Slashdot Mirror
National Biometric IDs
Jester998 writes "I just came across this article about how two U.S. congressmen want biometric identification. They're trying to avoid the controversial 'national ID' issue by creating what would be new drivers licenses with biometric information embedded. What does the Slashdot community think about having your retinal pattern embedded on a smart card?"
Proudly Canadian.
A national ID card is a way to restrict freedom. Unlike searches at the airport, you don't gain security for the trade-off. Instead you get to be treated like a criminal when you've done nothing wrong. Would it have stopped any act of terrorism? No. Would it have ever stopped anything? I seriously doubt it. This only oppressed the law abiding citizens.
What does the Slashdot community think about having your retinal pattern embedded on a smart card?"
The same as ALL THE OTHER attempts to remove our privacy...NO! NO! How often does this need to be repeated before people finally understand that "NO" really does mean "NO"?
It's not the method of privacy removal that we find disgusting. It's the removal of the privacy in the first place.
There's no sig like this sig anywhere near this sig, so this must be the sig.
well, how would your identity be stolen? they are not stealing your eye, they are stealing a card with your retinal scan on the back. i imagine that what the retinal scan is for is that you present your card, then put your face to a retinal scanner to make sure that the card is not a fake and you say who you are. now i don't like this idea, but i do feel that getting ahold of somebody's card with a retianl scan stored on the chip is no more risky than getting thier traditional id card stolen.
Nobody is asking what the problem is that this is supposed to address. Step 1) of implementing a security measure is to ask "What is the problem it addresses?"
So, what is the problem? Terrorism? The 9/11 terrorists HAD legal id. Having their DNS sequence on the card would not have stopped them.
I haven't considered all of the ramifications, but I think it's a good idea. There may be privacy issues, but, really, who cares if your retinal pattern is in a database somewhere? It isn't as if your DNA is being sampled[1].
What makes this a GOOD idea is that identity theft would be much more difficult. Right now, if someone gets a hold of your SSN, they can screw you over. It's much more difficult to recreate a retinal pattern.
David Brin refers to this distinction in The Transparent Society. Your SSN maybe a good identification number, but in many cases it is also used as a password, which is just foolish, because you can't change it, and it can be stolen. On the other hand, a retinal scan, as I said above, makes an excellent ID/password, because it is so difficult to duplicate.
I'm still interested to hear other's arguments against this.
[1] The implication here is that insurance companies may be able to get a hold of your DNA and use the information within against you.
So the people making fake drivers licenses have to jump through some extra hoops...big deal. What problem is this solving? This smacks of gun control and Windows Product Activation...in that it just makes things more difficult for John Q. Public. Fake IDs will still be easily accessible.
Besides, don't we pretty much already have a national ID system? As in a Social Security Number?
The basic question is easily stated: do we apply the privacy desires of the majority, or the privacy desires of the individual? The majority may very well not have a problem with having megabytes of data in every corporate database that leads to loads of junk mail, spam, targeted ads, higher insurance, HMO profiling, your neighbor knowing about how depressed you got when your fiancee left you, if you are a women, the creepy guy down the street finding out when you shop and what tv shows you like so he can always "bump into you"... ad naseum. Once the data is open, it will get used in... creative... ways that we can't predict.
So... I am a mass of data. I know what I like, what I don't like, my favorite indulgences, my pet peeves, my moral boundaries. I don't want my neighbor knowing.
Biometric info on my ATM card? Sure! As long as it *remains tied* to that account. If you start cross correlating that with my purchasing and medical data, that starts to worry the hell out of me. Not for what will happen in the next few years - but for how my children's children will live.
Do we really all want to live on the set of the aptly named "Big Brother" with any corporation or neighbor with a wallet able to predict, profile and peer into our lives?
I am data, and I want to be able to control who knows me.
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
I think that's what this is trying to avoid. The whole problem with National Id cards is what you just described.
Biometric encoding would eliminate this because you could easily match a peron to an id card.
My problem with this kind of stuff is just the security involved. I'm a System Administrator and so I know first hand how lazy people can be when it comes to security. People always choose convenience over security. No matter what. And the U.S government is no exception.
A couple small examples:
In the gulf war a U.S Navy ship was compromised and e-mail was leaked.
Presently there's a group of blackhat's calling themselves "The Deceptive Duo" who have succesfully hacked into government systems..
