How Did You Sign Your Taxes This Year? Not with an Electronic ID

Bahrain Electronic ID

I had the opportunity to speak at the Bahrain International e-Government Forum this year—an annual conference which promotes the development of e-government in Bahrain. As part of the event, numerous Bahrain government agencies participated in an expo where they showcased their latest e-government services. One of the most impressive aspects of e-government in Bahrain is its successful deployment of electronic IDs.

I’ve written quite a bit about electronic ID systems in other countries, the benefits that they provide, and how the United States can more aggressively pursue this goal. The ability to securely identify users is a prerequisite to many e-government and e-commerce services, and the lack of a common identity platform raises costs for both the public and private sectors who must establish their own one-off systems for identification and authentication. Given how much the United States has been lagging on this technology, it was a real pleasure to have the opportunity to visit a country that has implemented an advanced electronic ID system.

The smart card IDs in Bahrain replaced a paper-based ID card system developed in the 1980s. Cards are valid for five years, and they are available to all citizens and residents. Each card contains a variety of information about the cardholder. Information that does not change often, such as an individual’s name, place and date of birth, and blood type, is printed on the card. Every cardholder also has a unique card ID number that is stored and printed on the card. Other information that might change, such as an individual’s occupation and employer, are stored electronically on the card and can be updated.  The card also stores biometric information such as the ID card holder’s fingerprint, signature, and photograph. The cards allow both contact (i.e. using a card reader) and contactless transactions (i.e. using RFID). The contactless chip is designed to allow payments, such as for parking and tolls.

Although the card has only been available for a few years, there are already a number of services and applications that citizens and residents can use with it. In addition to being used as an identity card for both online and offline transactions, it also serves as a driver’s license, travel document, and a limited electronic medical record. For example, citizens and residents can use the biometric features on the card to enter the country using “e-gates” which use a fingerprint reader to match the fingerprints stored on the card and verify the identity of an individual at an immigration control point. Citizens and residents can also use the payment application to pay for government services, such as their monthly water or electricity bills. And the police are using the ID card to more efficiently track and record traffic violations. These are just a few of the applications I saw on display. Other countries with widespread deployment of electronic IDs, such as Estonia, have deployed additional advanced applications, such as allowing individuals to sign documents electronically and even vote securely online.

Unfortunately, the goal of widespread deployment of electronic IDs in the United States still remains a long way off. To its credit, the U.S. government created the National Strategy for Trusted Identities in Cyberspace (NSTIC) calling for a private sector –led effort to develop an online identity ecosystem. Since then NIST has funded some pilot project to pursue this objective and recently announced a new set of funding opportunities for 2013.

But many citizens are inherently distrustful of government-led identity efforts, and this distrust has resulted in opposition to almost any effort to coordinate and modernize ID cards, digital or otherwise, in the United States (the most notable example being SECURE ID). This is unfortunate since developing a stronger identity ecosystem can actually help improve privacy. Citizens can use their secure credentials to prove aspects of their identity rather than their entire identity (e.g., individuals can provide a credential that says they are over the age of 21 rather than providing a credential that says their exact date of birth).

As a result, we find ourselves completing online transactions year after year with more or less the same level of security that has been available to us for the past decade. For example, the IRS requires very little in the way of verification for individuals to electronically file their tax returns. As a result, criminals often target the IRS for fraud. Using stolen social security numbers and other information, criminals can apply for refunds for legitimate taxpayers. Victims of this form of identity theft must wait months to receive their tax refund. The Treasury Inspector General for Tax Administration estimated that in 2011 there were approximately 1.5 million potentially fraudulent transactions that the IRS failed to prevent totaling more than $5.2 billion. (I’d point out that Bahrain has no income tax fraud, but that’s only because it doesn’t have personal income taxes.)

The Department of Commerce has requested $24.5 million to continue to develop NSTIC as part of its 2014 budget, an increase of $8 million over its 2013 funding level. Unfortunately this is not nearly enough to deploy the kind of large-scale identity ecosystem envisioned in the National Strategy.

Realistically, there is little hope of seeing a large investment in this technology in the current budget environment, although at least some cybersecurity legislation, such as the SECURE IT Act, requires NIST to continue to focus R&D on identity management solutions. But given the huge cost to individuals and the government in tax fraud alone, doesn’t it make sense to invest more in creating a modern electronic ID system?

Print Friendly

About the author

Daniel Castro is a Senior Analyst with ITIF specializing in information technology (IT) policy. His research interests include health IT, data privacy, e-commerce, e-government, electronic voting, information security and accessibility. Before joining ITIF, Mr. Castro worked as an IT analyst at the Government Accountability Office (GAO) where he audited IT security and management controls at various government agencies. He contributed to GAO reports on the state of information security at a variety of federal agencies. He has a B.S. in Foreign Service from Georgetown University and an M.S. in Information Security Technology and Management from Carnegie Mellon University.
  • anonymous

    Force me to submit finger prints on a proactive fashion, without being guilty of anything ? What if I don’t want to submit to this ass-hattry mister spy, what then ? Ever heard of democracy and the bill of rights, do you understand people are inherently free and the state is there to serve them ?

    It’s precisely totalitarian dumps like Bahrain that can pull this sort of crap, they don’t have individual rights and are at the whim of their absolutist monarchs. They recently killed something like 100 anti-regime protesters, wounded and tortured thousands. You must realize how ridiculous that makes your “it’s unfortunate people distrust the government to spy on them” point ?

    If people are owed money by the government, surely there’s a way to disburse them without facing a 5 bln dollar fraud. Not enough people have been fired at the IRS, that’s all.

  • http://www.itif.org/people/daniel-castro Daniel Castro

    Thank you for your comment. First, many countries have deployed electronic ID systems not just “totalitarian dumps” (as you say). Among others this includes Austria, Belgium, Denmark, Finland, France, Germany, Hungary, Iceland, Italy, Japan, South Korea, Spain, Sweden, and Switzerland.

    Second, the U.S. government already has a role in acting as an identity provider for citizens—whether it is providing a passport, social security number, birth certificate, or driver’s license. The point of an electronic ID system is to make this identity function more useful for our digital world. Certainly there are many ways to do this and some will be more “big brother”-ish than others, but it would be a mistake to just say that we are giving up on ever being able to have secure, identifiable, online transactions for Americans.