你有了身分证

为什么国家身份证是个糟糕的主意

作者：喬曼和獨立學會的柯大為 (David Kopel)2002年2月5日11.45

尽管911劫机者看来一直正是他们自己说的那样，相当多的人想让我们想信能保证所有美国人安全的与充满个人信息的数据库连接的国家身份证的谎言。最近这群人攀上了国家身份证。首当其冲的是美国机动车管理协会。

它想把驾照作为美国及英国的国家身份证系统的基础。并计划向国会要一亿美元开发编号及跟踪市民方案以"确保一个更安全的美国"罗伯特小奥哈罗 2002年1月14日San Jose Mercury新闻在线版）。

象机动车管理员们和ORACLE公司的Larry Ellison一样，许多人对促成一个国家身份卡都有巨大的明显的商业动机。其它人只是为了自己的安全而赞美管理。不管他们的动机是什么，他们每个人都认为安全的正确的数据库存在，而且国家身份卡不会为个人造成什么问题。但一般来说，这正好相反。即使有着最好的意愿，但政府维护数据库做得太差。几乎没有迹象显示一个国家身份卡会提高安全或保护隐私。

看一看科罗拉多儿童保护中心注册处的问题，由州政府管理的一个小的数据库是相当有效率、公正、尊重隐私的。

以一种或另一种形式存在了30年的注册处现在是一个用于跟踪所有受虐待或受忽视儿童报告或对为孩子工作的人们进行后台监测的自动的数据库。理论上，这个注册处允许其雇员立即确认有虐待孩子倾向的人，帮助州福利机构从那些受恶意犯罪指控的人中区分一贯虐待儿童者。2001年5月，科罗拉多州审计处检查了注册处。它包含的107，848个记录里面有113，681个确认的或认定的犯罪者信息，还有907个不确定的间接犯罪者及144，334个儿童的信息。它每月接收约450个新的报告。

尽管州政府竭尽全力，注册处的错误率仍很高。当审计处把31例事件报告的样本和注册处的登记比较时，发现44处数据输入错误。在107，848个记录中有50，000个不完整。48个注册的对孩子进行性犯罪的罪犯记录样本中，40%没有在注册处列出。而2000年6月1日科罗拉多的一个法律要求注册处删除所有受虐待儿童指控后被宣告无罪或案件已经取消的人的记录。在2000年6月1日开始或以后，司法部记录的1589个被宣布无罪的人中，191个仍非法列在注册处名单中。

尽管注册处跟踪对未成年人犯罪的人，它显然对虐待儿童的成功起诉几乎没有什么影响。2000年半数以上的报告被忽略。所有报告中近一半被列为"未成年"科罗拉多法令对虐待儿童有一个广泛的定义，这样就有许多种解释空间。虐待儿童的行为包括任何造成明显非意外的瘀伤，拒绝为儿童服务包括任一谨慎的父母应该为其提供的监护；创造极有可能伤害儿童智力或心理机能发展的生活条件的行为。注册处成员工及区代表告诉审计处："列在注册处的人，几乎没有人被作为罪犯而逮捕、审问或判处虐待儿童罪。"

对照顾儿童的工人、养育及抱养的父母所需的"即时的"后台检测需要长达三个月完成，尽管州法律要求10天完成。拖延对家庭及儿童服务提供者造成了严重的破坏。9个后台监测相联系的儿童保育机构有4个必须解雇为他们工作的员工，有一个要把雇员从与接触孩子有关的位置中移开。

注册处计划跟踪仅4百多万的州人口的一小方人。2001年7月美国居民人口估计约在285，000，000。因而国家身份数据库会是一个相当难维持的数据库。约16%的美国人口每年改变居处，只1%的错误率就会影响到几乎三百万的家庭。

甚至相当小的联邦数据库的错误率就远远超过1%.1998年，综合清算处报告：社会安全部门管理5千万个受益人档案。1997年处理了一亿三千八百万工人近二亿二千五百万的工资和税申报信息。

2000年，社会安全管理局检查长重审了455个儿童社会安全受益人的样本，发现86%不符合项目的要求。检查长还估计：接受无支付能力的人中有一百三十一万记录不完整因为记录缺少关于具体方面的无支付能力信息。

1995年约翰J。米勒和加图学院的斯蒂芬摩尔报告：发现社会安全档案的错误达到了5%---20%.

