[House Hearing, 107 Congress] [From the U.S. Government Publishing Office] DOES AMERICA NEED A NATIONAL IDENTIFIER? ======================================================================= HEARING before the SUBCOMMITTEE ON GOVERNMENT EFFICIENCY, FINANCIAL MANAGEMENT AND INTERGOVERNMENTAL RELATIONS of the COMMITTEE ON GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED SEVENTH CONGRESS FIRST SESSION __________ NOVEMBER 16, 2001 __________ Serial No. 107-118 __________ Printed for the use of the Committee on Government Reform Available via the World Wide Web: http://www.gpo.gov/congress/house http://www.house.gov/reform U. S. GOVERNMENT PRINTING OFFICE 82-171 WASHINGTON : 2002 ___________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001 COMMITTEE ON GOVERNMENT REFORM DAN BURTON, Indiana, Chairman BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California CONSTANCE A. MORELLA, Maryland TOM LANTOS, California CHRISTOPHER SHAYS, Connecticut MAJOR R. OWENS, New York ILEANA ROS-LEHTINEN, Florida EDOLPHUS TOWNS, New York JOHN M. McHUGH, New York PAUL E. KANJORSKI, Pennsylvania STEPHEN HORN, California PATSY T. MINK, Hawaii JOHN L. MICA, Florida CAROLYN B. MALONEY, New York THOMAS M. DAVIS, Virginia ELEANOR HOLMES NORTON, Washington, MARK E. SOUDER, Indiana DC STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland BOB BARR, Georgia DENNIS J. KUCINICH, Ohio DAN MILLER, Florida ROD R. BLAGOJEVICH, Illinois DOUG OSE, California DANNY K. DAVIS, Illinois RON LEWIS, Kentucky JOHN F. TIERNEY, Massachusetts JO ANN DAVIS, Virginia JIM TURNER, Texas TODD RUSSELL PLATTS, Pennsylvania THOMAS H. ALLEN, Maine DAVE WELDON, Florida JANICE D. SCHAKOWSKY, Illinois CHRIS CANNON, Utah WM. LACY CLAY, Missouri ADAM H. PUTNAM, Florida DIANE E. WATSON, California C.L. ``BUTCH'' OTTER, Idaho STEPHEN F. LYNCH, Massachusetts EDWARD L. SCHROCK, Virginia ------ JOHN J. DUNCAN, Jr., Tennessee BERNARD SANDERS, Vermont ------ ------ (Independent) Kevin Binger, Staff Director Daniel R. Moll, Deputy Staff Director James C. Wilson, Chief Counsel Robert A. Briggs, Chief Clerk Phil Schiliro, Minority Staff Director Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations STEPHEN HORN, California, Chairman RON LEWIS, Kentucky JANICE D. SCHAKOWSKY, Illinois DAN MILLER, Florida MAJOR R. OWENS, New York DOUG OSE, California PAUL E. KANJORSKI, Pennsylvania ADAM H. PUTNAM, Florida CAROLYN B. MALONEY, New York Ex Officio DAN BURTON, Indiana HENRY A. WAXMAN, California J. Russell George, Staff Director and Chief Counsel Darin Chidsey, Professional Staff Member Mark Johnson, Clerk David McMillen, Minority Professional Staff Member C O N T E N T S ---------- Page Hearing held on November 16, 2001................................ 1 Statement of: Gingrich, Hon. Newt, former Speaker of the U.S. House of Representatives; Hon. Alan Simpson, former Majority Whip of the U.S. Senate; and Hon. Bill McCollum, former chairman, Permanent Select Committee on Intelligence, Subcommittee on Human Intelligence, Analysis and Counterintelligence, former chairman, Judiciary's Subcommittee on Crime, U.S. House of Representatives................................... 19 Turley, Jonathan, Shapiro professor of public interest law, the George Washington University Law School; Roy M. Goodman, chairman, Investigations Committee, New York State Senate; Katie Corrigan, legislative counsel on privacy, American Civil Liberties Union; Rudi Veestraeten, Counselor and Consul, Embassy of Belgium; Tim Hoechst, senior vice president of technology, Oracle Corp.; and Ben Shneiderman, professor, Department of Computer Science, University of Maryland, College Park, fellow, Association for Computing Machinery.................................................. 60 Letters, statements, etc., submitted for the record by: Castle, Hon. Michael N., a Representative in Congress from the State of Delaware, prepared statement of............... 12 Corrigan, Katie, legislative counsel on privacy, American Civil Liberties Union, prepared statement of............... 115 Goodman, Roy M., chairman, Investigations Committee, New York State Senate, prepared statement of........................ 107 Hoechst, Tim, senior vice president of technology, Oracle Corp., prepared statement of............................... 140 Horn, Hon. Stephen, a Representative in Congress from the State of California, prepared statement of................. 3 Maloney, Hon. Carolyn B., a Representative in Congress from the State of New York, prepared statement of............... 17 McCollum, Hon. Bill, former chairman, Permanent Select Committee on Intelligence, Subcommittee on Human Intelligence, Analysis and Counterintelligence, former chairman, Judiciary's Subcommittee on Crime, U.S. House of Representatives, prepared statement of..................... 34 Schakowsky, Hon. Janice D., a Representative in Congress from the State of Illinois, prepared statement of............... 7 Shneiderman, Ben, professor, Department of Computer Science, University of Maryland, College Park, fellow, Association for Computing Machinery, prepared statement of............. 150 Simpson, Hon. Alan, former Majority Whip of the U.S. Senate, prepared statement of...................................... 26 Turley, Jonathan, Shapiro professor of public interest law, the George Washington University Law School, prepared statement of............................................... 65 Veestraeten, Rudi, Counselor and Consul, Embassy of Belgium, prepared statement of...................................... 129 DOES AMERICA NEED A NATIONAL IDENTIFIER? ---------- FRIDAY, NOVEMBER 16, 2001 House of Representatives, Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, Committee on Government Reform, Washington, DC. The subcommittee met, pursuant to notice, at 10:01 a.m., in room 2154, Rayburn House Office Building, Hon. Stephen Horn (chairman of the subcommittee) presiding. Present: Representatives Horn, Miller, Schakowsky, Owens, and Maloney. Also present: Representative Castle. Staff present: J. Russell George, staff director and chief counsel; Bonnie Heald, deputy staff director; Darin Chidsey and Earl Pierce, professional staff members; Mark Johnson, clerk; Jim Holms, intern; David McMillen, minority professional staff member; and Jean Gosa, minority assistant clerk. Mr. Horn. A quorum being present, the hearing of the Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations will come to order. Only 2 months after the devastating terrorist attacks of September 11, this Nation is just beginning to understand the dimensions of a dramatically changing world. Preserving the American way of life requires adaptation and sacrifice. It means using this Nation's unique strengths to address the vulnerabilities that terrorists exploited at an enormous human toll. Technology is one of America's greatest strengths. In recent weeks, some have called for using that technology to combat terrorism by developing a national identification system. Proponents of such a system argue that a high-tech national identifier system linking Federal and State data bases would allow authorities to spot terrorists before they attack. Some of the September 11th terrorists were in the country illegally. Supporters say had such a system been in place, airline personnel would have been able to cross-check passenger lists against various watchlists. The airlines would have known the men should not have been in the country, let alone on an airplane. Those who oppose such a system are concerned about the impact a national identifier system would have been on the very precepts of America's freedoms. Given the vast amount of personal information that could be placed in a national identification system, there is legitimate cause for concern over its potential abuse or mismanagement. In the event that such a system were adopted, it must incorporate sufficient safeguards to prevent the abuse of power by those who would have access to the information and those with the authority to demand an individual's identification. The technical issues involved in a data base project of this magnitude must also be considered. Is it possible to develop a system that is both fraud resistant and secure? Freedom is the most precious gift to Americans. The terrorists knew it and took good advantage of it. Freedom itself was the target of the September 11th attacks. If that freedom is lost in the pursuit of justice, the terrorists will have won even if they themselves are punished. Although holding firm to America's freedoms, we must also be open to new ideas. The survival of this great Nation may depend on it. [The prepared statement of Hon. Stephen Horn follows:] [GRAPHIC] [TIFF OMITTED] 82171.001 [GRAPHIC] [TIFF OMITTED] 82171.002 Mr. Horn. I welcome our witnesses today and I look forward to their testimony, but before giving you the oath, I will yield time for the ranking member, the gentlewoman from Illinois, Ms. Schakowsky, for an opening statement. Ms. Schakowsky. Thank you, Mr. Chairman, and I want to thank this panel of witnesses for coming here today. In the wake of September 11th we're faced with an enormous challenge of balancing the need for enhanced national security with a need for protecting civil rights of the public. In the past some efforts in the name of national security, in my view, have gone too far and have endangered those liberties. We've learned that once that kind of harm is done, it's difficult to repair. During World War II, we uprooted thousands of Japanese Americans and placed them in internment camps. It is generally recognized today over 50 years later that the internment was a mistake. In fact, it was clear at that time there was no danger of sabotage from those individuals. As historian Margo Anderson points out, in November, 1941, in response to a request by Franklin Roosevelt, John Franklin Carter wrote to the President ``There is no Japanese `problem' on the coast. There will be no armed uprising of Japanese.'' Nonetheless, thousands of Japanese Americans, many of whom were citizens, were surrounded, rounded up and placed into camps. Today we have a monument to those that were mistreated just north of the Senate office buildings and our government has officially apologized. However getting to that apology and the monument was extremely difficult and did not repair the harm done. The liberty and sense of security lost by those interned cannot be given back. We must be careful not to repeat the mistakes of the past. Last week on Thursday, before Veterans Day, I went to the floor of the House to pay tribute to those who have served our country in the defense of freedom. We have fought hard throughout our history to maintain a free and open society. We must not sacrifice those freedoms in the name of war. If we sacrifice our freedom, we lose the war no matter what the military outcome. The security measures we propose in response to terrorism must pass three tests. Are they effective? Can they be applied without discrimination? Can they be implemented without sacrificing our fundamental freedoms of due process, privacy, and equality? The proposal for a national identification system is not new. It has failed in the past because it cannot pass these fundamental tests. The Congress passed the Immigration Reform Act in 1996 which contained a number of provisions that would have led to a national identification system. Since that law was passed, those provisions have steadily been paved back. One provision was repealed and another modified to the point where it could not be administered at the land border between the United States and its neighbors. In the Patriot Act, the House reaffirmed those provisions knowing that they had no teeth. The events of September 11th show us that systems like national identification cards will not deter crazed terrorists from their mission. Those terrorists all had driver's licenses, credit cards and Internet accounts. I urge all of us and each of you to pay close attention to the effects your proposal will have on the fundamental freedoms on which this country was founded, freedom of speech and religion, freedom to assembly and freedom of the press, freedom from unreasonable search and seizure and freedom from imprisonment without due process. Those freedoms cannot be ignored in the name of homeland security. As Members of Congress, we must evaluate any proposal offered in the name of enhanced security. Does it do what it claims to do? What is the burden on the public in terms of time consumed and freedom lost? Do the benefits outweigh the costs, is there an incremental gain in security and does it justify the loss of freedoms? I look forward to hearing the testimony today and hope our witnesses will help us answer these important questions and I thank you, Mr. Chairman. [The prepared statement of Hon. Janice D. Schakowsky follows:] [GRAPHIC] [TIFF OMITTED] 82171.003 [GRAPHIC] [TIFF OMITTED] 82171.004 Mr. Horn. I thank you and before I call on Mrs. Maloney, we have two Members of Congress which will be before us, and without objection, we'll have Mr. Castle and Mr. Miller. And Mr. Castle. Mr. Castle. Thank you very much, Mr. Chairman, I know I'm an interloper here today and I appreciate you and the ranking member allowing me to appear. I wanted to share some thoughts I have on this and some legislation I've been working on with Congressman Jeff Flake of Arizona with respect to this issue. But I must comment first, this is a very distinguished, but even more so, a very interesting panel. I look forward to what they have to say. Many of the issues that are involved in the subject matter of today of national identification cards, in my judgment, should first be addressed in managing foreign visa holders in the United States of America. While I understand that the issue of national ID cards is extremely important in the times we are living in, and I imagine somewhat controversial if I had to place a wager on it, I believe that we must first begin with the tracking of foreign guests in our country, and I don't think this should be controversial. I would like to share a few statistics with you. In 1998, the Immigration and Naturalization Service [INS], reported that 30.1 million foreign people came to the United States on a temporary basis. Of those 30.1 million, there are an estimated 5 to 8 million illegal immigrants living in the United States, 40 percent of which were listed as overstays by the INS. That means they stayed beyond the time of their visa. I believe very strongly, and Mr. Flake does as well, that we need to be able to monitor all foreign visitors and track in real-time, that is, the actual knowledge on a computer screen in real time who they are, what their background is, and what they are doing in our country. Congress is actually--probably in the time of the gentlemen that are on this panel--has actually, taken steps on this, but none of this has really been implemented. Six years ago the Congress directed the INS to gather the arrival and departure date of most foreign visitors to make sure they do not remain in the United States after the expiration of their authorized stays, however, to this day the INS passenger accelerated service system, INSPASS is its acronym, remains only a pilot project used in only four airports, but not in any land or seaport points of entries. Another example of an innovative idea which has been put in place but not fully used, is a border crossing card which is used by Mexican and Canadian nationals who seek admission as border crossers, but again, this program has been plagued by difficulties and delays. I think such examples illustrate the lost opportunities inherent in the poor management of tracking systems. To address immigration challenges, Representative Flake, Representative Deal of Georgia and I did introduce an act called the ISA, Integrity and Security Act, to strengthen the immigration system and to improve the ability of the INS to track all these temporary visa holders. A number of the key provisions in this legislation were actually included in the Patriot Act, which you might know as the Antiterrorism Act, which passed very recently in the Congress of the United States. But there is still a lot of work to be done. We do need to be able to track and locate temporary foreign visitors to the United States to ensure they are here for their stated purpose, which could be anything from being a student to working, to a visitor, and to know when they have come and when they have left. A student tracking system that has been under development since 1997 needs to be improved and fully implemented. The Patriot Act does call for the implementation of the student tracking system and it's authorized $36 million, which is a good start toward its deployment. However, we must advocate that the INS incorporate key provisions in any future student tracking system. We need to know if foreign students actually enroll in classes and whether they drop out. There are over 500,000 foreign students in the United States now. We also need to know their family history, course of study, and date of enrollment. And second, we need to know if a temporary worker holding an H1B visa, which has been the subject matter of many an hour here in the Congress, is still working at the company that hired that person. A crucial aspect of any effective system that tracks foreign visitors is the use of technology to foil would-be counterfeiters; of which there are many, I might add. A smart card visa for foreign visitors would be much more difficult to forge than traditional visas. It would hold a copy of the fingerprint biometric and typical visa information, or a pupil of the eye or whatever biometric one would want to use. This is not a new idea either, by the way. It just has not been implemented particularly well. U.S. citizens across the border frequently are able to participate in a voluntary program that registers a fingerprint biometric. We just think in certain instances it should be automatic that it be done as opposed to being a voluntary program. The holders of frequent travelers passports pass more quickly through Customs by showing their fingers for identification at a Customs station. The use of biometric technology is encouraged in the Patriot Act. These tamper-resistant bases could eventually be linked to an integrated computerized entry/exit system and the INS, Customs, consulates, universities and other law enforcement agencies would all work off the same information to monitor and track students, tourists and other visa holders. I'm sure I'm not telling anybody here the difficulty of some of the information exchange, even among governmental agencies today, much less sort of computer in real time in terms of the various places, the Embassies, the points of entry where that information would be useable. All this technology is available, by the way, although at a cost, and programs could be more effectively utilized to track our foreign guests. The lessons learned from tracking foreign visitors can lend important insight to the pros and cons of enacting a national identification card for U.S. citizens, which we may or may not be ready for now, but I think we are ready for a visa system at this point if we put our minds to it and go about it. Let me just say in conclusion, in no way am I advocating limiting, in this particular program, what we are doing with respect to visas or visitors to our country. We just want to make sure we know who's coming into this country, and if they should not be coming into this country, preventing them from being here and while they are here, they are doing what they are supposed to be doing. I appreciate the time, Mr. Chairman. Again, I realize I'm an interloper, and you have been very generous and I yield back to the balance of my time. Mr. Horn. Thank you very much. [The prepared statement of Hon. Michael N. Castle follows:] [GRAPHIC] [TIFF OMITTED] 82171.005 [GRAPHIC] [TIFF OMITTED] 82171.006 [GRAPHIC] [TIFF OMITTED] 82171.007 Mr. Horn. And now I yield to the ranking member over the years and the gentlelady of New York, Mrs. Maloney. Mrs. Maloney. Thank you. And I would first like to thank you, Mr. Chairman, and the ranking member, for tackling yet another complicated and controversial issue. Also I'd like to extend my appreciation to the very interesting panelists you have assembled here today for taking the time to be here. We have taken a hard look at the way our great Nation operates since September 11th. The hard cold truth is that we have been very lax in many years of safety and security. I believe the most difficult fact for us as a Nation to face is that there is a group of individuals who hate us and want to do harm to the citizens of America. As an elected official, I must do everything that I can to protect my constituents and the constituents of our country. In this new world, I am not exactly how sure we can accomplish this; however, I am eager to learn and understand more as we will today. In the month of October alone, we had 17 million people travel across the borders of the United States. We welcome all travelers. Our Nation's economy depends in part on these visitors. However, we have to face the cold hard truth that not everyone entering our borders enters with good intentions. Access to the United States must be looked upon as a privilege, not a right. Our country's founders provided many safeguards to protect our freedom while ensuring our safety. One of the beauties of our democracy is that it is not static, but a robust living thing that can change, and times have dramatically changed. Daniel Webster, one our Nation's former great leaders once stated, ``God grants liberty only to those who love it and are always ready to guard and to defend.'' Today we must guard and defend it. We must not be afraid of new ideas. We need to protect not only the rights of individuals but their life. We pride ourselves in the many freedoms we have in the United States. However, in order to protect these freedoms we need to protect our safety and our Nation's security. I commend President Bush for taking the bold step yesterday to begin to require stricter regulations regarding the granting of visas. Fear has struck the core of the community I represent in New York. I lost well over 600 constituents, and it has struck the core of the American people. The freedom to travel freely about our Nation has taken a devastating blow. We now have armed guards on several flights with implementation of complete coverage for all flights ongoing. We look to our law enforcement to protect and to serve; however, we need to arm them with the tools to accomplish this mission. A more thorough and smarter green card for non-U.S. persons, I believe, is a beginning. I also believe that we need to tie one's State driver's license to their visa expiration date. During a hearing held in New York on terrorism, Governor Jeb Bush provided testimony that in his State of Florida, one's driver's license expires the same date as their visa. Does this not provide yet another way of tracking non-U.S. persons? I believe we need to take other steps, and one could be that an individual's bank account could be frozen also at the time of a visa expiration date. All non-reclaimed funds could revert to the State's escrow account to fight terrorism. We have seen how our banking industry has been contaminated by the terrorist community again and we need to reclaim it. As I have stated earlier, I do not have all the answers; so I'm very much looking forward to our panelists to help me and other members of this committee uncover all the pros and cons of this important issue. Thank you very much and I yield back Mr. Chairman. Mr. Horn. Thank you. [The prepared statement of Hon. Carolyn B. Maloney follows:] [GRAPHIC] [TIFF OMITTED] 82171.008 [GRAPHIC] [TIFF OMITTED] 82171.009 Mr. Horn. And