RE: National ID card
On 1 Nov 2004, Ruben Krasnopolsky asked What's the big deal with a national ID card? The various responses cited consequences within people's personal experience, such as carrying a driver's license that cannot be authenticated by police, or using one to identify oneself as a voter. Unfortunately, one big deal is military: an enemy who is willing to spend US$100 million per year for the next generation or so to burgle, bribe, blackmail, or bamboozle someone who might have access to the information or to plant someone with a belief that helps the enemy. For example, if you were a general in an opposing military, how much would you be willing to pay to gain the medical records to 1.3 million US soldiers? (I pick this number because computers with the medical records of 1.3 million US soldiers were stolen in early 2003. The FBI said it thought the most likely purpose of the burglary was to obtain parts that could be sold. The FBI thought that the criminals did not know that the computers contained information of interest to US enemies.) I thought of the pyschological warfare aspects of such a theft: what happens to morale when every family in a battalion receives copies of the records of neighbors, with the comment, `Look how well your government kept these records from us; how well do you think your loved ones will do in a convoy?' A retired Royal Navy captain thought differently than I; he immediately said that with this kind of information, it would be easier to interrogate some prisoners. An enemy military is not the only issue. Suppose you were a person who stole people's identity so as to steal their bank accounts. Would you be interested in copying 1.4 million records that include names, addresses, and social security numbers? (I pick this number because some number of records up to this number were copied this August 2004 from computers at a project for the state government of California. The records were of old people receiving medical benefits. The records were not copied from an agency of the state government but from a different entity doing work on behalf of the state government.) People often make decisions in terms of their personal experience or their friends' experiences; but such experiences tend to be local. You will know, directly or indirectly, about local thieves. Fewer people have experience with crackers hired by a mafia in St. Petersburg, Russia, or in New York, USA, or with an enemy military. But with the Internet, your information is as close to someone far from you as to someone close by. -- Robert J. Chassell [EMAIL PROTECTED] GnuPG Key ID: 004B4AC8 http://www.rattlesnake.com http://www.teak.cc ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: National ID card
Ronn!Blankenship wrote: Um, what about the suggestions some have made of having your medical records stored in the National Health Care Database and every time you go to buy food, it checks and if you are overweight, have diabetes, high blood pressure, high cholesterol, or anything else, you won't be allowed to buy anything that someone has decided may be bad for your condition so you will not burden the National Health Care Service* excessively? This is becoming common at school canteens here (Parents get to say what categories of food kids can buy, or apply limits (eg 1 coke per day or whatever)), and they can't buy anything without swiping their student card... What I have learnt is that based on how easily the kids circumvent the system, real criminals and terrorists will have no problem at all Cheers Russell C. ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: National ID card
On Wed, Nov 03, 2004 at 10:24:21PM +1000, Russell Chapman wrote: This is becoming common at school canteens here (Parents get to say what categories of food kids can buy, or apply limits (eg 1 coke per day or whatever)), and they can't buy anything without swiping their student card... What I have learnt is that based on how easily the kids circumvent the system, real criminals and terrorists will have no problem at all Of course, for adults, it is an absurd idea as stated. If there were ever a movement to make people accountable for their risky behavior, a model already exists -- insurance premiums. Rather than disallowing purchase of certain items, such a system would simply track purchases, and the data would be available for setting health insurance premiums based on the expense risk each individual poses to the health-care system. -- Erik Reuter http://www.erikreuter.net/ ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: National ID card
On Nov 3, 2004, at 4:46 AM, Erik Reuter wrote: On Wed, Nov 03, 2004 at 10:24:21PM +1000, Russell Chapman wrote: This is becoming common at school canteens here (Parents get to say what categories of food kids can buy, or apply limits (eg 1 coke per day or whatever)), and they can't buy anything without swiping their student card... What I have learnt is that based on how easily the kids circumvent the system, real criminals and terrorists will have no problem at all Of course, for adults, it is an absurd idea as stated. If there were ever a movement to make people accountable for their risky behavior, a model already exists -- insurance premiums. Rather than disallowing purchase of certain items, such a system would simply track purchases, and the data would be available for setting health insurance premiums based on the expense risk each individual poses to the health-care system. Which reminds me of the well-publicized story of Southern Californian who tried to sue a grocery store in a slip-and-fall case, but the store's lawyers reportedly threatened to use his record of purchasing large amounts of alcohol using their so-called loyalty card against him. Dave ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: National ID card
Ruben Krasnopolsky wrote: What's the big deal with a national ID card? It's stupid and 20thcenturish. The right thing to do is to create a World Name Database, and enforce that every child's name is unique. Then forget about numeric IDs and just use the registered name Alberto Monteiro ___ http://www.mccmedia.com/mailman/listinfo/brin-l
RE: National ID card
