[I invite Rob Atkinson of the Progressive Policy Institute to reply. Previous Politech message with background is here: http://www.politechbot.com/p-03149.html --Declan] --- Date: Tue, 19 Feb 2002 08:23:46 -0700 From: "Ralph S. Hoefelmeyer" <ralph.hoefelmeyerat_private> Subject: I heard their VP speak RE: National ID? Driver's licenses to become biometric smartcards To: declanat_private Cc: rshoefelmeyerat_private Declan, Dr Robert Atkinson, VP of PPI, was the keynote speaker at the Smart Card Alliance on 6 February 2002 in Austin, TX. He pushed the technology of smart cards for a national ID, saying that 50 standardized DMV cards were not an national ID. He was indifferent and dismissive of privacy concerns, marginalizing those who cared about civil liberties as "fringe groups". In fairness, in discussions afterward, the fact we *do* live in a police state was taken as a given [try telling some cop, as you walk down the street, "no, you can not see my ID"; we can discuss later how to get that shoe print off of your back]. PPI is just as dangerous to freedom as any of the right wing groups, they are simply more open to the use of technology. Their purported "third way" is simply another name for "national socialism". I queried Dr. A on the database errors that were sure to crop up. He was dismissive of this problem, saying it was not pertinent to the goal of identifying everyone. He was also not ready to add teeth to his proposals, where abusers of the ID system (LE, IRS, etc.) would be held accountable. Typical Beltway Wonk ... Ralph Ralph S. Hoefelmeyer, CISSP <these views do not represent those of my company, so please use the CC'd e-mail address for responses and attribution> --- Date: Sat, 16 Feb 2002 14:51:33 -0800 From: Roderick Sprattling <rlsat_private> Reply-To: rlsat_private To: declanat_private Subject: Re: FC: National ID? Driver's licenses to become biometric smartcards References: <20020215213447.A32352at_private> Declan, Ham and Atkinson have either missed or ignored two practical problems in this scheme (quite apart from privacy issues). First is the obvious dilemma of multi-function devices: You pack a lot of functionality in one card, but lose the card and you may have lost you driving license, your cash, your voter registration and your season ski pass. Since all data must be stored on the card, there is no backup. Consumers will learn, then decline in droves. Second is the likelihood that counterfeits *will* be made: They're just too valuable. If the smart card driving license is accepted as absolute proof of identity, documents and transactions based upon the counterfeit smart card are even less likely to be questioned. Those holding counterfeit IDs will find their way strewn with flowers. Rod --- Roderick Sprattling rlsat_private --- Date: Sat, 16 Feb 2002 23:08:52 -0000 (GMT) Subject: Re: IP: USNews' Dana Hawkins on biometrics, facecams, and 'light prints' From: "Paul Holman" <pablosat_private> To: <declanat_private> Cc: <farberat_private>, <dhawkinsat_private> Declan, I believe there is an important line to draw for the use of biometrics in authentication. The thrust of my argument is that no biometric technology is acceptable unless the profile data is fully within the control of its subject. So for instance, a smart card with a finger print reader onboard would be a great way to make authentication more convenient for me, so long as my profile and the means to match it are also on that card. This model prevents large databases of profile data from being compiled anywhere. In my experience, most biometric technology companies have no clues about creating secure devices, and their implementations are more easily hacked/ circumvented without attacking the weakness of the technology itself. Additionally, I know of no implementations that meet my litmus test described above. I have a small web page where I maintain ongoing critique of biometrics at <http://pablos.kadrevis.com/projects/biometrics>. I'll be posting more information about the current state of the art here. I apparently need some motivation to elaborate on my arguments, so please feel free to direct some flames my way. Thanks, pablos -- Paul Holman The Shmoo Group pablosat_private --- From: "Taylor, Stephen" <STEPHEN.TAYLORat_private> To: "'declanat_private'" <declanat_private>, politechat_private Subject: RE: National ID? Driver's licenses to become biometric smartcards Date: Tue, 19 Feb 2002 12:13:12 -0500 Any writers out there who want to take this and run with it? For an idea, how about the police being able to actively scan your "smart" drivers license and