[SIMSOFT] Identity Card Delusions
R. A. Hettinga
rah at shipwright.com
Thu Mar 21 10:47:47 EST 2002
--- begin forwarded text
Status: U
From: "Simson Garfinkel" <slg at ex.com>
To: <simsoft at nitroba.com>
Subject: [SIMSOFT] Identity Card Delusions
Sender: simsoft-admin at nitroba.com
List-Help: <mailto:simsoft-request at nitroba.com?subject=help>
List-Post: <mailto:simsoft at nitroba.com>
List-Subscribe: <http://www.simson.net/mailman/listinfo/simsoft>,
<mailto:simsoft-request at nitroba.com?subject=subscribe>
List-Id: Stories and Articles by Simson Garfinkel <simsoft.nitroba.com>
List-Archive: <http://www.simson.net/pipermail/simsoft/>
Date: Thu, 21 Mar 2002 10:01:55 -0500
<http://www.technologyreview.com/articles/garfinkel0402.asp>http://www.technologyreview.com/articles/garfinkel0402.asp
Identity Card Delusions
Related Links
<http://www.technologyreview.com/articles/garfinkel0402.asp>Identity Card
Delusions
<http://www.technologyreview.com/articles/prototype50102.asp>Fit to Print
<http://www.technologyreview.com/articles/prototype21201.asp>DNA ID
<http://www.technologyreview.com/articles/stikeman1201.asp>Recognizing the
Enemy
<http://www.technologyreview.com/articles/visualize1101.asp>Face Recognition
<http://www.technologyreview.com/articles/amato0901.asp>Big Brother Logs On
<http://www.technologyreview.com/articles/prototype40701.asp>Voice ID
<http://www.technologyreview.com/articles/prototype81101.asp>Magic Fingers
<http://www.aamva.org/>American Association of Motor Vehicle Administrators
The Net Effect By Simson Garfinkel April 2002
Illustration by Tavis Coburn
Mandatory national ID cards might cut down on underage drinking, but they
wouldn't have stopped Richard Reid.
<http://techreview.adbureau.net/adclick/CID=fffffffcfffffffcfffffffc/acc_random=95718/SITE=TRV.COM/AREA=TEL/PAGEID=95718/AAMSZ=300X250>
More than 200 million Americans carry drivers licenses with them every
day. The small plastic cards denote the holders right to operate a motor
vehicle. But that rather understates things. Today, all manner of business
establishments, from banks to airlines to bars, will deny you service if
you do not show them your drivers license. In other words, drivers
licenses have become the de facto identity cards of the United States.
Now the American Association of Motor Vehicle Administrators, a kind of
trade organization for the state motor vehicle registries, wants to make
things official. This past January the association asked Congress for $100
million to link all of the state motor vehicle databases into a single
national system, overhaul licensing procedures and phase in a new
generation of high-tech cards. If this proposal goes through, drivers
licenses issued in two years will almost certainly be high-tech,
biometric-endowed cards for the absolute identification of the cardholder.
And this is just the beginning.
Less than two weeks after the motor vehicle announcement, the U.S.
Department of Transportation announced that it was moving full speed ahead
with plans to create a nationwide trusted-traveler cardanother
biometrics-based national identification card. But instead of granting
permission to drive, the proposed trusted-traveler card will allow the
holder to breeze through security checkpoints at airports without being
detained by lengthy interviews and intrusive searches.
It has long since been a cliché to say that September 11 changed
everything, but one thing that has certainly changed since that fateful day
is Americas receptivity to the idea of a national identity card. Eight
months ago, such cards would have been unthinkable, the first step toward
an Orwellian surveillance society. But priorities have shifted. Many of
those who once steadfastly opposed the ID card now see it as an unfortunate
but necessary measure to protect homeland security.
America is being sold an empty promise. The proposals for new
biometrics-based identity cards will certainly let the states buy shiny new
computer systems and deploy ominous Big Brother-style networks, and the
cards will speed the passage of frequent travelers through the airports,
but they wont significantly improve the security of Americans. Indeed, had
these systems been in place on September 11, they would not have prevented
al-Qaedas deadly hijackings.
The push to turn the drivers license into a national identity card is
coming not from the federal government but from the states. Motor vehicle
administrators and police alike want to stamp out the scourge of fake
out-of-state drivers licenseswhat many college students call their
drinking cards. But replacing todays patchwork of different-looking
drivers licenses with a single nationwide standard thats all but
impossible to forge will also confer many advantages for law enforcement
agencies, because bogus out-of-state drivers licenses are used by crooks
engaged in identity fraud, people who keep driving despite their suspended
in-state drivers licenses and other assorted hoodlums.
