REAL ID is a grave danger to civil liberties and privacy

Many people and organizations have sharply criticized the "national ID" aspects of the REAL ID Act. Even before REAL ID, the National Academy of Sciences recognized that a system of national ID not only poses a "wide range of technological and logistical challenges," but has "serious potential for infringing on the rights and freedoms of ordinary citizens." ID system proponents seem to think that the security problem lies in being unable to verify identity. But as security expert Bruce Schneier puts it, “much of the utility of the national ID card assumes a pre-existing database of bad guys. We have no such database.” Thus, a basic issue is that "national ID" is not a card, but an entire system of databases, information gathering activities, and human beings making fateful judgments about individuals based on that overall system. The obvious implication is that the idea of a national ID carries with it a powerful commitment to databases of "bad guys," which in turn seems to bring the commitment to widespread social surveillance in order to try to distinguish the suspicious from the ordinary. As Prof. Daniel Solove has argued, we should fear such risks as “hasty judgment in times of crisis, the disparate impact of law enforcement on particular minorities, cover-ups, petty retaliation for criticism, blackmail, framing, sweeping and disruptive investigations, racial, ethnic, or religious profiling, and so on.” Let's not forget, btw, that "REAL IDs" will probably be more technologically "interesting" than the gov't ID cards we're familiar with (in the sense of the Chinese curse, "may you live in interesting times"). Not only are computer databases and networks a very different thing today than when, say, Social Security Numbers were introduced, REAL IDs appear closely tied politically to two general technologies -- RFID (radio-frequency ID) and biometrics -- that privacy advocates anticipate will radically alter the contingencies of individuals' control over their personal information and the association of one's identities with one's activities, affecting our ability to act privately and anonymously. So let me throw this out: A national ID system, especially one augmented by RFID and biometrics, is an expensive enterprise with many civil liberties risks and little prospect of success in fighting terrorism. As a security system, a national ID system is a form of thin perimeter security with many vulnerable links. Thus, a national ID system points in only two directions. It will either be meaningless (but expensive) because it will be easily penetrated at its weak points, or be effective because it is tough at every point — but at the cost of a free society.

Comments

gay tan ass

Posted by: tdhwfrmptg | January 25, 2008 at 08:52 PM

If you can see this message, please email the this website url so I can update my "do not post" file duudssdssudd@gawab.com.

http://www.curriculum.k12.sd.us/ds063/_disc1/0000018c.htm - Automated Stock Trading Software
Automated Stock Trading System

Posted by: automatedtradingman | July 27, 2007 at 07:32 PM

It's funny how every time something major occurs in the DL/ID industry there are those that propose smart card technology as the savior to all of our problems.

I have been around long enough to watch every DL/ID smart card initiatives fail. Why did they fail? No one ever came up with a good enough business case to justify the cost. In 1997 I presented at the AAMVA Region 2 Meeting in Charleston on the topic of smart cards for DL/ID. At that time several states were considering smart cards for DL/ID purposes. We even had Utah release a smart card DL/ID RFP that was shot down for the right reasons – there was no need for it at the time.

Why - Smart Cards were a solution looking for a problem. During this mid 90’s push for smart cards I was working for one of the largest smart card vendors in the world - they wanted me to promote smart cards in US DL as it would be a fabulous way to increase the cost-per-card that jurisdictions per paying, by about 10 times the price.

However jurisdictions didn’t need smart cards. They needed better validation, better documents and a means to put information on the card to measure verification. All this could be done without the cost of a smart chip. It can still be done today.

Proponents argue that we can have a multi-application smart card that will serve as my DL and bank card and reduce the amount of space in my wallet taken up by a whole bunch of other cards. But what happens when I don’t want you to read the chip, say to realize I am a suspended driver. I simply disable the chip. Then what – you revert to the systems we have in place today – you go online to see if I’m still a qualified driver. What’s the point of the chip then?

Secondly, what do you take away from me when my driver license is suspended? You can’t take away my physical document; I may need it to obtain all the other privileges now associated with my multi-application smart card. Start rewriting the legislation in 50 states as this will take a long time to resolve.

Today we hear the proponents telling us we need RFID driver licenses. We don’t for driver license validation. There is a privacy element often forgotten that by voluntarily presenting my physical document, by choice I am determining whether I want the government to inspect my document. The possibility of the reading of my driver license as I pass through a subway turnstile or any other secured access area, without my consent is a frightening scenario, even for this advocate of stronger more secure driver licenses.

The discussion of needing RFID to meet Real ID for driver licenses, if continued, will likely defeat the entire concept. Real ID as it is written now has enough to overcome, and obtaining buy-in from the public, and the state DMV’s. Adding RFID that really isn’t required at this point reminds me of the many smart card DL programs that I’ve seen fizzle since 1992 due to their own inability to prove their merit by justifying the technology and cost. People are concerned enough about the ability of Real ID to perform to its mandate with the opportunity for scope creep. Proposing RFID on DL/ID at this juncture provides the legitimacy to those that would oppose Real ID due to potential exploitation and privacy invasion by government.

Real ID won’t catch terrorists. It won’t even slow them down as proposed. Folks I have devoted my life to driver license security and worked on systems that have issued a half billion documents. Real ID can be beneficial, however in the many other areas that have plagued DL/ID systems for years.

If you want to kill Real ID before it has a chance to improve DL/ID security, enhance road safety by keeping disqualified drivers from getting multiple licenses, reduce identity theft occurrence by performing better verification, then keep promoting RFID for DL – you’ll surely kill any benefit that might have come from Real ID implementation.

