an already parsed format.
Yep this is a fair concern. Proponents would say that a good implementation would mitigate a lot of the data loss issues we currently see (I work in the digital id space so not entirely disinterested here).
Right now the way we verify identity is "dumb" in the sense that we prove identity using document ids or photos. This is "too strong" - to prove I am over 18 or just "the account holder" I must present valuable document IDs or scans which disclose other things about me such as my exact date of birth or my legal name. It is also "too weak" in that any verifier who receives these things can present them to someone else and impersonate me.
Today, every entity we deal with who verifies our identity can also impersonate us. There are billions of ID scans absolutely everywhere, in realtor's offices and lawyer's cabinets, at car rental agencies, etc ad nauseum.
A good "digital id" scheme allows for cryptographic proofs of identity which are non-transferable between verifiers. It allows things like proving that I am John Smith who is over 18 and holds a driver's license in a way that does not allow the verifier to then present those to someone else and impersonate me. It can allow for proofs of uniqueness, e.g. I can prove that I'm a person you've seen before with id xxxyyy in your database without disclosing my name (if the verifier chooses not to collect that). It can allow "blinding", e.g. I can hand over a token to someone who doesn't need to "see" my actual identity details unless they initiate legal process (say car rental scenario) and then I can be notified if that happens.
It is likely that a lot of verifiers might choose to "over collect" (say, request up-front proof of my legal name when strictly speaking they don't need that to rent me a car) but this can at least be discouraged by measures like tuning service charges so that more invasive verifications cost them more and ensuring that verifiers are subject to different regulation tiers based on the scope of data they collect. Even if the entity loses my PII e.g. my name, DOB, phone number, the systems are designed to not allow anyone accessing that information to impersonate me.
Strictly speaking digital id schemes / properties are orthogonal to "national ids". There are centralised, de-centralised and more or less anarchic (p2p) "versions" of digital identity. However, a government operated scheme at the national level could reduce a lot of commercial capture and the kind of "waste" that happens when you need to stitch together many disparate data sources.
> it's just that the databases are disjoint and thus even more error prone because they're run individually by states.
That is a huge advantadge if the federal governments ever gets taken over by totalitarians. Surely at least some states will refuse to authenticate their ID cards when requested by the feds, some may even issue fake IDs to resistance members. If the feds have a centralized database with updated information on residences etc, they can quietly disappear people.
Driving policy decisions based on this fanfic seems like a poor move. The federal government already has several centralized databases of residences (to pick a boring one: income tax forms).