Asymmetrical Information

It would depend on how intrusive it is. I've long desired some kind of data base that would (help) prevent someone from voting in more than one state, for example. I don't see how my rights would be violated if Arizona (my state of residence) were to share it's voter registration data with other states. Similarly, I don't see how my rights would be violated if Arizona were to share driver's license data with the other states.

On the other hand, if Arizona were to start asking me for urine and blood samples when I applied for a drivers license, I'd have a problem.

Would this make it easier or more difficult to steal someone's identity and consequently increase or decrease the damage caused by identity theft?

I have strong principled objections, but that's not what you are asking for. Here's a pragmatic objection: What if you misplace or lose your ID? Think about how long it takes today to get a replacement driver's license or passport. Imagine a future where you are requested several times a day to produce your ID. How miserable might your life be if you couldn't produce it?

In utopia, the good guys would never be asked to prove their identity; the bad guys always would be questioned. But in the real world, the bad guys - experienced in getting around the law - would find a way around the ID requirement - or would find a way to obtain a legitimate ID. The good guys would be the ones inconvenienced by the ID requirement.

Look at most of our current laws; they don't stop bad guys, but they often hurt the innocent. The gun laws don't stop the bad guys from getting guns, but they are a big nuisance to the good guys. Law-abiding citizens have died waiting for permission to buy a gun, but criminals always find a way to get a gun.

I have strong principled objections, but that's not what you are asking for. Here's a pragmatic objection: What if you misplace or lose your ID? Think about how long it takes today to get a replacement driver's license or passport. Imagine a future where you are requested several times a day to produce your ID. How miserable might your life be if you couldn't produce it?

In utopia, the good guys would never be asked to prove their identity; the bad guys always would be questioned. But in the real world, the bad guys - experienced in getting around the law - would find a way around the ID requirement - or would find a way to obtain a legitimate ID. The good guys would be the ones inconvenienced by the ID requirement.

Look at most of our current laws; they don't stop bad guys, but they often hurt the innocent. The gun laws don't stop the bad guys from getting guns, but they are a big nuisance to the good guys. Law-abiding citizens have died waiting for permission to buy a gun, but criminals always find a way to get a gun.

Oops! My first post apparently failed - I received an error message - so I tried again. Please delete my duplicate post.

It's not about the right to be "invisible," it's about the relative degree of privacy a person has. I understand that if I'm under suspicion for something bad that the police will follow me around, pull my credit record, find out where I work and play and which grocery store I go to, and, maybe if the crime is bad enough, dig up my tax records and determine my (negligible) income.

In no real sense is a member of modern society "invisible." However, imagine if all that work of intrusion, which in this country we reserve for people suspected of being organized crime kingpins or terrorists, could be done in the blink of an eye and available to the customs agent who welcomes you back into the country, the parking meter guy who tickets your car, the annoying neighbor next door, or even the telemarketers who call while you're cleaning up the dinner table.

Our privacy is protected by structural barriers which technology threatens to sweep away. It's not that somebody couldn't find out a lot about us, it's that it's not *easy*. And so the question about a national ID database is: what structural barriers does it take away? The devil is really in the details, but the potential for abuse is very readily there.

The idea of one complete database of citizens makes me nervous. Who, exactly, would have access to this database? Yes, we aren't currently invisible, but no one can easily get hold of my credit rating, medical records, travel history, and tax returns all in one fell swoop. Right now, it would take a lot of determination, or a private investigator, to gather all this information, and most individuals are protected by the "no one would bother" defense. If it's all in one database where a low level civil servant with a CD-burner can have it in minutes--we'll all suddenly find that the nuisance threshold has been passed.

Say I cut off a driver on the interstate who gets massive road rage--he goes home, feeds in my license plate, and starts harrassing me at work. Or maybe he's even more creative: He has my doctor's name, so he calls me with phony test results. Perhaps a nice syphilis diagnosis so me and my partner both believe the other cheated.

As soon as all the information is in one place, there will be demands for it. If it's used for terrorism today, it will be used for drug enforcement tomorrow, and for child custody cases next week. Any time you go to court, the lawyer for the opposing side will subpoena your file. Why not? It's only one subpoena. Not the half dozen or so he'd need now. Employers and landlords will make you sign a waiver to run your file, the way you sign over your credit history now.

I'm not asking for complete anonymity. I only want my information available on a need-to-know basis. My banker does not need my medical history any more than my doctor needs my credit report. I am already bothered by how my social security number is used as an ID number on so many things.I don't want it made worse.

