provider for all contexts?"

Government should be involved in work on PIFs, Kreizman said, though a full-fledged partnership may be impossible.

"Governments are one type of source for identity proof, and they are also identity consumers," Kreizman said. "We need government-issued IDs for nonelectronic purposes. We could also use government as a source of identity proofing truth for online transactions. But we don't always want that."

 

Finding Privacy
Some observers caution that the need for security is running roughshod over personal privacy rights.

The federal government alone is juggling six identity card initiatives, said Jim Dempsey, policy director at the Center for Democracy and Technology, and the CDT is alarmed at the proliferation of identity cards created in a policy vacuum.

"The biggest problem is that we have no policy framework for collection, use, storage and exchange of identification information," Dempsey said. "The United States has no comprehensive privacy law."

What exists now is a smattering of sundry privacy protections, he said, noting that Americans possess a constitutional right to privacy, but that right was largely defined in the pre-Internet age. Various statutory privacy protections exist, he said, but those protections target specific sectors, such as financial institutions or hospitals, and are riddled with exceptions.

The CDT has been trying to get the message through, he said but so far, Congress is somewhat mired in the sectoral approach of the past. That approach is, in part, the byproduct of legislative committees being created to examine laws targeted at specific sectors, such as a banking committee or a judiciary committee.

Larger issues also complicate the question of identity and privacy, however. Walking down the street used to be an unidentifiable activity unless someone actually knew you, he observed, the constitutional rule that a person has no privacy when it comes to what he or she does in public doesn't have very broad consequences when what that person did was not identifiable.

"There's a huge amount of activity going on in the proliferation of video cameras, and ultimately we're going to have increasing integration of facial recognition software in those camera systems," Dempsey cautioned. "We are really entering a very different world," he said, adding that there's no clear sense of a system for gathering, applying, storing and sharing identity information or personally identifiable information.

"The rules we've had in the past were based upon the assumption that there was a certain amount of friction in the system," he said. "They were also based upon the assumption that it was hard to link data across databases, as well as a series of other assumptions. Increasingly those assumptions are being blown apart, really, by changes in technology."

Shane Peterson  |  Associate Editor