FC: Progressive Policy Institute wants biometric license-smartcards

From: Declan McCullagh (declanat_private)
Date: Tue Feb 19 2002 - 10:09:36 PST

  • Next message: Declan McCullagh: "FC: Council of Europe drafts secret "Second Protocol""

    [I invite Rob Atkinson of the Progressive Policy Institute to reply. 
    Previous Politech message with background is here: 
    http://www.politechbot.com/p-03149.html --Declan]
    Date: Tue, 19 Feb 2002 08:23:46 -0700
    From: "Ralph S. Hoefelmeyer" <ralph.hoefelmeyerat_private>
    Subject: I heard their VP speak RE: National ID? Driver's licenses to 
    become biometric smartcards
    To: declanat_private
    Cc: rshoefelmeyerat_private
    Dr Robert Atkinson, VP of PPI, was the keynote speaker at the Smart Card
    Alliance on 6 February 2002 in Austin, TX.    He pushed the technology of
    smart cards for a national ID, saying that 50 standardized DMV cards were
    not an national ID.  He was indifferent and dismissive of privacy concerns,
    marginalizing those who cared about civil liberties as "fringe groups".  In
    fairness, in discussions afterward, the fact we *do* live in a police state
    was taken as a given [try telling some cop, as you walk down the street,
    "no, you can not see my ID"; we can discuss later how to get that shoe print
    off of your back].  PPI is just as dangerous to freedom as any of the right
    wing groups, they are simply more open to the use of technology.  Their
    purported "third way" is simply another name for "national socialism".
    I queried Dr. A on the database errors that were sure to crop up.  He was
    dismissive of this problem, saying it was not pertinent to the goal of
    identifying everyone.  He was also not ready to add teeth to his proposals,
    where abusers of the ID system (LE, IRS, etc.) would be held accountable.
    Typical Beltway Wonk ...
    Ralph S. Hoefelmeyer, CISSP
    <these views do not represent those of my company, so please use the CC'd
    e-mail address for responses and attribution>
    Date: Sat, 16 Feb 2002 14:51:33 -0800
    From: Roderick Sprattling <rlsat_private>
    Reply-To: rlsat_private
    To: declanat_private
    Subject: Re: FC: National ID? Driver's licenses to become biometric smartcards
    References: <20020215213447.A32352at_private>
    Ham and Atkinson have either missed or ignored two practical problems in 
    this scheme (quite apart from privacy issues). First is the obvious dilemma 
    of multi-function devices: You pack a lot of functionality in one card, but 
    lose the card and you may have lost you driving license, your cash, your 
    voter registration and your season ski pass. Since all data must be stored 
    on the card, there is no backup. Consumers will learn, then decline in droves.
    Second is the likelihood that counterfeits *will* be made: They're just too 
    valuable. If the smart card driving license is accepted as absolute proof 
    of identity, documents and transactions based upon the counterfeit smart 
    card are even less likely to be questioned. Those holding counterfeit IDs 
    will find their way strewn with flowers.
    Roderick Sprattling
    Date: Sat, 16 Feb 2002 23:08:52 -0000 (GMT)
    Subject: Re: IP: USNews' Dana Hawkins on biometrics, facecams, and 'light 
    From: "Paul Holman" <pablosat_private>
    To: <declanat_private>
    Cc: <farberat_private>, <dhawkinsat_private>
    I believe there is an important line to draw for the use of biometrics in
    authentication.  The thrust of my argument is that no biometric
    technology is acceptable unless the profile data is fully within the
    control of its subject.  So for instance, a smart card with a finger print
    reader onboard would be a great way to make authentication more
    convenient for me, so long as my profile and the means to match it
    are also on that card.  This model prevents large databases of profile
    data from being compiled anywhere.  In my experience, most
    biometric technology companies have no clues about creating secure
    devices, and their implementations are more easily hacked/
    circumvented without attacking the weakness of the technology itself.
    Additionally, I know of no implementations that meet my litmus test
    described above.
    I have a small web page where I maintain ongoing critique of
    biometrics at <http://pablos.kadrevis.com/projects/biometrics>.  I'll be
    posting more information about the current state of the art here.  I
    apparently need some motivation to elaborate on my arguments, so
    please feel free to direct some flames my way.