Seems like it could consolidate existing identification schemes into a universally recognized format, which would have obvious benefits, but would also be an irresistable temptation for government mischief. I want government to be efficient in doing its legitimate job, and grossly inefficient in doing extracurricular activities. The current threat level makes its proper functions that much more important right now, but if A-Q is dismantled and congress passes a new program to sound a siren when "deadbeat-dads" swipe their ID card at the airport, I'll be pissed. Maybe if it were temporary... but lots of nasty stuff that started out as temporary is still with us. Maybe if it were given a name like "Temporary National ID Program To Reduce Terrorism" or something, politicians would be too ashamed to use it for trivialities or to keep it longer than necessary... but I doubt it.

On the balance, I think I'd say yes to a temporary program, but would fight to kill it once I felt safe again, or if it made no noticable difference to our safety.

"We're assuming for the sake of argument that the technology can be made to work"

To accomplish exactly what? Suppose we got an magic card that will glow green held between the thumb and forefinger of the authorized card holder. All others get no glow. It works, right?

So a guy holding a green card can walk right into the White House or NORAD or the "clean room" in an INTEL chip fabrication plant? I mean, his card is GREEN! Why not?

It seems to me that it's not enough that the card works. It has to be a single key to an dozen or more databases -- as you say, credit histories, security clearances, gun ownership registration, HIV status, marital status, vaccination record, what have you. And THAT means that the guys who pull up your vaccination record or HIV status then ALSO have the key to your credit history; or the guy trying to sell you a new car has a key to find out how many guns you own; etc.

Right now, the cop checking your driver's lisence only sees your traffic record. The nurse looking at medical records only sees medical stuff, and the gun salesman alone keeps a paper ledger about what he's sold you in the past few years.

It's not about the ID card. It's about tying data together. Are you okay with that?

It would *reduce*, not increase security, because it would increase the temptation for people to do as Pouncer said, if it's green, let him through, and remove all human judgement from the equation. So any terrorist would, instead of having to be judged in several instances by human beings as is the case now, will just have to work on getting a good card in the database, and then wreak havoc. It's an extremely brittle system you're creating, one that, when it breaks, will break in a catastrophic manner.

Pouncer sums up a lot of what you all have said - it's not about the card, but about tying together all this data. My reply would be--it is about the card. What I'm proposing is that the card link you to your name and an ID number, nothing else. You show the card, provide a fingerprint, and the only thing the person reciving the information is entitled to know is that you really are Contributor A, ID number 12345678.

For more security, specially authorised people would have access to certain information: an airport screener might get to find out if you are a convicted murderer or are on a terrorism watchlist, but no right to your HIV status or your financial records. Nobody would have a right to ALL this information without the already-existing rigamarole that investigators must go through.

These things are compartmentalized in this way (if not perfectly) already. The only new function of the card would be merely to prove you are who you say you are when you board a plane, say.

Is there a reason this is impossible?

My practical concern relates to how would you go about fixing an error in the database? Right now, if one of the many sources of info on me is incorrect, I can rely on the other sources (and their corresponding paperwork) to correct it.

And even though the info is out there somewhere, it's not in an easy to find format at only one location. When I cross the border, I assume that the customs agent enters my license plate number in the database to see if there is anything posted against it. I also assume that if I show my passport to an agent in a foreign country, or if I return ot the U.S. from a country other than Canada or maybe Mexico, they are checking my name etc. against their database. But details from my credit history won't be there. Is making it easier to find out about me in the name of national security a good idea?

I've got to already be in databases; I know my fingerprints are, from being an officer in the military to being in banking with access to securities (3 different banks) to being a peace officer at one time to being a member of two state bars. All of these require a fingerprint background check. So? I lead a clean life; there's nothing to come back to haunt me.

Federal law and many states' laws prohibit the gummint from using my soc. sec. number as an identifier, but every private business I've worked for uses it for exactly that. What gives? And the Privacy Act requires the gummint to tell me, via part of a tree, that they are collecting my SSAN for a valid purpose, and that if I don't provide it, I won't get paid, the form I was reqeusting, etc. This is useful?

I assume that I live in a fishbowl anyways, and not just because of my wife's job (superintendent of the local school district). I also assume that whereas many private businesses would like to know data about me, the gummint really doesn't care. If the gummint collected all the available data about everyone and kept it in one huge database, do you think you or I would ever be noticed? I don't. I have never felt so anonymous as when walking down the crowded streets of New York City. Same effect. Call it a variation of the herd defense--there has to be some particular reason for a predator (the gummint) to single out a certain individual herd beast for attack. As long as the particular reason is procedurally protected, as it supposedly is now (ever asked a friend who was a police officer to run a tag check on another freind's license plate? it happens...), I wouldn't have any heartburn over a national ID card and database. BUT, and it's a big "but", I don't think that the safeguards in place for all the individual data sources are adequate for a national data base.