I don't want to trust every single piece of information that's very personal to an irresponsible government that doesn't take the security of it's network seriously. Because most likely everyone's information will be stored in a single database that government officials can use to lookup your information. It's already happening it's just not as centralized as they want it to be.
I guess the idea is that if you get pulled over the cop will take a hand or retinal scan, go to his cruiser and get every single piece of information he could possibly need to know about you from a central database.
That scares because of both security and privacy concerns that I have.
--
Garett
A national ID card is a way to restrict freedom. Unlike searches at the airport, you don't gain security for the trade-off. Instead you get to be treated like a criminal when you've done nothing wrong. Would it have stopped any act of terrorism? No. Would it have ever stopped anything? I seriously doubt it. This only oppressed the law abiding citizens
--
pants ahoy
It wouldn't be so bad if the card could be used for verification, and not identification. If the cards could answer specific questions, yes or no would be sufficient instead of divulging all sorts of other information that I would not necessarily want divulged.
For example, there are bars now that at the door have a magnetic strip reader which is used for verification purposes. This makes it easy for the bar to make sure a patron is 21 or over by swiping the person's driver's license. It does verify that the person is over 21, but also records their birth date, DL number, address, height, weight, eye color, and driver restrictions which the bar uses for marketing purposes.
In the same situation I would want a smart card to just answer two simple questions; Does this person belong to this card? (yes/no) and Is this person 21 years of age or over? (yes/no). And nothing else.
For airline checkpoints, does this person belong with this ticket, yes or no? Does this person belong with this baggage? This way everything is on the card and your personal information is not tracked all over the place. Of course the government doesn't want this because they can't track anyone this way.
-Matt
In spite of claims, biometric systems are vulnerable to attack. People can find ways to forge biometric information at automatic terminals, even at manned terminals. For example, some iris scanners can be fooled by contact lenses.
This presents a problem. Right now, if somebody steals my password, I can just cancel the old one and make up a new one.
However, I think it would be more difficult to get a new retina.
Has it been over a year since you last donated to the Electronic Frontier Foundation
if your license ever gets stolen and cloned: Once biometric data is compromised, i.e., the digital file titled leaves your immediate control, you can be impersonated for the rest of your life. It's not like a credit card number where they cancel it and issue you a new one. You can't get a new thumb. (cr. B. Schneier) And if technology ever gets to the point that you can clone a new thumb with a new print, or grow a new retinal pattern then biometric ID becomes meaningless.
I'm not saying that it should never be used, but you have to think long and hard before you start sending biometrics over the airways (e.g., police checks) or the phone lines (e.g., carding someone at the bar to verify their ID), or the internet (e.g., ebay, paypal)
"It's not a war on drugs, it's a war on personal freedom. Keep that in mind at all times." Bill Hicks
Sig: What Happened To The Censorware Project (censorware.org)
Part of an article by Bruce Schneier:
Biometrics don't handle failure well. Imagine that Alice is using her thumbprint as a biometric, and someone steals the digital file. Now what? This isn't a digital certificate, where some trusted third party can issue her another one. This is her thumb. She has only two. Once someone steals your biometric, it remains stolen for life; there's no getting back to a secure situation.
And biometrics are necessarily common across different functions. Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications. If my fingerprint is used to start my car, unlock my medical records, and read my electronic mail, then it's not hard to imagine some very unsecure situations arising.
Biometrics are powerful and useful, but they are not keys. They are not useful when you need the characteristics of a key: secrecy, randomness, the ability to update or destroy. They are useful as a replacement for a PIN, or a replacement for a signature (which is also a biometric). They can sometimes be used as passwords: a user can't choose a weak biometric in the same way they choose a weak password.
Biometrics are useful in situations where the connection from the reader to the verifier is secure: a biometric unlocks a key stored locally on a PCM-CIA card, or unlocks a key used to secure a hard drive. In those cases, all you really need is a unique hard-to-forge identifier. But always keep in mind that biometrics are not secrets.
http://www.counterpane.com/insiderisks1.html
And your pont is? Hrm my ISP has all these fancy locks (they had a lot of VC money to spend or were competing with the VC boys) I just about live in datacenters (and in manhaten that might be cheaper than a decent apartment) but lets face it who does this stop?
Some hacker, hrm how hard is it to keep out the average 14 year old. The rest are smart enough to lease a space right next to yours after scoping things out via the absolutly no security tour.
Normal everyday criminal, probably but so does a simple lock.
A terrorist, na one ak 47 under a long coat trust me the unarmed security guards in the datacenter arent playing hero at 7 bucks and hour with an average of 3 - 5 people on shift it's not to hard to take over one of these places.
