The Corporate Attack on Electronic Privacy
An Interview with Chris Hoofnagle

Chris Hoofnagle is legislative counsel with the Electronic Privacy Information Center (EPIC). He concentrates on government and consumer profiling.

Multinational Monitor: What kind of national ID programs have been proposed in the United States since the September terrorist attacks?

Chris Hoofnagle: There have been both public sector and private sector proposals for a national identification system. The most ambitious proposals have come from companies such as Oracle. While CEO Larry Ellison claims that his system would be optional—similar to a frequent flyer card—in reality, all national ID systems must be mandatory in order to be effective.

In order for the national ID system to be better than the standard driver's license, it would have to carry some kind of biometric identifier—some kind of unique variable about a person's body. This is typically a fingerprint, but it could be a scan of an eye or palm geometry.

This raises many difficult issues. Obviously, it means maintaining a master database of all those biometric identifiers. But who will have access to that database? How will it be audited? Will it be vulnerable to malicious intrusion or government abuse?

Then there are questions such as whether the identifier will be stored in the card or just in the central database. That is, when a data subject presents a national ID, will the machine reading the card only match the subject's biometric to the card, or will the reader have to match the biometric to one stored in some central database? Alternatively, the system could require the subject to match information on the card and in the database simultaneously. In any case, there still needs to be the rather enormous—260 million person—national database.

Countries with national ID also have provisions in law that enable police to demand presentation of the ID. Under current law, a police officer can demand an ID, but an individual can lawfully refuse unless the officer has probable cause to arrest the subject. So it's likely that a national ID proposal will contain within it certain provisions that will enable both the private sector and government to demand presentation of the ID—for instance, when people board a plane or behave suspiciously. Ultimately, uses of the card will creep in. Today, government will demand the card for boarding a plane. Tomorrow, businesses will demand the card for basic services, such as a video rental account. The social security number creeped in in a similar fashion and is in fact now required to obtain a fishing license.

MM: What kinds of proposals for a national ID have come from government officials?

Hoofnagle: So far, they have been limited to non-citizens. There are about four proposals out there. Senator Feinstein, D-California, has one, as does Senator Kennedy, D-Massachusetts. There are others in the House of Representatives. They are all limited to only requiring that non-citizens carry some kind of national identifier, oftentimes linked to a biometric. This card would have to be presented in order to enter the country.

Here they are saying they're only going to require non-citizens — the politically weak — to use it. But down the road, the system would likely be expanded to others without political clout. For instance, welfare recipients could be the next group required to use it in an effort to stem fraud. Soon, it begins to be issued to children and then it becomes a national ID for Americans.

MM: Do any of the proposals have political momentum?

Hoofnagle: It's clear that the Bush administration does not favor a national ID system as proposed. There will be strong resistance from both the right and the left.

Larry Ellison has been using the events of September 11 as an opportunity to spring national ID on Americans. Well before the attacks, he was trying to sell the same product to the government for a different purpose—as a unique identifier under the Health Insurance Portability and Accountability Act (HIPPA), which calls for a national health identifier. Now he's using September's events to propose the same system. Perhaps he has the most momentum, but nothing has been introduced embodying his ideas—at least not for citizens.

MM: What exactly is the technology that Oracle is pushing?

Hoofnagle: Ellison has offered to donate the software required to create a unified database of government information on all Americans. Donating the software is a significant move; however, Oracle would significantly profit from maintaining the database in the future. National ID is extremely expensive, and in other countries where it has been proposed, officials invariably underestimate the cost.

MM: What other technologies have companies proposed since September that might be a threat to privacy?

Hoofnagle: The recording industry was shopping around an amendment to the anti-terrorist legislation that would have allowed them to engage in aggressive techniques to stop copyright violations on the web. They'd be able to engage in malicious types of actions such as interrupting a file transfer request and sending you a different file than the one you were attempting to download. Or in other ways blocking your ability to communicate.

The first drafts of the anti-terrorism legislation would have eroded consumer privacy protections for cable subscriber records. Cable provisions are some of the strongest privacy protections in the United States. Back in 1984, before interactive cable was even possible, lawmakers recognized that television subscriber data could be used to spy on television subscribers. As a result, they made opt-in provisions for cable records, so that cable companies couldn't sell the fact that you were watching a certain show or subscribing to a certain channel. The first drafts would have enabled cable companies to profile users for commercial purposes based on subscriber data. Fortunately, those provisions were removed.

The next round of legislation will create new freedom of information act exemptions that will allow industry and government to keep critical information out of public view. If passed, this exemption will be used to hide information about embarrassing security breaches.

MM: What about face-recognition technologies?

Hoofnagle: Immediately after the attacks, the two major face recognition providers, Visionis and Viisage, positioned their products as solutions to terrorism.

Their publicity stunt worked. Their stock prices doubled very quickly, and it appeared as though different public transportation centers would adopt the technology. In fact, Oakland International Airport has.

One of the problems not revealed in the press releases is that face recognition technology has never caught a terrorist. In the U.K., they have 3 million cameras spying on citizens, and the system has never caught a terrorist. It's used for petty crime. So face-recognition is another technology that's justified by extreme events like the terrorist attacks of September, but often ends up just being used as a tool in the drug war or for petty crime and voyeurism.

When face recognition was applied at the Super Bowl, police said, "We're going to use this to recognize terrorists," but in fact that's not even on the table. What it was used for was the apprehension of petty criminals—ticket scalpers in this case.

One has to be wary of the reasons for which law enforcement employs new surveillance tools. Officials always demand new surveillance authority for the interdiction of serious criminals, but the powers are almost always used for prosecuting the drug war or for common, blue-collar crimes.

© Multinational Monitor November 2001

 

list of articles