And what happens if the wrong sort of politicians get elected, you know, the ones who take 800 FBI files of people to review to see if they can get any dirt on them? What then? I'd sooner trust a career bureaucrat than a politician.

Just my two cents.

The data is already out there, although it takes a while to gather all of it. That is generally a problem for the bad guys, because they are in no hurry. It can be a real problem for law enforcement.

I can see some real potential advantages which have little or nothing to do with national security. For example, if the cards were required as ID at the polling place and the cards were electronically invalidated at death (or physically collected before the issuance of death certificates), it might put an end to "cadaver" voting in places like Chicago. If the cards were electronically checked at the polling place, it might also eliminate "early and often" voting. If the cards were different in some ways for citizens vs. non-citizens, if might eliminate voting by non-citizens. If the cards were unavailable to ILLEGAL ALIENS, it might be easier to prevent them from working or attending school, claiming benefits, getting free or "in state rate" college tuition, etc.

However, I suspect their value would be greatly diminished (without reducing their intrusiveness) by the "whining class", which would be concerned that having to positively identify yourself at the polling place is "racist", or that only being allowed to vote once and not being allowed to vote after you die is unfair, or that treating the "undocumented" differently is discriminatory, or whatever.

My concern is not a loss of my privacy, but rather increased inconvenience and cost for me, with no real benefit to national security, or the sanctity of my vote, or access to services provided at my expense to those in the country illegally.

boo is correct. The brittleness such a system would likely have entails great danger. The Atlantic had an article in the last year or two about the human tendency to turn off scrutiny once technology has supposedly solved a problem.

It looks as if I'm not the only one worried about procedural safeguards.

A side point--is it not a total crime that anyone who walks into a polling place (in New York, at least), says "I'm Contributor A, and I live at xxx Degraw Sreet", and can insta-forge my signature (a photocopy of which, from my registration form, is next to the place where you sign on voting day) can vote for me? Huh? There's another argument for a better ID system.

Regarding the effective loss of liberty, privacy, etc., there are at least two questions: (1) will authorized usage noticeably infringe on privacy? and (2) will feasible *unauthorized* usage noticeably infringe on privacy?

The second question is tough to answer fully without some really smart cryptologists, engineers, etc., going over all the specifications in detail to figure out possible attacks (biometric spoofing to impersonate the real owner, codebreaking to read or replace data on the card, ...); declaring a system "secure" in the presence of cheaters is much harder than designing a system to be useful in their absence. Several of the people are trying to answer this question, but in doing so it seems to me that they're assuming flaws that may not exist in the realized system. Nevertheless, this question is a pretty important one since some forms of spoofing can render the system either extremely invasive or completely useless (or both).

The first question is answerable once we have an idea how the system is supposed to work (what data is accessible by the card, etc.). There are some easy improvements to be made over the current situation with driver's licenses used as ad-hoc IDs: uniformity could make forgeries easier to detect, and extra security features could make them easier still. I don't think there's any reason (apart, of course, from the ubiquitous government ineptitude) to design the system so that *any* access is able to pull up all information. Different authorized accessors could have different levels of access: your doctor can read your medical history but not your security clearance, the airport screener can read your travel history but not your medical history, etc. In principle this is possible, and if done correctly it seems to me hard to argue that this would provide a lot of value (quick, easy access for authorized users to important information) with no real loss of privacy (since the users already have access to the information).

But in practice it seems to me that the problem boo mentioned is pretty fundamental; the database is only as good as the data put into it. It seems to be relatively straightforward to get false IDs of any desired type today, and unless the initial screening processes for all database inputs and card distribution become much more secure the ID you get at the end will be just as worthless for real identification as a driver's license is today.

Here's a practical example of a big problem: illegal aliens (assisted by the Mexican government, the race industry, and sweat shops) would agitate to receive the card. And, they'd agitate for one without any mark identifying the bearer as an illegal alien.

Consider, for just one example, this interview with Gil Cedillo, a CA state Senator who says he and Schwarzenegger are "working hard together" to give driver's licenses to illegal aliens. Cedillo says they want to give DLs to everyone regardless of immigration status, and those DLs will look just like DLs real citizens carry.

Any proposal would have to take the aforementioned anti-American groups into account.

If you've never heard of the Mexican government meddling in our laws, check out 'Mexico lobbies for alien amnesty', 'Is Mexico Thwarting U.S. Immigration Enforcement?', or my Immigration category.

It looks like several issues are being brought up. From the original posts, it seems as if they are simply requesting a national ID card with photo, fingerprint and bar code. Easy enough and not much different from what we have today.

