Would a National Biometric Authentication Scheme Work?

Ian Lamont writes "The chair of Yale's CS department and Connecticut's former consumer protection commissioner are calling for the creation of a robust biometric authentication system on a national scale. They say the system would safeguard privacy and people's personal data far more effectively than paper-based IDs. They also reference the troubled Real ID program, saying that the debate has centered around forms of ID rather than the central issue of authentication. The authors further suggest that the debate has led to confusion between anonymity and privacy: 'Outside our homes, we have always lived in a public space where our open acts are no longer private. Anonymity has not changed that, but has provided an illusion of privacy and security. ... In public space, we engage in open acts where we have no expectation of privacy, as well as private acts that cannot take place within our homes and therefore require authenticating identity to carve a sphere of privacy.' The authors do not provide any suggestions for specific biometric technologies, nor do they discuss the role of the government in such a system. What do you think of a national or international biometrics-based authentication scheme? Is it feasible? How would it work? What safeguards need to be put in place?"

Yale CS

[astrashe]

If history has taught us anything over the past few years, it's that putting guys from Yale in charge of things is always a great idea.

So let's let this wise man create a national biometric identification system. It sounds like a bad idea to me, but I'm just part of the rabble. I haven't had the benefit of his education and experience. I've never even been to a regatta!

Oh no, not this again.

[inviolet]

Biometrics is inherently flawed as an authentication system, because biometrics is a password you can't change. Once someone gets your password, or at least the numerical representation of it such as could be lifted from a compromised reader or database, you are toast. How are you going to change your retina scan to something new?

And never mind the demonstrated hackability of all but the premium readers.

Biometrics sound great at first blush, and to the common voter they seem foolproof, so this fad will get worse before it will get better. In fact, the authentication issue may have achieved the level of complexity as the net-neutrality issue, such that Joe Registered Voter cannot possibly understand it (even if he is the rare sort to spend an hour googling it before forming an opinion).

Meanwhile, text passwords plus certificates (where 'certificate' could be a smart card, or your cellphone's IMEI, or whatever) is still the answer for security. It's awful, to be sure, but it's much less awful than biometrics.

The article misses the point of anonimity

[MyNameIsFred]

...The debate over Real ID and sensitivity to creation of any form of national ID reveal a fear that anything that identifies us to others will intrude on privacy . This has led to a preoccupation with forms of ID rather than the fundamental question of how we can reliably identify ourselves to each other....

This quote suggests that they miss the whole point of the debate over Real ID. I would argue that the main point of the opposition to Real ID was to oppose anything that make it easier for the government to reliably ID us.

...While anonymity implies privacy, it does not confer it. We delude ourselves into thinking we have privacy if the person next to us doesn't know our name...

Again this misses the point of the Real ID debate. While making it difficult for the government to ID does not prevent them from IDing us, it helps. It also helps prevent the government from retaliating against protesters. It does not prevent it, but makes it harder. That is why protesters frequently cover their faces. That is why protesters want to make it difficult for the government to track their travels.

Even the courts have found that anonymity is important component of freedom of speech. (Along with freedom of association.).

Re:And how well would that work?

[jamstar7]

When I was issued my Social Security card way back in the 60's, it said, in bold letters at the bottom of the card, "NOT FOR USE AS IDENTIFICATION".

That turned out well, didn't it?

commonly confused

[perlchild]

The summary talks about a common misconception, and manages to create another.

Authentication is when you identify(as in Identity) yourself, when you want to(say, to enter your home), or to get that 5% rebate at that place you like to eat at.

Anonymity is when someone else wants you to identify yourself, and you refuse.

Imputability is when someone's done something and 1) you want to Identify them properly, and 2) do something about some of the people you identify(presumably because something they did was wrong)

Anonymity is something private citizens like, in part because they don't much like imputability. That is when they do something, and it's not tied to their Identity.

Forcing someone to authenticate themselves is something the police, for one, likes, because
1) It prevents them from being blamed for mis-identifying someone
2) If they catch you doing something, and impute it once you authenticated yourself, they're fairly sure they impute it in such a way, it will follow you for a long long time(if they can impute your "identity" more on that later.

However, it has its drawbacks
1) If you authenticate yourself with falsified credentials, you get someone else blamed for your acts
2) It doesn't deal with the fact that you may be unable(damaged or lost credentials)/unwilling to identify yourself/automated systems may mis-indentify you

It doesn't solve the question of "Identity" itself either. Like when the no-fly list(falling under imputability) lists names(which can be the same for two people), leading to the same result as a falsified authentication.

Just a quick summary:

Identity: Who you are
Authentication: Proving who you are
Anonymity: Not having to say who you are
Imputability: Blaming who you are

The four are interlinked, but often confused, as in the article.

People interested in laws like RealID need to pay a lot more attention to distinctions between all four. Until the authentication part can be more more foolproof, the imputability is scary(you can be blamed for stuff you haven't done), the anonymity, well it's scary to those who'd rather deal with people they can identify(and therefore impute, think contracts to keep it in the white hat sphere). And the Identity, well that's the real problem. If you have a single, centralized database, any single mistaken Identity becomes life-altering, if not actually life-threatening(correcting someone's id with falsified credentials in order to make their lives a living hell? Yes, it can do that).

Does that bother you a little? I know it does me.

Re:I'm wondering

[Daniel_Staal]

Which totally misses the point. Which is why? What problem are they trying to solve? What possible problem is worth the cost of those in power having a way to track every individual of any age anywhere in the country?

Re:It would work to...

[fyngyrz]

The premise of the article - or at least the blurb - is wrong. It makes the claim we "have no expectation of privacy in the public space." But we do. Ever want to take a road trip to some town where no one knows you, just to get away, do some shopping, have dinner, watch a show, without having to deal with people who know you? Ever enjoy the feeling of being out, alone, in an unfamiliar city?

How's that going to sit when the desk clerk looks you in the eye as you walk up and says, "How you doing, Mr. LeParanoid, and how's that appendectomy scar healing up? Wife happy about that diamond necklace you bought last week?"

Or gives you a steely look because you're on The Sex Offender List (because you had the temerity to have sex with someone 3 days over some arbitrary line, or perhaps you pissed in a bush somewhere) and proceeds to treat you like a criminal as soon as your RF-enabled ID gets in range of his LittleDictatorsConsole(tm)? Sure, you can add biometrics to it so he's sure you're a sex offender or other malcontent antisocial. That'd all be real good, wouldn't it? After all, in this society, onece you're a criminal, you're permanently low class, you can't make up for it.

This whole ID mania needs to go away. It is a sign of a pervasive sickness among the rulers of this society. It is not a solution, or a potential solution, to terrorism, or any other problem we face.