错误大肆破坏那些受影响的人们的生活，那些没有社会安全利益或被美国国税局错误地追踪的人可以证明。所有的这些官僚机构很少为他们的错误付出代价，改正错误可能是一个梦。1996年11月8，疗养院职员错误地核对一个"过期"的盒子在黛博拉A霍金斯所在的疗养院的发货单上。刚做完臀部复原手术的霍金斯妇女士也在等待肾移植的名单上。尽管疗养院发出试图改正错误的信而且残废的霍金斯女士也访问了社会安全管理局，但是医疗机构开始拒绝付她的医疗账单。她又联系了议员及调整错误的机构。 1997年2月26日，华盛顿晨报报道说，据政府所知霍金斯女士在三个月零17天后还是死了。（Courtland Milloy.1997年2月26日 "改正巨大的错误"华盛顿晨报B1）

现在，数据库里的一个错误会产生可怕的后果，但错误将不会传播给其它的数据库。如果医疗机构相信你几个月前死了，你还可以坐飞机旅行、买枪枝、或找到新的工作。但是有了作为个人生活信息中心的国家身份证，一个悲惨的错误在一轮里很快就会传遍所有其它轮，使一个错误的受害者不可能正常地生活。如在法国，职员在国家身份证输入的数据的编排拼写错误有时会不可能更改，这样一个人就变成了个无此人。

另外，任何一个巨大的人口管理系统中疏忽的错误是在所难免的。故意的错误是一个巨大的问题，将来仍然是。社会安全管理局和美国国税局使用的类似项目的一个产品就是这些由错误或使用错误身份得到工作的人创造的社会安全数字。每年不能在W2中找到的名子和智力严重失常者的记录被放在收入悬念档案中。现在档案里有超过二亿二千七百万个记录，其中11%涉及从未被证实的智力严重失常者。执行是没有希望的。2000年财政上，社会安全管理局收到了46，840个滥用智力严重失常者指证。在1997年和2001年间，检查长管理办公室总共调查了5655案例。尽管国家身份证的支持者们吹捧身份卡内含的层积的微芯片的防伪的绝对保护，但这个世界充满了受过良好技术训练的会设计微芯片和层积的人们。其实，不可被伪造的文件还没被发明。每年美国政府发行的约六百万个护照在普通可得的身份文件中最具技术挑战性。通过外国检查的赝品也不少见，1998年联邦调查局报告赝品价格在二千到一万二美元左右。

能让人们非法进入并在美国运转的外国文件赝品价格甚至更便宜。根据2000年加州司法部的报告，俄国护照的赝品可以从"旅行社""文件制造者"那以120---200美元的价格搞到手。一些骗子使用欺诈的手段取得真正的文件。一个外国贸易财团用镇静药从美国公民手上买到了出生证明而得到了真正的美国护照。（护照政策、计划、顾问服务办公室、外事局主任John Hotchner 1999年七月二十日陈述。"伪造、滥用社会安全卡和国家及地方身份文件" 移民申请委员会，国会司法委员会）

不老实的政府职员也成了实际问题。1997年29个社会安全管理局职员被指控犯罪，犯罪行为包括制造假身份到欺诈性地出售社会安全管理卡和滥用机密文件。2000年，一个职员因制造125个社会安全卡给一个帮凶而入监。另一个为了解一些人的银行信息被盗后的复位信息浏览社会保障总署数据而被叛有罪。被盗信息被用于激活63个代替卡。值得注意的是职员浏览社会安全数据只有在旅行者银行通知社会安全管理局银行发现银行的信用卡发行数据有可疑图案时才会被发现。

如果赌注足够高，他们会败倒在国家身份卡系统下因为一个卡会是其它一切的关键，没有理由相信人不会被贿赂而制造假的记录。

不是加强监督起诉可能的异端分子，恐怖分子、罪犯。国家身份卡的支持者们想让当局进行做作的管理充满亿万无辜人们的不正确信息的难管理的数据这样一个不可能的工作。因为为恶者是人类的一小撮，这归结到创建一个集中其有限资源在监控无辜的安全系统。而从强大的监视中被释放的真正的罪犯在系统无效的噼啪声中，藏身是不会有问题的。

回首頁

You�ve Got Identity Why a national id is a bad idea.

By Linda Gorman & Dave Kopel of the Independence Institute February 5, 2002 11:45 a.m.