What's the big deal with a national ID card? It would prevent voting fraud. It would help transparency in many other ways - So, why not? Well, I guess it can be used for government control, and not always in benign ways. True enough. But right now there *are* many ways for the government to do just that - there are lots of IDs issued by the federal and state governments - passports, driver licences, SSN, birth certificates... Are you people so sure that unifying that into a single national ID would make the risks much worse? Here I suggest it would increase the transparency of the system without reducing the privacy much more than it already has been. Here is the problem with a national ID card. The federal facility that I work at uses a secure Common Access Card, affectionately known as the CAC. This is the same card that most DoD and military personnel use and is the precursor to the national ID card. This card has an embedded chip with selected pieces of personal information: SSN, birthday, blood type, etc. These cards are used to get computer access at virtually every computer in this building (about 3000+ computers). To use the CAC to access a computer, the user has to have the CAC and their Personal ID Number (PIN). The CAC is placed in a reader that is on EVERY computer, the computer prompts the user for a PIN number and then authenticates the PIN number and the certificate on the CAC with a central server. The PIN and the cert on the CAC must match the PIN and cert on the server for access. Except for the rocket scientist users that write their PIN on the CAC with a permanent marker (which is highly illegal) it is a VERY secure system. Even if someone steals or finds a CAC, it is useless without the PIN. It would not be impossible to forge a card, but it would be significantly more difficult to place an authentic cert and PIN on the server to use a forged card. It would require a major hacker or an inside person. About 3 months ago, the server, that authenticates the CAC, experienced a problem that made the server think that all CAC certs had expired. For TWO days, there were 15,000+ federal employees sitting at their desk doing nothing because they could not access ANY computer system in the building. The short term fix was to disable the CAC requirement, therefore making the entire system useless. Imagine this, all citizens have a federal ID card. To make it secure and worthwhile, it must be verified by a centralized authority (if not, what's the point, anyone could forge a fake?) You go to buy something at the store, or renew your license, or get medical treatment, and your national ID card won't authenticate because there are server problems / power failure / hardware or software issues, etc - you get the point. Then you are stuck. Disabling the authentication process defeats the purpose of the system. If there isn't some sort of centralized authentication, then the cards can EASILY be forged by anyone with a good computer, and again there is no point to the system. So do you really want to be in a position of not being allowed to buy groceries because your local Kroger store had hardware problems? Or because there was a power failure or backbone failure between you and the centralized authentication authority? A national ID card sounds like a good idea in theory, but the technology is nowhere near reliable enough to make this a reliable system. By the way, a while back I posted an article about Donald Rumsfeld wanting to make it MANDATORY for every computer sold in the US to require a secured card to allow use - even home computers. I can dig up that article if anyone is interested. Gary _ The positive thinker sees the invisible, feels the intangible, and achieves the impossible. ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: National ID card
On Tue, Nov 02, 2004 at 12:22:20PM -0500, Gary Nunn wrote: A national ID card sounds like a good idea in theory, but the technology is nowhere near reliable enough to make this a reliable system. Not true. The technology for a distributed, redundant, fault-tolerant system defintely exists. Look at, for example, the Internet domain name server (DNS) system. Or google.com. The problem is whether people are willing to spend the time and resources necessary to design, set up, and maintain such a system. Evidently in the system you described, they were not. (Two days to come up with the short term solution of disabling the security? Obviously no one had gone through and anticipated various scenarios and formulated plans of action, let alone having designed the system robustly in the first place). -- Erik Reuter http://www.erikreuter.net/ ___ http://www.mccmedia.com/mailman/listinfo/brin-l
RE: National ID card
Gary Nunn wrote: Imagine this, all citizens have a federal ID card. To make it secure and worthwhile, it must be verified by a centralized authority (if not, what's the point, anyone could forge a fake?) You go to buy something at the store, or renew your license, or get medical treatment, and your national ID card won't authenticate because there are server problems / power failure / hardware or software issues, etc - you get the point. Then you are stuck. Disabling the authentication process defeats the purpose of the system. If there isn't some sort of centralized authentication, then the cards can EASILY be forged by anyone with a good computer, and again there is no point to the system. I respectfully disagree that this technical point kills the idea. An efficient national ID card system can do the authentication without needing to access a central computer. You are right that this would make the system prone to failure. So let's go for parallel computing rather than centralized... And with lots of backups. IDs are always used with different levels of authentication for different purposes. For trivial use of the card, quick visual examination would be enough. For slightly more serious usage, something like a signature or a fingerprint could be quickly checked. For something more serious, the card could be checked, this time by computer, against some local state government database. For a few really serious things, centralized checking would be used. But rarely. Occasionally the centralized checking system will be down so badly that it will pull down the local databases too. Creating major trouble; but no more frequently than the times when the power grid is down. Been there, Detroit over one year ago... I still think that the good arguments against this kind of ID are about politics, privacy, and freedom. What if this ID is used to enforce unjust laws? Technical arguments, I would take as guides to improve the design. Ruben ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: National ID card