we now yield to Mr. Miller from Florida, the chairman of the Census Subcommittee of Government Reform. Mr. Miller. Mr. Miller. Thank you, Mr. Chairman. Thank you for calling this hearing. I'm delighted with the two panels and I will be very brief because I heard the Speaker talk about this briefly at a breakfast about 2 weeks ago, and ever since, September 11th has raised a lot of issues as to the direction this is going to go--civil liberties issues, and I know this will be addressed by the panel, the privacy issue, which Mr. McCollum has worked on a lot, technology, which the Speaker has talked about all the time, and just to make sure our country can function after post-September 11th, our economy. So there's a lot of challenges and interesting comments and I'm really here to listen and learn. So I yield back. Mr. Horn. Thank you very much. And any other statements that come in will be filed for the record. We now start with our first panel, and I think you know the routine, that this is an investigating committee, and so if you raise your right hands and if you have any assistants backing you up, get them and the clerk will get their names too. [Witnesses sworn.] Mr. Horn. The clerk will note that all the witnesses have affirmed, and we start with the Honorable Newt Gingrich, former Speaker of the U.S. House of Representatives. Mr. Speaker. STATEMENTS OF HON. NEWT GINGRICH, FORMER SPEAKER OF THE U.S. HOUSE OF REPRESENTATIVES; HON. ALAN SIMPSON, FORMER MAJORITY WHIP OF THE U.S. SENATE; AND HON. BILL McCOLLUM, FORMER CHAIRMAN, PERMANENT SELECT COMMITTEE ON INTELLIGENCE, SUBCOMMITTEE ON HUMAN INTELLIGENCE, ANALYSIS AND COUNTERINTELLIGENCE, FORMER CHAIRMAN, JUDICIARY'S SUBCOMMITTEE ON CRIME, U.S. HOUSE OF REPRESENTATIVES Mr. Gingrich. Thank you very much, Mr. Chairman, and I want to thank you and the ranking member for holding this hearing. I also want to take this opportunity to commend you for your consistent leadership on the issue of cybersecurity and the fact that this subcommittee has been very far ahead of events in looking at the need for effective technology in the security area. I also want to begin with Mrs. Schakowsky's, I think, absolutely correct point, which is that we have to design--the challenge to the Congress and the President is to design--the system which both provides civil liberties protection for the innocent and protection of the innocent. In the past, with things like fingerprinting, wiretapping and other technologies, we've worked very hard to make sure that while we were strengthening law enforcement we were never infringing on the innocent, and I think this has to be thought through in a very careful way. The fact is, we already have a primitive inefficient, easily cheated system of identification. I flew out of Reagan National yesterday, and three times I produced an ID card. Now, I just want to point out every audience I've talked to around the country, I've asked them how many of them know someone who in high school had an access to an ID card that might not have been their own for reasons we won't go into. And while no one personally had ever used an ID card for an inappropriate purpose, it always amazed me the number of people who seem to find, at 16 or 17, access to an ID card. So I want to be very clear. I think we have already indicated at airports, we've indicated at government buildings, we've indicated in a variety of places that asking for identification is legitimate. The question now is can we design a system which has an effective ID style while protecting the innocent? I think that it has to be an American model of security, which means a high technology capital intensive system that provides security, speed, efficiency, and convenience. That's the model we've always set for ourselves, and I think, frankly, the current lines at airports are a sign we don't have a system that meets that test. It's necessary for the world economy to have a parallel system for freight, whether it's in trucks or container cargo that is secure, fast, and efficient, or we will literally break down the world economy and add a substantial amount of cost to everybody's life. I would suggest to this subcommittee that as you look at these, that you look very seriously at outsourcing as much production as possible because most of the great breakthroughs that are high technology and capital intensive occur in the private sector and occur in entrepreneurial businesses. I particularly would recommend Clayton Christiansen's, the Innovator's Dilemma, as a study of new technologies that work, and Nathan Merival's recent writing, particularly in USA Today, on the concept of exponential industries and the ability to develop really dramatic new technologies in the next 5 to 10 years. I personally think we are going to want to end up with a biometric solution that involves either a retinal or iris scan, which I think is harder to cheat than the thumbprint, and frankly, is as easy to measure in real time. It's simply a picture, and any of us who are being filmed for television or still photographers are having exactly the same experience you'd have for a retinal scan. I want to distinguish also civil liberties for American citizens from foreign visitors. I believe that all foreign visitors should be scanned as they enter the country. We ought to have a data bank either of their iris or retina. I think that's the technical decision of which one you're using. But we ought to be able to know who you are. We ought to be able to match you up against a system that would indicate whether you were a known drug dealer, a known terrorist, etc., and that would basically indicate and attach to an identity that had a biometric on the identity card, so we knew that the person we're talking to didn't just buy this for $11 in Los Angeles on a street corner as can currently be done. For Americans, I think it's fairly simple to have the 50 States go to a biometric measure on the driver's license and simply ensure that all of the States--50 States plus D.C. have their data bases linked. That means an investment in wireless high-speed connectivity with very high-speed computing, but literally it's no harder for a policeman standing and talking to you beside your car within seconds to verify who you really are, if we design a system that does it, and I think you can do that with civil liberties protected. I would not insist on a national ID card because I think you do get into civil libertarian issues, but I would suggest to you that the simple act of having two lines in airports, one biometric where anybody who's a frequent flyer who wanted to be able to literally walk through the line, verify who they are, and pickup their ticket at security as they're going through, while we'd have a long line that may take an hour and a half for people who prefer to avoid that kind of convenience. I think you'd find a natural migration of over 90 percent of the American travelers within a year or less to the higher speed line. Let me also suggest that the committee look at the emerging technology at MIT and elsewhere, that for somewhere between 1 and 30 cents per suitcase you could literally have an embedded wireless system that would enable you to track literally every suitcase, and if you introduced it as a manufacturing process now, you would, within 5 or 6 years, have an overwhelmingly tagged and identified highly secure system. As I said earlier, this kind of thinking, I think, has to also apply to trucks and to container cargos. And if you look at what UPS and FedEx already do, you can see the beginnings of a model that given the high--the new breakthroughs and the new technologies can be even more sophisticated and even more accurate. Let me just close by going back to the exactly correct warning that Mrs. Schakowsky made. There is no question in my mind that we can design, just as with medical records, an ability to have personal privacy and access to information that may save our lives, but that probably requires a Federal law that makes it a felony to use that medical record inappropriately. Similarly I think you can design a system which allows you to track a person who is generally out to do something bad without, in that process, either dramatically inconveniencing or harming those who are innocent, and in fact, I would argue that if the American people knew that every employee who walked on an airport had some means of checking to make sure they were really the person they claimed to be, if we knew that our FBI, CIA, FAA computers worked, the notion--I just want to close on this notion, because what you're doing on this subcommittee is so vital. Six weeks before September 11th, the Central Intelligence Agency told the Federal Bureau of Investigation two terrorists had entered the United States. Six weeks later, they had still not be able to get that information into the airline computers, and two of the terrorists on September 11th in Boston boarded the airplane under their own names, 42 days after the U.S. Government officially knew they were in the United States and they were very dangerous. Now, I simply suggest going to a mandatory regular ID card won't help much because with desktop printing they will learn how to buy cards that are false, but if we had a high-speed computing system and we had an ability to have very high speed access, I think we could design a system where we would have found those two people, they would have been stopped at Logan, and we would have had a very significant understanding of what was going on. I think this committee's moving in the right direction. If it does it right, the system will be very secure, it will be very safe and it will protect our civil liberties while also protecting us. Mr. Horn. We thank you very much for those pertinent views which I'm used to and it's very useful. We now turn to the very distinguished ex-Senator and one of the great public servants of this country, namely Alan Simpson, who spent more time on immigration I think than probably all the rest of us put together. So I'm going to turn it over to you---- Ms. Schakowsky. Mr. Chairman, if I could just inquire, apparently you're going to proceed through the vote? Mr. Horn. No. We're going to go now and when Mr. Miller returns, he will be presiding and then I will come back. We're in this less-than-seamless operation known as the vote. Mr. Simpson. We know that. Mr. Horn. And we'll be back---- Mr. Simpson. I will just proceed, then. Thank you. Mr. Horn. Proceed, and then I will try to be back in 6 or 7 minutes. Mr. Simpson. Thank you, Chairman Horn. I come in here with a very eerie feeling as Jack Brooks is staring at me there. He would look at me with that smouldering cigar and say Simpson, I've got a deal for you. God, I'd lose my shirt and my underwear and everything else in here. Well, that was Jack Brooks. What an amazing man. It is a pleasure to be here to discuss this serious issue of how we might strengthen domestic security. I was particularly moved by Congresswoman Schakowsky's remarks where I met Norm Mineta at the Hart Mountain Relocation Center when we were 12-year-old boys. He was behind wire and I lived in Cody, and our scoutmaster took us to the Jap camp, is what it was called, 11,000 people there. And Norm and I struck up a friendship of curiosity and juvenile development that has lasted 70 years. He is a very dear and special friend, but we'll want to remember at that time, Attorney General Warren, Earl Warren of California, signed the order to evacuate them, and the unanimous decision of the U.S. Supreme Court by William O. Douglas said that it was proper. So I think let's keep that into perspective and not think of how it is 50 years from then as to the fact that the Japanese submarine lobbed a couple of shells into an oil field off of California in the Spring of 1942, and it kind of startled people. Just thought I'd pitch that in. Just thought I'd throw it in there. Anyway, you're on track. I was impressed by what Newt is saying because you're all being led astray by a single term, and the term is national ID. I never used it. I put it in the bill that we are now talking about a national ID, and you do a disservice to the country when you use the phrase national ID. We're talking about a more secure identifier system. It could be many things, and if anyone believes there is intrusiveness in what we are suggesting, all of us, Newt, myself, what Bill will say, what Democrats and Republicans--what Rodino and I said, what Mazzoli and I said. And in the bill, it said we're not talking about a national ID. That's a diversion for people who like to talk about tattoos and Nazi Germany and don't let them get away with it. We're not talking about that. Every time we tried to do something in this area, it was filled with emotion, fear, guilt, and racism. The Select Commission on Immigration and Refugee Policy said we ought to do something in this area. We tried to do that, got shot out of the saddle by arguments about tattoos and Nazi Germany. Then we tried it again and we had a biometric activity in one of them, and in a conference committee in the middle of the night when on the floor of the House passed, the Senate, there was an emotional, highly emotional argument about, again, Nazi Germany and tattoos. It was pulled out and dear old Joe Moakley took it out and we passed it in the middle of the night without anything in it. The House always had an aversion to that kind of thing. The Senate would pass it. And I can only share with you that everything we did in this area was bipartisan. Mazzoli, Democrat from Kentucky, Rodino, the chairman of the Judiciary Committee from New Jersey, still living, and a magnificent man, we did these things--Hamfish, and Newt knows him well and so did Bill. You have to do something, and the something is not intrusive any more than what you get when you go to the airport now or what you get when you go into a store and have to give your slide card or when you file for credit or whatever it may be---- Ms. Schakowsky. Senator Simpson. Mr. Simpson. Yes, indeed. Ms. Schakowsky. I'm afraid I have to go vote, which would leave no Members here. And so I'm going to grab this gavel while I can and recess this committee at least until someone returns. All right? Mr. Simpson. Well, that's very kind. Thank you. I'll just keep going though. No. [Recess.] Mr. Miller [presiding]. The subcommittee will come back to order. Mr. Horn will be back shortly and asked me to proceed with the presentation. I think, Senator Simpson, would you continue? Mr. Simpson. Thank you, Congressman Miller, and I see you have new devices which are very clearly, which aren't on yet, so I will speed ahead--I was just kind of reviewing things and speaking to Congresswoman Schakowsky's comments. Let me just give us a very brief summary of past efforts. The Select Commission came into being 1979 to 1981. I was a member of that bipartisan commission. Father Ted Hesburg was chairman, and we did a lot of things. We recognized that no system attempting to control anything would be effective without a more secure method of confirming a person's identity and immigration status. So we recommended, the Commission recommended--it was a narrow vote, substantial improvement. Then we had the Immigration Reform and Control Act of 1986. When that first passed, it had a provision in it that the executive branch would implement a system that would reliably determine identity again and authorization of all persons. That was weakened by the Senate and stripped by the House. I think it was a conference committee and that's often the history of conference committees as I recall them here in this Chamber, especially with Brooks with the gavel. But anyway, that's an aside. The enacted version of IRCA had a pilot program in it, and then we had telephone verification. We couldn't get much done because, again, the background noise was always national ID. The initial conference committee version of the Immigration Act of 1990 where we broadened legal immigration a great deal, contained a pilot program using biometric data to make State driver's licenses more secure, and it was then to the amazement of Democrats and Republicans alike that issue demagogued in the most grotesque way one evening in this House body, and the House rule was defeated and Joe Moakley brought it back from the dead, and we got it out but it was stripped again. Then Barbara Jordan came to the fore, the most amazing woman, and she did the Jordan Immigration--Commission on Immigration Reform. She recognized it was too susceptible, the present system was too susceptible to discrimination against foreign-looking or foreign-born or foreign-sounding workers; so she commended a computerized registry using data provided by Social Security and the INS and suggested pilot programs for employers to use these data bases to be conducted in States with the highest immigration rates. Then along came the 1996 bill. I had little to do with that because we did nothing to do anything to curb illegal immigration--or legal immigration, rather, as Barbara Jordan recommended, but we did get a pilot program in there to--where you could access by computer modem. In 1997, it was used by approximately 2,000 employers who were voluntarily using it. While it's a helpful deterrent to certain instances of fraud, it is not a good one. An unauthorized alien submits a card with an invalid number or submits a card where the name does not match a number, it does not prevent aliens who falsely assume the identity of another person from using the other person's valid Social Security number, and this is often referred to as identity theft or true identity fraud and it is endemic in America. Talk to your credit card people. So I doubt that there is any full support for a national ID card. I never suggested it and I just have to pack that in one more time. And if that's going to be the word, you're going to all fail. You will do nothing. Get away from it. It's a phony baloney. What we're talking about is--and when we were talking about it then--some type of new document to establish work authorization or identity. We were talking about perhaps a card that would not be carried on your person, not be used for law enforcement, have the maiden name of your mother on the back of it, and the birth date. And then you know always would come the George Orwellian aspects of that. Here's what I suggest respectfully. A few positive benefits, I think. I therefore would respectfully suggest that you improve the safe--the State driver's licenses. That's the principal identity document in our country. We must eliminate the ability of people to falsely assume the identity of another. Some of the September 11th terrorists facilitated their actions through easy access to Virginia driver's licenses. Now, the only way to prevent identity fraud is to improve biometric data on the card. I agree with Newt completely, such as a fingerprint. It is also--in California, it is done with a retina scan in California for commercial driver's licenses. You'll want to take a look at that. Minimum nationwide issuance standards could be imposed by the Congress or agreed upon by the States. I think it would be minimally intrusive. Expanded access would be another one to INS and Social Security data bases, extend the basic pilot program, not just California, New York, Texas, Florida or Illinois. Include other States; have access to that base. Of course, that would require more funding for the Social Security Administration and directing to improve the accuracy of the data base. And here's the one that everybody misses, there are about 2,000 agencies of the United States that issue a birth certificate. They love it. They're little old ladies. They do things, little old men, and they issue them and they love it. They don't want anybody to mess with me giving--because I know the mother and the father and when little twinkle toes was born, I signed that. The vulnerability of the birth certificate system allows aliens to bypass all immigration systems altogether and impersonate U.S. citizens. The Jordan Commission said if we reduce the fraudulent access to the breeder documents, start looking at the breeder documents, ladies and gentlemen of the Congress, particularly birth certificates that can be used to establish an identity of this country and the specific steps recommended by her commission were, and I conclude, regulation of requests for birth certificates through standardized application forms, a system of interstate and intrastate matching of birth and death. We don't do that in America. We don't match birth and death. How can you ever get a handle on it? Requiring a Federal agency only accept certified copies of birth certificates and a standard design and paper stock for all certified copies and encouraging the States to computerize birth records repositories. I think these recommendations are sensible, practical, and should be enacted and it is time. Thank you very much. Mr. Horn [presiding]. Thank you, Senator. As usual you have the common people's touch and you also know how to get through the bureaucracy and everything else. I am glad to say to you the commissioner yesterday told a number of us that he will split up the agency so that you've got an enforcement operation and you've got a service operation and a lot of us have wanted that over the years. So a little progress is being made there. [The prepared statement of Hon. Alan Simpson follows:] [GRAPHIC] [TIFF OMITTED] 82171.010 [GRAPHIC] [TIFF OMITTED] 82171.011 [GRAPHIC] [TIFF OMITTED] 82171.012 [GRAPHIC] [TIFF OMITTED] 82171.013 [GRAPHIC] [TIFF OMITTED] 82171.014 Mr. Horn. We now go to Mr. McCollum, who during my years in the House, no one was a better legislator than he was, and we're glad to have you back here. Mr. McCollum. Mr. McCollum. That's a high compliment, Mr. Chairman, and I'm very glad to be back here too today with you, and especially pleased to be with this distinguished panel, my friends, Speaker Gingrich and Senator Simpson, with whom I've served a number of years, and on a topic that really is very timely and very important. I know like everybody here, that we all were affected terribly by this tragedy on September 11th, the attacks on us that I think most of us envisioned was unimaginable. Even many of us who served in the arenas that I did in Congress knew that sooner or later we were going to have a terrorist attack of some magnitude, we could not have expected nor anticipated the horror that came with this particular one, and now we're having a reaction to that. Having been chairman of the Crime Subcommittee and, having chaired the Subcommittee on Human Intelligence, founded the Terrorism Task Force, been-- 18 of the 20 years served on the Immigration Subcommittee, many of those years with Senator Simpson's work and mine, together with the fellow up there you mentioned, Brooks and others. I come to this with a perspective of absolute conviction about a couple of things. One of those is that there is no need for a national ID card and I'm very much opposed to one, but I think it's important to identify what a national ID card is. What do we mean by that? Mr. Chairman, I mean by that, a uniform system, a uniform card that every American would be required to carry to produce to law enforcement employers, various government agencies for identification purposes. Such a card would contemplate a national data base, access by a computer for verification purposes. It might contain a strip on the back like your Visa card does. It has data and information already built in it or accessible through a computer. A photograph, a fingerprint, possibly even a national data base that every American had a fingerprint in. I don't favor that. I don't think that's right. I think that's an insult to our system of government, the