Reading the posts, I see much concern about this card being used as a tool to centralize far more personal data such as medical records, credit history, tax history, voting, etc.

For the record, I am for a central ID and against the more intrusive information centralization posed by this list. We read daily headlines about mass theft of data and I don't think security on this issue is going to improve anytime soon. I really can't see any rights that we are giving up for this. It appears to simply make our ID system more efficient and build upon the technology already used in other nations for security.

Spec: I already produce my ID's several times a day and am miserable when I forget it.

shell: I completely agree. If we are to cede rights, then why not ask for more control over who can see the information?

Pouncer: You are taking this argument to the extreme. I agree that if you give the opportunity for a security person to think less they will take that opportunity. I do not agree that a national ID card is about consolidating all information about a person and ceding all ownership of personal data to the government.

"We're assuming for the sake of argument that the technology can be made to work."

There's one basic non-technological issue: how do you identify the people applying for the ID cards? At present, anyone can request some dead person's birth certificate, stand in line at a couple of government offices, and get a driver's license and social security card. What you're doing here is reducing that to one line at one government office.

I write software. Software that has database that contain information about people (customers, but feel free to think of more sensitive databases). Right now, that data is very noisy. We can't easily correlate it with outside databases from other companies because there's no unique identifier for people. We don't have their SSNs for the most part (I try to never give mine out as much as possible).

If there was one number, it would be trivial for all these disparate datbases to get correlated. Those companies that sell information about people? Pretty soon, for $10 you'll be able to get anything on anyone.

I love the fact that our data is so messy that it barely scales...

An ID that you're not required to carry at all times? Currently if you do not carry a state issued drivers license or ID card you are treated with suspicion if a law enforcement officer desires to see said ID.

I do not see any positive advantage to a federal ID card. As has been mentioned, criminals will forge cards, so what advantage does it provide. I am not a conspiracy theorists, but I do fear putting greater power in the hands of our central government. Any authority granted tends to be abused at some time or another.

I have always had a problem with the idea that information becomes subject to more restrictions just because it can be accessed more efficiently.

The question of validating initial issue is a good one. Obviously DNA will have to be involved, with the embarassing consequence that some questionable parentages will turn up.

We will need to decide what public records are accessible. I suggested that, in the case of drivers licenses, the requester would be required to submit his own ID to be given to the person whose record was requested.

Let's work to make sure the ultimate answer is built on reason, not politics.

Walter,
Give it a few years and someone will come up with a way to fake DNA.

I can think of a very easy way to fake it off the top of my head...just find a corrupt issuing official.

Kristof's key sentence is, I think: "So why not plug this hole with a standardized, hard-to-forge national ID card/driver's license that would have a photo, a fingerprint and a bar code that could be swiped to check whether the person is, for example, a terror suspect who should not be allowed onto a plane? We could simultaneously reduce identity theft and make life tougher for terrorists."
1. There is no need to link the ID card to a driver's license, since the purpose of an ID card is,well, identification, and the purpose of a driver's license is to establish that one can operate motor vehicles on public streets safely. The identification function is secondary.
2. The fingerprint is a red herring, too, since checking it adds substantial time and adds little, if any, security (if you are going to put your picture on someone else's bar-coded card, why can't you put your fingerprint, too?) So the rhetorical triad of 'picture, print, and bar code' is no better than 'picture and bar code.' Which is no better than 'picture and something else.'
3.To the extent that such an ID is "standardized," it becomes administratively more and more convenient to make it mandatory, in much the same way that Social Security numbers may not technically be mandatory, but are much more necessary today than when they were introduced--leading to criminal charges for failure to have the card in certain locations, such as airports.
4.Even if there were no criminal charges attached to failure to have such a card, it would probably cause an unacceptable trade off between anti-terrorism type security and other kinds of security. For example, if the card was truly "hard-to-forge" then it would probably replace Social Security numbers as the primary ID for, say, unemployment compensation benefit applications. This apparent increase in security would mean, however, that those who do not have the non-mandatory card must wait longer or engage in riskier transactions, such as giving out one's Social Security number, in order to get benefits. This might be a good thing from a libertarian point of view, since it would mean fewer people applying for or getting benefits. But it would also mean that government action was skewed in favor of certain people and against certain others based on reasons that are not relevant to the purpose of the activity, which libertarians generally object to.

(1) Even assuming it will be technologically sound (a stretch in itself ... ask me again after this electronic election is over), it will, absolutely, be screwed up. Human error in data entry, in data storage, whatever. You may have experience --- I do -- with what happens when your bank or credit card company screws up. Except with this, you lose all your rights and privileges in all walks of life at once.