The states are also eagerly looking at biometrics as a powerful tool for
verifying identity, preventing fraud and enlisting the drivers-license
database to help solve other crimes. States that digitize drivers-license
photographs can use face recognition systems to find out if the same person
has multiple identity cards issued in different names. (Last year the
Mexican Federal Election Institute adopted this technology to help stamp
out duplicate voter registrations.) Likewise, states that collect
fingerprints when issuing drivers licenses can store that data in their
automatic identification systems and then match it against fingerprints
found at crime scenes. Many U.S. murder cases from the 1970s and 1980s that
had gone cold were solved when fingerprints were brought online in the
early 1990s.
But moving this biometric information out of the states databases and onto
the back of the individuals drivers licenseone likely result of the
September 11 attackswould be a mistake.
Technically, it is simple enough to do. A two-dimensional bar code, for
example, can easily hold digitized representations of a persons
photograph, fingerprint or handwritten signature. And two years ago, the
motor vehicle registries organization adopted a nationwide standard for
encoding such information. Putting the information on the back of the
drivers license allows any business to use your biometrics to verify your
identity. It also makes it that much easier for businesses to scan the
information and add it to their files. Ironically, users of these new
drivers licenses would be more, not less, susceptible to identity theft,
because so much more of their personal information would be in circulation.
Instead of bar codes, our next-generation identity cards might contain
computer chips. A typical chip card, or smart card, can hold more than a
page of typed information. Some smart cards have encryption keys and tiny
cryptographic processors, allowing them to engage in secure
e-commerce-style transactions. In theory, a chip could allow multilevel
access to the personal information that the card contains: a tavern, for
instance, would be allowed to read your age, but not your name or address.
Airlines would presumably be given access to the whole shebang, allowing
them to use fingerprints or retina scans to biometrically verify the
identity of every passenger boarding their flights.
But despite their high-tech appeal, smart cards have a checkered track
record when it comes to protecting the information they store. In Europe,
where smart cards are widespread, hacking them to get free telephone calls
or free satellite television is a cottage industry. If some U.S. businesses
have access to the secure area of smart cards, I find it hard to believe
that the relevant know-how and codes wont, over time, migrate to criminal
elements. Already, there are many cases of crooked clerks giving credit
cards a second swipe at department stores and making their own copies of
their customers credit card numbers. If some crook steals your
fingerprint, youre going to be vulnerable to a lot more than simple credit
card fraud.
Whats worse, the harder one of these new identification cards is to forge,
the more valuable a forgery will become. It only takes one corrupt official
to create a steady stream of fake, unforgeable IDs for the bad guys. And
dont forget, the government will need its own supply of fake IDs for
undercover cops, spies, informants and the like.
But whats most disturbing about these new identification systems and
policies is that they wont accomplish their stated purposethey wont make
Americans more secure against terrorists. As our leaders have told us time
and again, the current war requires fortification of our homeland security
to defend against a foreign threat. But foreigners traveling inside the
United States are not required to get U.S. drivers licensesnot even if
they want to rent a car. Hertz, Avis and National Car Rental, for instance,
will happily rent to any driver who has a valid license from Egypt, Israel
or Saudi Arabia.
If our officials are worried about more al-Qaeda sleeper cells, then they
will be looking for people who have no former recordpeople who might even
stand up to an FBI background check. Recording the fingerprints of an
Egyptian businessman on the back of a Florida drivers license wont tell
us if that person has a vial of smallpox in his shaving kit. And if some
Saudi student with 100,000 kilometers in his frequent-flyer account and
information about crop dusting on his laptop computer asks for a
trusted-traveler card, hell probably get one.
Like the FBI, which tucked a laundry list of new powers into the USA
Patriot Act of 2001, the American Association of Motor Vehicle
Administrators and the Department of Transportation are using the terrorist
attacks as a convenient excuse for deploying a national identification
system that would have been politically untenable this time last year.
Remember, even if the September 11 terrorists had been carrying
smart-card-enabled drivers licenses with biometric authenticators, they
still would have been allowed to board their flights. American Airlines
knew Richard Reids identityit just didnt know that he had plastic
explosives concealed in his shoes.
Forcing every American to carry a new state-issued identification card may
cut down on illicit drinking and make things easier for police at traffic
stops, but it is simply not a rational way to deal with the specter of
terrorism. Better identification systems wont do much to stop people who
have evil in their hearts but not in their history.
Simson Garfinkel writes on information technology and its impact. He is the
author of Database Nation (O'Reilly, 2000).
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list