New High-Tech Passports Raise Snooping Concerns

[David Farber <dave () farber net>]

Begin forwarded message:

From: godaddy <peterb () cequs com>
Date: November 27, 2004 9:21:44 AM EST
To: dave () farber net
Subject: Re: New High-Tech Passports Raise Snooping Concerns

Based on the 9/11 reports there appears to be some indications that the 
effective use of passports does in fact have some ability to deter 
terrorist activities. There also were unprecedented failures. That 
argues for better designed passports. However any identity 
documentation carries with it other risks, and often fairly 
sophisticated entry cards can be spoofed, one example of which was 
where guest workers  on the west coast simply mailed back their 
credentials for re-use by other people.  The idea of an
"internet of things" brought about by RFID is a larger issue.

As such, most identity documentation also carries with it some concept 
of weighted risk; as well as other assumptions of geography, and 
territory which in turn can be linked back to stones piled on farm 
lands, or fences which eventually became moated castles, or walled 
cities, etc. There are also non-geographic identity tokens that might 
indicate you are an employee, or customer, or fall into a specific 
role, but geographic identity links back to groups of  people. All 
these things have become more virtual.

The implicit message is that "this is my place, you are here as a 
guest, tourist, etc., and both you and I have some rights in this 
situation". As such this is a perfect issue for the ACLU since it is at 
the intersection of civil liberties, but being narrowly cast as a 
privacy concern when it is much more than that.

Whether the snooping concerns (since they can be mitigated fairly 
simply with the right protective rf blocking carrier) are valid seem to 
stem from the apparent automation in the collection of the data. 
Encryption and other standard practices would go along way to mitigate 
these  risks.

Further down the road we will see that the form of the material to 
contain the information is somewhat irrelevant, as well as the method 
of it's collection. All identity information is now at risk. Data is 
data, whether it's embedded on a chip or in some database.  However, 
genetic data is not only permanent, but passed from generation to 
generation and thus presents very special forms of risk.

Issues regarding security stem back to the basics of information 
integrity, and restricting access to people or machines/systems that 
have a demonstrated relevant valid purpose in using that information.

What is more important is the individuals ability to control their own 
information, and not have it spread all over without their willing 
consent. Up to this point there's little to indicate that we are 
willing to manage the problem effectively, since the degree of risk, 
(which in turn requires some hard core analysis), is less well 
understood in a world of interconnected electronic systems. But the 
fundamental notions of a freedom to travel, safety while travelling, 
and a respect for a host countries laws, as well as the healthy 
economic benefits of immigration, tourism, and travel do not change 
from the processing challenges of the presentation of one's national 
identity and the protections  (or lack thereof) that stem from that 
national identity.

Peter Bachman
Cequs Inc.

peterb () cequs com

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/