(2) It will, absolutely, be counterfeited. Exponentially worse for honest people than today's identity theft, and only a small hurdle for terrorists.

(3) When (1) or (2) occurs, it will, absoluetly, be abused by overeager prosecutors. This has already happened with the Patriot Act, which has been invoked in all kinds of cases having nothing to do with terrorism.

The acceptable cost of security measures is worth considering. The most secure method of airline travel would involve chaining passengers into their seats naked. This probably wouldn't be acceptable to most passengers. Estimating the utility of various security measures may be difficult. Why hasn't better security been implemented, if it's so desirable? In fact, there are many indications that security is discounted in value calculations. Consider how consumers treat the security of their personal computers. Many don't use a firewall or any form of virus protection, even though the cost is low. When you look critically at how secure most people's homes are, again you come to the conclusion that for many people security isn't a big consideration. Given that many people place a low value on security, it would appear to be economically inefficient to enforce new global security measures.

It belatedly occurs to me the problem of ID-ing the "good guys" is the premise of EE "Doc" Smith's whole "Lensman" series. "Good guys" have a lens. The lens reads their souls, and if they ever become bad guys, the lens stops working. Those born bad, of course, never get lenses in the first place.

Now, if that is the level of technology being proposed, I'm for it.

Short of that, I have concerns.

Giving the political state the technology to rigidly control its citizens may not be wise. Since Franklin is disdained, try Ludwig von Mises:

"Government is in the last resort the employment of armed men, of policemen, soldiers, prison guards, and hangmen. The essential feature of government is the enforcement of its decrees by beating, killing, and imprisoning. Those who are asking for more government interference are asking ultimately for more compulsion and less freedom."

"- It will infringe your right to be invisible. You don't currently really have the right to be invisible. We're assuming you're a normal American who pays taxes, has a social-security number, answers the census, carries a driver's license and has a credit-rating. Those few who have none of these things can keep that right--they just may not marry, drive, fly, travel abroad, work for pay or draw any government benefit whatsoever."

Nearly all of this is voluntary. You don't have to work and earn income (homeless people on the street don't). You aren't required to get a drivers license. You aren't required to have credit or even a bank account. Yes life is much more 'normal' if you do all those things but it is no more required than having cable TV is required.

The only thing on this list that is really required is participating in the census. That you technically have to do.

Contributor A:

Pouncer sums up a lot of what you all have said - it's not about the card, but about tying together all this data. My reply would be--it is about the card. What I'm proposing is that the card link you to your name and an ID number, nothing else...[snip]...specially authorised people would have access to certain information: an airport screener might get to find out if you are a convicted murderer or are on a terrorism watchlist, but no right to your HIV status or your financial records. Nobody would have a right to ALL this information without the already-existing rigamarole that investigators must go through.

A "right" to access is not the same thing as the practical realization of access. Presently an airport screener does not have access to all those things either, but the critical dividing line is that if s/he felt a strong desire to see them, s/he would have to go to a not-insignificant level of trouble to obtain all of them. If all that information was readily tied to one ID, then it would logically end up in one cooridanated database system, and the only partition would be hardware and software security meachnisms, which (a) are programmed by imperfect humans and (b) are easily bypassed with the right knowledge and/or connections. Most major breakins involve at least as much social engineering as actual defeating of technology.

These things are compartmentalized in this way (if not perfectly) already. The only new function of the card would be merely to prove you are who you say you are when you board a plane, say.

The ostensible function would be to prove who I was upon boarding a plane, but the additional possibilities are either chaotic or Orwellian. Either this system is as fragile as boo suggested it would be and would result in an inordinate amount of confusion (we are, after all, assuming that government bureaucracy could efficiently implement and manage such a large project); or it works so well that a 1984 scenario is at least enabled, if not quickly realized.

My own take is that it would fall somewhere in the middle; to the extent that it worked it would be eventually abused in potentially extraordinary ways, and to the extent that it didn't it would impede civil function.

Is there a reason this is impossible?

You are effectively asking your audience to prove a negative in a climate of perfected technology while excluding the very kinds of social factors that even perfect technology cannot override short of repression. This may make for an interesting thought exercise, but I submit that none of this is directly transferrable to the real world. That being the case, why are we discussing it in the context of an op-ed suggesting it is feasible and should be implemented now?

Uncle Sam decides against fingerprinting Mexicans: http://www.whyfingerprint.com.

Newp. I'm not assuming for the sake of argument that the technology can be made to work. I'm rawther highly skeptical that it can be, matter of fact.

So that probably leaves me out of the equation right there.

"they just may not marry, drive, fly, travel abroad, work for pay or draw any government benefit whatsoever."

Driver's lisence isn't currently required for a majority of the things on that list, so why should I grant them as a given?

