IP: a comment on : Gingrich says National ID card won't fly

[David Farber <dave () farber net>]

> Date: Fri, 16 Nov 2001 22:38:52 -0500
> From: Peter Bachman <peterb () cequs com>
> To: farber () cis upenn edu
>
>
> Dave,
>
> If it wasn't for seeing Harry Potter with my daughter, I would have 
> written an earlier summary  for IP. This Newsday article
> skews the very thought provoking discussion with McQuotes, probably 
> because the ID card is "the tip of the iceberg" when it comes
> to the
> complexity involved in such a system. This point was underscored by the ACM.
>
> And it's a tip that the public apparently doesn't have deep seated 
> objections to, (especially if it means faster lines), but
> could be very dangerous if not done right.
>
> The unspoken, (but often written) comment is we want the positive elements 
> of networked  identity, but we don't want it abused,
> especially in the context of a police state, a permanent declaration of 
> war or unlimited emergency powers, political rivalries,
> suppression of dissent, etc. Is this power truly constrained now under the 
> current system through largely ineptitude?
>
> Do we have a system in place now, but  was it built by not acting (de 
> facto) and business filled in the gap with SSN?  As such,
> this really boils down to the fact that our social compact has been 
> violated by people who looked and acted like typical
> Americans, but then went out one day and  blew up the WTC. So we have a 
> nation of people who don't trust each other without some
> form of ID. Mistrust is a "good thing" in our design of government, but it 
> is in a context of agreeing to some basic invariant
> and simple principles. Once those principles go, then so does the balance 
> of power.
>
> ID's and trust are really different but related issues, so we back peddle 
> on the lack of trust, except to say we are very
> suspicious of "too much government". So there's a great deal of "qualified 
> trust", and distributing authority.
>
> I'd advise anyone who is concerned about the deeper issues to sit though 
> the presentation
> on CSPAN. It's a lot more complicated than attempting to restate Godwin's 
> law yet one more time.
>
> Form your own judgments, here's some topics in what I took away from my 
> notes, this is a summary without
> attribution to the various people who testified.
>
> In general the problem has been misframed as a "National Id Card". Like 
> most socio/technical problems, it is a complex issue
> regarding relationships, intent, law, public policy, information 
> integration, bureaucratic turf wars, relational data,
> federal/state
> organization, identity, rights such as the right to 
> travel,  (technological and social) vision, comfortable v.s. "serious"
> systems, innovations, the ability for Congress to conduct adequate and 
> meaningful oversight, problems with current identifiers,
> fraudulent ids, biometrics, immigration policy, tracking systems, 
> "breeder" documents, matching births to deaths, public opinion,
> efficient transfer of information within government, centralized and 
> decentralized models, avoiding damage to civil liberties,
> lack of knowledge what identity is, getting identity wrong, preventing 
> terrorism, Framers Intent, experience of Belgium who were
> victims of Nazis and have national ID's instead of using passports within 
> EU, how other documents "proxy" for a national id,
> policy by default of not regulating use of SSN as unique identifier, 
> inappropriate data leakage from current identifiers (data
> constraints), how one controls the process or lives with "ID vacuum", time 
> value of being forced to wait for services, quality of
> technology, lack of good management, common models for identity, "fall of 
> cybercivilization", failures of the system to protect
> us, abuses of the system that is supposed to protect us, technology of 
> authentication systems, layering problem space, and coming
> up with a plan involving identity to immediately forestall another major 
> tragedy. Failure of FBI to put terrorists on watch list
> after being given data 42 days earlier, no "big brother" database either 
> practically, politically, or morally. Importance of
> State CIOs. Amount of data on a card, very minimal, or extensive? Ability 
> of persons to view data kept on them and correct it.
> Medical record analogies (HIPPA). Pilot projects. CIA finding Farsi 
> speakers a problem? Solution. Hail a cab in Washington.
> General unwillingness to confront reality. Smashing the "big bug" 
> regarding identity. Preventing racism. The racism "card". Bail
> Bonding for immigrants.Uniform Driver License standards. Nature of Oracle 
> software offer. What it means to create knowledge out
> of data.
>
> "What are we really trying to achieve", standardized design patterns, 
> functionality and utility, technology time lines, sleeper
> agents, Government data error rate, hackers, selling of personal 
> data,  dynamic evolution of U.S. government from Framers,
> suspicion of government, government as a "gas" that expands to fill any 
> constrained volume, "human serialization", the "defacto
> card", the role of cultural safeguards, ID cards and registration used for 
> a variety of purposes in different countries and
> historically, including political abuse and power shaping as well as 
> services, medical, identity theft and prevention of same,
> intrusiveness, scope of access to data, sensitivity to distribution, 
> identity and security assertions, security in general, and
> data security standards, does privacy exist or has it already been taken 
> away from us?, commission to study problem ? skeletons
> in the closet, reasonable expectations of privacy, time advantages of 
> terrorists to reverse engineer systems, but they used their
> real names mostly, "data owner" problems at agency level, how data is 
> verified, or not, real time INS data, felony penalties for
> abusing data, scanning millions of lines of "foreign written code" for 
> back doors, Constitutional amendment, freezing bank
> accounts with visa expiration, can ID's ever tell us who is a "bad 
> actor"?, how should ID's be linked to databases?, Japanese
> W.W.II Internment not to be repeated, what is an "identifier system"? And 
> of course, national security topics which Ellison is
> not allowed to talk about, indicating there's another discussion on the 
> non-public track , which involves inside knowledge, and
> of course the oft quoted remarks from
> public officials regarding another major attack, and whether this whole 
> screed  has anything to do with preventing that
> potential.
>
> Couple of ideas I've been working on with security analysts that were 
> somewhat mentioned,  involve economic cost shifting. Who
> will pay for this, who will benefit, will it save money having a common 
> identity model, who is profiting now from the current
> situation, what are vendors doing, what is the international picture, it 
> if were done, how could it be done securely, and with
> proper legal safeguards. How can users publish their identity data, 
> instead of having the government do it?
>
>
> -pb


For archives see:
http://www.interesting-people.org/archives/interesting-people/