Worker ID Card
- Senate to Hold Homeland Security Oversight Hearing: The Senate Judiciary Committee will hold an oversight hearing for the Department of Homeland Security. Secretary Jeh Johnson will testify. EPIC has objected to many of the agency's mass surveillance practices, including the secret profiling of American air travelers, the use of drones for aerial surveillance, the amassing of information on Americans into "fusion centers", and the collection of biometric identifiers. EPIC has also warned that the DHS Chief Privacy Officer has failed to safeguard privacy, a legal obligation for that office. According to the DHS, the number of privacy complaints increased in 2013. EPIC has several Freedom of Information Act case pending against the DHS. In an earlier case, EPIC determined the DHS was monitoring social media and news organizations for criticisms of the agency. Another EPIC case led to the removal of the x-ray backscatter devices from US airports. For more information, see EPIC v. DHS - Social Media Monitoring and EPIC v. DHS (Suspension of Body Scanner Program). (Jun. 10, 2014)
- Sen. Franken Questions Apple on iPhone Fingerprint Scanning: Senator Al Franken has raised questions about the privacy and security implications of the fingerprint reader on Apple's new iPhone 5S. "If someone hacks your password, you can change it—as many times as you want. You can't change your fingerprints," Senator Franken wrote. He also pressed Apple for additional details on the protection available to users against law enforcement access to biometric data. In Congressional testimony, EPIC has previously warned that biometric identifiers will "allow for greater data collection and tracking of individuals." For more information, see EPIC: Biometric Identifiers. (Sep. 21, 2013)
- EPIC Opposes DHS Biometric Collection: EPIC has submitted comments to the Department of Homeland Security, staunchly opposing the agency's border biometric collection, facilitated through the Office of Biometric Identity Management program. Since at least 2004, DHS has collected fingerprint and facial photos from individuals entering the United States. DHS then disseminates this information to DHS agency components, other federal agencies, and "federal, state, and local law enforcement agencies," and the "federal intelligence community." Currently, at least 30,000 individuals from federal, state, and local governments access the data contained obtained by DHS's biometric collection program. DHS shares this biometric data with foreign governments, including Canada, Australia, and the United Kingdom. In its comments, EPIC urged the agency to cease collecting biometric information without proper privacy safeguards in place. Should the agency continue to collect this sensitive information, EPIC recommends that DHS: (1) impose strict information security safeguards on its biometric information collection and limit its dissemination of biometric information; (2) conduct a comprehensive privacy impact assessment on the biometric collection program; (3) grant individuals Privacy Act rights before collecting additional biometric information; and (4) adhere to international privacy standards. For more information, see EPIC: US-VISIT and EPIC: Biometric Identifiers. (Jun. 21, 2013)
- EPIC Sues FBI to Obtain Details of Massive Biometric ID Database: EPIC has filed a Freedom of Information Act lawsuit against the FBI to obtain documents about "Next Generation Identification", a massive database with biometric identifiers on millions of Americans. The EPIC lawsuit follows the FBI's failure to respond to EPIC's earlier FOIA requests for technical specifications and contracts. According to EPIC's complaint, "When completed, the NGI system will be the largest biometric database in the world." NGI aggregates fingerprints, DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other identifying information. The FBI will use facial recognition to match images in the database against facial images obtained from CCTV and elsewhere. For more information, see EPIC v. FBI - Next Generation Identification, EPIC: Biometric Identifiers and EPIC: Face Recognition. (Apr. 8, 2013)
- EPIC Files Complaint, Urges Investigation of Facebook's Facial Recognition Techniques: Today EPIC, and several privacy organizations, filed a complaint with the Federal Trade Commission about Facebook's automated tagging of Facebook users. EPIC alleged that the service was unfair and deceptive and urged the FTC to require Facebook to suspend the program, pending a full investigation, the establishment of stronger privacy standards, and a requirement that automated identification, based on user photos, require opt-in consent. EPIC alleged that "Users could not reasonably have known that Facebook would use their photos to build a biometric database in order to implement a facial recognition technology under the control of Facebook." EPIC warned that "absent injunctive relief by the Commission, Facebook will likely expand the use of the facial recognition database it has covertly established for purposes over which Facebook users will be able to exercise no meaningful control." EPIC has previously filed two complaints with the Commission regarding Facebook. For more information see EPIC: Facebook Privacy. (Jun. 10, 2011)
- National Academies Releases New Report on Biometrics: The National Academy of Sciences has released a report entitled "Biometric Recognition: Challenges and Opportunities." The report concluded that biometric recognition technologies are inherently probabilistic and inherently fallible. Sources of uncertainty in biometric systems include variation within persons, sensors, feature extraction and matching algorithms, and data integrity. The report recommends a more comprehensive systems level approach to the contexts, design, and use of biometric technologies as well as peer-reviewed testing and evaluation of the technologies. EPIC has urged the Department of Defense to establish privacy safeguards for the biometric database the US established of Iraqis. See EPIC - Biometric Identifiers and EPIC - Iraqi Biometric Identification System. (Sep. 28, 2010)