Despite the fact that the September 11 hijackers appear to have been exactly who they said they were, a large number of people want us to believe that safety lies in issuing all Americans national-I.D. cards linked to databases packed with personal information. The latest group to climb on the national-I.D. bandwagon is the American Association of Motor Vehicle Administrators.

It wants drivers' licenses to be the foundation of a national-I.D. system in the U.S. and Canada and plans to ask Congress for $100 million to develop a scheme to number and track citizens in order to "secure a safer America." (Robert O'Harrow Jr. January 14, 2002. San Jose Mercury News online edition.) Many people, like the Motor Vehicle Administrators and Oracle's Larry Ellison, have huge and obvious business incentives to foster a national-I.D. card. Others simply admire surveillance for its own sake. Whatever their motive, each of them assumes that secure, accurate, databases exist and that national-I.D. cards will cause few problems for individuals. Practical experience, however, suggests the opposite. Even with the best of intentions, governments do a poor job of maintaining databases, and there is little evidence to suggest that a national-I.D. card would either promote safety or protect privacy.

Consider the problems with Colorado's Central Registry of Child Protection, a small database run by a state government that is relatively efficient, fair, and respectful of privacy.

In existence in one form or another for about 30 years, the registry is now an automated database used to track all reports of child abuse or neglect and to conduct background checks on people working with children. In theory, the registry allows employers to instantly determine whether they are hiring people prone to child abuse and helps state welfare agencies separate habitual child abusers from those who are victims of malicious charges. In May 2001, the Colorado State auditor's office examined the registry. It contained 107,848 records with information on 113,681 confirmed or alleged perpetrators, 907 unknown third-party perpetrators, and 144,334 children. It received about 450 new reports a month.Despite the state's best efforts, the registry has a high-error rate. When the auditor's office compared a sample of 31 incident reports with their registry entries, it found 44 data-entry errors. Fifty thousand of the 107,848 records were incomplete. Forty percent of a sample of 48 registered sex offenders known to have committed crimes against children were not listed in the registry. As of June 1, 2000, Colorado a law required the registry to delete records for anyone acquitted of child abuse charges or whose case was dismissed. Of 1,589 people who listed as having been acquitted of child-abuse charges in judicial records on or after June 1, 2000, 191 were still illegally listed in the registry.

Although the registry tracked people for minor transgressions, it apparently had little effect on successful prosecutions for child abuse. Over half of the reports of abuse in 2000 were for neglect, and nearly half of all the reports were listed as "minor." Under Colorado statute, child abuse is broadly defined and leaves a great deal of room for interpretation. Children are abused by any act or omission that leaves bruises that may not be accidental, any act or omission that denies services, including supervision, that a "prudent" parent would provide, or any act or omission that creates living conditions that cause or pose a substantial risk of impairing a child's intellectual or psychological functioning or development. Registry staff and county representatives told the auditor's office that "very few individuals listed on the registry as perpetrators are ever arrested, charged, or convicted of any child abuse crime."

The "instant" background checks required for child-care workers and foster and adoptive parents took as long as three months to complete, despite a state law requiring completion within ten days. Delays caused severe disruptions for families and child-care providers. Four of nine child-care facilities contacted about positive matches had to fire people already working for them. Another facility was able to move the employee to a position not involving contact with children. The registry is designed to track a small subset of people in a state population of just over 4 million. With the July 2001 resident U.S. population estimated at roughly 285,000,000, a national-I.D. database would be a much more difficult database to maintain. Roughly 16 percent of the U.S. population changes residences every year, and an error rate of just 1 percent would affect almost 3 million households.

Even considerably smaller federal databases have error rates higher than 1 percent. In 1998, the General Accounting Office reported that the Social Security Administration administered records on 50 million beneficiaries. In 1997 it processed information on approximately 225 million wage and tax statements for about 138 million workers.

In 2000, the Inspector General of Social Security Administration reviewed a sample of 455 child Social Security beneficiaries, and found that 86 percent were not eligible for the program. The Inspector General also estimated that 1.31 million records of those receiving disability payments were incomplete because the records lacked information on the disability for which the payment was being made.

In 1995, John J. Miller and Stephen Moore of the Cato Institute reported Social Security files have been found to contain errors in 5 to 20 percent of cases.