Cops, they use search warents given out like TP from our court system.
Me, na I'm probably on the access list and if not I can play cisco tech #xxxxxxx and call in a trouble ticket for ya. Have to love those 3 hour responce maitnence contracts. The nice tech on duty will even show me to your cage unlock it for me and point out any servers of interest while asking if they can get a job doing what I do.
Biometrics are nice they make things harder to fake. Embeding them on a smart card etc is idiotic at best you can program one with whatever biometircs you want. Any security dongle must rely on 3rd party verification to be worth something a pin associated with your current drivers liscences would be more usefull.
And national ID cards or anything else all blow big chunks persoanly I'm against drivers licences just dont let drunks buy cars or more kindly just let them get motoscooters or something paint there cars blaze pink even better force them to use happy computer controled cars. Cars are NOT optional to most people you either have one and can work or dont have one and are forced into low paying menial labor and forced to live in urban spraws that support bus or subway systems.
From the story:According to a statement by Moran, at least eight of the 19 September 11 hijackers were able to easily obtain licenses.
And how many were wanted by the FBI and shouldn't have been let into the country to begin with? Most? All?
Jeez, these guys used their real names on these "easy-to-obtain licenses", and nobody bothered to check if they were wanted or not? It'd be nice if we didn't have to keep bending over for the government's failures.
A biometric ID won't make us less free. It probably won't make us more secure against terror, although reliable ID might have caught Ahmed Ressam, the guy who plotted to blow up LAX, then panicked at a routine border search. He had come and gone across the US border with different Canadian passports. Sure, half of his names were on watch lists, so he just switched identities. Had he not blown his cool, a lot of people could have died.
But that isn't what interests me.
Here is where a biometric ID can help:Identity Theft
It is trivially easy to impersonate someone and rack up credit card charges, commit crime with their identity, etc. Biometric IDs would put a stop to that.
A year ago, my wife's wallet was stolen from her gym locker. The usual credit card fraud ensued, which was stopped within a few hours.
Then the crook took her drivers license, somehow mangled it, and got the her picture on the front and my wife's name. Apparently, the Illinois DMV doesn't compare you to a file picture when you get an ID. This let them write checks on that identity, taking out loans (despite calls to every credit agency to put a watch on that sort of thing), culminating in the purchase (with a stolen check) and financing (naturally) of a used Ford Explorer at a sleazy car dealership too lazy to verify the bank balance or credit info.
Once the car check bounced, the dealer reported the theft, the cops came to us talking about grand theft auto. After some explaining, the license plate (in my wife's name, of course) was put into the police database. Amazingly, they actually caught this crook when she tried to pass one of the checks for a carton of smokes. The check came up bad (for once!), the store called the cops, who ran the plate of the SUV and got her. She naturally looks nothing like my wife, who is short, skinny, and white, not tall, obese, and black.
The moral of the story is that it is easy to impersonate someone, causing harm to that person because there is no biometric element at any point in the US ID system.
It doesn't make us more free because we have unreliable ID. Most of us never have a reason to fake an identity (save trivial stuff like faking your grocery club card). We don't get a privacy benefit from poor ID, we just have the risk of identity theft. How are you less free because your identity may be tied to your physical person? How are you more free because your identity is (at present) not 100% properly verified when you get a passport or drivers license?
We already leave data trails almost everywhere we go. These can be picked up by commercial concerns interested in selling you the exact type of extreme soda for your demographic. A biometric ID won't change that.
Your SSN will still be in 1000 poorly secured databases, ripe for the taking. The only thing a biometric ID will do is make it harder to impersonate someone else.
I say it is high time we get ID that works.
No, no. That $315 million was per citizen. The day the government can implement something decent Hell will have a slight chill.
Click here or here.
I've said it before and I'll say it again: a far better authentication system would be to have your biometric information, picture, and name on the card, but have it digitally signed by multiple private keys held by the government in different places. Duplication would be virtually impossible, since you would have to get access to the biometry (not that hard), then get it signed by all of the keys (very hard).
Anyone could validate that you are you by verifying the digital signatures and checking the picture or biometry. Since the name, picture and biometry are signed as a unit, there's no way to create a card with your biometry and another person's name and picture without cracking all of the keys.
I think that this figure, as most other figures for proposed legislation, are woefully under-estimated, just to give it a chance to pass.
Once it's approved, well, Budget overruns, here we come!