privacies and those that our great freedoms that our founding fathers envisioned. It's a Big Brother-type system. But we do need to make some of the identifiers we already have work, and that's what all of us are testifying about today. I have not heard a word that either of my colleagues said that I took umbrage with, but I do have a perspective on a couple of these a little bit differently. First of all, I believe that the Social Security card desperately needs to be made more secure. There's been great resistance to doing much with that card over the years but back in 1996 or, excuse me, 1986 when the Simpson-Mazzoli, and then more in the amendments of 1996 in the immigration world for employer sanctions, and when you go to get a job, the two principal identifiers became narrowed down to your driver's license and your Social Security card. So if you can produce them fraudulent or otherwise today, they essentially get you a job and the Social Security card, as well as the driver's license, is commonly used for a whole host of other identification purposes today. Yet it is probably the most fraudulently produced document in America. It is a document that has been flimsy in paper for years. In recent years, the Social Security Administration has put a few fibers in it but by no means made it tamper resistant or counterfeit-proof. And I encourage this committee and other Members to really take a look at a proposal that I have in as a legislative matter for a good number of Congresses. One that was--is attached and submitted to this testimony today, H.R. 191, and a bill in the last Congress, Mr. Chairman, that you were an original cosponsor of. That is a proposal that would require the Social Security Administration to make the Social Security card as secure against counterfeiting as a $100 reserve notice with a rate of counterfeit detection comparable to the $100 reserve notice and as secure against fraudulent use as a U.S. passport. We're not talking about putting pictures on the card, we're not talking about any of that, but it's all those interwoven things that you can use, use ultraviolet lights and so forth to determine. I also would encourage the same type of activity that has been discussed here today with regard to the driver's license. I think that driver's licenses at least the general standards for what they are should be uniform throughout the country, and I don't think we have to mandate that. I don't think Congress should preempt the States, but I think that there should be an effort to encourage that from Congress and I think that it should be done in a way that does have either a uniform standard proposed or you get the States together to do that or whatever. All driver's licenses should certainly have photographs on them, they should have the signature on them. They should have a fingerprint or another biometric identifier on them, and they should have holograms and other types of devices built into those driver's licenses just like I suggested for the Social Security card so they cannot be easily reproduced and so that when you take it somewhere to an employer or to a person who's law enforcement, they can be quickly checked. You know, we have a little machine that's been around for a number of years on fingerprints. You put it on this desk--I've had it come when I was chairman before my committee. You probably have too, Mr. Chairman. And it's not--doing nothing more than saying if you put your finger on that machine and you put the card that you have with your preexisting fingerprint on it, it matches it or it denies it, and it doesn't have to go to some central data base to do that. And at least that will tell me biometrically whether the person I'm looking at is the same as what's on that card. I also concur with the view that we need to do something about birth certificates. One of the great, great problems in this country are the breeder documents that Senator Simpson has talked about and that's important. Last, I want to comment on one aspect of the Immigration Service because I do believe that the focus rightfully should be there, as Congressman Castle stated in his opening. There is a great, great opening right now in this country for people to come here and not be identified. We need a tracking system. We need to be--we need to find people so we don't have visa overstays, and we need to shore up so many things. A number of things have been mentioned, but one has not been. Today when somebody goes before a formal proceeding of an immigration tribunal or to the Immigration Service or whatever, they're usually released on their own recognizance or maybe on a cash bond. The Immigration Service has the authority to have a security bond, much like a bail bond, but they don't do that, and I believe that it would be extremely helpful to get people to show up when they're supposed to before immigration proceedings. If there was a general policy that a security bond be used and then have the private sector, bail bondsman, if you will, like they do in criminal law, be responsible for bringing them in, making sure they do show up because people can come not only to this country and get here too easily because of the visa system and visa fraud if we don't track them, but then when they do show up to a proceeding and they're supposed to come back in 90 days or 6 months or whatever, we have no system to bring them back in. We have no way of knowing where they are and we don't have nearly enough police or immigration officers that will ever be able to do that. So why aren't we using the private sector the same way that we do in criminal law? It's not being done today. So I would encourage that this committee and your members look very strenuously at not only making these identifiers more secure and finding ways to track visa overstays and people who come in here, but making sure that when they're here, that is, those who are aliens, show up when they are supposed to at the end of whatever period of time that there is. Thank you, Mr. Chairman. Mr. Horn. Thank you for your testimony. [The prepared statement of Hon. Bill McCollum follows:] [GRAPHIC] [TIFF OMITTED] 82171.015 [GRAPHIC] [TIFF OMITTED] 82171.016 [GRAPHIC] [TIFF OMITTED] 82171.017 [GRAPHIC] [TIFF OMITTED] 82171.018 [GRAPHIC] [TIFF OMITTED] 82171.019 [GRAPHIC] [TIFF OMITTED] 82171.020 [GRAPHIC] [TIFF OMITTED] 82171.021 [GRAPHIC] [TIFF OMITTED] 82171.022 [GRAPHIC] [TIFF OMITTED] 82171.023 [GRAPHIC] [TIFF OMITTED] 82171.024 [GRAPHIC] [TIFF OMITTED] 82171.025 [GRAPHIC] [TIFF OMITTED] 82171.026 [GRAPHIC] [TIFF OMITTED] 82171.027 [GRAPHIC] [TIFF OMITTED] 82171.028 [GRAPHIC] [TIFF OMITTED] 82171.029 Mr. Horn. And we'll now go to questioning. It's going to be 5 minutes per person because of the travel schedules, and we will alternate between the majority and the minority, and I will start it off. And if Mr. Chief Counsel will get the technology here, we're in business. In my opening statement, I cited a Pew Research Center study that showed overwhelming support, 70 percent of those polled for a national identity system, and are all of these people just misguided? How do you feel? Do you think from what you have seen of just the average citizen when you get into a debate like this? And I would take it with this particular three of you, would you have, say, a hardened, if you will, Social Security or would you take the license which, in my case with California, they have a photo and they have a thumbprint, and not all of them do it, but that's pretty good identification. So any other types you're talking about than simply hardening up the Social Security card and then putting a picture on it or a thumbprint. I remember the supervisors of Los Angeles County, which is a county of 10 million people and they started with the photo on the welfare situation and a few thousand people got off the rolls because they were going two, three, four places to get money, and that was one way to do it. Mr. McCollum. Well, Mr. Chairman if I might respond to that, I don't believe that, for example, in the Social Security card, you want to go to put a picture on it, I don't think you need to. I think you can stay paper. Its purpose is to make sure that the number that's on that card and the name on that card are the bearers. When you take that card and produce it for whatever purpose, that simple fact can be verified. I also think, by the way, that it would present problems in reissuance. The Social Security card, one of the great reasons why that's been a problem in getting it corrected is the Social Security Administration wanted to go to the cost of reissuing a lot of cards. They don't have to reissue all of them. But I think they do need to reissue those with those younger age groups and that would be an added expense I don't think you'd want to encounter. And again I don't think we need a national ID card as such, a separate card, if you have a driver's license and a Social Security card; one with a picture, one without it are more secure, more tamper-resistant and counterfeit-proof. Mr. Horn. Mr. Simpson. Mr. Simpson. It's interesting, Mr. Chairman, that polls throughout the Select Commission back in the 1980's, 1985, 1990, if you'd asked the American people, Gallup, whatever, if they favor restrictions on immigration, 70 percent do. It just stays that way. Not illegal or--I mean, I'm talking about legal and illegal immigration. Interesting. But when you come to the Congress, it doesn't get done that way because the Statue of Liberty suddenly enters the phrase and all of us are children of immigrants. Mine are from Holland, orphans. If my granddad hadn't killed a guy in the middle of the main street, we'd have had a better reputation there in our State, but that's another story and I won't go into it. Nevertheless, you can't continue to talk about the Statue of Liberty again. You must talk about reality and all three of these--all three of us I think are, all of you are, but I think the one that surprised me was when they put the examination into California for the retina exam on truckers, guys just stood outside the building because they didn't want to go through any part of that because they'd been using fake ID's and all the rest of it. It was a very serious problem, and I think you ought to look into that California commercial driver's license issue retinal exam. Mr. Horn. Thank you. Mr. Gingrich. I think that what you have to recognize is that the people most opposed to a national ID card are dramatically more passionate than the people who have some vague general support for a national ID card. And that's why I think Senator Simpson was right early on in saying that if we go down that road, it's a dead end. It won't happen. On the other hand, most Americans, I think, can be led to agree that having an efficient transfer of information so you know that your driver's license is real, that it's valid, so you can check it across State boundaries, and for specific purposes. Foreign visitors, I think most Americans would agree, you could have a nationwide system of identifying--because that's not part of what we think of as our civil liberties. People that have very important security jobs, whether it's on airports or elsewhere, people would agree you ought to have a pretty high standard of security because they understand that's a function of your job, it's not an infringement on civil liberty, but I would encourage you to be minimalist in this. You want to get to a highly secure system that is across the whole country, that is ideally mostly decentralized in terms of States implementing it, but with information able to flow across State boundaries and you want to do everything you can to minimize the threat to those whose primary concern is civil liberties. Mr. Horn. Thank you. My time is up. Five minutes to Ms. Schakowsky, the ranking member. Ms. Schakowsky. Thank you, Mr. Chairman. Following up on that minimalist approach and using your example, Speaker Gingrich, of what happened before September 11th, that the CIA actually transmitted information to the FBI and it never got through, what I am wondering is are there not systems in place were we to have the proper technology for sharing that system--that information that could provide the kind of security we need? That is the question, but let me just say that in many, many hearings that we have had since September 11th, what we have found is that information was all over the place, and that had it only been shared and gotten to the right place, that we could have done this or that to prevent what happened. And so I am just wondering if it isn't a matter of looking at our systems, adding new technologies where we need to, but not new authorities to gather that information; if it is just a matter of making more efficient what we already have. Mr. Gingrich. I think you are 90 percent right, but the 10 percent is missing, I think, could kill us, and let me describe what I mean. First of all, whatever system we build, we ought to have a competitive team try to break and find out how rapidly can you buy a counterfeit. How rapidly can you figure out a way to work around it, because we have active opponents who study what we do and who could spend 2 or 3 years trying to penetrate our systems. And if we are really serious about security, then we ought to be serious about learning what its weaknesses are. Second, as Senator Simpson said a minute ago, we discover that whether it is illegal aliens or it is people who are for one reason or another using a false identity, that there are-- even in the current system, even if you had 100 percent accuracy of sharing the information, some of the information going into the system is false, and we don't have today the kind of identifiers and the kind of structure to make sure that the information you put in is accurate information. I think that would be the other zone where I think there has to be serious work done. But I yield to my colleagues. Mr. Simpson. Congresswoman Schakowsky, you are right on track. One of the most frustrating things for me and I know for Peter Rodino and Ron Mazzoli and all the rest of us was the absolute stubbornness of the agencies to share information. The one that appalled me was Customs and INS--oh, there is a real internal--it was bizarre. It was childish. Customs--Customs can pick up a lot of stuff. They know what is going on, and they'd share it, and they'd say, we handle that. The Border Patrol and the INS and the Justice Department and the CIA and FBI and oftentimes their arrogance and the CIA's secret arrogance, I mean, this is where you have to smash the big bug right here. And I think that is what I hear the President saying that he's going to give Ridge all the authority to do that, and he's going to make him do it. Well, we have all been here a long while. Merry Christmas. We will see what happens. Mr. McCollum. I know that's a big problem. What Senator Simpson just said, and we joked about it, it's so true. If Tom Ridge can do it--I see the other day where he's talking about maybe merging the Border Patrol, Customs and the Coast Guard. I think that is going to be an awfully big hill to climb. And you'd be better off using the energies you have got to do things like forcing the Social Security Administration to really go out and make the card tamper-resistant; make it like the $100 bill; take the driver's license and make it more secure; take the ideas that Newt Gingrich just said about putting a data base together nationally to talk to each other on these things technically and then cajole, continue to cajole, the agencies to do this. Ms. Schakowsky. Let me ask one quick other question. One of the problems created by drivers' licenses becoming de facto national identification systems is the privacy protection of those records is very poor. We know that States often sell that information to--along with the person's address, and it becomes out there in the public. How can we make sure that any particular system we use doesn't mean that information is sent out? And should Congress stop the validation of Social Security numbers until the States institute--a State instituted privacy protection for drivers' license records, because they often check those drivers' licenses against Social Security cards? Mr. McCollum. Well, Ms. Schakowsky, I don't think we should stop the validation system as it exists because we have a security problem right now, and we need to let these things happen as best we can. But I do believe that Congress should be concerned and should encourage States to make the right decisions to protect the privacy of the data that is in the data base. That is the real point I made about not wanting a national ID and trying to define it for you. The thing the American public may say when they say, ``We are all for a national identification card,'' is one thing, but when they really get down to it, nobody that I know of favors a Big Brother data base somewhere, whether it is in the State or the Nation, where other people can get access to your personal information. And there is a huge difference between providing a chance, for example, for somebody who is an employer or law enforcement to call up or do whatever we can on the computer to a data base and say, if you walk in, that this is my name and this is my Social Security card, and verify that they both match electronically. There is a big difference between that and somebody walking in and saying, ``OK, I have got a name, now let me go find out what is the Social Security number, tell me,'' or the other way around. ``I got a Social Security number, you tell me the name that goes with it.'' We don't want that information shared publicly, and that's the kind of thing that you need to discriminate, in my judgment, against. But you are not going to mandate that in one big piece of legislation. It is going to take a lot of work to get understanding on the part of each person or group in the States that are making those decisions to make them be aware of what they're doing and be more secure to educate. Mr. Simpson. May I add one thing? Newt Gingrich is a wizard of the keyboard, and I am not adept in technical prowess of the electronic age, but I do share with you, I believe totally, there really is no such thing as privacy anymore because of the information technology. They have got you in every data base in this country, Social Security, driver's license, organ donor, blood type, you name it, FBI reports. I used to read them. And with what's happened with information technology in this country, I think privacy is gone. Mr. Horn. And now I yield 5 minutes to the gentleman from Florida Mr. Miller and then Mrs. Maloney. Mr. Miller. Let me followup on what Senator Simpson brought up, and that's the issue of privacy. And I know Speaker Gingrich and Mr. McCollum worked this issue when they served here in financial privacy and medical privacy, and I know you wrestled with trying to get legislation through. Would you comment on that experience and what the experience has been that you are aware of controlling that kind of privacy, because we are all public figures, and you were public figures when you served here in this institution, but that is really one of the core concerns here is privacy. And when you wrestle with it, and we pass legislation on financial, medical in particular, is it working, and what can be done to assure privacy if we move to some type of ID? Mr. Gingrich. I think this is an extraordinarily important issue in the way big computers is a much bigger danger than Big Brother. It is so seductively convenient. You use a credit card. It doesn't occur to you how much information you are building on that credit card every week when you charge things, what it tells somebody who is clever about your habits, your interests, your taste, etc. Then you go and use telephones, which have records, and then you go and pump gasoline. And then you go and you get a driver's license--I mean, by the time you are done with all this, if you were to accumulate all the information that currently exists about you, you'd be stunned at how much you are a public person in ways you did not intend. And I think there are two very different layers of this. We badly need to think through an integrated privacy policy in terms of law. As I said earlier, I am a passionate believer in electronic medical records, but I'm also a passionate believer in a Federal law that would make inappropriate misuse of that information a felony and have very stiff penalties. We have to have the information, but we want to protect people from having it exploited to hurt them. Similarly, I think that it is important to recognize, and as I stated in my own testimony earlier, I want to commend the subcommittee again, you know, for your report issued last week that the Federal Government agencies have security levels that in many cases are so laughable that any really competent sixth- grader could break into them. And even the ones that are relatively secure, except for the top two or three, a relatively competent junior-high-schooler could break into them. And I think it's really important to understand--and I met recently with the National Association of State Chief Information Officers, and we talked about the fact that we need to set a whole new standard against hacking, against organized crime, against terrorists, against foreign governments that want to try and break in, and recognize that is going to take a sharing of technical knowledge. It's just not writing laws, but understanding how to write these security systems. And we have to recognize how much of our code is now written outside the United States. And I think we have to have a project between the Department of Defense, the National Science Foundation and the National Security Agency to really figure out a way to literally scan all the code we now rely on, because we don't know how many various back doors have been built in, because you are talking about millions of lines of code that routinely now enter the U.S. system from overseas. Mr. Simpson. May I say, too, sir, and to the panel, who knows more about the loss of privacy than all of us? You? Me? All of us who are in public life have none--and maybe that's all right. It's all right with me. I laid it out there, all the peccadillos and all the goofy things I ever did. But there is no privacy for a public figure. So I think it is very important to realize that as we do these things, the media loses a lot of sleep about us because when we get active, they go into everything we've ever done: first grade, high school, college, the whole works, and we get the whole load. When you come back to them and say, aren't you intruding on our privacy? And they say, well, you are public figures, and we are not. I say, more guys know you on that tube than know us--all of us in Congress, so don't give me that. I think we ought to know a little bit about your private life. It's a sick idea, I know. It's about the first amendment. It belongs to me, too. We are the ones that suffered the slings and arrows. And I am ready to do that at any time, in fact, in anything, anything--and the woman I have been living with for 47 years is sitting back here--in anything they couldn't dig up on Al Simpson, but let me tell you, they sure as hell tried. Mr. McCollum. I would like to make a distinction, Mr. Miller. You asked about privacy, and I think what is a person's reasonable expectation, what are the Constitutional protections for that, and there are some. And we live in a different age when it comes to the computer, but we need to divide up what people should reasonably expect in the way of privacy, with respect to privacy and their government intrusion into that, and what they can reasonably expect when they go out and take certain steps on their own in the world of business and with data