On Nov 2, 2004, at 9:22 AM, Gary Nunn wrote: What's the big deal with a national ID card? It would prevent voting fraud. It would help transparency in many other ways - So, why not? Here is the problem with a national ID card. It would not be impossible to forge a card, but it would be significantly more difficult to place an authentic cert and PIN on the server to use a forged card. It would require a major hacker or an inside person. Let's just hope it isn't implemented by Diebold. So do you really want to be in a position of not being allowed to buy groceries because your local Kroger store had hardware problems? Or because there was a power failure or backbone failure between you and the centralized authentication authority? Why would this be the case? I don't have to show any ID to buy groceries now... Do you think that the mere existence of a national ID would change how how we do all business? Would I have to have my ID verified to buy a hot dog from the vendor at a ball game? Would I even go to a ball game? A national ID card sounds like a good idea in theory, but the technology is nowhere near reliable enough to make this a reliable system. By the way, despite my argument with your Kroger example (are they still in business?), I have no argument with your fundamental point, that any system that has a central authorization system therefore has a single point of failure. I worked for Sun Microsystems 'til a couple of years ago, and they were quite hot on the idea of national ID cards at the time. Of course, that's because the cards (including your beloved CAC) use Java[tm] technology and because they figured that they'd get a big chunk of the back-end server business. The one think they have going for them is that they are promoting a federated, rather than centralized, authority model. That way, you'd only be prevented from purchasing paw-paws at Kroger's if the store's network was down. You could always go down the street to the AP (are they still in business?). By the way, a while back I posted an article about Donald Rumsfeld wanting to make it MANDATORY for every computer sold in the US to require a secured card to allow use - even home computers. I can dig up that article if anyone is interested. This from the party that promised to get the government off the backs of the people. If I was a Republican, I'd be embarrassed. Thankfully, I'm not. Dave Can We See Your Papers Maru ___ http://www.mccmedia.com/mailman/listinfo/brin-l
RE: National ID card
Not true. The technology for a distributed, redundant, fault-tolerant system definitely exists. Look at, for example, the Internet domain name server (DNS) system. Or google.com. The problem is whether people are willing to spend the time and resources necessary to design, set up, and maintain such a system. Evidently in the system you described, they were not. (Two days to come up with the short term solution of disabling the security? Obviously no one had gone through and anticipated various scenarios and formulated plans of action, let alone having designed the system robustly in the first place). Everything that you said about the technology is absolutely true, to some degree, however, there is still the possibility of hardware or software failure at the scanning point, and many places in between. Do you remember a few years ago when corrupted copies of the DNS were distributed and a significant portion of the internet was useless for a few hours? I can dig up some references if you are interested. A centralized or distributed authority would have to have significantly more security and accountability than the DNS system has today. As for the problem that I used as an example, everyone was aware of the short term solution in the first 30 seconds of the problem, but it all came down to one contractor in Florida making the decision that the system would NOT be disabled, even at the expense of paying 15,000+ employees for two days to literally sit and do nothing. From a security standpoint, that was the correct decision, but from a practical standpoint, how many millions of dollars were lost in salaries and lost productivity? In essence, you are right, it comes down to system design, planning and policy. But my fear would be what happens when your card can't be authenticated. Would there be a contingency plan? Would a contingency plan that bypasses authentication defeat the purpose of the system? Cards go bad, are damaged, lost, destroyed, people forget their PIN number, etc - that happens EVERY day here. Based on my experiences here with a secured ID card, a national ID card system would be disastrous. ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: National ID card
Serious comment, now . . . At 12:08 PM Tuesday 11/2/04, Dave Land wrote: On Nov 2, 2004, at 9:22 AM, Gary Nunn wrote: What's the big deal with a national ID card? It would prevent voting fraud. It would help transparency in many other ways - So, why not? Here is the problem with a national ID card. It would not be impossible to forge a card, but it would be significantly more difficult to place an authentic cert and PIN on the server to use a forged card. It would require a major hacker or an inside person. Let's just hope it isn't implemented by Diebold. So do you really want to be in a position of not being allowed to buy groceries because your local Kroger store had hardware problems? Or because there was a power failure or backbone failure between you and the centralized authentication authority? Why would this be the case? I don't have to show any ID to buy groceries now... Do you think that the mere existence of a national ID would change how how we do all business? Would I have to have my ID verified to buy a hot dog from the vendor at a ball game? Um, what about the suggestions some have made of having your medical records stored in the National Health Care Database and every time you go to buy food, it checks and if you are overweight, have diabetes, high blood pressure, high cholesterol, or anything else, you won't be allowed to buy anything that