IP: Ellison's Identity Cards

[David Farber <dave () farber net>]

Seconded and thirded djf

> From: "Jonathan S. Shapiro" <shap () eros-os org>
> To: <farber () cis upenn edu>
> Subject: Ellison's Identity Cards
> Date: Sun, 23 Sep 2001 14:29:35 -0400
> X-Mailer: Microsoft Outlook Express 5.50.4807.1700
>
> [Definitely for IP]
>
> Larry Ellison's proposed identity card system is a terrible idea.
> Unfortunately, a lot of people listen to Larry uncritically, and in this
> case that could get people killed. In fact, his proposal does absolutely no
> good to you and me, but it's *terrific* for terrorists. And of course, for
> Larry.
>
> In the article, Ellison is quoted as saying:
>
>     ``Let me ask you. There are two different airlines.
>     Airline A says before you board that airplane you
>     prove you are who you say you are. Airline B, no
>     problem. Anyone who wants the price of a ticket,
>     they can go on that airline. Which airplane do you
>     get on?''
>
> This is *exactly* how most people will think about what is happening when
> the card is checked and they will act as though this statement is correct.
> The problem is that it's wrong.
>
> The security guy for Airline A *isn't* getting you to prove that you are who
> you say you are. They are merely asking that you successfully convince some
> unknown card-issuing agency to issue you a card. These card issuing agencies
> can be bribed, robbed, swindled, or tricked. Why, just a few months ago
> somebody tricked Verisign into issuing a Microsoft code signing key to a
> random outsider!
>
> In fact, we already *have* an international identification system that works
> (and fails) exactly the same way that an identity card works (and fails).
> It's called a passport. In many parts of the world, including Pakistan and
> Afghanistan, you can have passports made that say anything you want. In
> fact, for a modest fee in either country, *anyone* can purchase the use of a
> national passport authenticity stamp for a day! Hell, people in these
> countries routinely carry three or four passports, and hand out whichever
> one is least likely to get them in trouble.
>
> Meanwhile, international smugglers and intelligence agencies support a small
> but talented industry of passport forgers that are *necessary* to performing
> their functions. Do you suppose that intelligence agencies will give this
> up? Unlikely. Do you suppose that these forgers are all perfectly honest?
> Also unlikely. So why do you assume that they won't forge electronic
> identity cards for terrorists and criminals too? It's a lucrative, low-risk
> business!
>
> But let's ignore economic and political realities for a moment, and assume
> that there are no forgers and no spys, and that all of the issuing agencies
> are trying to issue these cards properly. How do *they* know that you are
> who you say you are?  Well basically, they demand that you produce a birth
> certificate. There are lots and lots of ways to produce fake birth
> certificates. Even if a hospital registers you at birth, fingerprints can be
> changed surgically, and a terrorist would have no qualms about doing so.
>
> Of course, fingerprint surgery is expensive and painful. A cheaper way is to
> crack the security of the card itself. Current generation smart cards can be
> cracked in hours using about $10,000.00 of equipment, most of which you can
> buy off the shelf. Forget the fingerprint -- just forge a new card in your
> basement.
>
> For that matter, it wouldn't be that hard to crack the central fingerprint
> database too. You were going to run that database in a secure facility using
> secure a software platform, right? Which secure operating system did you
> have in mind?
>
> So much for technical feasibility. The proposal just doesn't work in the
> real world.
>
>
> So why do I call this the ``support your local terrorist'' proposal?
>
> Imagine you are a low-paid airport security worker. Some random passenger
> comes up to you and hands you this card, sticks their thumb in the reader,
> and the reader says ``this is a good passenger.'' What do you do? You pass
> them through with reduced scrutiny, because you have to look at a thousand
> of these things a day. It doesn't matter how much you are paid. Human beings
> simply aren't good at that kind of repetative task, and these folks are
> mostly untrained low-wage earners. Certainly nobody has thought about
> improving their attention.
>
> As bad as the current system is, a national identity card of this kind would
> be to *reduce* the attention paid at the airport security gate. Both you and
> your local terrorist can each get on the plane with complete confidence that
> nobody will hassle you.
>
> Put my medical info on a card in my pocket in case I am hospitalized
> unconscious? Perhaps. But rely on that card to make a judgement about the
> lives and safety of third parties? Are you nuts?
>
> But hey, don't take my word for all this. Test it! Take Larry up on his
> offer, but let him charge a price and tell him that he has to assume
> liability for the security of the cards. See if he can get *anybody* to
> insure him for the liability! Then watch how fast he scuttles out of the
> limelight.
>
> In fact, the only guy who wins in this scenario is the guy giving away the
> identity cards, because he gets to charge for access to the database. So
> when you think about it, Larry isn't being such a good samaritan after all.
> His proposal takes advantage of your gullibility to make himself more money.
> Larry's not stupid. In spite of his reputation he doesn't sound off in front
> of reporters without a plan.
>
> P.T. Barnum once said ``There is a sucker born every minute.'' At one point,
> IBM was selling seven PS/1 computers a minute, which just goes to show that
> Barnum was an optimist. Larry's going for a whole new level here.
>
> How big a sucker are *you* going to be?
>
>
> Jonathan S. Shapiro
> Assistant Professor, Department of Computer Science
> Johns Hopkins University



For archives see: http://www.interesting-people.org/