that they freely yield to someone. Two different things. The privacy that is protected in the Constitution clearly is there when it comes to the government coming into your house, not just from a criminal law standpoint, but an unreasonable search and seizure or eavesdropping or whatever, and we have all kinds of checks on that, and they should always exist. When it comes to the computer, when you use the computer, you need to be aware you are opening up whatever you put in there for other people to look at. And we can talk about trying to restrict that all we want, and it is very difficult to do. On the other hand, when you give up data to a bank, which is where we first met the privacy issue in the last Congress and it created a lot of hullabaloo, I don't think people were even thinking about the privacy question so much there, but the reality is prior to the enactment of the big bank bill last Congress, banks could share data they had with anybody. There were no restrictions, and we put the first restrictions--Congress did in the law. And those restrictions said that since we allowed the merger of the operations of banks and security companies and insurance companies, that if you were in the same holding company, you know, the same group, within that group, financial information that you as a citizen gave to that bank could be shared. But if they wanted to go out and give that information out to somebody that wasn't a party to their company, to their holding company, they had to seek your permission. And those are the kinds of things we need to think about at each stage. You give up your rights when you go and do a certain business transaction, but you should be informed what you are giving up. And before information that is given by you to a business or third party is given away to somebody else, you should have a right to say yes or no. But absolutely you should have a reasonable expectation that the government won't intrude your privacy. That is sort of the broad guidelines. It is a huge subject, but that is the guideline. Mr. Horn. Thank the gentleman, and now 5 minutes for the gentlelady from New York Mrs. Maloney. Mrs. Maloney. Thank you, Mr. Chairman. Speaker Gingrich, you mentioned that you are not supportive of a national ID card, but you support a more sufficient transfer of information. Since all of the known terrorists were visitors with visas here either legally or illegally, it appears that a good place to start would be with a more thorough tamper-proof green-card; would you agree? Mr. Gingrich. I did say earlier that I drew a very sharp distinction between the need for a national system for non- citizens, which I think should be administered by the Federal Government, run across the whole system; should have a clear identifier that is biometric; and should have a data base that can be accessed by a variety of agencies. And that should be a condition of being here. I also said, and I think you get real controversy about this, but I think we are much better to go to some kind of guest worker program and accept the legality of people who are here for the purpose of working and get them identified. I think when you have a pool of--I think the numbers are 3 to 5 to 7 million people who are illegally here, but are here to do legal things--they are not here to be drug dealers or terrorists, that pool of people who are outside the system causes, I think, a real challenge for security purposes. So I think it would be much healthier to have an identifiable guest worker program and simply have a requirement that everybody who is a non-citizen have some kind of an identifier and a sophisticated greencard with a central data base. That should be national. And my guess is overwhelmingly the American people would support that. I am also suggesting if you come here as a visitor as part of the transit point, then we ought to have some biometric, an iris or retina scan, so we can determine whether or not you are a person who is a threat to the United States at a point of entry, even for visitors who are here on business or here for tourist purposes. And my guess is that most people on the planet--people who come for business or vacation want to be safe, and they want a safe system, and as long as it is not too intrusive, I think they would be very accepting of that kind of safety. Mrs. Maloney. Building on that base of a non-citizen data base that is national, who should maintain this data base? Where would you put it in government? Would you put it in the INS? Would you put it in the FBI? Would you put it in the new Homeland Security? Mr. Gingrich. I am going to yield to my two colleagues. I haven't thought about it where in the Federal Government you would house it. I would probably outsource a great deal of management of it, because I think it is very, very hard for the Federal Government to get first class---- Mrs. Maloney. It has to be maintained by the Federal Government. Mr. McCollum. It is the Immigration Service you are talking about. Mrs. Maloney. You say INS. Mr. Simpson. It was my experience, Congresswoman Maloney, I met some of the finest people in both parties who were Commissioners of the INS. It is an absolutely unwieldy agency. Doris Meissner did her best. There's nothing you can do with them. The regional people are tough. The district people, they are all--it has got to be done there. If you go ahead with the legislation that is being proposed, then it would be the INS, which would be logical, not Social Security. Mrs. Maloney. This is only for non-citizens. Mr. Simpson. Yes. And many non-citizens hold Social Security cards. Mrs. Maloney. I would also like to ask our panelists, who do you believe should have access to that data base, assuming it is in INS with oversight by---- Mr. Gingrich. For verification purposes, it is reasonable to ask people to prove who they are when they apply for a job if they are a non-citizen, and I think I would allow law enforcement people to have access to the proof that they are who they are. Beyond that basis, it would have to be carefully screened--law enforcement, Federal law enforcement basis. But I think if a highway patrolman pulls you over, and this is part of your proof of who you are, it ought to be reasonable for them to have at least the negative access that says, yes, this is a real person. Mrs. Maloney. The other panelists? Mr. McCollum. I think what--Newt Gingrich is very clear, but I want to amplify it, and that is the key to all of this in identification and certainly in the area of these aliens who are coming here is the proof that they are who are they are. That verification, that is, that the whole idea if you have a biometric and take your fingerprint and put it here, maybe that goes back to some data base where you corroborate and say, ``Hey, that is Joe,'' but I don't think the general public should have access to it. And I don't think that anybody but law enforcement for very specific purposes, probably Immigration Service and key law enforcement people, should have access to the full information, presumably the data on that alien about where they are born, how many times they have been married, that sort of thing. Mrs. Maloney. My time is up. Mr. Horn. I thank the woman from New York, and now the only librarian in the history of Congress, Major Owens, the gentleman from New York, 5 minutes for questioning. Mr. Owens. Thank you, Mr. Chairman. What this distinguished panel seems to agree, that the national identification card will not be a silver bullet. We can put the debate to rest once and for all and focus instead on another problem that I think most of them would agree we have, and that is the problem of monumental mismanagement in our agencies; you know, the kind of mismanagement which allows us to have a worldwide electronic surveillance system where we can pick up all kinds of information, but they didn't have enough Arab translators in the FBI and CIA to deal with the translation of vital information. I could not believe that when I heard it, you know. Right now we have a recent airplane crash in New York, and it appears that turbulence of a jet that took off just before is probably the cause of the accident that took place. If after all these years of flying and jets we don't know about turbulence and what it might do to an airplane, or, you know, the mismanagement is such that decisionmaking within these vital agencies like the CIA and FBI is off to the point where Aldrich Ames could sit there for 10 years on the payroll of the Soviet Union and Robert Hansen could be on the payroll of the Soviet Union for 14 years, maybe your prestige and influence could be put to work on a crusade to improve the management-- technology is excellent and way ahead of our capacity to use it, including INS computers always breaking down, and there is always a problem. If INS maybe had some of the budget of the CIA--$30 billion plus and trying to maintain enough staff-- maybe we could--I will conclude and you can comment--maybe such a crusade of people of your caliber would get to the heart of the matter and all these other things would fall into place. The companies that issue credit cards are very familiar with ways, and you can develop a foolproof card. Even if there's no foolproof card, there's a certain degree of fraud they put up with, but they are pretty much on top of that. And there are various ways of doing it, and some identification cards, consolidation would be very convenient for most of us. But the real problem, I think, is monumental mismanagement. I think the history of the fall of the American cyber- civilization might be written 1 day, and the cause will be human error. That is what we ought to address. Mr. McCollum. One of the greatest frustrations I had in the last couple of years in Congress was the fact--is that over the years I had been one of the those people who was beating up on the CIA and others to get more language speakers of Farsi and Pashto and all those languages that we're now seeing we don't have. And we kept pouring money at it, and they kept reporting to us, and they kept not getting the numbers and telling us they just weren't available. Mr. Owens. They had a lot of people who spoke Russian. A lot of good librarians work for the CIA. Mr. McCollum. But my point to you, and you know this because you served with me in a number of these capacities, is that you sit there, and you are only as good as the product or the effort of the person who is right in charge at the moment and the vision they have. And the vision in the case of some of these things, including the language issue you are talking about, had to be to go out and be creative and get that language more quickly in place. The same thing is true about the immigration stuff we're talking about here today. That is why we all hope that some of the ideas being batted here today will really be enacted and that Ziglar and others will go out and do it, and we won't be talking about it. Mr. Owens. We had a problem with Arab terrorism since the Beirut bombing when President Reagan was President. There have been Arabs--why after all these years don't they have translators who can translate documents from Arabs? Mr. Gingrich. Let me just say, in your 5 minutes, you put your finger on the heart of the American challenge in the sense that is what Senator Simpson said when he wished Tom Ridge luck as part of his Christmas present. And it goes to the core of whether we are a comfortable system or we're a serious system. The difference is a comfortable system accepts any innovation that doesn't require it to change. A serious system says, ``This is what has to happen.'' If you watch Jack Welch of General Electric--probably the best modern CEO--he said for GE to be successful it has to go and become X, and that means we are going to change in the following ways, and he drove the changes. There are three problems: rivalry, bureaucratism and acquiring new capabilities. Rivalry, the CIA doesn't want to share with the FBI, and the FBI doesn't want to share with anybody. I mean, it is an absurdity, and it should be a national scandal that the watch list didn't get through to Logan Airport after 42 days. The one that Senator Simpson mentioned, the Border Patrol and the Customs agents standing next to each other, have different computers. Now, that's just a level of deliberate bureaucratic turf-guarding that shouldn't be tolerable, and that should be shameful. Second, bureaucratism. I had my staff pull this up the other day. There are 51,000 Pashtuns in the United States. Now, if the Central Intelligence Agency can't find Pashtun speakers, they should assign someone to go to National Airport and wait for the taxis to come in. The idea that you couldn't hire a translator--you don't have to go through the process of vetting somebody to be an FBI agent or vetting them to be a CIA agent with secrets in order to have them as a translator. The notion that you couldn't find an Arab translator in the FBI is that it tells you how bureaucratic they were, how lacking in drive and seriousness, and how unwilling to confront reality. Third, I mentioned earlier before you got here--as a librarian, you will appreciate that I am pushing books. I mentioned Clayton Christenson's book on, the Innovator's Dilemma, because he really makes the key point. Really big breakthroughs tend to come in really small companies, just the nature of how breakthroughs occur. Government is peculiarly slow at finding those. Government procurement makes it almost guaranteed not to acquire the newest technologies. And so I think you put your finger on a profound challenge for the American Government. I wish President Bush well and Director Ridge well in trying to get this thing solved, but I think you have absolutely described the core problem of us becoming an effective country in the next decade. Mr. Simpson. May I say a word to my friend Major Owens, who I have enjoyed very much through the years? We have had some nice sessions together and traveled together. You are absolutely correct when you are talking about mismanagement, and then you are talking about the thing that all of us never do well when we are here, and it is called oversight hearings. We have an oversight hearing. We bring in an agency. They prepare for it. Oh, man, do they get ready for it. And then you beat them up. And everybody just beats their brains out from up on the panel. And they all say, don't worry, we recognize that. We are going to correct it. In fact, we are so thrilled that you see, too, this is a problem for us. So after pounding their brains in all day, and after them slip-sliding along like that old play, the Best Little Whorehouse in Texas, where the guy just slid all over the place, we don't do anything. I couldn't do anything. I had oversight hearings with the INS, and they told me the most magnificent things for 18 years, and nothing was ever done. It was with violin music in the background and tympany and bells. But it is oversight, and that is the tough one. Mr. Horn. I am going to give you one more question. And in his testimony--for the panel, too--Professor Turley will propose that a commission be established to study the feasibility of a national identification system. What do you think of that proposal? You have been on these commissions. Should they do it, whoever they are, Presidential and leadership in both Chambers, or have legislators go up to the trough and see what they can do? Mr. Simpson. I think that a national commission--I speak from experience. The Select Commission did two reports on legal and illegal immigration, by the chairman, Ted Hesburgh, and both of the commission reports were enacted into law--the essence of the legislation. So I do think it's good. I do think that it has to be--it has to be not called a national identifier. It should be called how to make more secure the systems of identification and work recognition in America, or something like that. If you use national ID, it's over. Mr. McCollum. I believe, as Senator Simpson does, that the commissions do form the nucleus and sometimes the initial impetus to get legislation enacted when you need to get a consensus together. And I share his concern. The whole idea of the national ID, as I described it in my statement to you, Mr. Chairman, is a nonstarter, and we don't want to talk about it. Not that we don't want to recognize that people could call something that, but I don't want a national ID with a national data base with Big Brother. But I do want to see improvements that a commission could recommend and make things more secure and an identification that really works in this country. Mr. Gingrich. Let me be a doubter for just a second. I'm not opposed to a commission, but I think we know an awful lot of what needs to happen. And the Congress, I think, could move expeditiously early next year on an awful lot of stuff particularly as it relates to non-citizens. We really know how much we have to improve that system, and I am not sure that we need to have more people tell us. I suspect if you had your staff go to the Library of Congress and pull up all the commissions on this topic in the last 20 years and simply print out the summary of recommendations, you'd be astonished how much already exists and how many smart people have already worked the issue. And I think it is important to move while the public is paying attention and cares about this topic, and that would be in the next session of Congress, not 3 years from now. Mr. McCollum. And by the way, I'd echo that. I think he's absolutely right about that point. Mr. Horn. Well, I thank you all for coming. I know when the three of you get together, it's going to be a lively session. So we wish you well. Thank you. We will go to the second panel now. Mr. Turley, Mr. Goodman, Ms. Corrigan--would you all stand, please, to be sworn. [Witnesses sworn.] Mr. Horn. Didn't see too many other assistants. So let us start, then, with Mr. Turley, Shapiro professor of public interest law at the George Washington Law School. Mr. Turley. STATEMENTS OF JONATHAN TURLEY, SHAPIRO PROFESSOR OF PUBLIC INTEREST LAW, THE GEORGE WASHINGTON UNIVERSITY LAW SCHOOL; ROY M. GOODMAN, CHAIRMAN, INVESTIGATIONS COMMITTEE, NEW YORK STATE SENATE; KATIE CORRIGAN, LEGISLATIVE COUNSEL ON PRIVACY, AMERICAN CIVIL LIBERTIES UNION; RUDI VEESTRAETEN, COUNSELOR AND CONSUL, EMBASSY OF BELGIUM; TIM HOECHST, SENIOR VICE PRESIDENT OF TECHNOLOGY, ORACLE CORP.; AND BEN SHNEIDERMAN, PROFESSOR, DEPARTMENT OF COMPUTER SCIENCE, UNIVERSITY OF MARYLAND, COLLEGE PARK, FELLOW, ASSOCIATION FOR COMPUTING MACHINERY Mr. Turley. Thank you very much, Mr. Chairman. First of all, let me express my thanks for appearing again before this subcommittee and also to appear before you, perhaps for my last time, as chairman of this subcommittee. We owe you a great debt, and your retirement is a real loss to this institution. I want to be one that thanks you for it. Mr. Horn. Remember you are under oath now. Mr. Turley. Obviously this is a subject where generally more heat than light is generated. And in a rare display of academic modesty, I will say that I will not resolve the questions surrounding this debate. I would, however, like to offer a Constitutional historical foundation perhaps to move the debate from what is often kinetic rhetoric to a more stable basis for discussion. It is certainly not enough to dismiss national identification systems as opposed to a card as unprecedented. The framers gave us a system that is--was certainly at the time--unique because it is the most nimble and versatile system in the world. As in nature, nations that fail to evolve are least likely to survive. The world is not static, and so our responses have to be as dynamic as the world around us. So this is a hearing that is looking at a question that is very much a question for our times. Whether you consider the national identification system to be a necessary security measure or Big Brother's little helper, we need to reach some type of consensus, and so it is an honor to offer my views on those lines. Now, today's debate is part of a long unbroken debate that has raged about the relationship between the government and the governed. We as Americans have a virtual hereditary suspicion of government. As Oliver Wendell Holmes said, ``The life of law has not been logic, it's been experience.'' And our experience with the government and systems of this kind has not been good. It has been long and painful. We have learned that government authority operates along the same principles as a gas in a closed space. As you expand that space, government authority will expand as well to the full extent of the expansion. And from Biblical times, and I have laid this out in my written testimony, through the Ottoman Empire and Henry VIII, nations have tried to create national registries not for oppressive reasons, but for necessary reasons, but those systems have, as we know, been used for great harm. Now, we also need to get away from a habit of talking a good game about national identification systems. We are very proud as Americans that we don't have human license plates. But the fact is we have a national identification system, it just happens to not be a very good one. We have allowed the Social Security number to mutate into a national identifier. That is ironic since, as I mention in my testimony, the Congress was quite clear that the Social Security number was not to be used as a source of identification. This Congress has repeatedly said that it should not be used and that it's opposed to a national identification. And so the question is why in my wallet do I have a driver's license, a smart university card, an athletic card and credit cards that are all based on my SSN? Why do I have two kids, one is 3 and one who is 1\1/2\, have their own cards? They're already being tracked. The human serialization that we fear is here in some respects, but the reason it is here and the reason we failed in our efforts to control the SSN is because the market had a need. It created a vacuum that, in the absence of congressional involvement, it filled that vacuum. The SSN was inevitable because the market needed it. I happen to have a great deal of problems with national identification systems. I tend to fear government, quite frankly. I tend to like the least of it as I possibly can have. But we also have to be concerned that if we do not act, that the market will act for us. We have to be concerned that if we remain passive, there will be efforts to fill that vacuum, and they are happening right now. At this moment, the heads of the Department of Motor Vehicles have already moved toward what's called a de facto national identification card. The airlines are working on a fast track card of their own that will effectively have a national footprint. Now, I don't know the heads of the Department of Motor Vehicles, quite frankly. Maybe I should. But I don't think they are the ones who should make this decision. I think you are the ones who should make this decision. And it is important for you, I believe, not to be repelled by the idea, to the extent, of being absent. I happen to believe, and I may disagree with our earlier panel, that we may want to discourage the development of those cards. We may want to try to exercise some degree of control as to what is happening in the country in terms of identifications, if nothing else, to avoid the creation of redundant systems where we suddenly have a whole bunch of cards that become barriers to travel. In the review of identification cards around the world, you have over 100 nations with different cards, but to use the term ``national identification system,'' let alone ``national identification card,'' is virtually meaningless. These systems are unbelievably diverse. Some of them are really better than our SSN