Watch the Teaser Trailer for "The Lightning Thief" Her
Now, I don't want to get off on a rant here, but...
I can't help but wonder what exactly you think you're giving up by having a biometric print on your driver's license, instead of a 9-digit number. Do you honestly think that by having the (assumed) Encrypted Permutation of the measurements of the veins in your eye on the DMV computer system, that you'll suddenly be some Arnold Schwarzenegger'd character fleeing the Borg Uberpolice in some post-armageddon techno-dictatorship?
Lets face it...there are some areas where privacy is important (medical records, for example)...but we already have LAWS against unauthorized access to said materials. Isn't this the whole debate with the SSSCA or whatever it's called now? That we're looking to legislate things that are ALREADY ILLEGAL? If an insurance company can't get your info now, they won't be able to if you're records are locked biometrically! It's a different key for the same lock.
And, to be honest, there are things that SHOULD NOT BE PRIVATE. Convicted sex offenders should be branded across the forehead -- but we live in a civilized society, where a "DO NOT TRUST WITH YOUR 6-YEAR OLDS!" mark on their record, available to law enforcement and grade school HR departments, would do the trick. Likewise, "Known Terrorist" or "Most Wanted" notices are GOOD THINGS for airport checkin personel to see.
That you have AIDS, or that you're secretly dressing in women's panties, are secrets best kept to yourself. That you have served twenty years for deflowering an Alterboy or have trained in an Al Qaida camp should be open to the world. And I, for one, don't have a problem with that.
Why is it that there's such tremendous opposition to standardizing voting methods, which has obvious practical advantages and almost no potential for abuse, and yet there's always another proposal to make my personal identification nationally "transparent", which has few really practical advantages but huge potential for abuse?
Apparently the bill "directs that the chip [on the license] be capable of accepting software for other applications, including those of private companies".
This isn't about security, it's a taxpayer-funded giveaway of your privacy to big corporations. It'll save them a few bucks lost to fraud and make this even more of an electronic nanny state.
Luckily the EFF spokesman pointed out that "The real thrust... is so that the ID card or driver's license will be even more useful to commercial entities in terms of tracking consumers, doing consumer profiling, telemarketing -- all those kinds of things that people currently consider to be an invasion of privacy."
And the Center for Democracy and Technology calls it a "honeypot".
This has to be fought on the retail level. Hopefully Joe and Jane Public have enough love of freedom left to be skeptical of the government fingerprinting them at the DMV. If it turns out they don't, I'm ashamed of-- and afraid for-- my country.
They need a way to identify everyone in the country uniquely, so a retinal scan seems like a fine idea.
If you already are of this opinion...then I could see why you would say that there is no privacy. There are a lot of people who believe that there is no need to identify everyone uniquely--the only time that is required is when someone is arrested, and when they are, there are systems in place to identify them at that time. Otherwise, as has been established in the common law countries, like the US, NZ and Canada, you are not required to *document* yourself simply by existing.
Canada does take that a bit more seriously...for instance, photo driver's licenses are much newer there and were fought much harder (and, at least two provinces I can think of, Quebec and New Brunswick, leave the photo as being optional. The yearly report of the Societe de l'assurance from Quebec says that about 11-13% of Quebecois decline to have the photo on their license. Clearly not a majority, but those are people who clearly value the idea that they do not want nor need a photographic identifier.)In fact, no Canadian provincial legislature has ever mandated that a photo be on a license (even in Ontario, it's the minister or transportation that has ordered the photo license, and the minister of health that has ordered the photo health insurance plan card.)
The SSN and SIN are related...but there are indeed duplicate SIN's as well as duplicate SSNs. And people do get new SSN's occasionally. This proposal is not meant as a replacement for the SSN, or even to augment the SSN...it is actually meant to add security to the driver's license, which may or may not be linked to the SSN in a verifiable way. (While SSN's are commonly collected for driver's licensing, they are not necessarily confirmed--at least, not in all states.)
Do you give your SSN out for every little thing? That depends...the SSN has, regrettably, become the lookup key to a person's credit history. If the credit history can be looked up by name and address, than the SSN lookup is not necessary.
Funny, I've always been convinced that retinal/iris scan will be the least likely biometric they would move to. Why? Because the damn retina changes with time. In particular, those with cataracts and macular degeneration also have changing retinal/iris patterns. Furthermore, there are prescription medications, designed to help those suffering from macular degeneration, which cause very quick and complex changes in the retinal structure.