FC: Progressive Policy Institute on why smartcard-licenses are so terrific

From: Declan McCullagh (declanat_private)
Date: Wed Feb 20 2002 - 15:24:20 PST

  • Next message: Declan McCullagh: "FC: Blizzard game company uses DMCA to shut down Bnetd emulator app"

    Previous Politech message:
    "Progressive Policy Institute wants biometric license-smartcards"
    Excerpt from PPI report released this month:
    By way of background, the Progressive Policy Institute is an arm of the 
    Democratic Leadership Council.
    Date: Wed, 20 Feb 2002 17:15:54 -0500
    From: Rob Atkinson <ratkinsonat_private>
    To: declanat_private
    Subject: Re: Progressive Policy Institute wants biometric license-smartcards
    Thank you for the opportunity to respond to the comments below.  Though I 
    know the debate over improving the ID system is heated, I must say that I 
    was taken aback by some of what I've read.  When I had lunch with Ralph 
    Hoefelmeyer at the Smart Card Alliance meeting, I thought we had an open 
    and polite give-and-take on the issue (we even beamed business cards to 
    each other - hmm, what does that say about privacy?).  Then he publically 
    denounces me and others who believe in third way governance (such as Bill 
    Clinton and Tony Blair) as Nazis.  It's a prime example of the fact that 
    opponents of smart ID cards can gain no ground by shedding light on the 
    issue, so they set the debate on fire.  I believe all of the issues raised 
    by list members are addressed in our reports (www.ppionline.org) but I will 
    make a few points here:
    --Consolidating various cards onto your driver's license makes you no more 
    prone to losing it than consolidating various cards in your wallet.  In 
    fact, under our proposal it's more convenient to have them on one smart 
    card: you go to the DMV to get a new license, then redownload the other 
    applications from your PC.  No multiple phone calls, no waiting for new 
    cards to arrive by snail mail, and most importantly, no worries that 
    someone will use your card (since they can't match the onboard biometrics), 
    thereby forcing you to fight with the credit bureaus to clear up the 
    identity theft confusion.  Moreover, no one has to put multiple 
    applications on one card, they can get additional smart cards from private 
    providers for other applications if they choose.
    --Many people respond to our specific proposal with variations on the same 
    unfalsifiable generality: no card is fraud-proof, no database is 
    hack-proof, no government agency is bribe-proof, no computer is 
    error-proof, and so on.  These are all true as far as they go -- nothing 
    made by humans is flawless -- but these "arguments" ignore the fact that 
    our proposal will make all of these bad things harder than the current 
    system.  Smart ID cards are far more secure and far harder to fake than the 
    current gold standard for identification, which is a card using decades old 
    technology with an erasable 2D bar code painted on the back.  Inability to 
    achieve perfection does not justify a refusal to improve.
    --To elaborate on the database issue, I'd like to point out that the fact 
    that every database is hackable does not stop people from submitting highly 
    personal data to other people on a daily basis.  Every time I use my credit 
    card, visit my doctor, or pay my taxes I run the risk that somebody will 
    either hack in or gain authorized access for an impermissable 
    purpose.  However, unlike a few of the most vocal people in this debate, 
    that knowledge does not paralyze me with fear, because I am able to balance 
    the (very low) risk against the (very high) benefits.  Moreover, I think 
    it's silly to think that the DMV databases will become permanent targets of 
    hackers, since under our proposal those databases will contain no more 
    information than is currently written on the front of the card you flash 
    every time you want to buy a beer, plus an encrypted "ephemeral" biometric 
    that is of no use to anyone because it cannot be recreated 
    latently.   Moreover, we call for strict privacy prote!
    ctions for driver's liscence data, including a prohibition on DMVs from 
    selling any information stored on the card.
    --As for using smart ID cards to track your movements, I would point out 
    that upgrading the card does not change the rules under which The 
    Government (whatever that means) can ask to see the card.  The Government 
    can track your movements today using a pen and paper to jot down your 
    driver's license number (or SSN, or license plate, or library card), but 
    that has not turned the U.S. into the dystopia that so many privacy 
    advocates bemoan in Cassandra-like agony.  Moreover, even contactless cards 
    will not give out high-powered signals they way the toll booth transponders 
    do, so the idea that The Government can track our movements using remote 
    sensors is almost as paranoid as the idea that The Government would ever 
    bother to do so; after all, the red light cameras only catch the license 
    plates of red light runners, not every car that passes through the 
    intersection.  If you're that worried about it, however, I suppose you can 
    keep The Government from tracking your smart ID card b!
    y storing it under your aluminum foil hat.
    I believe that the debate over public policy needs to take place in the 
    real world, where costs and benefits are weighed.  If we use ludicrously 
    unlikely worst-case scenarios and logical extremes as definitive reasons 
    not to do something, we would never do anything.  The fact that Politech 
    readers use computers and connect them to the Internet (no system is 
    unhackable!) shows that they have some ability to weigh reasonable risks 
    against reasonable benefits.  I'd expect to hear some of these arguments 
    from heavily-armed militia members who don't use the toilets in their 
    trailers because they think public sewers are a U.N. conspiracy, but it 
    irks me to hear them from people who should know better.  If you and your 
    readers think that makes me dismissive of privacy concerns, fine.  But it 
    doesn't make me a Nazi.
    Rob Atkinson
    Rob Atkinson
    Vice President, and
    Director, Technology and New Economy Project
    Progressive Policy Institute
    600 Pennsylvania Ave., S.E.
    Suite 400
    Washington, DC 20003
    fax 202-544-5014
    email: ratkinsonat_private
    web:   www.ppionline.org
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/

    This archive was generated by hypermail 2b30 : Wed Feb 20 2002 - 15:36:51 PST