system. Others are incredibly detailed and are attached to data banks and probably would make most Americans feel uneasy. But using the reference to Nazi Germany and to the abuses, I think, is a little bit overblown, but it is relevant. It is overblown in the sense that we have a Nation that has its own safeguards, Constitutional safeguards, cultural safeguards, that makes those types of abuses historical, but not contemporarily relevant. Many of our friends around the world like Belgium, France and Germany are great democracies, and yet they have these cards. So I think we need to look at this with the appropriate amount of passion, but also with an open mind. Now, the cards differ, of course, dramatically. Britain had a national identification system that was discontinued in the 1950's when they had a negative ruling by the lower Chief Justice. They are now considering a new card, and they range-- we can look at, for example, the Belgium identification card, which is one of the most developed of systems. And in Belgium, you are required to have a card at age 12, and then you are required to carry it by age 15. It is not an internal passport system in the most negative sense, but it is a potential barrier in the sense that when you go to an airport in Belgium, you do have to show the card. Obviously Belgium has not used that card for oppressive means. They have a large data base that the police have access to. Germany also requires the carrying of a card, and it has a great deal of information. It is incorporated into a data base which is accessed from multiple sources, like Belgium it is a stand-alone system. Other countries like, for example, for the Dutch, they have the SoFi number, which is a more developed system than our Social Security system. It is sort of a hybrid between these various options. And you can go through country to country to look at these options. As we move toward a national identification system, if we are going to move toward that, then we need to look at the Constitutional and legal parameters for that system, because we are all talking about so far a system more of authentication. It seems we are mainly talking about here--and the Members have already indicated they are interested in authenticating people--is to make sure they are the people that they say they are. So we have to distinguish between what we are trying to achieve. Are we trying to get a ready identification that is reliable for the cop on the beat so he can take a look, and the card has biometrics and other elements that make it hard to tamper with? If that is the case, the card can be largely contentless. It simply requires those biometric elements to be reliable as authentication. If we are talking about, as has been discussed in the past, a Smart Card attached to a data base, we are talking about far more significant issues in terms of Constitutional and legal questions. One of the most important Constitutional questions that has to be dealt with is the right of travel. The Supreme Court has said that the right of travel is virtually unconditional in the United States. And when we develop national identification systems, we have to be concerned not just in drift, but that those systems can create barriers to travel that will impinge upon that right. And I go into that in my testimony. We also have to be concerned about creating a national identification system that will fall into the trap of the Brady law. To some extent, any national identification system will require the integration of State and Federal systems. To the extent that we commandeer the State agencies, we are moving into a separate area where Constitutional concerns would be heightened. And finally, privacy protections, which I talk about in my testimony. What I would like to propose is that Congress consider--one thing that I think is clear, and clarity in this matter is truly valuable. It should not necessarily be clear how we should proceed, but it should be clear how we should not proceed. We need to look at the SSN experience and not repeat it. That's not how we do national policy. We allowed the SSN to be propelled into a national identifier without any vote of this body. There were a couple of laws in which Congress embraced the SSN. Franklin Delano Roosevelt wanted to use the SSN, but for the most part this has been done with little foresight and control. And as we see these de facto identification cards in the making, it seems that history is repeating itself. So that is the reason I recommended the creation of a Federal commission, and God knows this town does not require another commission. I have been on a Federal advisory group. I was on it for 3 years, and at the end I wanted to take a ball-peen-hammer to my head. They are frustrating. There's too many of them, but, unfortunately, I think this is an area that deserves a commission unlike the ones we have seen in the past. Newt Gingrich is right. We have had commissions in this area, but none have been given the specific task of looking at whether we are going to have a national identification system. Whether or not we act or not, that is important. We need to have a commission that looks at the question of whether there is inevitability. Whether in this information age we are going to have this Cosean problem where the market is going to dictate those conditions unless you do something. So we have to deal with reality, and if that reality is that businesses and agencies need a national identifier, I would rather have you involved in it than the hidden hand of a market which may take us away from privacy. The commission can look at some questions I've laid out in my testimony. The first one is what the function, utility of a national identification card is. I have already mentioned that, but there are vast differences, and when you look at what people have said about national identification systems, they are as different as you can possibly be. Some of them talk about massive data bases, and some of them talk about immediate authentication. I don't know which one we need, but we need to look at that before we do anything. Second, we have to look at the utility of the system. Part of the problem with a national identification card is that you can have a sleeper agent from Al Qaeda or an espionage agent. In the United States, one of the most effective ways to penetrate a nation is to have a sleeper, and he or she comes into the country. She has a wonderful life, is a wonderful neighbor, goes to PTA meetings, and then about 9 years down the road, Al Qaeda activates her. She's got a wallet for every possible card from the PTA to a fasttrack card to a national identification card. Finally, we need also--second, we need to look at what technology is to be used for the system. We have everything from iris recognition to DNA fingerprinting to facial recognition systems. We need to look at those technologies. If we are going to embrace the technology, embrace one that is going to be good 10 years from now, that is going to be accurate and reliable. We need to look at the system of hacking, because if this is going to be a system like Belgium's where you need to get it on a plane, then, frankly, it is dangerous to have the usual Government error rate with data bank and data bases. Finally, we need to look at what type of protections we need to put in place. As you know, the Census Bureau information is supposed to be private, but it was used to round up Japanese Americans. We know information from States have been sold to private companies. And then finally, I have suggested that we consider the need for a Constitutional amendment. I have never supported a Constitutional amendment until this year, but there is a trend that needs to be arrested, and that trend is the diminishment of privacy. It's chilling to hear a person like Simpson, who I have a huge amount of respect for, saying privacy is dead, because if privacy is dead, we have allowed something that is uniquely American to die with it. So in conclusion, the test for the moment is to try to protect our society without changing it in the way that we lose the object of our defense. The Framers never said it would be an easy road, they simply said it was the only road for a free people. And so I suppose the charge of the Framers is this: How to keep us safe from harm, but to pass along our system to the next generation in the condition it was passed to us. I think that is a subject that deserves some thought and circumspection. I thank you very much for your time today. Mr. Horn. We thank you very much for your presentation. [The prepared statement of Mr. Turley follows:] [GRAPHIC] [TIFF OMITTED] 82171.030 [GRAPHIC] [TIFF OMITTED] 82171.031 [GRAPHIC] [TIFF OMITTED] 82171.032 [GRAPHIC] [TIFF OMITTED] 82171.033 [GRAPHIC] [TIFF OMITTED] 82171.034 [GRAPHIC] [TIFF OMITTED] 82171.035 [GRAPHIC] [TIFF OMITTED] 82171.036 [GRAPHIC] [TIFF OMITTED] 82171.037 [GRAPHIC] [TIFF OMITTED] 82171.038 [GRAPHIC] [TIFF OMITTED] 82171.039 [GRAPHIC] [TIFF OMITTED] 82171.040 [GRAPHIC] [TIFF OMITTED] 82171.041 [GRAPHIC] [TIFF OMITTED] 82171.042 [GRAPHIC] [TIFF OMITTED] 82171.043 [GRAPHIC] [TIFF OMITTED] 82171.044 [GRAPHIC] [TIFF OMITTED] 82171.045 [GRAPHIC] [TIFF OMITTED] 82171.046 [GRAPHIC] [TIFF OMITTED] 82171.047 [GRAPHIC] [TIFF OMITTED] 82171.048 [GRAPHIC] [TIFF OMITTED] 82171.049 [GRAPHIC] [TIFF OMITTED] 82171.050 [GRAPHIC] [TIFF OMITTED] 82171.051 [GRAPHIC] [TIFF OMITTED] 82171.052 [GRAPHIC] [TIFF OMITTED] 82171.053 [GRAPHIC] [TIFF OMITTED] 82171.054 [GRAPHIC] [TIFF OMITTED] 82171.055 [GRAPHIC] [TIFF OMITTED] 82171.056 [GRAPHIC] [TIFF OMITTED] 82171.057 [GRAPHIC] [TIFF OMITTED] 82171.058 [GRAPHIC] [TIFF OMITTED] 82171.059 [GRAPHIC] [TIFF OMITTED] 82171.060 [GRAPHIC] [TIFF OMITTED] 82171.061 [GRAPHIC] [TIFF OMITTED] 82171.062 [GRAPHIC] [TIFF OMITTED] 82171.063 [GRAPHIC] [TIFF OMITTED] 82171.064 [GRAPHIC] [TIFF OMITTED] 82171.065 [GRAPHIC] [TIFF OMITTED] 82171.066 Mr. Horn. I have had the opportunity last night to read all of them. And we will first get all the presentations in, and the Members will have a question and answer with you and dialog. Now, my next witness here, we deeply are euphoric, Roy M. Goodman, State senator from New York. You joined us on such short notice. We thank you very much. You flew down here from New York this morning after our invitation yesterday afternoon. So you get things done very fast. And I look at this background. Any legislator that has 1,200 of his bills become law, that is impressive. So we are lucky around here if we can get five to be presented. And we thank you, because you are also in the same business we are, as chairman of the Senate committee on investigations, taxation and government operations. And looks like you have had a lot of fun. So, thanks for coming. Mr. Goodman. Mr. Chairman, thank you very much indeed for that warm welcome. I am grateful to you and the members of the committee for an opportunity to appear before you today, albeit on relatively short notice. I would like to make at the outset a comment of warm salute to my former colleague in the State Senate in New York, Major Owens, one of our more esteemed Members who has risen to the heights of the U.S. Congress. Major, I can see just from the height of the ceiling in this room that we have pygmy proportions compared to the stature which all of you possess. And I am very proud to know you. And also Mrs. Maloney, who happens to be my own Congresswoman, and I very much hope that she will be around in a few moments so I can salute her personally. A much esteemed and good friend, although on the other side of the aisle I must confess. May I say, Mr. Chairman, that once upon a time on the matter of personal identity, there was a gentleman who entered his men's club, an elderly chap with mutton-chop whiskers, typical of an old Peter Arnaud personality, and he sunk into a deep chair and rang a little bell next to it on the table by which he hoped to summon the club steward so he could order his usual martini. Nothing happened. And he rang the bell again. And finally after ringing it four times, he was outraged, and someone came by and he said, ``Great God, man, do you know who I am?'' And he spoke to one of the employees in the club. And the chap looked at him and said, ``No, sir, I don't, but if you'll go down, I'm sure the gentleman at the front desk will be able to tell you.'' So this was an indication of an identity crisis that occurred under slightly different circumstances. May I say, sir, that on a much more serious note, unfortunately, I appear before you at a moment when the Nation is plunged into a war which it did not seek and which was visited upon us in a most astonishing fashion on September 11th. The trauma of that is simply indescribable. I might just tell you that on my first trip down to Ground Zero, I had a chat with the fire commissioner, who was describing some of his experiences on that particular day. Let me say, that he said a chap came up to one of his fireman and said, ``I have a helmet here, sir.'' And he said, ``Why are you bothering me with that? We're trying to save lives.'' He said, ``The reason I'm bothering you with that is there is a human head in the helmet.'' Alas, the gentleman had been decapitated. And this is one of the horrific, horrendous things that occurred on that day. And needless to say this is something which has embedded itself in all of our minds most profoundly and with a sense of deep grief and outrage that we appear before you to discuss the problems relating to the identity card matter. And I have to tell you my whole view of it is heavily tainted by the fact that we are at war. I spent 3 years in the Navy during the Korean War and wore about my neck at that time an ID tag with a thumbprint engraved upon it, so that the idea of having a fingerprint identification is certainly nothing new. My officer's identification card had a full set of prints on it. Military service is fully familiar with it. I thought it would be useful just to take a moment to review with you the contents of my own wallet in regard to cards. I confess I haven't thought to do this until I sat down here this afternoon, but I notice that I have a few of them. And just to give you some idea to the extent to which privacy is invaded, let me give you a quick inventory of my cards. I will make it very brief. On top is a picture card identifying me as a New York State Senator; driver's license, which also has a picture of me upon it; my Citibank Visa card, which has a picture on it; my MTA, that is to say Metropolitan Transit Authority subway card, which has my picture on it; a Sam's Club card, Sam's Club being a retail establishment where I have credit, which has my picture on it. And we go through a series of others, American Express, New York Society of Securities Analysts, my Medicare card, my New York Public Library card, my Wyoming Public Library card where I go in the summertime, my Barnes and Noble credit card, my New York government employee benefit card, my Automobile Club of America card, my Metropolitan Museum identification card, my Whitney Museum card and my Museum of Modern Art card. Those are just a few of the things I carry with me to be sure that I am at all times able to identify myself as I go about my daily routine. I think this gives you a little idea of the extent of the lack of privacy which we have. Even with the best of intentions, we are certainly photographed widely, and our data is on file in many different places. I am sure anyone in the room could produce a wallet with somewhat similar credentials and make the point that we are today certainly an identification card society on a very broad level. And may I say to you, sir, it had been my opportunity as chairman of the investigations committee in 1993 when the World Trade Center was bombed--you may recall that we had a dreadful incident in which there was a gigantic explosion--I went into that hole and found a tremendous crater five stories deep and three stories high and at that time felt it important to examine the matter of how we have achieved security in regard to the terrorist possibilities of future attack. And we prepared a report on that date stating that there were many vulnerabilities and thought it advisable to create a commission, which commission would have as its principal objective the eternal vigilance to try to prevent the recurrence of this type of terrorist attack. In so doing, I'm sorry to say that peoples' eyes quickly glazed over. And in our world as human beings, we fairly soon forgot that episode, and not until September 11th when we had this far graver problem arise with such unpredicted suddenness do we find ourselves in the position of having to once again reconsider this. And I did pull together a group of five former police commissioners, group from the FBI and Port Authority, police and a number of others to participate in an examination of potential terrorist targets and possible means of defending against them. That committee happened to have issued a report yesterday, which, if I haven't sent in advance to you, I won't attempt to touch on all aspects because it goes far beyond the subject of today's meeting. But let me say there are at least 50 different ways in which we should be tightening up the security in the State of New York to prevent future occurrences, that cover such things as commercial airline safety, private airline safety, which is a thing that has loopholes the size of the Lincoln tunnel. Anyone can go to a private airport, get on a plane, any size, and load it with any cargo without any inspection whatsoever, proceed to fly over the United Nations building and fly into it, and destroy it in a matter of seconds in much the same fashion that the World Trade Center was destroyed. And the same would apply to the Empire State and others of our magnificent buildings in New York. This indicates the extent to which in this wartime environment we have not really risen to the concept that we must gird our loins and prepare ourselves with emphatic dedication. I think, as Herbert Spencer said, ``It is only by iteration and reiteration that we impress an alien conception upon an unreceptive mind, and it is only by iteration and reiteration that we must remind ourselves we are at war, and war is a very grim business in which we have to suspend values which we normally might wish to feel a repugnancy to us in other contexts.'' I see my signal is to stop. Mr. Horn. Don't worry. Just keep going. Mr. Goodman. I will try to keep it as succinct as I can. Let me simply say to you that with regard to the matters of other emergency issues, we have looked at hospitals, we looked at the transit system and various matters relating to nuclear/ electric/gas supplies for the city of New York. There is a possibility that our power could be shut-off very simply by going to the point of convergence of electric lines. We want to emphasize the problems of biological and chemical warfare about which much has been, unfortunately, discussed in Washington in the wake of the anthrax scare and on and on. And let me say that I speak at the moment on behalf of my colleagues who are former police commissioners, as I said, including the new police commissioner designated by our new mayor. His name is Raymond Kelly, and he is an expert in the law, and indeed, I think, is a man of balanced judgment. It was the unanimous judgment of this group that there should be instituted a national identification card system. An open question is whether it should be voluntary or involuntary, and I am not prepared to give you any conclusion, and my own concerns at the moment are very great. As a civil libertarian of longstanding, I am very much concerned about the possibility that such a system could be misused. But let me just say that, we now have, as Mr. Ellison has pointed out, the means by which to create cards which can carry a tremendous amount of information and certainly establish beyond any reasonable doubt the identity of the individual holding the card. As you may be aware, in Israel, people seeking entrance to an airplane do not have to stand in long lines. They go to a kiosk and insert their card, insert the palm of their hand and stand in front of a camera, which does three things, I am told. One is to check whether the palm print coincides with the print on the electronic chip embedded on the card; to determine whether the facial characteristics are such to be that is the individual involved; and finally, to determine whether the retina of the eye, which is unique in every human being, can positively identify the individual. This tripartite identification concept is one which is now technologically feasible and is in effect in various countries around the world and has been used quite successfully, so that the question is not whether it can be done, nor is it necessarily the cost of doing it, because one could envision a system in which there are payments made as a service as we pay for easy pass cards in our cars going through the toll facilities in New York. So that I am simply here to say to you that the problem becomes one of the extent to which this could impinge on privacy. And I remind us all that the Supreme Court has stated unequivocally that there is clear protection in the law for privacy, but not for anonymity, and there's nothing about any Supreme Court dicta which I'm aware, and this point is fully emphasized by the distinguished civil libertarian lawyer Alan Dershowitz, who in a paper made it clear that in his judgment the time would come for the use of these cards. And I say to you, sir, it is my belief that in order to accomplish several objectives, the cards may serve a useful purpose, and I would like to quickly outline the objectives, and that will conclude my testimony. The principal purpose of the card would be to positively identify an individual to be certain that his identity has not been stolen. As you may know, identity theft is a matter that's now quite pervasive in our society. People's identities have been stolen, their bank cards have been lifted, they've been charged with purchases which they never made, telephone calls which they never placed and the like, so that there is a serious problem of finding a stable means of positive identification, which, as I've indicated, now exists. So that the question then becomes one of whether we are in a position to use the cards constructively. I would say to you that for the privilege of not having to wait 2 to 3 hours on an airline counter line, that might be worth a $25 payment for a lifetime, or 2 or 3-year subscription to a card. Similarly, I think it's quite clear that this would eliminate the need for profiling, an obnoxious thing based upon ethnicity, or the various other characteristics which have been used by police improperly to identify presumed suspects. By having a positive ID card, a man could walk in wearing all sorts of outlandish clothing, with a beard 3 feet long, and side burns and all the things which might normally be associated with someone who's an undesirable by virtue of easy thinking; and by simply presenting the card, he would exempt himself from the need of any special profiling-type examination. It strikes me that at this moment, because of the unique facial hirsuteness of the people with whom we are at war, that there is a problem; and as you recall, a Hindu was mistakenly taken for a Muslim and slaughtered early on, right after September 11th, which is the kind of tragedy we certainly wish to avert. An ID card would preclude that type of problem altogether, it's my judgment. Furthermore, there are various conveniences, if one wished, and wished to volunteer to have certain health aspects of one's existence on the card. If you dropped to the ground with a cardiac arrest and the card were in your possession, it could