Slashdot Mirror
The Case Against Biometric IDs (nakedcapitalism.com)
"The White House and Equifax Agree: Social Security Numbers Should Go," reads a headline at Bloomberg. Securities lawyer Jerri-Lynn Scofield tears down one proposed alternative: a universal biometric identity system (possibly using fingerprints and an iris scan) with further numeric verification. Presto Vivace shared the article:
Using a biometric system when the basic problem of securing and safeguarding data have yet to be solved will only worsen, not address, the hacking problem. What we're being asked to do is to turn over our biometric information, and then trust those to whom we do so to safeguard that data. Given the current status of database security, corporate and governmental accountability, etc.: How do you think that is going to play out...?
[M]aybe we should rethink the whole impulse to centralize such data collection, for starters. And, after such a thought experiment, then further focus on obvious measures to safeguard such information -- such as installing regular software patches that could have prevented the Equifax hack -- should be the priority. And, how about bringing back a concept in rather short supply in C-suites -- that of accountability? Perhaps measures to increase that might be a better idea than gee whiz misdirected techno-wizardry... The Equifax hack has revealed the sad and sorry state of cybersecurity. But inviting the biometric ID fairy to drop by and replace the existing Social Security number is not the solution.
The article calls biometric identification systems "another source of data to be mined by corporations, and surveilled by those who want to do so. And it would ultimately not foil identity theft." It suggests currently biometric ids are a distraction from the push to change the credit bureau business model -- for example, requiring consumers to opt-in to the collection of their personal data.
[M]aybe we should rethink the whole impulse to centralize such data collection, for starters. And, after such a thought experiment, then further focus on obvious measures to safeguard such information -- such as installing regular software patches that could have prevented the Equifax hack -- should be the priority. And, how about bringing back a concept in rather short supply in C-suites -- that of accountability? Perhaps measures to increase that might be a better idea than gee whiz misdirected techno-wizardry... The Equifax hack has revealed the sad and sorry state of cybersecurity. But inviting the biometric ID fairy to drop by and replace the existing Social Security number is not the solution.
The article calls biometric identification systems "another source of data to be mined by corporations, and surveilled by those who want to do so. And it would ultimately not foil identity theft." It suggests currently biometric ids are a distraction from the push to change the credit bureau business model -- for example, requiring consumers to opt-in to the collection of their personal data.
Perhaps the proletariat shouldn't have to worry about it at all, and those who rely on identity (banks, mortgage companies, etc.) should be forced to assume all the liability and burden of proof when they get it wrong. And that includes being liable for libel if they incorrectly report against someone's creditworthiness.
Just as copyright infringement isn't "theft," so too is there no real identity theft - the problem is on the other side, with those who accept numbers as a convenient but unreliable "proof" of identity. Their problem, not ours.
"National Security is the chief cause of national insecurity." - Celine's First Law
Fingerprints and DNA should not be used for biometrics. Period.
Using fingerprints or DNA and allowing a third-party to have access to that data is unacceptable. Not only because the government and big business should have no need to track what people are doing but because they should not have fingerprint registration data (which will be horribly abused) .
Stand up for your rights, people... and the rights of your children. Once you give this data to the government or big business, it will NEVER be erased or restricted, regardless of claims, policies, or laws- it will go into huge databases and shared between agencies and used however they want for as long as they want. Even worse, with every crime investigation, you will be searched without probable cause. It is a genie that can't be put back into the bottle.
Fingerprints are something you leave all over the place all the time. They are easy to lift, copy, and forge. Easy to fake, easy to use to frame people. Time after time they have been shown to be poor for security and yet very effective at tracking people.
DNA is even worse. Like fingerprints, you leave it all over the place all the time. Samples can be lifted and planted and analyzed. DNA is more than a means to ID, it contains very sensitive information about you.
Iris scan is better than DNS or fingerprints- there is no leaving your iris image all over, and it doesn't say that much about you. But your eyes (iris,
not retinal) could be scanned without your permission by any high resolution camera pointed at your face, even your own.
There is only one safer and practical biometric I know of- that is deep vein palm scan. That registration data cannot be readily abused. It can't be latently collected like DNA, fingerprints, and face recognition can. You have to know you are registering/enrolling when it happens. You don't leave evidence of it all over the place. When you go to use it, you know you are using it every time. And on top of all that, it is accurate, fast, reliable, unchanging, live-sensing, and cheap. If you must participate in a biometric, this is the one you should insist on using.
