I-P: State motor-vehicle offices will propose that drivers' licenses incorporate biometrics

[R. A. Hettinga]

--- begin forwarded text


Status:  U
Date: Sat, 19 Jan 2002 10:28:56 -0700
From: Robert Huddleston <cabhop at highfiber.com>
Subject: I-P: State motor-vehicle offices will propose that drivers'
licenses incorporate biometrics
Sender: owner-ignition-point at theveryfew.net
Reply-To: Robert Huddleston <cabhop at highfiber.com>



Security Vs. Privacy Jan. 14, 2002
http://www.informationweek.com/story/IWK20020111S0048
InformationWeek
Part of the TechWeb

State motor-vehicle offices will propose that drivers' licenses incorporate
biometrics. Is that the same as a national ID card?
By John Rendleman

Calls for creating a national ID card system, which advocates say would
make it harder for terrorists to move undetected within U.S. borders, have
drawn criticism for their totalitarian overtones. Now, a group representing
state motor-vehicle departments is about to unveil a proposal that could
turn the average driver's license into a technology-laden ID. Yet privacy
concerns remain, and the IT challenges may be even greater.

The American Association of Motor Vehicle Administrators, which represents
motor-vehicle departments and law-enforcement officials and serves as their
data-sharing intermediary, will introduce its idea this week. On its
surface, the proposal seems to be a scaled-down version of national ID card
proposals floated by Oracle CEO Larry Ellison and others after the
terrorist attacks last fall. "This isn't about creating a new national ID
card, nor is it about developing one centralized megadatabase that houses
everyone's personal data," Sen. Richard Durbin, D-Ill., told the Senate
last month. Durbin, who supports the association's plan, is circulating a
draft bill in the Senate with a similar goal.

Jay Maxwell, president and chief operating officer of AAMVAnet. [Photo by
D.A. Peterson.]
Licenses with biometrics would increase security and spur uniform license
systems, AAMVAnet's Maxwell says

 The proposal would bring greater uniformity and control to the process of
issuing drivers' licenses, and licenses themselves could increase security
by using biometrics--fingerprints or iris scans, for instance--to validate
the identity of people who carry them, the association says. It might also
close procedural gaps that let seven of the Sept. 11 hijackers carry
Virginia state IDs and five fraudulently obtain Social Security numbers.
"If people continue using licenses as identification documents, we would
like to make sure from a safety perspective that they are good, credible
documents," says Jay Maxwell, president and chief operating officer of
AAMVAnet, the subsidiary that runs the DMV group's IT systems.

But the plan could involve a data-management and data-integration
undertaking of major proportions. Even though the association would serve
as a clearinghouse for data sharing among the states, the plan would still
require the modernization of state records and the linking of numerous
state and federal systems. "Whenever you pull data in from other systems,
there are things you need to do to make them communicate well together,"
says Nathan Root, the association's standards program director. A big part
of the job for states will be establishing uniform administrative
procedures for handling license paperwork and related documents, along with
the work needed to format data according to the same specifications and
ensure compatibility among multiple databases, Root says.

California provides a lesson in just how hard it can be to create a
foolproof system. According to an audit requested by the California
Legislature, the state's DMV issues 100,000 fraudulent licenses a year,
even though it's been routinely collecting thumbprints from license
applicants for 20 years. The auditors blamed the problem on the DMV's not
reviewing documents adequately, not properly identifying applicants via
photographs or thumbprints, and insufficient oversight of DMV staff.

Privacy is another prickly issue in the new plan. The databases would be
available to DMVs in multiple states, law-enforcement officials, certain
federal agencies, and, on a limited basis, to businesses for validating
identities of customers.

Privacy watchdog groups opposed to the plan contend that the broad
data-sharing arrangements open the door to abuse of confidential data. "We
don't see a very great distinction between a national ID card and a
coalition of 50 states [issuing] drivers' licenses," says Lee Tien, senior
staff attorney with the Electronic Frontier Foundation in San Francisco.
"To the extent that the databases are highly integrated, there may be even
more of a risk from human error or human malfeasance."

