At 06:48 PM 10/6/2001 -0400, Declan McCullagh wrote: >On Sat, Oct 06, 2001 at 12:20:07PM -0700, Carl Ellison wrote: >> we already have a national ID card: a passport. > >Carl, > >We may be speaking at cross-purposes. What I would call a national >ID card is an identification device that created by the federal >government that all citizens and permanent residents are issued. > >The U.S., of course, has no such device. Many millions of Americans >have not traveled abroad and do not have passports. > >The privacy-anonymity threat a national ID card poses is that once >you have such a card in place, a near-irresistable incentive arises >for >governments to make carrying them mandatory. That could mean police >stopping you at any time, demanding to see your ID, and scanning it >in to learn information-about-you-they-wish-to-know. Extend this >prediction as appropriate to ID-card-scanners -- coupled with >biometric readers and checks against databases -- at banks, >airports, grocery stores, etc. > >-Declan
Declan, I understand that and am certainly not in favor of national ID cards. I just wanted to point out that even the voluntary national ID card was completely ineffective in stopping those hijackers who carried them. Such a card itself has almost no value. If law enforcement wants value from it, it would come from the underlying database that the police would have to check to "learn information-about-you-they-wish-to-know". If that underlying database were put into place, it could be keyed on any number of identifying items -- perhaps even biometrics (e.g., face recognition, based on a digital photo the cop takes -- or even an iris scan taken by the same camera). You don't have to have a common number for indexing it. That's 1950's IBM machine thinking. So, I think we have a harder problem than we thought we did -- but I also think that the opposition does, too. Issuing national ID cards would be expensive and would meet much resistance from the US population. Installing "ID-card-scanners" would be even more expensive, perhaps enough to stop that step from happening. (Seen any Mondex card scanners lately?) Building the underlying database mechanism would be far more expensive and would meet far more resistance, but it's not until you do the second that you have any LE value or any privacy threat at all. If all you do is ask for the ID card and don't check it, you encourage stupid uses (and therefore identity theft). Meanwhile, if you start relying on a single ID mechanism, the ID forgers can concentrate all their efforts on that one mechanism and get really good at such forgery. For us, worried about anonymity and privacy, I think our thoughts should be on how to defend against a database indexed by multiple items (e.g., the Equifax database). - Carl +------------------------------------------------------------------+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | | PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]