In their new book, Personal Identification: Modern Development and Security Implications (Second Edition), co-authors David J. Haas and Brian Zimmer offer a comprehensive look at the evolution of personal identification in the U.S., including a century of increasing demand for “trusted and secure” IDs such as passports and state-issued driver’s licenses. The authors also review the factors that have necessitated personal ID documents aligned with modern mobile populations and electronic communications, as well as concerns over national security. Here we feature an excerpt from the book, with some sections omitted for brevity.

 The Concept of a Trusted ID

According to historical records, the understanding of a trusted identification document appears to have developed only after the first trusted documents were actually introduced. The private companies and government organizations that issued identification documents assumed that their organization was “trusted” because the documents were to be used primarily within their own companies. If an organization’s documents began to be altered or counterfeited, the organization would have to make a decision to add more security features. A formal definition and teaching of what was required to issue trusted documents appears not to have been formalized and documented until protection manuals were written during World War II.

Before 1940, documents were made secure by using safety papers (chemicals added to the paper) and by security printing (special inks on the paper), but a secure document does not ensure that the data recorded on the document is valid. Trusted personal identification documents constitute both the construction and design of a document and a process that ensures the data about the individual is valid and true. Historically, documents issued by government agencies with photographs, like the passport, have been considered to be trusted documents. Wentworth and Wilder discuss this in their classical book on personal identification. Likewise, documents without photographs or other biometrics may be authentic and secure documents but lack the means to verify that the documents belong to the individual. With the advent of electronic encoding onto plastic cards, the document may be authentic as well as having the ability to link the card to a secure remote computer database, which contains the trusted characteristics and photograph (biometric) of the individual (see Figures 3.2 and 3.4). Thus, with an electronic aid, a personal identification document may be called a trusted document without carrying a visual picture or biometric of the individual on the card itself.

Figure 3.2 An early passport of 1886 with the individual’s photograph

This early passport, dated 1886, has a portrait of the owner glued in and the photographer attesting to the name of the individual in the picture.

 

Figure 3.4 American passport 1940s

Before modern electronic devices, all the data in passports and security documents were read by the human eye, so clear writing and many rubber stamps were used. Once all the pages of a passport are filled, a new one must be issued even though some immigration officials may attach an official note.

 

The earliest trusted identification document for use by the general public was the photo passport required by the British at the beginning of World War I. The British government recognized the war dangers from foreigners inside their country. So, at the beginning of the war, the British government mandated that all passports of foreigners and Britishers alike would require photographs, so all travelers had to comply before they could enter or leave the country. This action immediately transformed the passport into a trusted personal identification document worldwide. In our modern interpretation of what constitutes a trusted document, there are three phases in producing a trusted document: The Information Phase, in which the individual provides “breeder” documents to a “trusted” organization to prove their identity, the Approval Phase, during which a “trusted” organization determines the authenticity and relevance of the “breeder” documents to prove the individual’s identification within their “standards of proof,” and the Issuing Phase, where the new identification document is actually produced in a form with some security features. We will describe these in detail below.

The Information Phase: Individuals are required to provide the data to prove who they are. In addition to a written application form, there are “breeder” documents, support documents, verbal statements, testimonial letters, and photographs of the individual. The individual can provide any miscellaneous supporting “proof” documents they have, but they must be relevant to be acceptable in the eyes of the agent. Individuals are usually expected to be present at the time of submission, and in some cases, they may even be required to submit to an interview. For US citizens to receive their Real ID Driver’s License, these requirements are explained on the website of the TSA and the specific State where the individual lives, as required by the Real ID Act of 2005.

The Approval Phase: The organization that receives and processes the person’s information must be a trusted organization. Its employees must meet an acceptable standard of security. In general, these organizations are government agencies simply because most of the trusted documents issued to the public are government documents. In general, a government agency will only accept the personal identification documents issued by another government agency, whether it is local, State, or federal. For example, the US Department of State issues passports, whereas the State Department of Motor Vehicles issues driver’s licenses. A federal government agency may or may not accept a driver’s license as a proof of identity. The federal government has only recently approved a private company to issue a secure traveler’s card to the public. In this case, the company can also be considered a trusted organization.

We should note here the comments of two government Commissions set up in 1976 to evaluate the criminal use of identification documents, as well as the failure of the government organizations in meeting the requirements of being “trusted organizations.” In both of these reports, the 1976 Justice report on the “Criminal Use of False Identification” and the 2004 “9/11 Commission Report,” both faulted various government agencies for their failure to meet the requirements of “trusted credentials.”   Recommendation: Secure identification should begin in the United States…”). Hopefully, this has been overcome by the new Real ID Driver’s License.