be put into a reader and quickly determine your condition of health and whether certain drugs that could or could not be administered to you; whether a defibrillator would be an appropriate thing to use in view of your heart rhythm pounding and the like, and this could be a very beneficial health aspect of the card system. So the point that I'm making is it's not simply an intrusion of privacy that's involved. There are various collateral benefits which should be weighed in a total consideration of whether these cards make sense. Mr. Chairman, let me just sum up by saying that it's a complex question, and because of my civil libertarian concerns I have thought long and hard about this. I do believe at this time that we have the sufficient sophistication and awareness of the types of problems that exist to formulate a decent judgment in the matter, and I would respectfully suggest to this committee to take a close look at least a volunteer use of such cards. I think at this time, in view of our war emergency, they've become very relevant in attempting to determine who is improperly in the United States at any given moment, tracking people who may be undesirable or have patterns of sabotage or-- or other behavior which needs to be properly overseen and tracked, and that without such cards it becomes exponentially much more difficult to accomplish this purpose. So with those thoughts in mind, I shall now subside with all due respect, and thank you very much for a chance to be heard. [The prepared statement of Mr. Goodman follows:] [GRAPHIC] [TIFF OMITTED] 82171.067 [GRAPHIC] [TIFF OMITTED] 82171.068 [GRAPHIC] [TIFF OMITTED] 82171.069 [GRAPHIC] [TIFF OMITTED] 82171.070 [GRAPHIC] [TIFF OMITTED] 82171.071 Mr. Horn. I think you mentioned earlier that you had some recommendations out of your committee and once you're done with it, if you could, we will have a spot in this to get the whole document. Mr. Goodman. I will be glad to do that, sir. Mr. Horn. Thank you very much. Mrs. Maloney. Can I have a personal privilege? I would---- Mr. Horn. He says he likes you now. Mrs. Maloney. Well, I would like to welcome---- Mr. Goodman. While you were out of the room, Congresswoman, I took the liberty of saluting you most warmly. Mrs. Maloney [continuing]. Over the years, and we welcome your testimony. You've always tackled the hard problems and come up with good answers, and we appreciate your distinguished input into this committee. Thank you for coming and it's good to see you. Mr. Goodman. Thank you very much. It's very good to see you, too. Mr. Horn. We now go to Katie Corrigan, who is the legislative counsel on the privacy issues for the Washington National Office of the American Civil Liberties Union, and she has quite a background in terms of health, education, labor, pensions matters, and we're glad to have you here. Ms. Corrigan. Thank you. Thank you, Mr. Chairman, and thank you members of the subcommittee. I appreciate the opportunity to testify before you on National ID proposals on behalf of the American Civil Liberties Union. The ACLU is a nationwide nonpartisan organization with nearly 300,000 members dedicated to protecting the individual liberties and freedoms guaranteed in the Constitution and the laws of the United States. Like all Americans, the ACLU supports efforts to ensure our security from terrorist threat but we remain convinced that we need not sacrifice our liberties to protect our safety. We believe a national ID system in any form should be rejected. First, ACLU believes that the threshold question is whether or not a security measure would be effective at protecting us from terrorist threat. Since the terrible events of September 11th, there have been numerous proposals to create a national ID system. The rationale is that we need to create a clear line between us--the innocent people--and them--the dangerous terrorists. Every one of us would like an ID card that would put us squarely on the right side of the line and exempt us from suspicion and heightened security when we board a plane or go to work. Unfortunately, none of the proposed ID systems would effectively sort out the good from the bad. An identity card is only as good as the information that establishes an individual's identity in the first place. It makes no sense to build a national ID system on a faulty foundation, particularly when possession of the ID card would give us a free pass to board a plane or avoid security checks at Federal buildings or other public places. No form of documentation is completely foolproof. The same people who are forging ID's today will forge them tomorrow. There are always ways to beat the system. Presumably an individual would obtain an identity card, using a document such as birth certificates or a driver's license. Anyone, including terrorists, could alter or obtain such documents. The Inspector General of Social Security testified last week that six of the hijackers obtained Social Security numbers through fraudulent means, and, as U.S. citizens, domestic terrorists like Timothy McVeigh would certainly qualify for an ID. Second, not only would a national ID create a false sense of security but it would be very, very expensive and divert resources from perhaps more effective counterterrorism measures. In 1998, the GAO reported that the Social Security Administration estimates no matter what material a card is made from or what type of technology, including biometrics, is used for security, issuing an enhanced card to all number holders using current procedures would cost a minimum of about $4 billion or more. And even with the offer from Oracle and Larry Ellison for free software, the processing costs alone of issuing new ID's to Americans are estimated to be 90 percent of that billion dollar expense. Third, in addition to huge costs, a National ID would require a massive identification bureaucracy to support it. Thousands of government employees would be required to develop, implement, maintain, the supporting computer infrastructure and technology standards for the ID cards. The SSA's $4 billion estimate didn't even consider the cost of updating the picture or other identifiers on the card over a person's lifetime, or periodically replacing the magnetic strip on the back, or the simple cost of having to replace lost or stolen ID's. When setting up any new bureaucracies, simple questions need answers. What would happen if an ID card is stolen? What proof of identity would be used to decide who gets a card? What would happen if you lose your ID? Anyone who has had to correct an inaccurate credit history will understand how hard it could be to correct an error that has found its way into a government data base. Error rates and government data bases already tend to be especially high, and we heard that from members of our first panel. Then what happens if you are misidentified or one of the thousands of victims of identity theft? Even with a biometric identifier on each and every ID, experts say there's no guarantee that individuals will be identified or misidentified in error. A technology expert at the University of Pennsylvania recently said biometrics are fallible. Fourth, an ID system violates basic American values including, our privacy, our quality, and our right simply to be left alone. Day-to-day individuals could be asked for ID when they are walking down the street, applying for a job or health insurance or entering a building. This type of intrusiveness would be joined with the full power of modern computer and data base technologies. How long before office buildings, doctors' offices, gas stations, highway tolls, subways, and buses incorporate the ID card into their security or payment systems? The result could be a Nation where citizens' movements inside our own country are monitored through what would equivalently be internal passports. The data base supporting such an ID system would be massive and contain all sorts of highly personal information. Thousands and thousands of government employees and even private industries could have access to it. The scope of information accessible through a centralized data base as opposed to the many different data bases that are attached to the cards that Senator Goodman pointed to would magnify the risks of privacy violations. One mistake by a government employee could result in disclosure of personal information that could follow you around the rest of your life. This past month, a State university accidentally posted the psychological records of 62 children on the Internet, names, addresses, along with intimate details such as ``a boy prone to anger outbursts, gender identity issues and bed wetting.'' Disclosures could come back to haunt children later in life when they're trying to find a job or get a security clearance. With an ID system, one accidental keyboard stroke could put a person's most sensitive information into public distribution. And finally, Mr. Chairman, some people have argued that ID cards would end racial profiling and other discriminatory practices. Unfortunately, we believe that cards would provide new opportunities for discrimination and harassment of people who are perceived as looking or sounding foreign. The 1986 requirement that employers verify the identity of potential employees and their eligibility to work in the United States has resulted in widespread discrimination against foreign-looking American workers, especially Asians and Hispanics. A national ID card would have the same effect on a broader scale. Latinos, Asians, African Americans, and other minorities would become subject to more and more status and identity checks. This would have a stigmatizing and humiliating effect and undermine our right to equal treatment. The national ID system in any form could be expensive, require a cumbersome bureaucracy, and violate some of our fundamental American values, and it simply wouldn't work to stop terrorism. The ACLU urges the Congress to reject proposals for a national ID system. And I would be happy to answer any questions at the appropriate time. Thank you. Mr. Horn. Delighted to have your presentation. [The prepared statement of Ms. Corrigan follows:] [GRAPHIC] [TIFF OMITTED] 82171.072 [GRAPHIC] [TIFF OMITTED] 82171.073 [GRAPHIC] [TIFF OMITTED] 82171.074 [GRAPHIC] [TIFF OMITTED] 82171.075 [GRAPHIC] [TIFF OMITTED] 82171.076 [GRAPHIC] [TIFF OMITTED] 82171.077 [GRAPHIC] [TIFF OMITTED] 82171.078 [GRAPHIC] [TIFF OMITTED] 82171.079 [GRAPHIC] [TIFF OMITTED] 82171.080 [GRAPHIC] [TIFF OMITTED] 82171.081 [GRAPHIC] [TIFF OMITTED] 82171.082 Mr. Horn. And we now move to Rudi Veestraeten, the Counselor and Consul at the Embassy of Belgium, and he's been in their Foreign Affairs Ministry in their home city, and he's had quite a career for his own country, and we're thanking you for telling us how that works. Mr. Veestraeten. Thank you, Mr. Chairman. Thank you, members of the subcommittee. It's an honor to be invited here today. I'll try to give some comments. A document which was distributed contains the basics about the system in Belgium. First of all, Belgium is--for those who doubt, is a democracy. It's a democratic country. We have a longstanding record of democracy and, specifically, we have a very longstanding record of registering people and issuing ID cards. We actually started issuing ID cards in 1919. We started registering people locally in towns and in cities in 1856. That is an existing system in Belgium. I think when we talk about ID cards, when we talk about registration, there are--and we talk about the events of September 11th and other threats in the society today, there are in fact three elements which are often mixed: First, there is the ID card as such. The ID card is just a document which allows somebody to identify who he is; 100 years ago, 50 years ago, people might still just know you or know who you are. Even today people in my village in Belgium, they know who I am. My neighbors here in McLean know who I am. But when I drive around in a car, people do not know anymore. The card is just a means to prove who you are, that you are who you say you are. That is the card. And then the second element in this discussion, the data base issue. We also have a quite sophisticated system in Belgium with a centralized data base which contains a limited amount of information you can find out in the documentation. The data base is a very powerful tool to quickly find more. If somebody shows up and has an identity card, you can then as a police officer, as a public servant, depending on what your duties are, you can find out about that person, what his background is. This data is not contained in the cards, not written on the cards, but there is a whole data base behind the card, a system where more information is available if needed, to those who need it. And then there is the whole issue of security, and I'm not going to talk about that. Of course, the fact of having a card, having a passport, having a travel document, having a driver's license, does not allow any police officers to determine whether a person is a terrorist or a genuine person. That's not the purpose of the cards, let's not mistake this. The purpose of the card is only to identify that this person does have this first name and that last name, and is probably registered at a particular address. That's a very important distinction to make, I think. If we discuss abuse of the cards, I mean the threats of having a card in a country like Belgium, the threat of having this system where everybody needs to carry the cards, well, in fact, you can say the same--this dates back from the German occupation. We were occupied by the Germans twice, in 1418 and in 1940-1945. We have been fighting the German system, the Nazism, the fascists in 1940-1945, and we are proud to have done that. I think we have a longstanding record of fighting authoritarian mechanisms, authoritarian regimes, and we are very proud of that. Now, the Germans, when they have occupied Belgium, they used police, they used military police, they used an army to occupy our country and to take away all our civil liberties. Now, this does not mean that we have decided after we are freed from the German occupation to abolish police, to do away with an army, to do away with military police. That's not to the point. What we should try to do is to keep steady democratic control over what police do in our country, keep steady democratic control about what the army is doing, what the army can do, what powers the army can be given. And that is the sense of the--it's not about having a police which can, of course, abuse its force; it's about control of the police. The same goes, in our view in Belgium, for the cards. It's not about the cards. It's about how you use the cards, what you allow people to do with the cards, what you control and so on. That is the essence of the debate in our country where it was taken. Now, if we want to see what the card means in our system today, what do we use it for, I think the best way to--and for the 2 minutes I have left, to explain--that is, to see, to imagine from my viewpoint, for me to imagine my country without the identity cards, what would be the difference if you would take away the identity cards in Belgium. I think, first of all, we would do what is the case in many other countries. We would probably see other documents being used instead of an identity card. This might be drivers' licenses, this might be Social Security cards. We have those cards in Belgium as well. The problem there--and that is why we have introduced the card in the first place. The problem is that those other cards contain data which are not meant to be communicated to other people. I mean, on a driver's license, there can be data which are not meant to be communicated to a bank employee. It can be medical data, like vision. It can be--it can appear to be not very important, but the vision is mentioned on the driver's license. The same goes for the handicapped, in some cases. I mean, drivers' licenses are meant for other purposes other than identification, and therefore contain other information which are not meant for public distribution and not meant for the bank employee. The same goes for security. The other cards, Social Security card here and in Belgium, those cards are not meant for identification purposes and so do not contain the proper security features which would be required for an identity card, which is a different issue. A passport is an identity, a travel document, so it's more similar to the identity cards. And then there is also the fact that some people might not have a particular type of card. They might not have a driver's license. I have colleagues, diplomats, who do not drive their own cars. They do not have a driver's license. So what do you do with those people if you would--in Belgium, if you would generalize the driver's license to be used instead of an identity? You would then have to find a system where you would issue driver's license with no rights to drive a car, for identification purposes, which is not really what it's about. So that is one thing. We have a feeling in Belgium that the inappropriate use of other identifiers affects the highly sensitive civil liberties issue, because you'd be abusing other cards and information contained in those cards in other systems; abuse of this information for just mere qualification and identification. What would also disappear if you would take away this card--and this is probably typical for Belgium and not for a country like the United States--is that it's very convenient for people. We can travel in Europe with the ID. We do not need passports to travel in Europe to countries like Turkey or other neighboring countries. We have agreements there. So if we would abolish the card in Belgium, many more people would need passports, and this would increase the costs, as well, for those people as for the administration to issue all these extra passports. In the case of police checks, if something happens and people are stopped in the street, in the car or whatever, the fact that we have the identity cards and a very efficient data base does save a lot of time. People can be released after only 2 minutes, just checking if this person is really who he is. So it's also a method there, in our view of civil liberty, that we can release people immediately if there is no need to keep them. We do not need to take them to the office, to the police office. Another very convenient use of the card is the case of unfortunate accidents. When there is an accident with a person on a bicycle and he carries his card, it's very easy to identify him, to warn his family members. So it's also in the advantage of the citizens of Belgium that the card exists. And then alternatively, we also quite generally use identity cards to fight credit card fraud in Belgium. In many shops when you would want to pay with a credit card, you would want to need to show your identity card and--the way you would show your driver's license. Thank you. Mr. Horn. Thank you very much. [The prepared statement of Mr. Veestraeten follows:] [GRAPHIC] [TIFF OMITTED] 82171.083 [GRAPHIC] [TIFF OMITTED] 82171.084 [GRAPHIC] [TIFF OMITTED] 82171.085 [GRAPHIC] [TIFF OMITTED] 82171.086 [GRAPHIC] [TIFF OMITTED] 82171.087 [GRAPHIC] [TIFF OMITTED] 82171.088 [GRAPHIC] [TIFF OMITTED] 82171.089 Mr. Horn. We're going to recess now because we have to get through the testimony, and I want to give them full rein, Mr. Hoechst, Mr. Shneiderman. So we're in recess until 12:45; in other words, quarter of 1. We have a motion on the floor to recommit with instructions and a passage situation. So we're in recess until 12:45. [Recess.] Mr. Horn. The subcommittee will be in order and the recess is adjourned, and we will start with Mr. Veestraeten, who might not have been completely finished; so you're certainly welcome if you want to give a few sentences. Mr. Veestraeten. Yes, sir, I was finished. Thank you so much. Mr. Horn. OK. We will then move to Mr. Hoechst, senior vice president of technology, the Oracle Corp. Thank you for coming. Mr. Hoechst. Thank you, Mr. Chairman, Representative Schakowsky, and members of the subcommittee. On behalf of Oracle, I would like to thank you for inviting me to participate in this discussion. I would also ask that my comments and written testimony be submitted to the record, along with an article written by our CEO, Larry Ellison---- Mr. Horn. Without objection, that will be in. Mr. Hoechst. Thank you. The reason I ask to do that in particular is the article in its original form makes arguments about this issue that eventually were culled out during the endless number of editing processes that go on as the articles reach sound bites. And so I think many of the issues that are relevant to this discussion, which I'll address in my comments, were part of that original proposal as well. As we know, information is an incredibly powerful tool, and whether we're using it to make decisions in a boardroom or on a battlefield, whoever knows the most about their situation is the most well prepared to make competent decisions. And in the country today, whether we're in the government system or in the private sector we have countless data bases with all sorts of information being gathered as part of the everyday processes of modern life. And the challenges associated with providing broader access to this information is exactly what we've been working on for the last several years, but the reality is that knowledge which is culled from these data bases is not about the data itself, it's about the relationships that exist between data. And as was fairly thoroughly discussed, I think, in the prior panel, in our opinion the real challenge is not creating new data bases based on these various systems; it is coming up with a standard and secure a consistent means of establishing relationships between these data bases when it's relevant, sharing information across these organizations, whether they reside within a single agency or across agencies or even into the private sector. So when we talk about a national ID card, I really think what's important to remember is it's not about the card. The card may--we'll see in my comments in a few minutes--may have some interesting capabilities to make the process of securing our systems more convenient and more straightforward. But what we really want to focus on is the relationships between critical information systems. And in the example that was brought up earlier regarding what was sort of known about the people before September, the terrorists involved with the events of September 11th, before the fact versus after the fact point readily to this point. After September 11th the FBI was able to discover a great deal about the people that were part of this act. The challenge was not that data did not exist. We know the data existed, because we know they gathered it after the fact. The point was that we were unable to establish relationships between those pieces of information to make competent decisions. Now, we can make decisions after the fact, but this is the difference between investigation and prevention. And so if we are able to address the idea that through a common way of identifying people inside information systems and standards for sharing that information between systems is adopted, then we have a much greater opportunity of taking advantage of all the information that we're already collecting when it can still be used to make a difference. Now, if we think about the technical approaches with consolidating data bases in this fashion, there's lots of different things we can do. First is the idea of consolidation. We could start to bring together information systems from various organizations even inside agencies or, more importantly, across agencies, into huge monolithic