Homeland Security Watch

News and analysis of critical issues in homeland security

November 1, 2006

Book Review: ‘Identity Crisis’

Filed under: Privacy and Security — by Christian Beckner on November 1, 2006

I read the book “Identity Crisis: How Identification Is Overused and Misunderstood” by Jim Harper at the CATO Institute last week, with the objective of improving my understanding of identification issues as they apply to key homeland security challenges.

Many of the most significant controversies in the homeland security policy realm today – REAL ID, a National ID card, aviation security screening, the use of biometrics – pivot upon issues of identification, and the way in which the imperatives for security, privacy, and freedom sometimes clash with one another in these debates. Too often, these issues are demagogued or misinterpreted by people on all sides of these debates, creating the need for clarity on the terms of these debates. This book adds a valuable dose of clarity to this debate, and while I disagree with some of Harper’s conclusions, I think that the implicit framework in the book provides a basis on which future identity- and security-related policy disputes can be mediated.

Harper’s book does an excellent job of laying the groundwork and clearly defining the different types of identification and the roles that they play in everyday societal interactions. He provides interesting historical context on the evolution of identification, and writes in an engaging style that is atypical for a think tank-published tome.

These early chapters of the book set the stage for the discussion of key identity-related policy issues today: the excessive use of Social Security numbers as an identifier, the role of the credit bureau industry, the changing roles of identification cards, the implications of the REAL ID Act, aviation screening issues, and the debate over whether the U.S. should have a national I.D. card., among others.

Harper argues generally that identification-based tools and techniques are a weak source of leverage in the fight against terrorism, suggesting instead a risk management approach focused on a non-person-centric approach to addressing threats and vulnerabilities. This passage from page 212 summarizes his argument:

Good risk management addresses threats and risks without regard to who might cause them, long before any bad actor has been identified. The reduced risk of commandeering since 9/11 illustrates this well. Hardened cockpit doors stop anyone who might enter the flight deck without permission. The resolve of crew and passengers to attack hijackers does not turn on who they are but extends to any and every hijacker. This entire method of attack has largely been cut off.

These techniques to reduce risk do not rely on identification. They meet threat vectors head-on. The same is true o fsecurity against other tools and methods of attack. Magnetometers screen for all weapons. X-ray machines scan for all guns and bombs. Sensors sniff for bomb residues and chemical or biological agents no matter whom or what they are on. Identification of people plays no role in the most direct and substantial methods for managing the risks to passenger air travel.

It’s on this point, as it applies to the key issues discussed in the book, that I have my main disagreement with the book. I don’t see identification vs. physical security as an either/or dichotomy. Instead, I seem them both as valid tools, each with their pro’s and con’s, that should be used in harmony with each other, based on cost, effectiveness, and societal values, as part of a broad systemic approach to securing the homeland. There are some instances where physical-based approaches will suffice on their own. And identification systems are no panacea, as they have sometimes been made out to be. But I think that identification-based tools can be appropriately used to improve protection or create deterrence within certain threat vectors.

Harper also has an interesting discussion in the latter part of the book about the relative merits of homogeneous vs. heterogeneous ID systems: a debate that is relevant to the ongoing discussions over the REAL ID Act and the concept of a National ID card. I’ve argued previously on this blog that a National ID card would be preferable to the heterogeneous 50-state system that we have today, and that the REAL ID Act is an expensive solution, providing some security benefits due to improved credentialing and verification but in a way that doesn’t capture the benefits from scale and integration. Harper argues, by contrast, that integration is inherently dangerous (creating the risk of excessive data aggregration) and that scale creates undue criminal temptations (i.e. makes the card valuable and motivates illicit acquisition). I take his points, but I still see these risks as lesser than the existing risks resulting from the lack of common standards, which allows certain states to maintain weak ID systems.

But overall, this was a very engaging book, and well-worth reading for anyone who works on or cares about these issues. The advocates of increased use of identification for security would be well-advised to read it to understand the perils that certain courses of action can create. And the foes of increased use of identification should read this as well, as a way to understand how to rationally and criticize ID-related programs, instead of making fear-inducing, emotive counter-arguments, as is too often the case. By thinking and operating along the parameters suggested in this book, I believe that we can come to a lot more common ground on these difficult issues.

You can order the book directly from the CATO Institute or here at Amazon.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print

5 Comments »

Comment by Michael Hampton

November 1, 2006 @ 5:12 pm

Be careful. With a book review like that, you might be asked to speak about it at Cato. :)

Pingback by Sunday Information Security Links « PurpleSlog

November 5, 2006 @ 4:03 pm

[...] A book review of Identity Crisis (something that has been on my to-do list. [...]

Pingback by Homeland Security Watch » New Cato paper on predictive data mining

December 12, 2006 @ 1:50 am

[...] The Cato Institute published a paper yesterday entitled “Effective Counterterrorism and the Limited Role of Predictive Data Mining” by Cato’s Jim Harper (whose book Identity Crisis I reviewed here last month) and fellow IBMer/blogger Jeff Jonas. The paper argues against the value of pattern-based predictive data mining as a tool for counterterrorism, instead favoring tools that investigate links among and outward from known suspects, using intelligence and detection tools within a more robust information-sharing environment. [...]

Comment by Ron

April 7, 2007 @ 12:27 am

Hello, Ive been reading a lot on the national ID
It it true that if it in effect that one would not be able to recieve your social security check if you do know agree with the national ID card.
I am 70 years old and I dont want to have to submit to getting a national ID.
Pease reply and thank you for all that you do
northwoods@centurytel.net

Comment by Jane

April 30, 2007 @ 12:43 pm

I have not read this book yet, but as of today, am ordering. I think this needs to be a wake up call for America, who currently is like the frog, being slowly boiled or if you will, a sleeping giant, being greatly deceived by those in charge. America’s freedoms have already been compromised. People, this National ID card is a huge step in the wrong direction for the citizens of the USA. It is nothing more than people control. I am looking forward to reading this book. Looks like a must read for anyone concerned with their civilian rights.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>