Example: http://www.m2sys.com/palm-vein...
More info: https://en.wikipedia.org/wiki/...
We also need to realize that IT IS NOT EVERYONE'S BUSINESS WHAT WE ALL DO. The first step in securing freedom is privacy. When you are tracked, you are losing your freedom, whether you realize it or not. You should not have to positively ID yourself for ALL transactions. A good example is age verification. There is an important place for anonymity and semi-anonymity in a free society.
Any system that relies on immutable data for day-to-day identification is doomed from the start.
That's the problem with the Equifax breach-- all the data I use to prove who I am-- SSN, driver's license, data of birth-- it's all been leaked. Biometrics doesn't change this-- except now my iris pattern, my thumbprint, my DNA-- they all get leaked-- but they still can't be changed once leaked.
We need something resembling a distributed PKI setup so that I can carry an "id card" with a private key I can sign transactions with-- but I need to be able to regenerate that key relatively simply at any local government office (and revoke any old keys still floating around). Note this shouldn't be my "show badge to enter" type ID-- this should be used for taxes, voting, credit checks-- things that you might today use an SSN for.
But this idea that we can have one identification that never changes, and is immune to data breaches, is just not feasible.
This shouldn't be hard to do.
somewhere, out there, beneath the pale moonlight. or...And then you'll have to eat your lunch all by yourself 'Cause I'm already gone
Who in their right mind would stand up and be accountable for operations that exceed their personal fortune by factors of 1000s? What possible form of compensation could be adequate for such liability?
Yes, corporate operations transparency and accountability are great measures to improve the current situation. Unfortunately, we're more likely to get gun control and single-payer health care passed first.
This is not something to troll about, asshole.
By its nature, any national ID system would be the basis for tracking, if that ID is used for commercial as well as governmental purposes. So the question should not be "Would biometrics enable more illicit tracking?" but rather "Would biometrics be less susceptible to misuse than the current SSN?"
“He causes all, both small and great, rich and poor, free and slave, to receive a mark on their right hand or on their foreheads, and that no one may buy or sell except one who has the mark or the name of the beast, or the number of his name.” Revelation 13:16-17
Christians have been on the watch out for a one world government that controls all trade. It may not happen in my lifetime, but I can certainly see the chess pieces moving into place such as:
- Terrorism is the big bogey man, so we need to identify people for our 'safety'.
- A world wide interconnected financial transaction system.
- Personal identification becoming important because criminals steal your identity.
This mark could be some future bio chip, with built in cypto, that only works when it is implanted in you and it acts your world wide identifier. This mark will become so crucial for doing anything, that people will be compelled to use it, all under the guise of building a safer global society.
46137
If Steve Gibson ever gets the coding completed (the spec is already public I believe) this could be a potentially good solution, not perfect but much better than SSNs.
I honestly wonder if we should start removing some data and keeping it in offline or non-instantaneous storage. Or maybe some sort of distributed storage. Honestly, there is no reason for some company to have everyone's SSNs and other data readily available 24/7. Certain relevant pieces could be kept online for easy access, but what if any access of the data required accessing it from some sort of offline/nearline storage. Or even just a time delay to retrieve the data from the system (and not just a bulk dump of database contents). Even if it took just 1 minute for a credit bureau to access your data, the ability to harvest millions of records would be severely reduced. And there should be a physical limitation to how many request these systems handle. So if there are 10,000 requests happening during a time when only 1000 typically happen, there should be alarms going off.
ID has two steps: 1)Username and 2) proof of identity. Biometrics make for a great username/login. You always have them and they take no effort to 'remember'. They make for a horrible proof/password:
1) They can't be changed if someone gets a hold of yours.
2) You leave copies all over the place (fingerprints, DNA samples, pictures of your eyes).
3) It is pretty easy to fake them.
excitingthingstodo.blogspot.com
Companies and transitively government already have all your political beliefs, purchases, web browsing, porn habits, translations of what you say near your devices etc. Using chips in your credit cards and biometrics just makes life easier when voting, tracking your vote was recorded as intended, making purchases on Amazon, etc. Get in the twentieth century or twenty first if you aren't too fearful of your shadow
Fixing your credit in the future sure is easy! Simply rip out both eyes and replace them, use a crispr variant to change enough genetic markers, then cut off all the skin on your fingers and buy new skin. Fill out all 17 forms in triplicate and visit both state and federal offices to recertify. That should hold you for at least a few weeks till they the data gets stolen again.