American Civil Liberties Union associate director Barry Steinhardt says
"unified state IDs are, in fact, backdoor national IDs, and they're going
to have all the problems of national IDs," which include tracking of
citizens' movements and racial profiling. If the concept is taken too far,
"it's going to create the demand for people to have this biometric data to
identify themselves,'' he says. "It's going to be impossible to go anywhere
without your identity being checked."

But at least one state CIO who's been working on security-enhancement
measures downplays the risks of confidentiality breaches. "We worry about
privacy up front," says Richard Varn, Iowa's CIO. "This is database
technology, after all. It's pretty basic stuff, but it will take some time
and require a little bit of effort and some goodwill" to work as described
by the plan's proponents.

Iowa started a project called Identity-Security Clearinghouse two years ago
to verify the authenticity of documents used by people to establish
identity in the state or with a federal agency. In one facet of the
project, Iowa digitized the state's 11 million birth records, dating back
to 1880. Iowa can use that data now to verify a license applicant's
identity and share it with other states and the feds so they can do the
same. A lot of the work underpinning the AAMVA plan has been done, Varn
says, "and now it's only a matter of making some tweaks to the databases
and setting up some processes for sharing data."

It will be important for proponents of tech-enabled drivers' licenses to
convince doubters of the system's value and security. Opposition to
national ID cards goes back to 1971, when the Social Security
Administration rejected the use of Social Security numbers for that
purpose, according to Privacy International, a privacy group.
Implementation of the plan would require new laws from Congress, as well as
from individual state legislatures.

The motor-vehicle association hasn't specified which biometric features
would be used, but it's looking at fingerprints, face recognition, and iris
scans. Although more than half of the states already employ
machine-readable features such as bar codes or magnetic strips on licenses,
the new plan would make that standard practice.

While stopping short of calling AAMVA's proposal a national ID, Maxwell
acknowledges the licenses could be used to verify identities. An airline
could check in passengers carrying biometric-equipped IDs quickly, letting
them board first, while others would move through a slower, manual process.
"We don't see that as being invasive from a privacy perspective," Maxwell
says.

The question is, will millions of Americans agree?


-
Note: [ Can the Chip be far behind?? ]
Revelation 16,17,18....

Article picked up last week....

Subject: Veri-Chip: The Human Bar Code ???

Injectable Chip Opens The Door To 'Human Bar Code'
By Charles J. Murray
EETimes.com
http://www.EETimes.com/
1-7-02

        Radio-frequency identification chips, which have found a home in
applications ranging from toll road passes to smart retail shelves, may be
close to taking up residence in the human body.

        A Florida-based company has introduced a passive RFID chip that is
compatible with human tissue, and the developer is proposing the chip for
use on implantable pacemakers, defibrillators and artificial joints. The
company, Applied Digital Solutions (Palm Beach, Fla.), also said that the
chip could be injected through a syringe and used as a sort of "human bar
code" in security applications.

        Called the VeriChip, the device could open up a broad new segment
for the $900 million-a-year RFID business, especially if society embraces
the idea of using microchips for human identification. Applied Digital
executives ultimately believe that the worldwide market for such
implantable chips could reach $70 billion per year.

        "The human market for this technology could be huge," said Keith
Bolton, senior vice president of technology development at the company.

        Futurists agree that the idea of using microchips inside the body
could ultimately represent a large market opportunity, but they doubt
whether this initial effort will have a significant effect on the RFID market.

< snip >

------------
FAIR USE NOTICE:  This contains copyrighted material, which is reproduced
under the Fair Use Provision of Title 17, U.S.C. Section 107, and is posted
for purposes such as criticism, comment, news reporting, teaching,
scholarship, or research. This material is posted without profit for the
benefit of those who, by accessing this site, are expressing a prior
interest in this information for research and educational purposes. For
more information, please see: http://www.law.cornell.edu/uscode/17/107.shtml


============
To UNSUBSCRIBE from the ignition-point list, send email to:
majordomo at theveryfew.net
In the body of the message, include only the line:
unsubscribe ignition-point <your address>

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com