Life, Liberty and the Pursuit of Terrorists


Francis Fukuyama, the former US State Department official and celebrity intellectual made his name a decade ago when he wrote an essay catchily titled "The End of History," and, in the aftermath of September 11, stoutly declared, "We are an open society, we will not resort to ID checks." As those atrocities confirmed, this libertarianism was misplaced. At least on the question of ID cards.

Dr. Fukuyama is quite correct in his judgement that many people instinctively fear that a national ID card would compromise basic freedoms and personal privacy without helping to reduce the threat of terrorism. They suspect that national governments would build databases that would do more snooping on law-abiding citizens than catching terrorists. However, if we do lose our liberty, few will deny that the terrorists will have won.

I don't deny that issuing ID cards to residents and visitors is a very big deal. Trusting any government to maintain a database with our names, addresses, places of work, amounts and sources of income, assets, purchases and subscriptions, travel destinations, and so on, requires a huge leap of faith. But the reality is that this information about us has been gathered for years.

This data collection was not instigated by our governments but by the likes of credit card companies such as Visa. Since they've been marketing, they've been issuing cards and building databases about millions of us. These databases are searched and sold daily and it is likely that most of us have voluntarily exchanged our personal liberties and privacy, not for a larger international security initiative, but just to make shopping more convenient.

Unsurprisingly, governments already issue several ID cards: passports, drivers' licences and visas among them, and maintain thousands of databases to keep track of everyone from the taxpayer and voter to the suspected terrorist. Consequently, there is no great libertarian issue about whether we should have government ID cards and an accompanying database.

A more practical question is whether we can make existing databases more effective? In this respect: do we need a national ID cards? No. Should we make our existing ID cards harder to forge? Yes. Do we need more databases to track terrorists? No. The one step we could take to make terrorists' life tougher is to ensure the information from all European government databases is copied onto a single security database.

Today, every intelligence and law enforcement agency worldwide maintains separate databases of suspected criminals. The sheer volume of these databases makes it difficult for one agency to identify and apprehend someone wanted by another. If there is a warrant for an arrest in Paris, that warrant will not be detected when that person enters Athens Airport and shows his passport at the airport. Immigration officials will check the few interagency 'watch list' databases, but do not crosscheck other international databases. There are simply too many.

Because the watch list is very rarely cross-checked, one of the September 11 terrorists made it through passport control, even though he had an outstanding arrest warrant in the state of Florida, and others were not identified because they had entered America illegally and were therefore not listed on any database. When the airlines sell tickets, the names of the passengers are not cross-checked with the watch list. If the cross-checking had been done, many, if not all, of the terrorists would have been arrested before they boarded their flights. A single, comprehensive security database would make such watch list cross-checking far easier and quicker than it is today.

Creating this database is technically simple, although many believe it could prove politically difficult. The information from the hundreds of separate law enforcement databases simply needs to be copied into a single database. This could be completed within a few months. In fact, we've already built a centralised database to improve the management of credit risk.

Thousands of financial institutions share information by copying information from their separate databases into a centralised database. That central credit database is cross-checked almost every time someone applies for a loan or makes a credit purchase anywhere in the world. It concerns me deeply that while the well being of the financial services industry relies on a frequently cross-checked, centralised database, our safety depends upon systems that are much less capable or comprehensive.

An efficient, cross-checking security system would result in mandatory database checks every time someone entered an airport. Mandatory airport checks should also be supplemented with various voluntary checks. For example, companies concerned about security could elect to submit the names of potential employees as a part of their reference checking process. If the submitted name was on the watch list the company would not be notified, but the local law enforcement agency would be. They could then opt to put that person under surveillance or arrest.

One potential weakness with a European security database is that it is, by definition, it is not global like its credit-checking counterpart. Some European countries, particularly those in continental Europe, could share each other's systems to some degree, although this would by necessity be subject to local law and data protection regulations. Other countries would have to receive political and technical support to build their own databases.

Another challenge is tracking people with multiple or stolen identities. The good news is that a European security database combined with biometrics, such as fingerprints, iris scans etc. can be used to detect people with false identities. Entry into an airport or other secure location would require photographic ID, a fingerprint scan and telling the guard your social security number. These details would then be sent to the European security database.

On a first visit to a particular airport, the computer would check that both your name and social security number match; assuming they do, your fingerprint or thumbprint is recorded in the database. On subsequent airport visits, your prints will be checked with those in the database. Two different finger or thumbprints with the same social security number indicate a stolen identity. Two different social security numbers with the same finger or thumbprint indicate multiple identities.

A digital identification card storing names and addresses would make airport security check-in more convenient. The digital ID can be based on current credit card or smartcard technology, which is much harder to counterfeit than most drivers' licences.

An important point for civil libertarians is that there would be no need to compel anyone to have a digital ID. Some may choose to apply for a digital ID to speed up the airport security process. Some credit card companies have already started looking at digital ID standards and automatic biometric checking to reduce credit card fraud. A voluntary system of standardised digital ID cards issued by government agencies and private companies could actually prove more effective than a mandatory system.

However, digital IDs should be made mandatory for those applying for jobs and privileges we would least want terrorists to gain access to, such as airline or nuclear power plant work. Pilot and student pilot licences must be upgraded to digital IDs worldwide.

Many September 11 terrorists were living in the USA on valid visas. This highlights that everyone applying for a visa needs to be screened more carefully. Methods including highly structured ten-minute interviews and interviews using a new generation of lie detector have been suggested.

If an applicant passing the visa screening is issued with a digital ID, and the person's biometrics are stored in a national security database, it can make air travel quicker not just safer. Biometric checking of visa holders should be made mandatory. Frequent, routine cross-checking of a European security database would help us find suspected terrorists. But, on its own, it can't tell us who to look for in the first place. Biometric ID checking will unmask people with multiple or stolen identities. But how do we find terrorists who use their own identity? A technique known as data mining could be used to analyse information in the European security database, searching for patterns of suspicious behaviour, like an Afghan visa holder paying cash for flying lessons.

However, terrorists stripped of their multiple and stolen identities become much easier to track using methods that rely on old-fashioned intelligence gathering, which nothing can replace.

Respective European constitutions have and will continue to successfully defend our basic freedoms. But as we live in a different age with the prospect of terrorists getting their hands on nuclear and biological weapons, we must support the need to give our intelligence and law enforcement agencies better tools and more latitude to pursue terrorists.

page up