Yeah, I know:
"That's not an argument - that's just mindless contradiction!"
"No it isn't!"

Sue me. ;)

An argument that's based on unrealitic predetermined criteria is an interesting and often amusing excercise in mental masturbation, but when it's on a topic such as this, no one has to choose to accept the stacked deck assumptions. Best way to play that deck is to kick over the table and break out dice. ;)

People should have an all-purpose ID number for the government to know them by. Names don't really work. People have identical names, or they change them.
The privacy issue is what you do with the numbers/names. That's a seperate issue.

"The privacy issue is what you do with the numbers/names. That's a seperate issue"

Okay, let's posit numberS, plural. Every data base you may be part of, let us mandate, must assign you a DIFFERENT unique number. So Intel clean room security access is a different number from your hospital patient record number is different from your social security number is different from you AOL billing account...

No common elements are allowed between databases -- EXCEPT the magic green glowing biometric card, held by the citizen and the citizen alone. (With a backup card in a trusted third party repository, NOT government. Okay?)

So, go to the the hospital, present your card, and the hospital retrieves ONLY the ID number, of several score recorded on the card, that matches the type of number in the hospital database. Credit history and all else is isolated. Go to the bank and the bank systems retrieve financial records for that single bank, unless you authorized them to pull credit at specified other institutions. Go to the DMV and they pull up your record of parking tickets against that DL number, but have no key number to see your property status.

Now, THAT I _might_ be able to endorse. But I'm not at all sure that's what is being proposed.

Nobody needs to conterfiet the card--er, rather, we don't need to assume countefeitability to be 100% confident that there will be fraudulent cards out there: some corrupt government apparatchik will be induced to issue same for bribes, etc.

Pouncer - your last comment is basically what I proposed. There need be no centralized database, anony-mouse -- I don't see why a tougher-to-forge national ID requires a Big Brother database of Everything--if you think it "logically" follows, why so? Again, the card just proves you are who you say. Nothing more.

We all seem to agree that walls between our data exist and if anything need to be strengthened, not weakened. I don't want to turn my SSN over to a potential landlord for a credit check and have them all a sudden able to know whether I got a speeding ticket in 1991. Crikey. But I don't think that's likely just by introducing an ID.

And Ironbear and Anony-mouse, I'm not trying to cheat by stipulating perfect technology, I'm just trying to keep the debate on rights, not the feasability of biometrics, which is an interesting but (for these purposes) distracting completely separate discussion. If you want to talk tech, it's a free country, at least until I get you all to submit to my GENIUS PLAN FOR NATIONAL IDs, BWAH HA HA HA...

- John Aschrof.. I mean, Contributor A

Basically, Contributor A asked a question, then immediately ruled out any answer that anyone might care to give. I must say I'm not impressed. It's like asking "What's 1+1? Oh, and please don't respond with that tired old answer of 2."

The question to ask is not whether a National ID is so intrusive as you describe it but rather where will it go from inception.

Americans have an inclination to incrementally give up "rights" when they believe their safety will be improved.

I think you have to concern yourself over the "well intentioned" next generation who may want to require ID carrying, who may pass laws to fine you if you don't have the ID in your possesion, who may find it "necessary" to walk up to you Arab / Oriental / Hispanic looking people and ask for your ID.

Don't think it won't happen or that it will. But it certainly could.

Larry Hanry

"I don't see why a tougher-to-forge national ID requires a Big Brother database of Everything--if you think it "logically" follows, why so? "

Because that's what happened in every instance so far. You get a Motor Vehicle Operator's license to establish one and only one thing -- that you are fit by ability and training to be entrusted with operation of a large high speed vehicle on the public roads. You DON'T need it to operate a tractor on your own farmland and access roads. You don't need it to use the public road as a pedistrian or bicyclist. The requirement is the same for citizens, resident aliens, and, to an extent, tourists from other nations. PROVE you can safely operate that vehicle. It has a specific limited purpose.

BUT, it is applied to the opening of a bank account, purchase of a firearm, securing of electrical utility service, establishing residence for enrolling your children in public schools ... THAT particular ID number, showing that a uniquely identified person of such name, age and address is qualified to operate a car -- gets pressed into service in other applications and other databases.

Same, worse, for Social Security. If you work for the post office or city schools and are NOT participating in the Social Security retirement and disability system, can you escape the requirement to obtain and present a SSN? No. That ID number is used to identify you for other taxes, for other government services, for financial credit, for health records, for employment rights ...

