AGAINST ID CARDS

Carl Ellison cme at acm.org
Sun Oct 7 10:23:48 EDT 2001


At 06:48 PM 10/6/2001 -0400, Declan McCullagh wrote:
>On Sat, Oct 06, 2001 at 12:20:07PM -0700, Carl Ellison wrote:
>> 	we already have a national ID card: a passport.
>
>Carl,
>
>We may be speaking at cross-purposes. What I would call a national
>ID card is an identification device that created by the federal
>government that all citizens and permanent residents are issued. 
>
>The U.S., of course, has no such device. Many millions of Americans
>have not traveled abroad and do not have passports.
>
>The privacy-anonymity threat a national ID card poses is that once
>you have such a card in place, a near-irresistable incentive arises
>for
>governments to make carrying them mandatory. That could mean police
>stopping you at any time, demanding to see your ID, and scanning it
>in to learn information-about-you-they-wish-to-know. Extend this
>prediction as appropriate to ID-card-scanners -- coupled with
>biometric readers and checks against databases -- at banks,
>airports, grocery stores, etc.
>
>-Declan


Declan,

	I understand that and am certainly not in favor of national ID
cards.

	I just wanted to point out that even the voluntary national ID card
was completely ineffective in stopping those hijackers who carried
them.  Such a card itself has almost no value.  If law enforcement
wants value from it, it would come from the underlying database that
the police would have to check to "learn
information-about-you-they-wish-to-know".

	If that underlying database were put into place, it could be keyed
on any number of identifying items -- perhaps even biometrics (e.g.,
face recognition, based on a digital photo the cop takes -- or even
an iris scan taken by the same camera).  You don't have to have a
common number for indexing it.  That's 1950's IBM machine thinking.

	So, I think we have a harder problem than we thought we did -- but I
also think that the opposition does, too.  Issuing national ID cards
would be expensive and would meet much resistance from the US
population.  Installing "ID-card-scanners" would be even more
expensive, perhaps enough to stop that step from happening.  (Seen
any Mondex card scanners lately?) Building the underlying database
mechanism would be far more expensive and would meet far more
resistance, but it's not until you do the second that you have any LE
value or any privacy threat at all.  If all you do is ask for the ID
card and don't check it, you encourage stupid uses (and therefore
identity theft).

	Meanwhile, if you start relying on a single ID mechanism, the ID
forgers can concentrate all their efforts on that one mechanism and
get really good at such forgery.

	For us, worried about anonymity and privacy, I think our thoughts
should be on how to defend against a database indexed by multiple
items (e.g., the Equifax database).

 - Carl



+------------------------------------------------------------------+
|Carl M. Ellison         cme at acm.org     http://world.std.com/~cme |
|    PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342                 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list