    Paul Holman
    The Shmoo Group
    From: "Taylor, Stephen" <STEPHEN.TAYLORat_private>
    To: "'declanat_private'" <declanat_private>, politechat_private
    Subject: RE: National ID? Driver's licenses to become biometric smartcards
    Date: Tue, 19 Feb 2002 12:13:12 -0500
    Any writers out there who want to take this and run with it?  For an idea,
    how about the police being able to actively scan your "smart" drivers
    license and determine who you are as you pass them on the road?  No need to
    even stop your car, they can sit in theirs and monitor all drivers passing
    by.  For you runners, this would be a variation on the "chip" that is worn
    on your shoe to record start and finish times.  A "chip" has a number that
    is picked up as the runner passes over a sensor, the number from the chip is
    used to access a database of runners and determine who the runner is from
    the information located in the database.  The information is obviously
    gathered when the runner registers for a race.
    It would one big race with all the driving citizens entered into the
    database that is owned by the Government.
    Steve Taylor
    To: declanat_private
    From: "J.D. Abolins" <jda-irat_private>
    Subject: Re: FC: National ID? Driver's licenses to become biometric
    Cc: Grayson Barber <graysonEsqat_private>
    I am not an attorney but I wonder if one of the things that the smart card 
    IDs would do is to put the cards under the protections given computer 
    systems. With current paper/plastic IDs, one can study them, take little 
    snippets for analysis, use a microscope, use a bar code or mag stripe 
    reader, etc. as long as one does not create another ID card. With a 
    micoroprocessor smart card ID, analysis/hacking could fall under computer 
    crime laws. After all, technically, the bear of the ID does not really 
    "own" the ID token.
    Date: Sat, 16 Feb 2002 21:24:05 -0700
    From: "Allen S. Thorpe" <athorpeat_private>
    To: declanat_private
    Subject: Re: FC: Pentagon test finds iris, face scan technology not that 
    No one should be surprised that the hype for new technologies is ahead of the
    actual results.  That's the history of everything to do with personal
    computers and the internet. All this stuff is in its infancy.
    What concerns me is the mystique of privacy and the reference to it as a
    right.  Rights are carefully defined legal protections and when they are
    extended in one area, they often reduce the rights of someone else or
    everyone else.
    Other "rights" are illusory.  I have had discussions with people who feel
    violated by police cameras in public areas, when they have no such feelings
    about being in plain view by plenty of other people.  Some segments of
    society view routine vigilence by policy as a personal intrusion.  I wonder
    what they say when they get mugged after the police reduce their presence.
    The most offensive privacy violations are not committed by government, but by
    people who are given personal information in exchange for benefits and
    conveniences, but these can also be used to track criminals (video cameras in
    stores and at ATMs, for example).
    Technology is seldom pure evil or an unalloyed blessing, either, but reducing
    the whole issue to a one word epithet is not the way to make good decisions.
    Allen S. Thorpe
    Telephone: (435) 381-2543
    U.S. Mail:  95 East Main St.
       P. O. Box 1238
       Castle Dale, UT  84513
    Office e-mail:                                              Home e-mail:
    thorpeat_private                              athorpeat_private
    From: "Tony Dye" <tonyat_private>
    To: <declanat_private>
    Subject: RE: Duncan Frissell on AAMVA, licenses as biometric smartcards
    Date: Mon, 18 Feb 2002 11:09:13 -0000
             Here's the text of the letter I sent to Rep. Loydd Dogget (my rep 
    in Texas)
    a while back. I also sent a copy to both Texas senators. Rep. Doggett always
    replies to my emails... neither Senator ever does. Of course, Democrats in
    Travis County need all the GOP voted they can get, so he's got some
             I'd also add to this that a Driver's licence is a nasty way to 
    drive people
    into getting their data recorded even if they don't want to. While there
    might never be a law passed to create a nation ID system, the vast majority
    of the population can't 'opt-out' of a driver's licence and still eat, work,
    etc. Changing the requirements for getting a licence is sneaky, underhanded,
    and, IMHO amounts to government extortion. It's "Give us your valuable
    personal info, or we take away your income."
    Dear Rep. Doggett,
             My name is Tony Dye, and I'm a registered voter in your district 
    I'm currently working in Ireland). A recent Washington Times editorial
    (http://www.washingtontimes.com/op-ed/20020121-166867.htm) brought to my
    attention an issue of particular interest to me.