So far, every major public service that requires a unique "key field" identifying number to distinquish John Doe on Oak Street from Jonny Dough on Oak Road begins by issuing a peculiar "card" showing that database number -- and ends up having that number used in other outside applications in systems the originator never intended. It has been, so far, LESS about the "card" and more about the database key number. As long as the debate focusing on using one common keyfield number in multiple databases, I'm against it. I expect you are against it too, in your economic "revealed preferences". Or, do you use the same password for your various e-mail accounts, which also is the password / PIN for your ATM card, which is also your cellphone number?

Now, if instead of a card with one key ID number we are proposing a single device which bio-metrically validates that the card-holder is the authorized user, AND, that the card records and stores DOZENS of separate number keys for separate databases, AND, that access to one key number provides es no direct clue to the composition of other key numbers, then we can begin talking about a REDUCTION in overlap among users of driver's license number, SSN, and similarly abused present day database keys.

That would be expensive, though. Remember Y2K -- how many systems had to be re-engineered to use a four-digit number in place of a two-digit number? Suppose the "smart, green glowing, biometric, magical" ID card sets a new standard and all key-field database personal identification numbers are now defined as 29-digit numbers -- like the barcoded or RFID commercial product code on a particular shipment of a particular production run of a particular case of Gatorade -- GREAT, from a citizen privacy standpoint. LOUSY! from the standpoint of a health insurer whose been using the 9-digit SSN for medical billing records and invoicing for the past couple decades. (Watch the COBAL programers propose tring to 'pad out' the existing datakey with twenty zeros in order to "create" a 29-digit key field...)

Since the insurance companies, banks, airlines, and credit bureaus would all be against such an effort, I suspect they'd lobby instead for a single ID number. And then we're back to the problem of using that same key in should-be-but-aren't-really-separate databases.

Since I don't expect the ACLU to have the power to offset the influence of the cartels mentioned above, I have to fight the whole ID card / ID number issue at the basic conceptual level.

All clear?

Jane, EXCELLENT topic! Thanks. I suspect copyright adheres to you for stuff I offer as comments, here. May I have permission to consolidate my thinking for a post to my own LiveJournal site?

I tend to agree with Pouncer's last point. There is a tendency of any system to expand. When Social Security numbers were first implemented it was illegal to use the Social Security number for any purpose but to identify oneself to the Social Security Administration. Gradually the SSN has become ubiquitous. I don't know the order, but somehow the SSN got linked to IRS records, driver's licenses, bank accounts, credit records, voting records, etc, etc. That's quite an increase in the number of uses from there being only one legal use.

It's inevitable that the National ID card will progress in the same direction. I think it's naive to think that following some (probably horrendous) incident that you won't be required by law to carry your ID card with you. In fact, if biometrics are involved you won't have to carry the card with you because you ARE the card. First, you are swiping your card to get into the airport. Next, you swipe the card to get into a federal building. Then, you put your finger in a machine to get into the mall. Then, any car you get into will be required to scan your retina so that if you are involved in an accident it can be absolutely verified that it was YOU who was driving and not someone who stole your car.
It's the frog being boiled in the pot. A series of what seems like logical steps that leads to something that as of now seems impossible. If you had told the people who voted the Social Security system into law what it would turn into they would have run screaming into the night, never to vote for it again. All they wanted was a number that would be used for one little purpose. That's not too much to ask for, now is it?

One thing to note is that adding a " may not drink until [date]" line to all ID cards, instead of just those of youths, as punishment for a crime, is quite different than packing personal info on ID cards.

A funny thing about this as well: Taking away the drinking privilege will hurt in EXACT proportion to the individual's dependency on booze -- the "unlucky" one-time-drunk driver won't much care, and the routine drunk driver will think the world ended.

p.s. sorry about all the pings. stupid MT autodiscovery and timeouts.

"In fact, if biometrics are involved you won't have to carry the card with you because you ARE the card."

That's actually a good argument in FAVOR of a biometric magic smart card, instead of using a biometric key-code itself.

If, say, your fingerprint could be read and converted to some long digital number, then -- again -- THAT number is the keyfield which will be used in several databases, some as yet undreamed of. On the other hand, if the fingerprint is read by the card, and the card assigns another separate number, then the databases can be preserved distinct without a shared key field.

But the alternative is different bio-metrics for different databases. Say the medical industry and ONLY medical industry uses retina patterns. The financial industry uses thumbprints. The security industry is forbidden from either of those, so uses the patterns of the iris of the eye. The tax authorities map -- I dunno. Earprints?

[Your SSN] is used to identify you for other taxes, for other government services, for financial credit, for health records, for employment rights ...

And, I might point out, it is taken when you buy a fishing license, "to enforce child support laws."

But try to force employers to check SSNs to confirm legal residency...