American corporations have had a long and illustrious history of bending over its consumers and fucking them in the ass as hard as they can. And the government's role in this is to codify new and innovative ways of facilitating this collective boning. So when someone points out that a new proposal is wrong, I just want to pet their head gently and say, "oh, aren't you just the most darling idealist ever."
This has never been about protecting people. It's always been about money, power, control, and finding new ways of making or consolidating or exerting them.
One change to HIPAA law : âoe the ss number, DOB are both PHIâ ( protcted health information). Doctors deal with the draconian HIPAA lase and still survve. Ti e bor banks amd Equifax to followthe same guide.ines
You know of course that “The Moderators” are other SlashDot readers? I get “Mod Points” several times a month. I generally use mine to mod up insightful or truly funny posts. Occasionally, I’ll mod down someone who is really out of line. Is the alt-right active here? I’ve no proof but it would surprise me. I think that anonymity of most forums does bring out the angry and mean spirited without an organized conspiracy required.
The White House and EquiFax have two different reasons for wanting to do away with Social Security numbers. EquiFax wants to diminish the damage done by their handing over of our SSNs to hackers. The White House just wants to do away with Social Security. Oh, and Medicare and Medicaid.
If biometric ID would make us in any way safer, there wouldn't be such a push for doing it. The abuses, the dangers, the destruction of civil liberties and privacy: those are the aim, the goal, the intent and the dearest wish of those involved.
What we really need to blow this scheme out of the water is for some really wealthy bad guys to fund a project focused on using CRISPR or similar technology to change the DNA markers that have become standard in the DNA databases. Since they don't have to follow normal research rules, the research could be greatly sped up. As a side benefit, the results would leak into real medical science and speed that up - very much like the way porn has led technical development of the internet many times in the past.
Instead of fighting this losing game, we should be looking scientifically at whether there aren't far better, out of the box we've created, ways to fight crime or eliminate the need to know identities. We've been taking paths to solve problems and doubling down when they don't instead of trying other paths. It is very much like the definition of insanity.
Biometric IDs are fine if they are used as a portion of a key to unlock data.
The best way to assure that hacks like this wonâ(TM)t have an impact is by expecting Equifax is only allowed to store an encrypted version of your data. They can still make encrypted queries against the data and get encrypted results but they donâ(TM)t get the true data. And although homomorphic encryption isnâ(TM)t all that fast yet, for what banks need it for (adding and subtracting numbers) its actually very doable.
Custom electronics and digital signage for your business: www.evcircuits.com
Biometrics are often heard as the alternative for the password. To see if that's a good alternative, let's take a look at the characteristics of both username and password.
The username
The password
Now, let's take a look at the characteristics of biometric information:
Conclusion: biometric information is more like a username than like a password. So, the only way to properly use biometrics is to use it for identification, not for authentication. Giving biometric information to the government for authentication purposes, is dangerous. The government probably doesn't understand this topic very well, so they will probably use it in the wrong way (for authentication). Because they believe it to be more secure (thanks to all the sales talks of companies selling biometric stuff), you end up having an even more bigger problem than now in case of identity theft.
It doesn't have to be like this. All we need to do is make sure we keep talking.
What next? Take a scan of your eye?
We tried biometric ID cards the UK more than ten years ago.
Wikipedia:
"The register was officially destroyed on Thursday, 10 February [2011] when the final 500 hard drives containing the register were shredded at RDC in Witham, Essex."
https://en.wikipedia.org/wiki/Identity_Cards_Act_2006
The big problem with any form of widely-available and widely-supported identity verification scheme is that government tends to think that they need to run centrally and be centrally controlled - which in turn makes a big target for criminals [and potentially institutional abuse].
As an alternative, I would offer the model adopted by GNU Privacy Guard, which is entirely federated, but, best of all, under the control of the individual concerned.
For those not familiar with GPG, here is [in my own words] a brief explanation of the way in which it could be adopted for a national or even international identity scheme:-
Like all public-key based solutions, this approach begins with key pair generation. The private key, being electronic in nature, would need to be placed on some form of storage medium.
The public key, also in digital form, could then be offered to well-known and well-respected organisations so that they might add their digital signature. For example, imagine key-pair generation at my birth. The hospital where I was born [or the location of the mid-wife for home births] could be invited to sign my key.