Errors can wreak havoc in the lives of those affected, as anyone who has been denied Social Security benefits or mistakenly pursued by the IRS can attest. Because the bureaucracies involved seldom suffer for their mistakes, correcting them can be a nightmare. On November 8, 1996, a nursing-home clerk mistakenly checked the "expired" box on Deborah A. Hawkins's nursing-home discharge papers. Ms. Hawkins, 50, had just had her hip replaced and was also on the waiting list for a kidney transplant. Despite a letter from the nursing home trying to correct the error and a personal visit to the Social Security Administration by the disabled Ms. Hawkins, Medicare began refusing to pay her medical bills. She contacted her congressman and regulatory oversight agencies. The February 26, 1997, Washington Post reported that, as far as the government was concerned, Ms. Hawkins was still dead 3 months and 17 days later. (Courtland Milloy. February 26, 1997. "Correcting a Grave Mistake," Washington Post. B1).

Currently, an error in one database can have terrible consequences, but the error will not necessarily spread to other databases. If Medicare believes that you died several months ago, you can still travel on an airplane, purchase a firearm, or get hired at a new job. But with a national-I.D. card serving as the information hub of an individual's life, a catastrophic error in one spoke will quickly spread to all the other spokes, making it impossible for an error victim to live a normal existence. In France, for example, a clerk's typographical spelling error in the national-I.D. entity database sometimes becomes impossible to correct, and thus a person turns into a non-person.

Besides the inadvertent errors that are inevitable in any large human administered system, deliberate fraud is, and will continue to be, an enormous problem. One product of the matching program that the Social Security Administration (SSA) runs with the IRS is a pool of invalid Social Security Numbers created either by mistake or by people using false identities to get a job. Each time a name and SSN fail to match on an annual W-2, the record is placed in an Earnings Suspense File created to hold "voluntary social security contributions" whose owners cannot be identified. There are currently more than 227 million records in the file, about 11 percent of which refer to SSNs that were never issued. Enforcement is hopeless. In fiscal year 2000 the Social Security Administration received 46,840 allegations of SSN misuse. Between 1997 and 2001 the Administration's Office of the Inspector General investigated a grand total of 5,655 cases.

Although national-ID proponents tout embedded microchips laminated in ID cards as sure fraud protection, the world is full of technically trained people able to program microchips and laminate documents. In fact, the unforgeable document has yet to be invented. The roughly 6 million passports issued each year are the most technically challenging generally available ID documents produced by the U.S. government. Counterfeits capable of passing foreign examination are not uncommon, and in 1998, the FBI reported that prices ranged from $2,000 to $12,000.Counterfeits of foreign documents, which allow people to legally enter and operate in the U.S., cost even less. According to a 2000 report from the California Department of Justice, counterfeit Russian passports were generally available from "travel agency" "document facilitators" for $120 to $200. Some crooks use fraudulent means to obtain the genuine article. One alien trafficking syndicate got genuine U.S. passports by buying birth certificates from U.S. citizens at methadone clinics. (Testimony of John Hotchner, Director, Office of Passport Policy, Planning and Advisory Services, Bureau of Consular Affairs, Department of State. July 22, 1999. "Counterfeiting and Misuse of the Social Security Card and State and Local Identity Documents," Subcommittee on Immigration and Claims, Committee on the Judiciary House of Representatives.)

Crooked government employees present another practical problem. In 1997, 29 Social Security Administration employees were convicted of crimes ranging from creating fictitious identities, to fraudulently selling Social Security Administration cards to abusing confidential information.

In 2000, an employee was imprisoned for issuing 125 Social Security cards to an accomplice. Another was convicted of browsing the SSA database for information on people whose replacement credit were stolen while en route to them. The stolen information was used to activate 63 replacement cards. It is worth noting that the employee browsing the Social Security database was detected only after The Traveler's Bank notified the Social Security Administration that the bank was seeing suspicious patterns in the bank's credit card issuance data.

If the stakes are high enough, and they would be under a national-I.D. system because one card would be the key to everything else, there is no reason to believe that people could not also be bribed to create false records.

Rather than focus on intensive surveillance and prosecution of likely miscreants, terrorists, and illegals, national-I.D. supporters want authorities to undertake the impossible task of pretending to manage an unmanageable database filled with inaccurate information on millions and millions of innocent people. Since evildoers are a small fraction of the general population, this boils down to building a security system that concentrates its limited resources on monitoring the innocent. Freed from intensive surveillance, real criminals should have no problems hiding in the system's inefficient cracks.