    While it seems that the creation of a top-down, federally mandated National
    ID card is beginning to die down, the basic equivalent is beginning to be
    discussed, and acted upon, by the States. I would like to state my
    uncompromising disapproval and rejection of the idea that biometric or
    fingerprint ID information should be required on a Driver's Licence, or
    shared with other State government agencies in any form at all. Biometric
    data should absolutely never be collected in a central data repository, and
    ID cards should absolutely never be mandatory in any State.
    You may be aware that this is already required in Texas. I know that I have
    already been forced to submit a thumbprint for my Texas Driver's Licence.
    While I have been forced to provide this information, at least I could take
    some action at the state level to remove these requirements. If, however,
    this information is allowed to be co-mingled in a central data repository
    with others from other states, I would have absolutely no recourse or
    ability to prevent any number of identity- and privacy-related violations by
    state agencies from all over the USA, not to mention Federal
    "information-sharing" and the un-preventable hacker attacks. A central
    location of personal information would be a gold mine and a permanent target
    for hackers and for the FBI... and as even Oracle has recently learned,
    NOTHING is unhackable.
    NOTHING. No matter what they tell you. No matter what assurances are given,
    no matter what procedures are put in place. Nothing. is. unhackable.
    Currently, to my knowledge, there is no law preventing the states from
    sharing this information amongst themselves, but there is also no law
    protecting citizens, preventing abuse of information, or outlining privacy
    rights with regard to government information-shopping. Once the information
    checks in, I'll never get it out again... even if Texas completely reverses
    it position and severs all contact with the central database. Furthermore, I
    also have no legal protection from federal data mining or even the sale of
    that information to marketing firms, credit reporting agencies, or other
    private businesses. Even if Texas were to enact such protections, I would be
    powerless to prevent abuse by other states once I've been biometrically
    recorded into a central database.
    I strongly urge you to deny funding for any such database, and to oppose at
    the federal level any central database of biometric or other unique
    identification. Additionally, I beg you to take some action preventing the
    states from requiring I prove my unique identity on demand of government
    employees (including police), or submit unique personal information for
    inclusion in a central (or shared) database. Unless I am accused of a crime,
    I should never be required to carry or present proof of identity, or
    subjected to inclusion in a state or federal ID database (whether or not it
    includes biometric data). I CERTAINLY should NEVER be under threat of
    punishment for an inability or unwillingness to produce my 'papers' while
    otherwise being a law-abiding citizen.
    Please consider this strongly, and reply to me with your current position.
    As a Republican who has voted for you twice, I've been pleased and heartened
    by your communications in the past (even though I haven't always agreed with
    your positions). This represents a critical issue for me in the upcoming
    mid-term elections.
    I'm looking forward to hearing from you!
    -Tony Dye
      Manager, IT Systems & Support
      blue tree systems
    Date: Mon, 18 Feb 2002 09:39:10 -0500
    To: declanat_private
    From: Robert Moskowitz <rgm-int@htt-consult.com>
    Subject: Re: FC: Duncan Frissell on AAMVA, licenses as biometric smartcards
    At 09:35 AM 2/16/2002 -0500, you wrote:
    >[I'm hardly one to speak on behalf of the AAMVA, but I would speculate 
    >that their likely reply would be: DMVs have always issued both driver 
    >licenses and ID cards. Some people do not drive and still wish to take 
    >advantage of the many benefits of having state-issued ID. So if someone 
    >has their license suspended, they can apply for and receive a state-issued 
    >ID card that is NOT a driver's license -- but still has all the necessary 
    >biometric info. In fact, the first page of the AAMVA task force's 
    >recommendations clearly anticipates this possibility. It repeatedly 
    >mentions "the issuance of driver licenses and ID cards." --Declan]
    Three other cases of IDs:
    In New York, many people never bother to get driver licenses.  But they fly 
    a lot, so they get state IDs.
    High School students traveling unaccompanied.  School IDs rarely 
    accepted.  City issued IDs are accepted.  My 16 year old has a city issued 
    ID card that he uses at the airports.
    Cross Dressers.  I have a friend that has a state ID for 'her' alternate 
    identity.  Uses it to safely travel 'enfemme'.
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/

    This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 10:31:22 PST