The schools and colleges I attend could sign my key.
Each employer I work for - after background checks and verification, of course - could sign my key.
Any financial institution with whom I open an account or borrow money could sign my key.
Obviously there would have to be guidelines to ensure that unscrupulous institutions did not start to charge ridiculous fees. However, this private key would, over a period of time, gradually evolve a level of authenticity that would be easy for me to prove, extremely difficult for anyone else to fake and, best of all, convey very little of value to a criminal, because without my private key, they could do nothing of value with the "public" part.
Obviously the alternative would be to have the equivalent of a centralised "Certificate Authority" [the Government, aka Big Brother] demand to sign all public keys and demand to be used, OCSP-style, to validate each time an individual attempted to assert their identity using the system. Not only do I not like that approach on privacy/freedom grounds, I don't think it would be sufficiently robust, nor do I think it would scale effectively.
By contrast, the advantage of using the GPG scheme would be that it would be *my* choice in terms of who I asked to sign my key to prove my identity.
One last thing... Imagine a scenario where I approach you and attempt to assert my identity and we discover that we have no mutually trusted key associates, which means that even though I have a signed key, you are not able to recognise it. In this case, a mature system would then attempt to "cross the bridge", perhaps GPS style - i.e. it would programmatically look at all my signatures, and all your recognised authorities, but then, using an OCSP-stype query system, it would be able to suggest to both of us which mutually-acceptable third parties I could use to then get my key signed until you would be willing to accept it.
Perhaps there are also aspects of the blockchain that we could use to support that "networking" step, i.e. have a signed blockchain that records accepted connections between trusted entities, which could then be queried to identify new connection routes.
One of the lovely things about GPG would also be the way that we can express degrees of confidence, and/or set conditions on what type of signature we would be willing, as individuals, to accept. For example, some people might be willing to accept a key from any employer of an Incorporated company; others might insist on a key from an institution with a banking license, or a recognised university or so on.
Although I like the flexibility of this approach, the one thing I think it has to commend it above all others is that it places control in the hands of the individual.
Interested to know what other think...
And when an organization get's hacked or accidentally leaks my Biometric info how do I change my Fingerprints/Retina/DNA etc? Also what about people who have not got viable Fingerprints or Retinas?
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
There are a lot of governance frameworks thst can be followed for establishing good cyber security policies, such as those from COBIT, NIST, ISO, etc. They donâ(TM)t guarantee that the organization will be risk free (thats impossible), but help to reduce risk to acceptable levels, if they are followed and policies are reviewed and updated frequently. But if authentication procedures are too restrictive or expensive (relative to the value of the assets being protected) the organization can lose customers.
"Gentlemen, you can't fight in here! This is the War Room!" -- Dr. Strangelove
So, if you can take a pile of MRI images of tumors and predict the genotype result (picking up on features that humans have long missed) then can you predict other things from biometric information? Could it be that the real danger is not hacking the biometric information to access data behind it, but using the naked biometric data to predict eugenic factors?
How about decoupling the SSN and ID numbers?
Keep the SSN as a number that (hopefully) uniquely identifies a person. Add an ID card with its own unique ID number.
Why two numbers?
SSN is constant and identifies one person. ID number verifies a single SSN. The ID number is completely random, can be revoked and changed while the SSN stays the same. You don't really need a lot of biometrics, a photo would suffice, since it's unlikely that a person trying to confirm your identity based on the card would actually take your fingerprints or DNA and verify those.
What you need then is a government API for banks, etc that takes a combination of SSN + ID and returns true or false based on whether that particular combination is currently valid. Require a fee to connect to the API and log it for excessive scanning for the same SSN.
Anything I forgot?
The article (and much of the subsequent hollering in the comments) conflates two very related items: biometrics in general and a third-party biometric system in which that information is submitted to some centralized place.
On the latter, I have nothing but agreement for what was said about its stupidity and danger, so there is no need to repeat all that -- I incorporate and agree with it here.
But on the former, there is still great promise for biometric systems that are designed specifically to avoid ever sending that information out while still retaining useful properties. So this isn't about biometrics, which like anything else are a tool and not a system.
Some very obvious cases are passports in which the biometric data are held only by the chip inside the passport itself. For concreteness, assume it's fingerprint data (could really be anything). At the time of enrollment, the fingerprint itself along with some keys are loaded onto the passport itself. At the point of verification, you send the fingerprint directly to the passport, which evaluates it and provides a signed response saying "Yes this matches" or "No this doesn't match" but does not divulge any of the data outside its boundary. It's clear that such a system does not lead to the stupidity and danger associated with large databases of biometric data because it simply doesn't require such a thing.