Well, let's see, Jane. "Contributor A" disallows all considerations of feasibility and practicality, and set the bar for success at "any gain in security" whatsoever, no matter the cost. So any sort of rational cost/benefit analysis is out, as well as any analysis of harms that come out of failures in implementation.

So, we're down to abstractions and philosophy...but "Contributor A" wants "concrete examples".

"Contributor A" doesn't really want answers.

There is a hard-to-forge federal ID system in place today. It's called a passport. And every point that Kristof makes about use of Driver's License IDs could be remedied if those circumstances merely called for the use of a passport instead.

The risk is not, nor has it ever been, that the mere *existence* of a federal ID system would decrease liberty. It's that a federal ID system is an enabler for taking away liberty at a future date.

The implementation specifics are, of course, where all the abuse opportunities come into play. If those specifics are off-limits for this discussion, then there's not much opportunity to make a case.

"For more security, specially authorised people would have access to certain information: an airport screener might get to find out if you are a convicted murderer or are on a terrorism watchlist..."

Contributor A provides the most succinct answer of all; (although an honorable mention to all who mentioned corrupt bureauocrats)

An airport screener needs only access to one DB (terrorism watchlist). No airport screener needs access to a list of convicted anybodies, but in any implementation they will soon be added as a matter of course most probably for "Reasons of National Security".

There is reason to hope though. Within the last year I read that software has been installed at (at least) the San Diego/Mexican border that will scan auto license plates and sound an alarm when a stolen car passes. When asked why no one was stopping the cars when the alarm went off, a
Border Patrol agent replied "It's not our job"

Tis a sad day when sloth is our best hope.

A few folks have commented on whether it's easy to get a hold of various data on people. Well, yeah, it depends upon the data, but check out the background check retail kit.

Also, unfortunately the Boston Globe article whence it came is gone, but here's a quote I saved.

"It's the collapse of inconvenience," says Siva Vaidhyanathan, assistant professor of culture and communication at New York University. "It turns out inconvenience was a really important part of our lives, and we didn't realize it."

As far as whether this data scales well, and is easy/hard to tie together, I'd point to a Forbes article on data mining, except that once it went behind the subscription wall, I trashed the bookmark. But data mining is a huge business, and the profit motive will drive the innovation to scale the query capability. I actually envision a distributed query system, so that any individual data store doesn't, itself, have to scale to the task. TIA will happen, just in the private sector.

Contributor A:

Pouncer et al answered most of your response to me with the simple problem that any system of ID, no matter what it was intended for at the start, tends to cross polinate with disturbing results. Social Security is one of the worst in this regard. Initially it was only to identify a person to the SS Administration; now, starting from just a person's name and SS#, someone can complete an identity theft in about a week -- and most of that is just processing delays for getting the new drivers' license, credit cards, etc. issued.

I would have no immediate objection to an ID card that validated only the correct holder and maintained fully separated keys for separate databases, but that requires swallowing the shaky propositions that the technology (both for the card and the biometrics) can be perfected and that its infrastructure will be managed by incorruptible persons who are skilled and responsible users thereof. Dismiss those as "separate arguments" if you wish but in the context that is, IMO, a lot like dismissing gasoline as "an accelerant, therefore a separate argument" when discussing how easily the average person could perpetrate arson.

In fact I cannot think of any immediate reasons why the ID would NOT work in the narrowly-defined, highly-idealized circumstances you propose (again, none of which I believe to be directly transferrable to the real-world ipmlementation of such a system). But does that satisfy your query?

Thanks to everyone who responded (except those who were needlessly nasty). I asked a specific question (what rights would people lose with an ID) and in my opinion we got a fairly good consensus answer: perhaps none with the ID itself, but people and government being falliable, and political circumstances being malleable, it could conceivably (though not necessarily) lead to an easier curtailment of rights later on.

Anony-mouse - I didn't stipulate incorruptible bureaucrats, and so that's a perfectly good answer. What I did rule out is a simple "anything that gives government more power, I'm opposed to", without support, which a lot of people including you admirably did argue with support.

Eric the .5b, I didn't say "any gain in security, no matter what the cost," but "at an acceptable cost." Maybe it was another "unfair" thing for me to rule out as a line of argument--cost-benefit analysis is fine, but it wasn't the question I was asking, which was about rights, not expense. Again, if someone wants to take a hack at that, I can't stop you. But my point was rights "costs", not dollar costs. I was talking to Jane and we were trying to find specifically rights-based objections to an ID. That was the reason for my stipulations, not because I "don't want answers". A lot of people gave exactly the kind of replies I was looking for. In our discussion, Jane said "let's ask my readers--they'll have plenty to say," and she was right. Thanks everyone.

Comments are Closed.