determine who you are as you pass them on the road? No need to even stop your car, they can sit in theirs and monitor all drivers passing by. For you runners, this would be a variation on the "chip" that is worn on your shoe to record start and finish times. A "chip" has a number that is picked up as the runner passes over a sensor, the number from the chip is used to access a database of runners and determine who the runner is from the information located in the database. The information is obviously gathered when the runner registers for a race. It would one big race with all the driving citizens entered into the database that is owned by the Government. Regards, Steve Taylor --- To: declanat_private From: "J.D. Abolins" <jda-irat_private> Subject: Re: FC: National ID? Driver's licenses to become biometric smartcards Cc: Grayson Barber <graysonEsqat_private> I am not an attorney but I wonder if one of the things that the smart card IDs would do is to put the cards under the protections given computer systems. With current paper/plastic IDs, one can study them, take little snippets for analysis, use a microscope, use a bar code or mag stripe reader, etc. as long as one does not create another ID card. With a micoroprocessor smart card ID, analysis/hacking could fall under computer crime laws. After all, technically, the bear of the ID does not really "own" the ID token. --- Date: Sat, 16 Feb 2002 21:24:05 -0700 From: "Allen S. Thorpe" <athorpeat_private> To: declanat_private Subject: Re: FC: Pentagon test finds iris, face scan technology not that reliable No one should be surprised that the hype for new technologies is ahead of the actual results. That's the history of everything to do with personal computers and the internet. All this stuff is in its infancy. What concerns me is the mystique of privacy and the reference to it as a right. Rights are carefully defined legal protections and when they are extended in one area, they often reduce the rights of someone else or everyone else. Other "rights" are illusory. I have had discussions with people who feel violated by police cameras in public areas, when they have no such feelings about being in plain view by plenty of other people. Some segments of society view routine vigilence by policy as a personal intrusion. I wonder what they say when they get mugged after the police reduce their presence. The most offensive privacy violations are not committed by government, but by people who are given personal information in exchange for benefits and conveniences, but these can also be used to track criminals (video cameras in stores and at ATMs, for example). Technology is seldom pure evil or an unalloyed blessing, either, but reducing the whole issue to a one word epithet is not the way to make good decisions. Allen S. Thorpe Telephone: (435) 381-2543 U.S. Mail: 95 East Main St. P. O. Box 1238 Castle Dale, UT 84513 Office e-mail: Home e-mail: thorpeat_private athorpeat_private --- From: "Tony Dye" <tonyat_private> To: <declanat_private> Subject: RE: Duncan Frissell on AAMVA, licenses as biometric smartcards Date: Mon, 18 Feb 2002 11:09:13 -0000 Message-ID: <BOEKKKDKGDHMJNHIAAMBOEMFCAAA.tonyat_private> Declan, Here's the text of the letter I sent to Rep. Loydd Dogget (my rep in Texas) a while back. I also sent a copy to both Texas senators. Rep. Doggett always replies to my emails... neither Senator ever does. Of course, Democrats in Travis County need all the GOP voted they can get, so he's got some incentive. I'd also add to this that a Driver's licence is a nasty way to drive people into getting their data recorded even if they don't want to. While there might never be a law passed to create a nation ID system, the vast majority of the population can't 'opt-out' of a driver's licence and still eat, work, etc. Changing the requirements for getting a licence is sneaky, underhanded, and, IMHO amounts to government extortion. It's "Give us your valuable personal info, or we take away your income." *********************************** Dear Rep. Doggett, My name is Tony Dye, and I'm a registered voter in your district (though I'm currently working in Ireland). A recent Washington Times editorial (http://www.washingtontimes.com/op-ed/20020121-166867.htm) brought to my attention an issue of particular interest to me. While it seems that the creation of a top-down, federally mandated National ID card is beginning to die down, the basic equivalent is beginning to be discussed, and acted upon, by the States. I would like to state my uncompromising disapproval and rejection of the idea that biometric or fingerprint