More generally, by being "against biometrics' broadly, the community of folks that are interested in the intersection of security and privacy are forgoing their chance to provide productive input. The result is that you get stupid biometric systems (the kind we all agreed are stupid and dangerous) instead of being able to champion designs with the kind of properties that we want.
[ And indeed, the designs are going to keep coming. It only makes sense to play an all-or-nothing strategy in a game where you might win. ]
Each place you do business should do its own validation. Sending off to some central location makes that location the place to hack.
See Equifax. A bank should not give out money based on some 3rd party validation. If they give out money based on some numbers easily stolen from Equifax, that should be the BANK'S LOSS! They should have individual identity verification. The SSN should only be used for TAXES and NOTHING ELSE.
Your photo and something that they can have in court to prove it was you that owed the money, when it is given to you.
A bank giving money to someone else, then chasing you to pay, should be liable for "intentional infliction of emotional distress".
The Board of Directors should be held for failure to protect the company's assets.
The ones with the most money should have the higher standards applied.
Biometrics are fine, as along as people realize exactly what they are. They are one step in a possible identification process.
Like an SSN, biometrics are unchangeable. However, using them in identity theft is considerably harder. Creating a fake fingerprint is possible, but it's not trivial. It's like putting a better lock on your front door - one you can't open just by jiggling it: it keeps the stupid thieves out, but the slightly less stupid ones will just come in through the window. As such, biometrics are an improvement, if not much of one.
There's the old saying in security: Something you have, something you know and something you are.
- Lousy security requires only one of those: Have a (fake) ID, Know (someone else's) SSN, Show a (picture of a) face to a face scanner. Easy to bypass.
- Better security requires two (2FA): For example: Know a password, and have the Smartphone that gets the SMS.
- The best security requires all three: For example: biometrics (you are) embedded on the ID (you have), unlocks with a PIN (you know).
Perfect security? Doesn't exist, we shouldn't pretend it does, and we shouldn't allow governments and corporations to pretend that they can provide it.
Biometrics are a better lock. By themselves insufficient, but better than what we had before.
Enjoy life! This is not a dress rehearsal.
One huge factor you are missing is that when you're offtopic, you get modded offtopic. So no, moderators aren't censoring calls to ban bumpstocks, they're downmodding offtopic copy-pastas.
There is no XUL, only WebExtensions...
It should also be noted that no, I am not taken in by whoever is spamming under your name; I am referring to entirely different issues. e.g. this article is regarding why biometric IDs are/aren't a good idea... what have you to say on that matter?
There is no XUL, only WebExtensions...
The serious problem with biometrics is that if your "id" is stolen, you can't change it. You're simply screwed.
means emigration at this point.
I have chosen not to have children in the US in large part because the rights I was promised as a child not only don't exist today, but many of them were lies when the public school system told me about them 30-40 years ago.
The only chance we really have today is not only voting with our feet, but congregating into social groups who have the technical expertise and wherewithal to create new societies. Smaller manageable societies where every persons voice will be heard because there aren't thousands of 'company line' voices drowning them out. The sole needs for governments on the macro level we have today are military and environmentally protective in nature. Everything else can be done with smaller governments and mission oriented inter-government compacts/organizations created as needed and most importantly destroyed as they prove unable to maintain their side of the obligations stated in their charter.
But nobody is willing to risk their cushy lives to really make this happen. Just look at Peter Thiel's backtracking on his beliefs around seasteading. Or the Liberland guy's showboating. Or the new Sealand guy's lack of a serious business plan for the platform.
It's good to have this debate, and to ask these questions. However, the biggest user of authentication by far is the US Government, and no matter what arises from the debate, if they decide you will bio-metrics, you will use bio-metrics. Thought one would like to believe that the Government follows some good decision making processes; It doe s not. The rules that drive Governmental decision making are very simple.
1- I have money and must spend it, or I will not get the same amount next fiscal year.
2- Make a decision, not having sufficient data, not vetting, and not understanding the consequences do not matter. What matters is that one is able to report "I have taken some action"
3- If it's on Wikipedia, it's true
4- We'll wait until we (The government) have a problem with the issue (Enough people have died), before we'll invest the time an energy to do anything.
5- We aren't going to do anything, until we get more money
This is not being pessimistic, but simply reporting the facts, as anyone who has ever worked in a government office will recognize the behavior.
And, being totally honest, it is not the elected officials that run the government. It is the entrenched bureaucrats who run things day-to-day.
The only proven way to do high assurance user authentication is with a cryptographic token (like a CAC or PIV or a Passport) issued face-to-face by a Trusted Agent.
E.g. You go to your bank with copies of your I-9 documents and the bank creates a cryptographic token for you in your presence and with your input: A PIN or pass phase that only you know.
The private key is burned onto the token signed with your PIN so only you can release it.
The problem is that in creating high assurance identity you've also eliminated all transaction privacy (the user can't pretend to be someone else or no one)
See subject: Whoever the fool is attempting to "impersonate me" only proves that I've REALLY 'gotten to them' somehow (thanks)...
* I am with you on something though - there is a TON of bogus downmoderation but as the saying goes? "When all your opposition has is censorship you've obviously won" (& I am highly against the LOON(s) who shot all those folks up in Vegas - I think it's somekind of falseflag OR an attempt @ further dividing our nation up ala the KING of bogus evil in that capacity, George Soros paying off groups like BLM & Antifa to do so...) - but GUNS DON'T KILL PEOPLE - people do. NO reason to ban guns!
As far as "AssFux" Ash-Fox? That whimp's a weasel who ALWAYS starts w/ me (he's 'butthurt' I've busted him up on tech issues is all that is).
APK
P.S.=> Provoking weasel reactions like yours is all the satisfaction anyone needs... apk
This exactly. The real problem here isn't identity theft, it is the pathetic level of verification used by the lenders. I agree that putting all liability on the lenders is the right approach (there are already laws on the books to this effect for the most part), but there is virtually no way to totally eliminate the harassment that an ID theft victim gets, because the lenders are still going to pursue collection on the premise that you are just a deadbeat borrower.
99% of all ID theft would evaporate if federal law required an unobstructed front facing photograph and fingerprints of anyone applying for any credit as well as a scan of your government issued photo ID, as part of the credit application record. Put in a requirement for default 2 factor authentication via either a cell phone call, a call to the residence or snail mail to the residence of record.
If this were implemented, any ID thief is forced to leave their fingerprints and photo in every false credit application they make, and they would fail the 2 factor authentication, preventing them from receiving same day credit. The lenders don't want to implement it because it would cost them loans and add a 5% overhead to their cost of doing business, whereas eating ID theft today costs them 3% overhead... Meanwhile the ID theft victim spends an average of ~100h dealing with all the bullshit to clean up their credit and secure their ID.
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
Credit reporting agencies make money by sending my information to people that pay for it. If someone was asking questions about a friend of mine, simple politeness would require me to inform my friend that so-and-so was asking about him.
Me: "Hey, Bill. You're ex was asking about you the other day."
Bill: "You don't say. What did you tell her?"
The way to fix this whole credit reporting mess is that if someone makes an inquiry to the reporting agency (i.e., someone asks about me), the reporting agency should be required to mail me a copy of what they pass on. If they are saying something wrong, I can challenge them and get the information corrected. If the person requesting information didn't have my permission, I would know identity theft was in the works and could stop the bank from extending credit.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
Well then, with two such highly skilled, intelligent entities, with such marvelous track records, sayin' so, gosh, I'm in! Scan me first!
We're still using social security numbers, we're just using very pretty numbers. And numbers that can't be revoked when (not if) there's another breach.
The federal government already maintains a national ID database for military personnel, civil servants, and government contractors. It consists of a smart card containing a certificate tied to the USG PKI. The card is unlocked with a PIN and can be used for signing documents or signing/encrypting emails. The documentation requirements are almost exactly the same as for getting a passport (e.g. birth certificate + state ID). These cards are already recognized by most federal agencies, and can be soft authenticated offline just by verifying the certificate chain.
Biometric ids are intrinsically secure - so long as they are only used to verify your identity in person, not remotely. It doesn't matter if someone hacks your data, it would still be pretty hard for them to fake your IPD, and pretty expensive for them to make custom contact lenses to fake an iris scan.
For now.
Next year, 3D printed contact lenses make it cost all of $50 to fake iris scans.
Better yet, hold up the right QR code to the iris scanner, and the scanner software is hacked into giving you admin access.