someone has decided may be bad for your condition so you will not burden the National Health Care Service* excessively? Would I even go to a ball game? A national ID card sounds like a good idea in theory, but the technology is nowhere near reliable enough to make this a reliable system. By the way, despite my argument with your Kroger example (are they still in business?), I have no argument with your fundamental point, that any system that has a central authorization system therefore has a single point of failure. I worked for Sun Microsystems 'til a couple of years ago, and they were quite hot on the idea of national ID cards at the time. Of course, that's because the cards (including your beloved CAC) use Java[tm] technology and because they figured that they'd get a big chunk of the back-end server business. The one think they have going for them is that they are promoting a federated, rather than centralized, authority model. That way, you'd only be prevented from purchasing paw-paws at Kroger's if the store's network was down. You could always go down the street to the AP (are they still in business?). By the way, a while back I posted an article about Donald Rumsfeld wanting to make it MANDATORY for every computer sold in the US to require a secured card to allow use - even home computers. I can dig up that article if anyone is interested. This from the party that promised to get the government off the backs of the people. If I was a Republican, I'd be embarrassed. Thankfully, I'm not. Dave Can We See Your Papers Maru *Whenever You See The Word Service In The Name Of A Government Agency, Think Animal Husbandry Maru -- Ronn! :) Earth is the cradle of humanity, but one cannot remain in the cradle forever. -- Konstantin E. Tsiolkovskiy ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: National ID card
At 12:08 PM Tuesday 11/2/04, Dave Land wrote: The one think they have going for them is that they are promoting a federated, rather than centralized, authority model. That way, you'd only be prevented from purchasing paw-paws at Kroger's if the store's network was down. You could always go down the street to the AP What if my bladder does not need to be emptied? Old Joke Maru --Ronn! :) Bathroom humor is an American-Standard. ___ http://www.mccmedia.com/mailman/listinfo/brin-l
RE: National ID card
Ruben wrote I respectfully disagree that this technical point kills the idea. WHAT? Didn't anyone tell you that when you disagree on this list that you have to be abrasive and condescending? Hey don't go disrupting the natural order of the Brin-L universe, other people might follow your example. :-) ---notice the smiley indicating jest I still think that the good arguments against this kind of ID are about politics, privacy, and freedom. What if this ID is used to enforce unjust laws? Technical arguments, I would take as guides to improve the design. All good points, putting aside the technical issues, I think that Erik was absolutely right, it would come down to planning, design and policy. My fear is that Rumsfeld Co. would get their way and we would be using an access card every time we check our email online or check out a book at the library. ___ http://www.mccmedia.com/mailman/listinfo/brin-l
RE: National ID card
Dave wrote... Why would this be the case? I don't have to show any ID to buy groceries now... Do you think that the mere existence of a national ID would change how we do all business? Would I have to have my ID verified to buy a hot dog from the vendor at a ball game? Would I even go to a ball game? Very true, my example was extreme, and as Ruben mentioned, the card could come into play for various levels of purchases. Let's use a less extreme example, suppose you are stopped by the police for speeding / traffic violation and your card can't be authenticated? Then what? Do they let you go because the system is down? Do they arrest you because your credentials can't be verified? Will they be given the authority to detain you for hours while attempting to verify your credentials? With Homeland Security, we all know very well that any system can and will be abused. How many stories have we read about abuses at airports for incoming travelers being detained and strip searched? How many over zealous police or security personnel will arrest someone simply because their credentials can't be identified because the central authority is not available or the card is damaged or they forgot their card? Another example, that would not necessarily be extreme, would be purchasing airline tickets. The same potential problems apply. Here's another question, if we were to go to a national ID system, does that mean we require all foreign visitors / travelers to have some sort of national issued ID also? Even if you required foreign travelers to carry their passports, that is a system that can be easily defeated. I am a dual citizen and legally have passports for two countries, suppose I am asked for my national ID and I simply say that I am a foreigner, and by the way, here is my passport to prove it? Just thinking out loud :-) By the way, despite my argument with your Kroger example (are they still in business?), I have no argument with your fundamental point, that any system that has a central authorization system therefore has a single point of failure. Unfortunately, even if it wasn't a single point of failure issue, if you don't have a centralized authentication point, the system can be defeated. The more distributed the authentication becomes, the easier it would be to compromise the system and enter bogus credentials. By the way, a while back I posted an article about Donald Rumsfeld wanting to make it MANDATORY for every computer sold in the US to require a secured card to allow use - even home computers. I can dig up that article if anyone is interested. This from the party that promised to get the government off the backs of the people. If I was a Republican, I'd be embarrassed. Thankfully, I'm not. When I read this article I was floored. I can't imagine many more ways that the government could intrude on your privacy other than monitoring your computer use and internet access. If that had ever come to pass, it would have taken about 1 hour for someone to come up with a way to defeat the system. ___ http://www.mccmedia.com/mailman/listinfo/brin-l