Due Diligence for Authentication Systems

The need for a “due diligence” process when considering and implementing identification systems is key to coping with the ID Divide. The term “due diligence” is used in mergers and acquisitions and other important corporate transactions to describe the careful vetting before a company makes a major investment. Proponents of a merger (or in our case at hand, of a new identification program) can err on the side of optimism, concluding too readily that the benefits of a merger (or an ID or other security program) will demonstrably improve the situation. In response, a due diligence process looks for the characteristic ways that things might go wrong.

Performing due diligence on new identification programs before implementing them, based on our six progressive ID principles, will be critical to any effort to deal with problems of identification and authentication going forward. A similar process should be used to review existing programs, and such a review may well be appropriate for the next administration, which will be headed by the first new president since the events of September 11, 2001. Initial aspects of due diligence include:

  • Does the new program actually improve security? ƒƒ
  • Does it do so cost-effectively? ƒƒ

If a proposed program cannot pass these initial tests, then there is no need even to consider trade-offs with other important considerations, such as personal privacy, civil liberties, or the right to vote.

For more information on this topic, please see: