You might start with the Social Security card. You would issue a plastic version, and in it you would embed a chip containing biometric information: a fingerprint, an eye scan or a digital photo. The employer would swipe the card and match it to the real you. Unlike your present Social Security card, the new version would be useless to a thief because it would contain your unique identifier. The information would not need to go into a database….This will not satisfy those who fear that any such mandate is potentially “a tool for social control,” as Chris Calabrese of the A.C.L.U. put it. But the only way to completely eliminate the risks of a connected world is to burn your documents, throw away your cellphone, cancel your Internet service and live off the grid.
Er. First, ‘the information would not need to go into a database’ does not mean the information will not go into a database. On this matter, I’d defer to the man quoted by Keller himself, Marc Rotenberg, executive director of the Electronic Privacy Information Center, who points out that,
The one thing we know with certainty about databases is that they grow….[The official urge to amass and use information] takes on a life of its own.
When storage is cheap and ubiquitous, and so is data collection and analysis, searchable, analyzable data banks are an obvious consequence. These databases, whose primary outputs are analytical reports, then lend themselves to precisely the clumsy, pernicious, ‘social control’ worried about by their opponents.
Second, Keller slides all too quickly into ‘the only way to completely eliminate the risks of a connected world.’ But who ever said anything about completely eliminating those risks? Thus, the fallacy of the false dichotomy raises its head again, as it does all too often in debates about technology’s ambiguous blessings. The general format of these disputes is as follows. In response to the claim that ‘Technology X has possible problematic outcome Y,’ our interlocutor supplies ‘Good luck trying to live without technology today.’ Bingo. You’re an impractical Luddite.
There is another rhetorical template visible in Keller’s piece: the incomplete noting of the ambivalent attitude that most people appear to have toward their privacy:
But on the subject of privacy, we are an ambivalent nation. Americans — especially younger Americans, who swim in a sea of shared information — are casual to the point of recklessness about what we put online.
So in response to the claim that ‘privacy should be protected in domain X‘ our interlocutor says ‘But look at Facebook!’ The problem, of course, is that Facebook is a space designed in its interface and its user affordances to encourage and facilitate privacy-destructive behavior. Exhibit Numero Uno: the Wall, which lets users make their formerly private emails public.
It’s going to take better arguments than the ones offered by Keller to diminish the CQ–the Creepiness Quotient–of national identification cards.
Samir Chopra 
I think that your concerns over a national identity card,(or driver’s license, or passport, or whatever,) is valid.
Having said that, it’s one of the sacrifices that must be made in order to live in a civlized society. The one that I still honestly don’t understand is the problem with having to identify yourself to vote. Is it really asking to much to ask someone to be able to show proof of identity? And how on earth is that a racist request? I am honestly confused on that one. I agree with you in the tracking, and I don’t like it, but it’s a sacrifice that we make.
Am I crazy?