Found via Schneier on Security.
Michael Froomkin, a law professor at the University of Miami, writes about identification and privacy in a chapter from a forthcoming book examining approaches to identification, “Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society” (New York: Oxford University Press, 2009).
“National ID cards” are scare words in the United States, in England, and to a degree throughout the common-law world. If the instinctively negative reaction to ID cards were only an American phenomenon, one might dismiss it as yet another example of American exceptionalism—or, perhaps, another example of the U.S. failure to learn from foreign experience. But this powerful popular distaste for government-issued ID cards is not limited to the U.S. Similar and powerful reactions are found in England, Australia, and Canada. Indeed, in 2000, one could say that only four common-law countries had adopted ID cards in peacetime: Cyprus, Hong Kong, Malaysia, and Singapore. Meanwhile, however, ID cards are a routine and often uninteresting fact of life in the democracies of the civil-law world. That difference deserves exploration. […]
This chapter suggests that the U.S. hostility to ID cards is based on a romantic vision of free movement, and that the English view is tied to a related concept of “the rights of Englishmen.” I then suggest that these views distract from the real issues raised by contemporary national ID plans in the common and civil-law worlds. Today’s issues, I suggest, involve a complex set of data protection issues that have little to do with romantic stories of cowboys and motorists talking back to policemen, and a great deal to do with data storage and access. […]
This is not the place to recapitulate the debate over the need for data protection legislation, nor of the merits and demerits of current implementations. But it is important to note that each ratchet up in an ID card regime—the introduction of a non-mandatory ID card scheme, improvements to authentication, the transition from an optional regime to a mandatory one, or the inclusion of multiple biometric identifiers—increases the need for attention to how the data collected at the time the card is created will be stored and accessed. Similarly, as ID cards become ubiquitous, a de facto necessity even when not required de jure, the card becomes the visible instantiation of a large, otherwise unseen, set of databases. If each use of the card also creates a data trail, the resulting profile becomes an ongoing temptation to both ordinary and predictive profiling. […]
Great transparency and the careful definition and assignment of a sufficiently broad bundle of rights need to be designed into an ID card regime from the start. This may be especially important in countries such as the United States that do not have background data protection rules on which to fall back on, but if ID cards become the key—perhaps literally—to full participation in economic and political life, not to mention part of an internal travel control system that French Kings and Russian Tsars would have envied, a healthy dose of due process and judicial review will be called for as well.