Column on Dean's privacy views: http://news.com.com/2010-1028-5146863.html --- GOV. HOWARD DEAN STATE OF VERMONT Prepared remarks to state DMV administrators March 27, 2002 Pittsburgh, Pennsylvania [...] It is time to take a serious look at hardware and smart-card based solutions. I believe that the states -- and therefore you -- will lead the way in the discovery and implementation of greater digital security. Some of you have already begun this process. States can move faster than the federal government to ensure that employees accessing the state’s network are indeed who they say they are and that they are doing legitimate business. But it would be shortsighted to imagine that your work is limited to solving these problems only for state employees. State Chief Information Officers, and each of you here today, have tremendous power to forge a solution that will set the standards for securing devices for all of us, not just those accessing state resources. We must develop flexible solutions that will likely require the use of Smart Cards and some form of hardened security in a reader or desktop device. For example, one state’s Smart Card driver’s license must be identifiable by another state’s card reader. It must also be easily commercialized by the private sector and included in all PCs over time -- making the Internet safer and more secure. In an age where identity and trust are paramount, the fact remains that the only viable form of universal identity in the U.S. today is the state-issued driver’s license. Think about it: When you entered the airport or the train station to travel to this conference, how many times did you use your driver’s license to prove your identity? Remember -- this is the same driver’s license that teenagers alter in order to get into a club or buy cigarettes. Terrorists do it all the time. They did it on September Eleventh. As you know, states have made great strides in developing drivers licenses that are difficult to counterfeit --- even by ingenious teenagers. But the question remains --- how does an airline agent at the Pittsburgh airport know what an Alaska or Florida license is supposed to look like, let alone identify a counterfeit? It is clear that the state issued driver’s license is the current identification standard. It is also clear that this is certainly an inadequate way to go through this uncertain world. Many in private and public life have called for a national identification card. In spite of Larry Ellison’s offer to provide the necessary software for free --- this has raised a public outcry concerning privacy and sharing too much private information with the government. We can’t let this become our briar patch. I’m from Vermont and believe me, government is kept at a respectful but very conscious distance. Reality demands that we understand ---First --- that the rise of empowered individuals whose single mission is to destroy Americans means that we have to fight them at an INDIVIDUAL level and second --- that we have already ceded our private information to faceless credit card companies and direct marketers who then sell it for a profit. Now --- I believe that our nation has the technological capacity to protect both our privacy and our way of life. And I am convinced that these complex solutions rest in a successful partnership between private enterprise and government --- led by state governments. As we stand here today, please accept the vital challenge I offer each of you. The solutions you create to protect your state’s networks must be implemented in a complimentary manner, allowing interaction between every state of the Union. We must tighten driver’s license standards among the states. Fortunately, this work has already begun, led by the American Association of Motor Vehicle Administrators’ Task Force on ID Security. Beyond that, we must move to smarter license cards that carry secure digital information that can be universally read at vital checkpoints. And we must include new security features to provide ever-greater protection against counterfeiting. Issuing such a card would have little effect on the privacy of Americans. I understand that you will be discussing privacy issues at a later workshop in this important conference --- but let’s take a moment to look at privacy in America today. In many ways, privacy is the new urban myth. Your credit card company knows every flight you’ve taken; they know your rental car, your hotel, the movies you watched, and where you had breakfast. Credit card companies have a stake in knowing everything about you because it’s a marketer’s dream. The information for sale regarding your private life is detailed -- and lucrative. When it comes to the Internet, every web page you have ever visited, every e-mail you have ever sent, every word you have ever typed, is stored somewhere and can be accessed by someone with the right skills. And as you well know, it’s not just the Good Guys who possess these skills. What’s the fastest growing crime in the U.S.? Identity theft --- stealing individuals’ identities --- not just their credit card numbers but their very existence. So, is the answer to create an Orwellian Ministry of Information? No. It’s about creating safe passage through a free but threatened life. We will not, and should not, tolerate a call to erode privacy even further --- far from it. Americans can only be assured that their personal identity and information are safe and protected when they are able to gain more control over this information and its use. Again, this points to Smart Card adoption and development of card readers that limit information access but also confirm it --- when appropriate. The same Smart Card that confirms that a person is a registered voter can also be used to validate age in a liquor store. The Smart Card owner may decide to put her medical information into the card database, which can be accessed by an Emergency Medical Technician with a universal authorization code. That EMT can learn the blood type and complete medical history of an unconscious accident victim. The beauty of the Smart Card is that the liquor store doesn’t know anything but age, and the hotel doesn’t know about non-hotel purchases, and the state knows nothing about any of it. On the Internet, this card will confirm all the information required to gain access to a state network -- while also barring anyone who isn’t legal age from entering an adult chat room, making the internet safer for our children, or prevent adults from entering a children’s chat room and preying on our kids. A Smart Card reader at the airport, adapted to a universal standard perhaps designed by those in this very room, could match the ticket and the baggage with the card presenter. Recently, Sen. Dick Durbin of Illinois and Rep. Jim Moran of Virginia introduced legislation to provide funding to states to increase the security features of driver’s licenses. The Moran Bill provides additional and specific funding to states to develop Smart Card capabilities. I strongly support these efforts and urge you to do the same. The European Union is ahead of us because they adopted Smart Card technology long ago. The EU has ambitious plans to deploy Smart Cards and Smart Card readers throughout the continent -- and to securely deliver electronic government services, electronic banking, and electronic commerce. Hong Kong is using Smart Card technology with biometrics at security check points. My view is that the technology is here but that Americans are reluctant to adopt it. It’s time to overcome our fears The American resistance to the Smart Card also came from the private sector, which was initially the only card issuer. It costs $15 to produce a chip-bearing card versus 80 cents to issue a card without the security chip. Costs have now gone down dramatically. Many new computer systems are being created with card reader technology. Older computers can add this feature for very little money. [...] _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Mon Jan 26 2004 - 08:35:41 PST