The Issuing Phase: The actual credentials are typically, but not always, manufactured and issued by the approving agency. For example, the Department of State employees manufacture the US passport. In the past, this practice permitted the State Department to have full control over all the material and operations in producing passports. In 2005, the State Department contracted with a private company to manufacture US passports, so this contractor must meet strict security guidelines set up by the State Department. Between 1958 and 1990, many of the individual State Department of Motor Vehicles branches employed a system called “central issue” for issuing driver’s licenses, in which the photographic images of the drivers, along with their data, were sent to central processing laboratories where the film was developed, printed, cut, and laminated into the finished driver’s license. Whereas the photographic process laboratory and employees are not employees of any government organization, the private company and its employees are under contract to a government agency, which presumably has imposed strict security rules on them. Quoting from the 1976 Report, “Unless special efforts are devoted to the consideration of the possibilities for fraud and camera/film theft, the instant process affords an opportunity for improper activities by virtue of the fact that the entire photographic process are located in numerous field stations throughout the State.”

Today, we all know about personal identification documents because we have been required to use them for the past 50 years. The most common of these documents we use is our State-issued driver’s license. Although the DMV (Motor Vehicle Administration) was established to issue driver’s licenses only for driving skills, the States never organized the DMV branches to be trusted organizations. This is clearly described in government hearings held after 9/11 and has now changed. The Real ID Act of 2005 specifies the security required for DMV administration.

On September 14, 1914, the British Government informed the United States Bureau of Citizenship of the Department of State that they would be required to produce a trusted passport document for US citizens, and this passport would require photographs and authentication. Hence, all passports for people entering and leaving Great Britain after October 14, 1914, would need to contain photographs.

Another early trusted identification device…that has all the properties of a trusted identification document is the Navy identification bracelet produced in 1917. This was developed by the Navy as a positive ID versus the existing Army dog tag that did not have any biometric data. Even though the US Navy only used it for a brief period of time, it meets the criteria of a trusted identification document. As explained at the beginning of this section, a trusted document is one that is issued by what we have defined as a trusted organization: it has trusted employees who examine the breeder documents at an information phase, conclude the accuracy and authenticity of the information during an approval phase, and issue a tamper-resistant secure document in the issuing phase. This “Trusted Document Process” does not seem to have been formalized until about 1940. Few other credentials or identification devices issued before this time meet these criteria. As described in a historical account of the development of this Navy identification device, J. H. Taylor was specifically asked to create a secure ID device for Navy personnel. With these goals in mind, he identified the criteria for a trusted device, and hence, created the Navy identification bracelet.

One might easily mistake other identification devices to be trusted because they have come into wide public use. The credit card is an example. It has little identification security yet is widely considered to be a trusted identification document (credit cards may be secure but are not trusted IDs). During the 1930s, another identification device was widely considered to provide secure identification. This was the Charga-Plate, which is the predecessor to the credit card. The public used the Charga-Plate as a retail charge device for major department stores, and it had many of the properties of an identification device, such as the bearer’s signature. However, it was not a trusted identification document, and it possessed little security.

Regarding driver’s licenses, if counterfeit, altered, or false breeder documents were used to issue them, they may not be authentic, but all future documents created with an authentic driver’s license will be authentic. This is the real problem with false breeder documents. Second, the organization processing and issuing the driver’s license is a trusted organization as the State DMV office has strict security procedures. The DMV employees presumably are trusted, their offices are physically secure, the procedures and document controls are enforced, and so States entrust them to produce the driver’s license. Third, the document that is produced by the organization is durable and has tamper-resistant properties with visible, authentication security features. In 2004, AAMVA published a new set of operational procedures entitled DL/ID Security Framework to be used by all branches of the State Motor Vehicle Administration, and now this has been supplanted by the State-to-State Verification System for the Real ID Driver’s License.

There is no other document provided to the entire American public that has the aforementioned characteristics. For this reason, even though it was not intended for this purpose, officials know that the State-issued driver’s license is the de facto “trusted form of personal identification for American citizens.”

Today, there are many other trusted documents issued to small groups in the United States and foreign countries, but none are available to the entire American public. …
As we have shown, any organization or company can issue identification documents, but only specific organizations can issue “trusted” personal identification documents. The passport and national identification card, issued by their individual countries, are the preferred personal identification documents outside the United States. Even though passports are available to every American citizen, only a few percent of the public actually own a passport (about 7% before 2001 and now about 30%).

 

Sources/References:

All references are listed in the book.

Join the conversation.

Keesing Technologies

Keesing Platform forms part of Keesing Technologies
The global market leader in banknote and ID document verification

+ posts

Brian Zimmer has been President of the Coalition for a Secure Driver’s License (CSDL) since July 2007 and Keeping Identities Safe since 2012. He has published numerous articles, been cited in newspapers, and has spoken to social and political organizations across the United States as an expert on driver’s license security. He has testified before legislative bodies in more than a dozen States regarding the REAL ID Act and before the US Senate on border security.

+ posts

David J. Haas received his BA in Physics and PhD in Biophysics from SUNY Buffalo. He joined Philips Electronic Instruments in 1970 Mt. Vernon NY as principal X-ray scientist, designing some of the first airport X-ray scanners used worldwide. Conceiving the idea of self-expiring visitor badges (changes color in one day to prevent reuse), David and his wife, Sandra, formed Temtec, Inc. in 1981 and manufactured visitor and temporary IDs for more than 20 years, selling the company in 2002.

Previous articleEvolution of a Federal Gen AI Bill: What Needs to be Done
Next articleModern Optical Features for ID Documents: Part 2