ID information should be required on a Driver's Licence, or shared with other State government agencies in any form at all. Biometric data should absolutely never be collected in a central data repository, and ID cards should absolutely never be mandatory in any State. You may be aware that this is already required in Texas. I know that I have already been forced to submit a thumbprint for my Texas Driver's Licence. While I have been forced to provide this information, at least I could take some action at the state level to remove these requirements. If, however, this information is allowed to be co-mingled in a central data repository with others from other states, I would have absolutely no recourse or ability to prevent any number of identity- and privacy-related violations by state agencies from all over the USA, not to mention Federal "information-sharing" and the un-preventable hacker attacks. A central location of personal information would be a gold mine and a permanent target for hackers and for the FBI... and as even Oracle has recently learned, NOTHING is unhackable. NOTHING. No matter what they tell you. No matter what assurances are given, no matter what procedures are put in place. Nothing. is. unhackable. NOTHING NOTHING NOTHING. Currently, to my knowledge, there is no law preventing the states from sharing this information amongst themselves, but there is also no law protecting citizens, preventing abuse of information, or outlining privacy rights with regard to government information-shopping. Once the information checks in, I'll never get it out again... even if Texas completely reverses it position and severs all contact with the central database. Furthermore, I also have no legal protection from federal data mining or even the sale of that information to marketing firms, credit reporting agencies, or other private businesses. Even if Texas were to enact such protections, I would be powerless to prevent abuse by other states once I've been biometrically recorded into a central database. I strongly urge you to deny funding for any such database, and to oppose at the federal level any central database of biometric or other unique identification. Additionally, I beg you to take some action preventing the states from requiring I prove my unique identity on demand of government employees (including police), or submit unique personal information for inclusion in a central (or shared) database. Unless I am accused of a crime, I should never be required to carry or present proof of identity, or subjected to inclusion in a state or federal ID database (whether or not it includes biometric data). I CERTAINLY should NEVER be under threat of punishment for an inability or unwillingness to produce my 'papers' while otherwise being a law-abiding citizen. Please consider this strongly, and reply to me with your current position. As a Republican who has voted for you twice, I've been pleased and heartened by your communications in the past (even though I haven't always agreed with your positions). This represents a critical issue for me in the upcoming mid-term elections. I'm looking forward to hearing from you! -Tony Dye Manager, IT Systems & Support blue tree systems tonyat_private www.bluetree.ie --- Date: Mon, 18 Feb 2002 09:39:10 -0500 To: declanat_private From: Robert Moskowitz <rgm-int@htt-consult.com> Subject: Re: FC: Duncan Frissell on AAMVA, licenses as biometric smartcards At 09:35 AM 2/16/2002 -0500, you wrote: >[I'm hardly one to speak on behalf of the AAMVA, but I would speculate >that their likely reply would be: DMVs have always issued both driver >licenses and ID cards. Some people do not drive and still wish to take >advantage of the many benefits of having state-issued ID. So if someone >has their license suspended, they can apply for and receive a state-issued >ID card that is NOT a driver's license -- but still has all the necessary >biometric info. In fact, the first page of the AAMVA task force's >recommendations clearly anticipates this possibility. It repeatedly >mentions "the issuance of driver licenses and ID cards." --Declan] Three other cases of IDs: In New York, many people never bother to get driver licenses. But they fly a lot, so they get state IDs. High School students traveling unaccompanied. School IDs rarely accepted. City issued IDs are accepted. My 16 year old has a city issued ID card that he uses at the airports. Cross Dressers. I have a friend that has a state ID for 'her' alternate identity. Uses it to safely travel 'enfemme'. --- ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 10:31:22 PST