government- managed data bases of everything we know about people. This is not only a poor idea, it's not possible. Whether it's technically possible aside, it's socially not possible. The inertia that exists in information systems and inside organizations, and overcoming the challenges of getting those organizations to roll up their information into systems that they don't control is really a task that would be very difficult to accomplish. Not to mention the fact that the government ought not to be in the business of building huge consolidated data bases of information about people. Instead, we could decide that it's more important to keep these information systems separate and let them do what it is they do today--and they are already, like we said, gathering all sorts of information--but create some standard ways for them to share that information with one another, and this could very reasonably be aided by a common identifier of people. So if we said between system A and between system B, whether that's immigration and FBI or an airliner, airline company and FBI, to validate that we're both talking about the same person--having standards for doing that could be very helpful in making that sort of communication more facile. There are also other approaches which are not full consolidation or full distribution and connectivity, and this comes in the flavor of what I call sort of consolidated indexes of information. So, for example, when a police officer pulls over a speeding motorist and wants to check for outstanding arrest warrants, does it make sense for that officer's system to check every local and State law enforcement agency in the country, in real time, to discover whether there are outstanding arrest warrants? Of course not. Maybe it would be prudent for us to have a national system that points to outstanding arrest warrants; again, the government not managing them, but the government providing a more convenient way of checking across systems that really do the same thing. And, in fact, the Department of Justice has implemented just such a system for that problem. So the reality is all sorts of these approaches, when we talk about the consolidation and sharing of information, will be part of the ultimate solution. We will have the opportunity to consolidate systems that currently are duplicating efforts. We'll have the opportunity to teach systems that don't communicate with one another to do just that. And we'll have the opportunity to create hybrids, assuming of course that we come up with some standard methods for doing that. The challenges in this fall into two buckets. First, the technical challenges. The real challenge with an identification system like this is not just relating to people and to information systems, it is associating a human being with a given identity. How do I determine that this person standing in front of me is the same person I'm talking about inside this information system or collection of information systems? And that identity comes through many of the ideas discussed today. It may be in the form of a card. It may be in the form of biometrics, creating a secure and consistent biometrically enabled identification card that anyone could use to establish, to authenticate identity would be very difficult. Not only difficult socially, but difficult technically. The state-of- the-art here is advancing, but it needs to advance further before we could turn such a system on in short-term. However, there is great opportunity for us to take incremental steps when attacking the technical challenges. First, in establishing standards for national identity, an identifier that uniquely identifies people and government, guidance that should be used when building information systems related to these issues could be done incrementally and systems could come on line as they choose to start to exploit such an identifier. We also talk about making the existing identification cards stronger rather than trying to establish a new one, and there I think that the driver's license is a good candidate for that because we've seen a lot of work already done there. And then finally, in introducing specific populations to this technology, rather than saying everyone has to participate, maybe we first focus just on critical jobs; people, for example, whose job requires that they are on the tarmac in an airport, or specific populations of people, be it non-citizens visiting the country, for example. From the technical perspective of a technology company and representative of that, I would like to suggest that with the competent use of existing technology, we can improve the security not only of identifying individuals but of establishing relationships between information systems that already exist today. On the social side it's not so clear. And as the debates have gone on today, the issues related with privacy and the whole idea that the government is getting into the gathering and establishing of large centralized data bases is an important debate. But honestly, I believe that it comes down to the difference between: Can we do something and should we do something? The ability to do this and strengthen security is there. The decision as to when this should be done falls in the hands of policymakers like yourselves. It's important to remember that a discussion of whether we should do that has to be built on top of the ability to say that we can do that and--but for that ``should'' particular part of the debate, I think it's most appropriate to leave it to policymakers to draw those lines of when such a system should be exploited. So, given that, I appreciate your time and your opportunity to let us comment in this debate. Thank you. Mr. Horn. Thank you. [The prepared statement of Mr. Hoechst follows:] [GRAPHIC] [TIFF OMITTED] 82171.090 [GRAPHIC] [TIFF OMITTED] 82171.091 [GRAPHIC] [TIFF OMITTED] 82171.092 [GRAPHIC] [TIFF OMITTED] 82171.093 [GRAPHIC] [TIFF OMITTED] 82171.094 [GRAPHIC] [TIFF OMITTED] 82171.095 [GRAPHIC] [TIFF OMITTED] 82171.096 Mr. Horn. And our last presenter is Dr. Ben Shneiderman, professor, Department of Computer Science, University of Maryland at College Park; and he is also here as a fellow, on behalf of the Association for Computing Machinery. Thanks for coming. Mr. Shneiderman. Thank you, Chairman Horn, for the opportunity to testify at this timely and important hearing. I want to commend you, Ranking Member Schakowsky, the subcommittee members and your staff, for turning Congress's attention to proposals for a national identity card system. You've given some of my introduction already, and I will say for further purposes that my statement represents the Association of Computing Machinery's Committee on U.S. Public Policy. The ACM is a nonprofit educational and scientific society of 75,000 computer scientists, educators, and other competing professionals from around the world, committed to the open interchange of information. In the 2 months since the deplorable acts of terror were perpetrated against America, a number of legislative measures and regulatory actions intended to ensure the safety and security of our citizens have been proposed. While most proposals have been well intentioned, some have been misguided in that they overlook the potential for unintended consequences or underestimate the technical challenges and risks inherent in their implementation. Recently, information technology vendors have suggested that a comprehensive national identity card system could be created and implemented in as little as 90 days. Implementing such a complex system is a challenging systems engineering matter. Such a rapid construction of an effective and novel socio-technical system would be unprecedented. A constructive alternative may be focused efforts that build on existing systems such as State motor vehicle passports and visas. And as the last speaker, I have the luxury of being able to resonate with the many thoughtful comments that have been made already. The first panel made very clear the strong political concerns about a national system, and this panel has gone through in good detail about some of the challenges in the technical development. A national ID system requires a complex integration of social and technical systems. That's what I'm going to stress here is that combination, including humans to enter and verify data, plus hardware and software networks to store and transmit. Such socio-technical systems are always vulnerable to error, breakdown, sabotage, and destruction by natural events for any people with malicious intentions. For this reason, the creation of a single system of identification could unintentionally result in degrading the overall safety and security of our Nation because of unrealistic trust in the efficacy of the technology. The National ID card itself is only the most visible component of a system that would require supporting bureaucracies and elaborate data bases that would have to operate in everyday situations; again, as said by several members of this panel. In particular, a national ID system requires an extensive data base of personal information of every citizen. Who would enter the data? Who would update it? Who would verify it? Who would determine when the data is no longer trustworthy? Who would review audit trails and approve access? If a new and centralized approach is technically problematic, as again has been stated by many, and politically unpalatable, which seems quite well accepted here, then how might we work to increase security? Constructive first steps would be to define goals and develop the metrics of success. Let me repeat that. Constructive first steps would be to define our goals in a narrowly focused way, and develop the metrics of success. If improved air travel safety is our goal, and it has wide public support, then we need to develop the techniques to achieve that goal, with modest impact on personal rights and privacy. A realistic goal would be to make verifications of passenger identity more reliable, while limiting delay, intrusion, and inconvenience to citizens. Improving State motor vehicle identification cards might be accomplished by coordination among the States to determine best practices for issuing, replacing, verifying, and monitoring usage. Such efforts might be coordinated by the National Association of State Chief Information Officers, as mentioned by Newt Gringrich, or by the National Governors Association. Common practices or even national standards might be arrived at through public discussion. Adequate public discussion of proposals is essential to gain acceptance and to improve their quality. A socio-technical systems approach would include quantification of weaknesses and vulnerabilities of data base security and network access based on existing systems. Then realistic solutions to dealing with problems such as lost cards and mistaken identifications would have to be developed and tested. Special cases such as tourists, professional visitors, foreign students would have to be addressed. Any complex social technical system such as identity verification requires well- trained personnel whose performance is monitored regularly. Effective hiring and screening practices, chances to upgrade their skills, and especially participation in the redesign of the system, are important contributors to success. Improvements for citizens could also lead to higher data reliability and system efficacy. Citizen confidence and data accuracy could be improved by system designs that provide greater transparency and greater openness, by allowing citizens themselves to inspect their contents and view a log of who uses their data. More constructive ideas could emerge by encouraging research by computer and information scientists in collaboration with social scientists. They would also be encouraged to build bridges with legal and policy groups so that their solutions are realistic and implementable. It's important that the Congress proceed cautiously on the issue of national identity card systems. They involve risks and a variety of practical organizational and technical challenges. Any effort to improve homeland security should begin with clear statements of goals and quantifiable metrics of success. Computer technology can do much, but it cannot see into the minds and hearts of people, nor can it replace the capability of vigilant citizens. Face-to-face security checks must be a vital component of airport and other security systems. On this point I also differ from Mr. Goodman's report about Ben-Gurion Airport, where it is not a biometric system, but it is repeated face-to-face encounters with security checkers who ask questions and are vigilant to the responses and the behavior of each person passing through that airport, as I did late in August of this year. Despite growing public and political pressures from perceived security enhancements, the risks and challenges associated with a national ID card system need to be identified and understood before attempting deployment. The problems cannot be solved overnight or in 90 days, as has been suggested, but constructive alternatives such as improving existing State motor vehicle registration and passports are promising possibilities that could bring benefits sooner than establishing an entirely new system. The emphasis must be on people first, then the technology. The Association for Computing Machinery and other leaders in the computing community are ready and willing to assist lawmakers in their efforts to enhance the safety and security of our Nation. Thank you for the opportunity to speak here. [The prepared statement of Mr. Shneiderman follows:] [GRAPHIC] [TIFF OMITTED] 82171.097 [GRAPHIC] [TIFF OMITTED] 82171.098 [GRAPHIC] [TIFF OMITTED] 82171.099 [GRAPHIC] [TIFF OMITTED] 82171.100 [GRAPHIC] [TIFF OMITTED] 82171.101 [GRAPHIC] [TIFF OMITTED] 82171.102 Mr. Horn. I have been very enlightened by your presentations. I had a chance to go through them all last night, except for the Senator, who just flew down here, and thank you again. I just ask all of you, would you object to a form of identification that contained only the person's name and confirmation that he or she is a U.S. citizen? How do you feel about that? That's getting down to essences. Mr. Shneiderman. I think the issue is not just the card-- again, the card is only the most visible form--but who issues the card, who certifies its correctness, and how it's handled. And my belief and my testimony suggests that strengthening existing systems such as State motor vehicle systems would be the most effective. We currently have accepted the practice of walking up for airline boarding to show a State motor vehicle card. I think that is the place of intervention where we could do most good to improve its efficacy. Simply creating a new card with whatever's on it I think will lead us down the wrong path. Mr. Horn. Any thoughts on this, Mr. Hoechst? Mr. Hoechst. Yeah. I would add that a card that just has a small amount of information, and really even perhaps less than you describe, which can only establish identity, is the only thing that's really feasibly possible to deploy practically. Any attempts to create cards that contain lots of information just opens the troublesome box of discussions about how that information is used. What's important is the information that will be used, once identity is established, is already managed by processes inside organizations, whether they're law enforcement organizations or commercial organizations. What the card only does is to help establish identity, authenticate that this person is this--represents this well-understood and standard identity. Mr. Horn. Mr. Veestraeten, how do you feel about that; get it down to the name, and are you a U.S. citizen or aren't you? Mr. Veestraeten. Yes, Mr. Chairman. That is exactly how it is organized in Belgium today. The cards only--I headed a company of--the only cards which I had at hand, which was my own, and with documentation which was disputed, and we only mentioned a limited number of data. This number is limited by law. So nobody can add any additional information. You will see on the back of the cards, there are two items mentioned, and this is on my explicit authorization. I had to sign the documents to approve those mentions. One is the name of my spouse, which I'm happy and proud to have there, and the other one is the number of the national register with this assembled data base, and I also approved in writing to have this item added to my card. If not, it would not have been there. So the only information we add is--we as a standard put on the card: name, first name, date and place of birth, address and nationality. And there is nothing else there. Mr. Horn. Ms. Corrigan. Ms. Corrigan. I think that in order to answer that question, the Privacy Act, which was enacted in the seventies, was rooted in a golden rule essentially, which is that information collected for one purpose should not be used for another purpose. And it's difficult to answer your question because information is rarely collected just to collect it. There's usually a reason that you want to have such a list. So, for example, a list of American citizens--and I think you yourself proposed something similar a few years ago--around a voter registry; you know, the difficulty there is, it was the same debate that came up around, No. 1, as Professor Scneiderman pointed out, you know, do we in fact have an accurate list that would reflect that? We do have a passport document when we leave the country, which establishes citizenship obviously? So there are documents that are shown to do that. Going back to my one of my original points is that to build any one of these data bases on a faulty system of documents is very problematic, particularly when it would deny you either a service or a right that you've got either under law or the Constitution. Mr. Horn. Senator Goodman. Mr. Goodman. I would like to reiterate once again the notion that in a wartime situation, you have criteria which I think differ materially from those in the halcyon days that we knew before September 11th. And in this instance, the purpose of the card would be to establish clearly and unequivocally the identity of the individual. But let me point out that at that stage of the game, we'd have linkages with various data bases which might ascertain the possible undesirability of that individual's behavior pattern which would require close tracking. For example, if someone enters the country in a situation where they're here to do mischief, which has all too often in the recent past proven to be the case, it's imperative that we have some means of tracking that individual. To have a society in which everyone can rattle around in a state of happy unanimity, when the assumption that the cool air of freedom must be the thing which we permit them to breathe continuously while we're at war, I think denies the exigencies of the war situation. Mr. Horn. Professor Turley. Mr. Turley. Well, I suppose I should be delighted with the opportunity to lie about my weight, but I don't think that this is an issue that will be solved by more cards. God knows, Senator Goodman's wallet couldn't hold another one. But I think my problem with it is simply that simply having a card issued on an expedited basis I think puts us on a track of where we've been. That is, there is a natural desire to rush into this room and put this fire out. But I think it needs more study than that, I think not just because of our traditions, but because we have decided on the technology, its use, its functions, it's appropriate functions. Any dangers of what's called authorized misuse, all those things we have to think about before we plunge into this. I do think that there is a basis, I say in my written testimony, issue a card relatively quickly for certain insular groups--those may be foreign nationals, they may be foreign students, but they would also be, for example, international truckers--that we do need a very fast system at our borders that's reliable; because we have a buildup at our borders that's going to get worse, particularly during times of crisis. We need to solve that right away and we can create a biometric card to try to do that. We may also want to use a card; for example, groups that handle material like anthrax. So you can have an immediate card issued. But what I think we should be careful not to do is to restrict it from drifting, not make it a national card. You focus on those areas we need one right away, and then study the issue of whether we need a national identifier. Mr. Shneiderman. Focus systems would be most effective and most prompt, I believe, in producing the benefits that we all seek. But whether it's airport personnel or truckers, we can go--and small groups can be approached and handled in a respectful way. Mr. Horn. I tried out on our first panel the idea of a commission, which was usually a Presidential commission, of picking the Chair, and then the Speaker of the House, and the Majority Leader of the Senate. And I'm inclined to put that into law and have my colleagues go with it. But what that does is delay things. On the other hand, what it does is try to build a consensus. So we had the Hesburgh one on immigration; we had Barbara Jordan as the Chair, and so forth. Now, we've been through this in terms of census material, where we wanted to put through a 5-year or so, and they blew it right out because they didn't want any part of it, and it became a jurisdictional argument. So I'd be interested in what your feeling is. Is it worth getting a commission that has those suggestions of the Speaker of the House and the Majority Leader of the Senate and the Minority Leaders of both houses and the President of the United States? So what do you think? Mr. Goodman. Mr. Chairman, let me respectfully suggest that it does seem to me that approach does take into account the concerns which we feel are increasingly evident, and I'm afraid if we are once again hit with another act of terrorism, which in my judgment is in all probability likely to occur sometime between now and Christmas, it's going to create the same reaction, only on an exacerbated basis, that we had after the World Trade Center and Pentagon episodes. And I must say to you that I think that it's extremely important that we move on with this fairly quickly and try to arrive at a conclusion. I would hope that some form of identification could be established promptly, so that we are protected to the extent possible against a recurrence of this type of an act. On the lighter side, I'm reminded of the couple at the Atlantic City Boardwalk: The gentleman got on the scale, put a quarter in, and one of those little tickets came out with his fortune on it. And his wife said, ``What does it say?'' And he said, ``It says that I'm a handsome, debonair fellow of extreme brilliance with the highest IQ in Atlantic City.'' And she said, ``Well, let me look at it.'' And she looked at it and she said, ``It got your weight wrong, too.'' So that we do have occasional confusions in these mechanical devices, but I think that we're at the point where that type of thing is not likely to occur with any frequency. Mr. Horn. Ms. Corrigan. Ms. Corrigan. Well, it sounds like the legislation does not have the ACLU chairing the commission, so it would be much easier for us to come out in support of that. Mr. Horn. Well, we don't know. You're here and---- Ms. Corrigan. Hey, I'm available. Mr. Horn. Yes, and there are minorities in both Chambers. Ms. Corrigan. I mean, I think the key is not whether there is a commission or whether it is staff on a committee developing a legislative proposal. I mean, the question is what's in it and is--you know, the ACLU would oppose an identification system either through the front door of calling it a national ID