- US Withdrawal from Iraq Raises Questions about Future of Biometric Database: President Obama's address on the end of the combat mission in Iraq has left open the question of what will happen to the massive biometric databases on Iraqis, assembled by the United States, during the course of the conflict. In 2007, EPIC, Privacy International, and Human Rights Watch wrote to Defense Department Secretary Robert Gates to express concern about the creation of secret profiles on hundreds of thousand of Iraqis, tied to unique biometric identifiers, including digital fingerprints, photographic images, iris scans, and even DNA. Citing misuses of secret files and personal data in other conflicts, the organizations warned that the identification practices "contravene international treaties and could lead to potentially devastating consequences." EPIC, PI, and HRW urged the Defense Department to "adopt clear guidelines that incorporate strong privacy safeguards to ensure that Iraqis are afforded basic human rights in their personal information." For more information, see EPIC - Iraqi Biometric Identification System. (Sep. 1, 2010)
- Worker Biometric ID Under Consideration in US: Senators Charles Schumer and Lindsey Graham have proposed a new national identity card. The Senators would require that "all U.S. citizens and legal immigrants who want jobs" obtain a "high-tech, fraud-proof Social Security card" with a unique biometric identifier. The card, they say, would not contain private information, medical information, or tracking techniques, and the biometric identifiers would not be stored in a government database. EPIC has testified in Congress and commented to federal agencies on the privacy and security risks associated with national identification systems and biometric identifiers. For more information, see EPIC: National ID and the REAL ID Act, EPIC: Biometric Identifiers, and the Privacy Coalition’s Campaign Against REAL ID. (Mar. 24, 2010)
On March 19, 2010, Senator Charles Schumer (D-NY) published an op-Ed in the Washington Post co-authored with Senator Lindsey Graham (R-SC) outlining his vision for comprehensive immigration reform. At the center of this vision was a plan for the Social Security Administration to issue new Social Security cards containing biometric identification to all U.S. citizens and legal immigrants. Employers would then be required to scan these IDs and verify a potential employee’s eligibility to work in the United States and their identity as the cardholder before making a hiring decision. Workers unable to present the biometric ID card or who fail the verification process in any way would be denied employment. The idea is that this will discourage future migrants from crossing the border illegally by preventing them from finding work when they arrive.
A draft legislative framework released in late April shed further light on how the biometric Social Security card and verification system is supposed to work. Each card would contain the person’s name, date of birth, Social Security number, and a biometric identifier, all in machine-readable format. When an employer scans the potential employee’s card, the cardholder’s work authorization would be verified by matching a digital encryption key on the card to a digital key stored in a work authorization database. The cardholder’s identity would be verified by matching the biometric stored on the card to a biometric scanned on site by the employer. The system is to be designed so that the individual’s identity can be confirmed locally, without the need to access a 24/7 biometric database. The card will feature “security features” that protect the information on the card and protections that permit the individual cardholder to control who is able to access data on the card.
A mandatory, biometrically-enabled employment authorization and identity check as a prerequisite for employment presents several serious issues privacy issues.
First and foremost, this plan places the Department of Homeland Security and the Social Security Administration in the position of approving or disapproving every hiring decision across the country. The decision about whether an individual is authorized to work in the United States would likely depend on the data in a new central work authorization database compiled from government records and commercial databases.
Studies have shown that government databases are filled with errors. In a 1997 report and a 2002 follow-up review, the Inspector General of the Department of Justice found that data from the Immigration and Naturalization Service, the predecessor to U.S. Citizenship and Immigration Services, was unreliable and "flawed in content and accuracy." In August 2005, the Government Accountability Office investigated and found errors in information from Department of Homeland Security databases. A December 2006 report by the Social Security Administration's Office of Inspector General estimated that the SSA's Numerical Identification File ("NUMIDENT") contained 17.8 million records with discrepancies between name, date of birth or death, or citizenship status. Commercial databases are also suspect and the DHS Data Privacy and Integrity Advisory Committee has twice issued reports warning against the use of commercial data for government purposes.
There are currently 139,420,000 people employed in the United States. If the new work authorization database has errors in even 1% of records, it could result in millions of people wrongly denied work authorization. Even the Social Security Administration estimates that if the Schumer proposal is adopted, as many as 3.6 million workers would have to visit SSA field offices to correct information each year.
