I was standing at yet another airport security checkpoint last week, arms held wide, patience fraying, while a stern-faced security guard pressed her metal detector all over me. Foiled again by an underwire bra, which apparently marks me as a suspicious subject for overtuned alarm systems. Five pat-down searches in three days of travel.
One effect of these close encounters was to spark a keener interest on my part in the clamour about national ID cards, which a majority of Americans support in the aftermath of September 11, despite continuing opposition from the White House. Proponents of this politically charged idea claim that the ability to breeze through airports in the "fast lane" could be among the many benefits of such a Big Brother verification programme. So I can certainly see the appeal.
Ironically, my travels were taking me to and from a computer security conference in Washington. What better place to see if technology is really up to the task of supporting a national ID card system? Turns out we're about 90% there, but that missing 10% is a serious gap. After talking with a variety of experts in biometric, smart card and authentication technologies, I found many who doubt that we can truly safeguard the personal data these cards would contain.
Hacking a smart card and spoofing a fingerprint image will certainly raise the bar for the bad guys, but everyone expects them to rise to the challenge. One speaker from RSA Security noted that a $US5 rubber stamp was all his team needed to fake a fingerprint image.
In the end, I walked away opposed to a national ID card programme. Beyond the concerns about civil liberties or the huge, costly bureaucracy it would involve, the technology implementation would be a never-ending nightmare of integration problems, security breaches, standards conflicts and constant patching of immature products.
Perhaps in a few years we'll be able to authenticate someone's identity through a smart card with a unique access code and a biometric identifier. But nobody produces such a triple-protected, tamper-proof product now. Until the technology can protect us, this remains a dangerously bad idea.