Interesting People mailing list archives
IP: Ellison's Identity Cards
From: David Farber <dave () farber net>
Date: Sun, 23 Sep 2001 16:09:28 -0400
Seconded and thirded djf
From: "Jonathan S. Shapiro" <shap () eros-os org> To: <farber () cis upenn edu> Subject: Ellison's Identity Cards Date: Sun, 23 Sep 2001 14:29:35 -0400 X-Mailer: Microsoft Outlook Express 5.50.4807.1700 [Definitely for IP] Larry Ellison's proposed identity card system is a terrible idea. Unfortunately, a lot of people listen to Larry uncritically, and in this case that could get people killed. In fact, his proposal does absolutely no good to you and me, but it's *terrific* for terrorists. And of course, for Larry. In the article, Ellison is quoted as saying: ``Let me ask you. There are two different airlines. Airline A says before you board that airplane you prove you are who you say you are. Airline B, no problem. Anyone who wants the price of a ticket, they can go on that airline. Which airplane do you get on?'' This is *exactly* how most people will think about what is happening when the card is checked and they will act as though this statement is correct. The problem is that it's wrong. The security guy for Airline A *isn't* getting you to prove that you are who you say you are. They are merely asking that you successfully convince some unknown card-issuing agency to issue you a card. These card issuing agencies can be bribed, robbed, swindled, or tricked. Why, just a few months ago somebody tricked Verisign into issuing a Microsoft code signing key to a random outsider! In fact, we already *have* an international identification system that works (and fails) exactly the same way that an identity card works (and fails). It's called a passport. In many parts of the world, including Pakistan and Afghanistan, you can have passports made that say anything you want. In fact, for a modest fee in either country, *anyone* can purchase the use of a national passport authenticity stamp for a day! Hell, people in these countries routinely carry three or four passports, and hand out whichever one is least likely to get them in trouble. Meanwhile, international smugglers and intelligence agencies support a small but talented industry of passport forgers that are *necessary* to performing their functions. Do you suppose that intelligence agencies will give this up? Unlikely. Do you suppose that these forgers are all perfectly honest? Also unlikely. So why do you assume that they won't forge electronic identity cards for terrorists and criminals too? It's a lucrative, low-risk business! But let's ignore economic and political realities for a moment, and assume that there are no forgers and no spys, and that all of the issuing agencies are trying to issue these cards properly. How do *they* know that you are who you say you are? Well basically, they demand that you produce a birth certificate. There are lots and lots of ways to produce fake birth certificates. Even if a hospital registers you at birth, fingerprints can be changed surgically, and a terrorist would have no qualms about doing so. Of course, fingerprint surgery is expensive and painful. A cheaper way is to crack the security of the card itself. Current generation smart cards can be cracked in hours using about $10,000.00 of equipment, most of which you can buy off the shelf. Forget the fingerprint -- just forge a new card in your basement. For that matter, it wouldn't be that hard to crack the central fingerprint database too. You were going to run that database in a secure facility using secure a software platform, right? Which secure operating system did you have in mind? So much for technical feasibility. The proposal just doesn't work in the real world. So why do I call this the ``support your local terrorist'' proposal? Imagine you are a low-paid airport security worker. Some random passenger comes up to you and hands you this card, sticks their thumb in the reader, and the reader says ``this is a good passenger.'' What do you do? You pass them through with reduced scrutiny, because you have to look at a thousand of these things a day. It doesn't matter how much you are paid. Human beings simply aren't good at that kind of repetative task, and these folks are mostly untrained low-wage earners. Certainly nobody has thought about improving their attention. As bad as the current system is, a national identity card of this kind would be to *reduce* the attention paid at the airport security gate. Both you and your local terrorist can each get on the plane with complete confidence that nobody will hassle you. Put my medical info on a card in my pocket in case I am hospitalized unconscious? Perhaps. But rely on that card to make a judgement about the lives and safety of third parties? Are you nuts? But hey, don't take my word for all this. Test it! Take Larry up on his offer, but let him charge a price and tell him that he has to assume liability for the security of the cards. See if he can get *anybody* to insure him for the liability! Then watch how fast he scuttles out of the limelight. In fact, the only guy who wins in this scenario is the guy giving away the identity cards, because he gets to charge for access to the database. So when you think about it, Larry isn't being such a good samaritan after all. His proposal takes advantage of your gullibility to make himself more money. Larry's not stupid. In spite of his reputation he doesn't sound off in front of reporters without a plan. P.T. Barnum once said ``There is a sucker born every minute.'' At one point, IBM was selling seven PS/1 computers a minute, which just goes to show that Barnum was an optimist. Larry's going for a whole new level here. How big a sucker are *you* going to be? Jonathan S. Shapiro Assistant Professor, Department of Computer Science Johns Hopkins University
For archives see: http://www.interesting-people.org/
Current thread:
- IP: Ellison's Identity Cards David Farber (Sep 23)