The consequences for an individual who is wrongly denied approval due to errors in the database could be very burdensome. A 2006 report by the Social Security Administration’s Office of the Inspector General reviewing the Basic Pilot found that 42 percent of employers used the program to prescreen employees before hiring them even though the practice is prohibited, thus denying individuals employment. The same report found that 30 percent of employers used the program to screen their existing workforce, again despite legal prohibition of the practice. Employees who failed the verification often faced loss of job opportunities such as delayed job training, cuts in pay or benefits, or even loss of the job itself. Anecdotal evidence suggests this practice has continued under the E-Verify system. Furthermore, errors in the database resulting in disapproval will force employees to go through a lengthy appeals process in order remedy the government’s error.
Centralized databases create the risk for massive privacy failures. Given the numbers of individuals with information stored in a central database and the importance of that data, central databases make highly visible targets for identity thieves. Storing all relevant employment information in one place means that if security is breached, data about every worker in the United State’s data would be at risk of exposure. These security breaches could happen in a number of ways. Criminal hackers might target the database. Authorized users might be threatened or bribed into exceeding their authorization. Data breaches could even happen by mistake if a laptop or hard drive with information from the database was misplaced. Adoption of the Schumer plan would result in the creation of at least one, possibly two large national databases of citizen information: the work authorization database and a biometric database.
The work authorization database is one the central features of the Schumer plan. Considering how the Schumer plan pins employment to having a valid entry in this database, the work authorization database would be an especially tempting target for identity thieves seeking “authorized” social security cards.
While the draft framework calls for the system to be designed so that an individual’s identity can be confirmed locally and prohibits storage biometric data in a government database, a government biometric database remains a possibility. Every other government identity system has a central database of some kind and a database is also necessary to keep the same documents from being used repeatedly to create multiple cards with different biometrics. Furthermore, databases are needed to address the customer service type issues of replacing lost or stolen cards. Because biometric data is difficult to change, the consequences of a security breach for those whose data is lost could be extremely harsh. While a password or identification number can be changed, a thumbprint generally cannot. Thus, breaches of biometric database would likely have serious long term effects.
Once the new cards are issued, they will be a trusted means of identification in the possession of every American worker. This will make them a tempting target for other organizations and government agencies seeking to confirm an individual’s identity. While the current proposal posts legal barriers to expanding the cards’ use beyond employment authorization verification, nothing prevents a future Congress from removing those barriers. Mission creep is a real danger. A similar pattern played itself out with social security numbers, which were originally intended for the singular purpose of identifying people in the Social Security system and gradually expanded into other contexts as their convenience as a national identifier became clear. As use of the new social security card expanded, it could evolve into the type of national ID card thoroughly rejected throughout American history.
- Conceptual Proposal for Immigration Reform, April 28, 2010. (PDF).
- Letter from EPIC and More Than 40 Groups Opposing National Biometric ID Card. April 14, 2010 (PDF).
- The right way to mend immigration, Charles E. Schumer and Lindsey O. Graham, Washington Post, March 19, 2010.
- Press Release, Schumer Announces Principles for Comprehensive Immigration Reform Bill in Works in Senate, July 24, 2009. Ensuring a Legal Workforce: What Changes Should Be Made to Our Current Employment Verification System?", Transcript from Hearing of Senate Subcommittee on Immigration, Refugees, and Border Security. July 21, 2009. (PDF).
- EPIC, Spotlight on Surveillance: E-Verify System: DHS Changes Name, But Problems Remain for U.S. Workers, July 2007.
- Testimony at a Hearing on "Employment Eligibility Verification Systems" Before the Subcommittee on Social Security of the U.S. House of Representatives. Marc Rotenberg, June 7, 2007. (PDF).
- EPIC, Spotlight on Surveillance: National Employment Database Could Prevent Millions of Citizens From Obtaining Jobs, May 2007.
- Office of Inspector General, Social Security Administration, Congressional Response Report: Accuracy of the Social Security Administraiton's Numident File, A-08-06-26100, December 18, 2006.
- EPIC: Biometrics
- EPIC: National ID
- Democrats: BELIEVE in biometric Social Security Card, SecureID News, May 3, 2010.
- Reform idea: biometric Social Security card for all, Antonio Olivo, Chicago Tribune, April 19, 2010.
- The National Biometric ID Card: The Mark of the Beast?, John W. Whitehead, The Rutherford Institute, April 19, 2010.
- Lawmakers Eyeing National ID Card, David Kravets, Wired, March 23, 2010.
- ID Card for Workers Is at Center of Immigration Plan, Laura Meckler, Wall Street Journal, March 8, 2010.
- Immigration Experts Urge Congress to Be Cautious on Schumer Work ID Plan, Spencer S. Hsu, Washington Post, July 21, 2009.
- National ID: Biometrics Pinned to Social Security Card, Ryan Singel, Wired, May 15, 2007.
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
by Ryan Calo, A. Michael Froomkin,