Posted by: Ian Williams | November 30, 2005 at 08:20 AM

You are correct. The legislation doesn’t state RFID or biometric. But that doesn’t mean it isn’t there. The legislation states “common machine-readable technology with defined minimum data elements”. Since most of us aren’t in a position to elaborate on that sufficiently vague statement, we can only deduct the meaning. A “common machine-readable technology” gives us a finite number of potential candidates as options, contact (magnetic stripe, integrated circuit, etc.) and contact-less (RFID, barcode, etc.) cards. Theoretically, the technology could utilize any of the options so as a result all of them are valid possibilities. This is where the RFID comes into play.

What are the “defined minimum data elements”, which the legislation speaks of? Is it the minimum drivers license requirements to appear on the face of each credential? Possibly. Perhaps not. If we’re to “secure” the drivers license credential, it is only reasonable to include a biometric that incidentally, we already do with facial capture and recognition (although I suspect most would argue the point) from the person issued the credential. Here is where the biometric component comes into play although there are other forms in play. In California for example, the thumbprint is captured during the licensing registration process. To your original point, at nowhere in the legislation is there mention of RFID or biometrics but we know that there are only so many options.

Posted by: S Woodlyn | November 15, 2005 at 07:41 AM

I'm always seeing the same points raised with regard to Real ID: RFID and biometrics. I guess there's something wrong with my reading comprehension because I don't see either of those words used in the Real ID Act. Can someone point me to where these issues are discussed in that Act? Or is this all a red herring designed to inflame controversy and mislead the public about what Real ID actually says?

Posted by: Cyphrpunk | November 10, 2005 at 12:04 PM

The ACLU has long argued that REAL ID will inevitably lead to the development of a true National ID Card. Whether or not 50 states are still nominally in control of the licenses, federal law now mandates (i) a series of data elements that must be collected and presented on the face of the card, and (ii) data sharing of all data -- including biometrics, birth certificates, proof of state residence, address and driving records -- with all other states and the federal government. Make of that what you will, but a basic understanding of computer networking leads to the conclusion that even if the 50 states are themselves gathering and collecting the data, the fact that the data is shared as of right makes this one unified network of data with at least 50 hubs. That's a national ID database, even if we've got 50 different cards with a different name of a state at the top of the card.

What's the impact? For the first time every drivers' most sensistitive personally identifiable information will be accessible by literally hundreds of thousands of local, state and federal governmental officials. Unless and until the Department of Homeland Security writes regulations strictly limiting access to data, everything a data thief might need to assume someone else's identity will be available in one, relatively insecure database. A recipe for disaster.

Posted by: Tim Sparapani | September 23, 2005 at 12:08 PM

I'm sorry, did I miss the legislation that instituted a national identity card? Here I'd thought we were discussing uniform state driver's licenses. That's still 50 separate datastores, 50 separate identity repositories (plus the teritories and possessions I suppose) - not a national system.

While the development of the seperate, uniform data templates might someday facilitate a national ID system, that day is not yet here, and is not being proposed.

Of course, the discussion is moot anyway since the Social Security system already gives the government the necessary "glue" to maintain identity dossiers on all Americans.

Posted by: David A. Kearns | September 19, 2005 at 01:18 PM

I think those of us who wish to fight this trend have to articulare more clearly what those rights are that need to be defended, in a way that the public can understand. Here's what I have:

1. Right to conduct one's life without fear of illegitimate retaliation. This idea joins privacy and free speech, and states not only the problem with ID requirements enabling censorship by raising the cost of anonymous speech, but also the fairly understandable notion that one lives one's lives in different spheres. Society would be worse, not better, if our employers could find out what stock we were buying or our paramours could find out what porn we liked looking at. Likewise, life would be worse if the government could figure out to whom we donate for no-fly list purposes. Anyone who doubts the creeping potential of data standardization to enable data collection, and data collection to enable mass discipline, should read Foucault's _Discipline and Punish_ twice and call me in the morning.

2. The right to privacy standing alone. The notion here is that we are worse off simply for being observed. I'm not really sure whether this is a defensible ethical position, but it can be translated into:

3. Right to autonomous self-creation. Is there an inherent right to control one's indentity, which represents an intrinsic good, rather than an instrumental good for things like non-observation and free speech? I think there is.

Kant described a fundamental right of autonomy in the command that the humanity in everyone be treated as an end in itself. Being an end in oneself seems to require the right and the duty to self-definition: to take on whatever -- or however many -- identies one chooses. The shame of modernity in a lot of ways is that it undermines that possibility: in aid primarily of economic interests we have lost the ability to be a different person in different spheres of life.

For a while, it looked like the internet was going to change this: "on the internet, nobody knows you're a dog" expressed a reality about the possiblity of dropping race, class, sex, sexual orientation, disability, etc. on the internet and engaging in social relationships with one's background freely self-chosen. (Sartre would have been tickled pink.) Alas, big business moved in, and that has been impaired: all forums for anonymous interaction are dominated by exponentially increasing spam, and named interaction subjects you to the omnipresent surveillance of google.

This Real ID business can (as hopefully the convergence thread will discuss) only make matters worse. The question then becomes: how much can we blame the commercial interests for this one, too? Is it the case that "national security" is just a giant red herring, and the real issue is that monied interests want a better way of picking out the reliable employees and good credit risks?

Posted by: Paul Gowder | September 19, 2005 at 01:10 PM