or through the back door of some other type of registry or integrated data base. Mr. Horn. Mr. Veestraeten, did Belgium ever have, say, a King's Commission or the Parliament, whatever, to get this moving? Mr. Veestraeten. No. This dates from long back in our country. So I don't know how it was discussed back in the beginning of the last century, but---- Mr. Horn. And the First World War and the Second World War. Mr. Veestraeten. The card was introduced after the First World War. Mr. Horn. Yes. Mr. Veestraeten. Yes. Mr. Shneiderman. I think they have 80 years of history of evolution to develop their approach which fits with their national values. And I think we've got a history of evolution, and I support the idea of a continued evolution to refine existing mechanisms. Mr. Horn. Mr. Hoechst. Mr. Hoechst. Mr. Chairman, I would suggest that your concern about a commission--about delaying things, especially with an ID card, that there is an opportunity missed that could be done in the short-term. And so what I would suggest for identification cards, then something that studies it in the form of a commission would be valuable as long as it were given guidance that--along some of the ideas that were proposed today, that it not just study it, but that it is practiced, maybe in prototypical form; giving identification cards to different populations to see how it works, rather than just study it. But I would also suggest that there is short-term activity that can happen, that I would hate to see a commission cause us not to focus on, and that is on these goals of information sharing, especially between critical information systems in the area of law enforcement and immigration and the like where we do not--the technologies exist. We know they work. We need to choose to use them, and we need to set clear guidelines about when it is appropriate to use them and legal to use them. Mr. Horn. Thank you. Dr. Shneiderman. Mr. Shneiderman. I repeat my desire for the evolutionary, but I think also focused action, as I say, as we heard here; maybe specific interventions between--for information sharing between FBI, CIA. If our concern is aircraft, you know, boarding aircraft, then that kind of sharing of information is a possibility on a very short-term basis. And then I think focused populations, such as international truck drivers or airport personnel who have access to secure areas, immediate improvements could be made. But, again, I want to restate it's not just building some technology. It's providing the human infrastructure that builds trust and support for this rather than antipathy. It must be demonstrated that any intervention has broad support, and especially of those who are most directly affected; that it's implemented in a way in which people feel that this does contribute positively, and therefore they are most cooperative with it and they will point out--they'll be vigilant in pointing out those who are potentially in violation. Mr. Horn. I thank you and yield at least 10 minutes to the ranking member. Ms. Schakowsky. Thank you, Mr. Chairman. I think this has been a really important and a very useful hearing. I thank all the panel members. These are questions that we are going to have to seriously consider. I want to first play a kind of devil's advocate and-- because my proclivity is to be--as those of you who have heard my opening statement--is to be very, very skeptical of the notion of a national identification card. But the point that Mr. Veestraeten said, which is that we use identity cards, and all of you--we do that when you go on an airplane, when you cash a check, all kinds of places where we are asked and required to produce some sort of identification. It seems to me if the technology is available to improve on those systems, maybe not perfectly, but to improve on those systems. Then he asked the question or at least made the statement that since we do that anyway, why not have a universal card, a national card. So, Dr. Shneiderman. Mr. Shneiderman. Again, I think the supportive participation from citizens is necessary. If they see this as a universal card collected by a Federal agency, I think the resentment may--and the doubt and the questions, the interference with privacy would be very much in their mind, so you'd have a poor participation and, I think, disruption. People would be concerned. Whereas, if they apply for their State motor vehicle license, where they recognize that the benefit is they're receiving a card which enables them to drive, that it possibly takes care of health problems should they have an accident, and that there may be other specified focused, clear benefits to it, they will cooperate, and that those who take the information will have a clear sense of purpose and work as best as they can to ensure that the quality of the data is high and that customer satisfaction is high and that participation is broad. And, again, when someone is attempting to forge or bypass the system, there's likely to be stronger citizen participation in stopping such interventions. I think we have the interesting examples of computer viruses. Why is it that the Lenox communities or the Mack communities have less of this. There's a warm sense of participation. There's an active sense of pride. It's close to them. And so I think if we follow those models and we want to bring, as in this country, we have a long history of bringing things closer to people by having the States be the closest point of connection for such activities, we will be building the right kind of system. And thinking about the social dynamics of why someone offers their information and why they might try to deceive and how they might help to prevent others from deceiving, that's where we will go to build the strongest possible system. So again a diversified system and again a focused one that deals with special communities. Ms. Corrigan. I think here, whether it's a State level document like the driver's license or a Social Security number or a newly issued type of identifier like the biometrics, I think we have to go back to the purpose for which we are gathering this information. And the way that this debate has been framed since the terrible events of September 11th has been a national identification card or some sort of national ID system that would protect us from acts of terrorism. And based on the arguments I already made in my testimony, we can't build such a system on a set of faulty documents. Many of those terrorists on September 11th had fake Social Security numbers. Actually all 19, according to the Inspector General last week, had such security numbers, some of them legally and some of them not. You can't establish motive or intent simply on the basis of knowing who someone is. It makes me nervous to think by having a traveler's ID or national ID card I could just pass through security unchecked without much more, and that to me doesn't create more security. In fact, it creates a false sense of security, too much dependence on technology. If we are talking about State or Federal level efforts, we have to go back to the basic question, is this even an effective security measure to begin with? Ms. Schakowsky. Anyone else burning to respond because I do have another question? Let me ask you this, is there a place for these incredible new technologies, biometrics, palm, all those things? I mean, should we be looking for ways to utilize them more effectively or do those lead into problem areas for us as well? Anyone? Mr. Hoechst. Mr. Hoechst. I would suggest there is a great many places for using them, but not necessarily should we have an expectation that tomorrow, we could use them to uniquely identify anyone who is on our soil, American or visiting. And that partly comes in limitations of the technology in its current state, but it partly comes just in the broad ability to adopt any such technology like that. However, there are opportunities to use them where they are very effective. And this comes in, for example, authenticating yourself to secured areas. Perhaps we'd say you need to identify that you have certified--you need to identify biometrically that you are allowed to enter secured areas in an airport or whatever. And for that sort of smaller focus identification, we know there are a subset of people that are allowed to do this and we are going to confirm that you are one of that subset. They work quite well. For the general case of just saying, ``Hey, I got a person here, let me look through all people to determine whether this person is this person,'' they are still immature in that phase, I think. Mr. Shneiderman. I want to confirm that on the technology side. These are promising technologies, but do not offer short- term hope for wide-scale dissemination. We've heard in the past voice recognition patterns and other technologies that might have been used, and these techniques are potentially interesting and they should be expanded and should be researched, but they are in the longer-term and should not be seen as a techno-fix in the short-term. Ms. Corrigan. Although we are not the technology experts that you've got at the end of the table, I think our mantra is not all biometrics are created equal and not all uses of biometrics are created equal. We supply the same tests to those measures that we would to a national identification card. In the security context, the ACLU came out in support of the use of strengthened identification cards for air employees that need access to secure areas, including the use of biometrics on those cards. The reason is that in those instances it's a limited and targeted use of the biometric, and also you're able to take the thumbprint or you're able to take the iris scan under very controlled conditions, which makes a difference in the effectiveness and error rates of biometric technology. Mr. Goodman. May I venture a comment? I'm not sure at the moment whether we realize the extent to which certain technologies are already in play. And in an attempt to achieve security, I would like to give you a couple of quick examples in this regard. As you may know, there is something called CAPS, which is an acronym for Computer Assisted Passenger Screening. This is a system under which information is obtained in the reservation process to screen out passengers who may require additional security checks. The airlines are fairly widespread in their use of such a system. Also manifests are at this time provided by airlines. A manifest is a list of the passengers on a flight which will be landing in due course at a given airport, and in that airport they receive an advanced copy of the list of the passengers on board to try to determine whether there is a possibility of either customs violations or immigration violations and the like. So already Big Brother, if you please, is watching very closely in certain instances to try to determine what's going on. In my judgment, these are both fully justified in the present circumstances of tension. And I would again repeat, in the context of a war situation, anything we can do to utilize current technology to assist us in making identification of high-risk individuals is helpful. Normally you would not wish to do that. And you'd say in a civil libertarian sense, ``Que sera sera,'' let it be and don't mess with this sort of thing. But I think it would be a great mistake when we know that we will probably be once again subject to a potential attack to allow ourselves to be in a solemn state to matters of this sort. Mr. Turley. Could I add something? Obviously, I suggested a commission because I think this deserves more study. And I think that it's not just a technological issue that needs more study, but we need to look at the efficiency and viability of the systems. And if you have a single unified card it has to be integrated very often with at least some level of data base that creates its own issues. But putting that aside, I just wanted to disagree with Senator Goodman in one sense. I happen to think we do need more security. But we have a long history of the government in times of crisis doing things that can only be described as moronic. And some of them are more than moronic, such as the internment of American citizens of Japanese origin. To simply say we are living in danger is not a justification for going boldly into these areas in the search for even a modicum increase in security. I think we have learned too much in terms of our history. So I agree with Senator Goodman. I know that he intends this in the best sense. But I don't agree that should be the reason or the time schedule for us to act. I don't even believe this is necessarily going to add security. I mean these hijackers on September 11th had wallets that were bursting with false IDs. Adding another one is not going to reassure me. I would rather be reassured for my sons that when they inherit this country and this system that it's going to be given to them in the same condition that it was given to me. And that's my greatest concern, because frankly the Taliban is today's flavor of threat, and tomorrow there's going to be another group of fanatics. But I am more concerned in how we respond to the threat than the threat itself at the moment. Mr. Goodman. May I remind us that had we taken a view that peoples' activities in the country are their own business unless they do something overtly wrong, that this possibly was what underlay the fact that we failed to realize that people are taking flying lessons, learning how to fly planes in midair, but neither to land them nor permit them to take off. And had we simply accumulated a little degree of intelligence data that indicated there were certain foreign nationals indulging in that type of flying lesson, it might have created a pattern of concern that would have possibly detected the advance notion of people plowing airplanes in tall buildings in our society. I use that as an example because it does seem to me that there was an earlier reference to an intelligence breakdown. The use of vigilant intelligence and the need for both the horizontal and vertical communication of intelligence agencies in the United States is an absolute imperative at this time, and it is rather regrettable that we have been informed that the FBI and CIA have not adequately communicated with one another and certainly not adequately communicated with local law enforcement to permit vigilance at a time when it could be. We want to practice preventive medicine. I don't want to wait until the next thing happens and say it's a pity it happened. Let's do something about it now. I would like to prevent it from occurring ever again, because anyone that lives in New York will be forever scarred by what's just happened, and that is why I am taking an intense view of these discussions at this moment. Ms. Schakowsky. Thank you to all of you. I want to comment on this important discussion that we have been having. I think the example of flying lessons conducted by a company that gave them--what turned out to be a terrorist is an example of ways in which our current infrastructure failed us and the ability to communicate information brokedown, and we certainly are all interested in making sure that we fill in the cracks and make a seamless flow of information to the extent that we can. But I have to say, Senator Goodman, that I, too, feel that particularly at this time when we're all in a state of reflection about what is most precious about the United States, what are the things that make us unique and are so worth protecting, that we must proceed very cautiously, perhaps even more cautiously than when things are just clicking along so smoothly, so that we don't make the kinds of overreaching mistakes that we did when we interned the Japanese. And I know that you are certainly not talking about that kind of activity, but I think it is somewhat of a slippery-slope in that we have to be very careful that we don't install permanent--one reason, for example, that I voted no on a bill that I thought had many good provisions, the bill, which I felt shouldn't have been called the Patriot Act, because I believe myself to be a patriot, but I voted no on that. So I think we have to be very, very careful as we proceed forward. And I think that this conversation today and all of the witnesses, both panels, contributed to the kind of thoughtful debate that we need to have, and I appreciate it very, very much. Mr. Horn. Well, I wanted particularly to appreciate what the ranking member did about the terrible breach of the Constitution with the Japanese Americans going into internments. I am proud to say my mother, who was director of welfare in her county, she opened up and said that is just wrong. And the only person I know of who was elected who was against that was Roosevelt and General DeWitt--just went ahead of everything, putting people in internment camps, even going with the Army to Peru, and so forth. But the only elected person was a very interesting gentleman named Harry Kane, the mayor of Tacoma, where many Japanese Americans were, and he later was a U.S. Senator and then President Eisenhower made him head of the Subversive, whatever board it was in those days, and he had the guts to stand it. And I had lunch with the Chief Justice Earl Warren just before he died, about 3 months before, and that was, he felt, the biggest mistake. And he was a wonderful man and very strong on civil liberties and--but one gets swept up in that and they do it. But it's wrong, and we don't want to see that happen again. So let me just ask one or two questions and we'll close it out. Mr. Hoechst, Mr. Ellison has offered to provide the data bases for free for Oracle. Does this include maintenance, technical support and upgrades? As long as you are in a Santa Claus mood, I just thought I'd---- Mr. Hoechst. I would not venture to be able to speak for him on what's intended there. I would like to describe the nature of the intent of that offer, which was to take advantage of the resources and the enthusiasm that commercial organizations like Oracle and others have to facilitate action. So Larry's comments, I believe, were to try and remove any roadblocks required to facilitate action toward building systems that can share information. And if what we can do is provide free software or free maintenance on software or free services that can help us in a tactical way to stimulate action rather than be roadblocks that cause processes to languish, then we will do that. Mr. Horn. I have one question for Ms. Corrigan. How would a consolidated identity system invade the privacy of individuals any more than the current systems, Social Security, driver's licenses, passports and--we have that now. Ms. Corrigan. Actually, we also have something called the Privacy Act, which is rooted in one basic principle, and that is information collected for one purpose. So whether it's by the Museum of Modern Art in New York or whether it's by the Social Security Administration, information collected for that purpose shouldn't be used for another purpose unless subject to one of the exceptions outlined in the law. And we at the ACLU are very concerned about the misuse of Social Security numbers and privacy violations that go on everyday. But one of the biggest protections of privacy is actually the decentralized nature of the data. It is one thing for my doctor to have access to my personal health information. It's another thing for law enforcement to have my arrest record. But it's a completely different thing for people to combine those pieces of information and come up and marry them so you can come up with a whole profile of my life. And as I mentioned before, one accident, you know, in the Federal Government unfortunately has been subject to either accidents in terms of security on the Web or unfortunately employees who are corrupt and sell or use and misuse that information, that, again, there's a difference when you have separate data bases versus the marrying of the information. Mr. Horn. I'll tell you, every hearing we have had on privacy, and that is we wanted to make sure and the Speaker mentioned it this morning, you make a felony out of it. We had one of our colleagues when I came into the Congress, her medical file had been put in the papers. And why? A disgruntled employee or whatever. And that's why people have to be very careful of any files in a doctor's office in particular. Mr. Shneiderman. I would like to speak to that issue. There's a long history of attention between centralized and decentralized systems and there are two issues. One is as Ms. Corrigan described. The centralized facilities allow a single point of attack, single point of destruction, a single point of violation and therefore the magnitude of the violation is greater. The capacity of the computer to amplify power to do good also amplifies the power to do evil. And therefore someone can search across a much larger data set in that way. But the other interesting point about the multiple or diversified, decentralized approach, actually it stimulates creative designs by having independent explorations and involves much more effective best practices if they are then shared and copied by the others, which is again why I encourage the collaboration by the way of the National association of State CIOs so that the best practices of each of the 50 States can then be repeated and disseminated widely. And that's truly one of the strengths of the decentralized approach. Mr. Horn. I am going to thank the staff now and then have a closing bit of where I think this is going. And the person on my left is J. Russell George, the staff director and chief counsel for the subcommittee. And Bonnie Heald in the back is the deputy staff director. Darin Chidsey is a professional staff member. Mark Johnson, clerk. Earl Pierce, professional staff member. Jim Holms, intern. And then for the ranking member here, David McMillen, professional staff member. And Jean Gosa, minority clerk. Our court reporters, Lori Chetakian and Nancy O'Rourke, and we thank you. The hearing was not intended to resolve the national identification issue, but merely to advance the debate in light of the September 11th attacks and the changed world in which we now live. Our witnesses provided a variety of perspectives and brought a great deal of expertise to the discussion. We are only beginning to explore this complicated issue. But one thing is certain, the September 11th attacks, as horrifying as they were, have brought out the best in America. One small but important example of the Nation's strength is the ability to conduct this calm, civil but vigorous discussion of whether America needs a national identification system and, if so, how to go about creating it. Ultimately we can trust the American people and their representatives to make the right decision. And with that, we are adjourned. [Whereupon, at 1:50 p.m., the subcommittee was adjourned.] [Additional information submitted for the hearing record follows:] [GRAPHIC] [TIFF OMITTED] 82171.103 [GRAPHIC] [TIFF OMITTED] 82171.104 [GRAPHIC] [TIFF OMITTED] 82171.105 [GRAPHIC] [TIFF OMITTED] 82171.106 [GRAPHIC] [TIFF OMITTED] 82171.107 [GRAPHIC] [TIFF OMITTED] 82171.108 [GRAPHIC] [TIFF OMITTED] 82171.109 [GRAPHIC] [TIFF OMITTED] 82171.110 [GRAPHIC] [TIFF OMITTED] 82171.111 [GRAPHIC] [TIFF OMITTED] 82171.112 [GRAPHIC] [TIFF OMITTED] 82171.113 [GRAPHIC] [TIFF OMITTED] 82171.114 [GRAPHIC] [TIFF OMITTED] 82171.115 [GRAPHIC] [TIFF OMITTED] 82171.116 [GRAPHIC] [TIFF OMITTED] 82171.117 [GRAPHIC] [TIFF OMITTED] 82171.118 [GRAPHIC] [TIFF OMITTED] 82171.119 [GRAPHIC] [TIFF OMITTED] 82171.120 [GRAPHIC] [TIFF OMITTED] 82171.121 [GRAPHIC] [TIFF OMITTED] 82171.122 [GRAPHIC] [TIFF OMITTED] 82171.123 [GRAPHIC] [TIFF OMITTED] 82171.124 [GRAPHIC] [TIFF OMITTED] 82171.125 [GRAPHIC] [TIFF OMITTED] 82171.126 -