What Makes Identification Secure?
April 2005
Verification
A secure identification system is one that allows people’s identity documents to be verified as belonging to them and, thereby, prohibits others from assuming that person’s identity. In the case of ATM cards, the PIN number serves as a verification method that the person using the card is authorized to use it.
For identification systems to be reliable and secure, verification must be established through an identifier unique to the individual. Agencies responsible for issuing secure identity documents must take rigorous steps to verify an individual’s identity prior to issuing a secure document and recording that information in an accessible database. The authenticity of the document is confirmed by matching the data on the card with the information in the database.
For a secure verification system to be comprehensive, the security of primary documents (e.g., birth certificate, Social Security card) must also prevent the false assumption of another’s identity. If that is not achieved, the systemic point of failure is simply moved to another location. Additionally, secure identification cards should have physical security features (tamper-resistance, holograms, etc.) to inhibit counterfeiting.
Compatibility
An efficient and effective secure identification system requires document compatibility among the various government agencies and departments that produce and maintain identity records or must be able to verify identity in the course of enforcing relevant or applicable law. Non-compatible identity document issuance systems provide openings for the establishment of fake identities or identity theft. At the minimum, all government agencies that issue identification should be able to securely exchange electronic information to identify and weed out duplicate records and to prevent duplicate identity documents from being issued.
Agencies that verify identity also must have systems compatible with those of the issuing agencies, or false documents may be used to prove identity. Even if all systems are compatible, they must also be inter-operable. Identity verification systems must allow for real-time searches, while protecting individual privacy by limiting access to those making legitimate inquiries. The principle of compatibility should include not just primary identity documents, but also ‘breeder’ documents (e.g., birth certificates/birth registries) and related registries (e.g., death certificates/death registries).
Uniformity
In the case of state driver’s licenses, non-uniformity of the application or verification processes facilitates false identity document applications to the weakest link among the state identity document systems. In the absence of uniform standards, reciprocity (a fundamental principle for state identification documents) allows a state Department of Motor Vehicles with sub-standard security and verification control standards to become a means of transmitting identity fraud and undermines the reliability of the entire network of secure identity documents.
Enforcement
Appropriate criminal penalties must both exist and be enforced for identity fraud/theft. These penalties must also encompass and be strictly enforced against government employees who become corrupted into falsely facilitating the issuance of secure documents.