FC: Progressive Policy Institute on why smartcard-licenses are so terrific

[Declan McCullagh <declan () well com>]

Previous Politech message:

"Progressive Policy Institute wants biometric license-smartcards"
http://www.politechbot.com/p-03158.html

Excerpt from PPI report released this month:
http://www.politechbot.com/p-03149.html

By way of background, the Progressive Policy Institute is an arm of the 
Democratic Leadership Council.

-Declan

---

Date: Wed, 20 Feb 2002 17:15:54 -0500
From: Rob Atkinson <ratkinson () dlcppi org>
To: declan () well com
Subject: Re: Progressive Policy Institute wants biometric license-smartcards

Declan,

Thank you for the opportunity to respond to the comments below.  Though I 
know the debate over improving the ID system is heated, I must say that I 
was taken aback by some of what I've read.  When I had lunch with Ralph 
Hoefelmeyer at the Smart Card Alliance meeting, I thought we had an open 
and polite give-and-take on the issue (we even beamed business cards to 
each other - hmm, what does that say about privacy?).  Then he publically 
denounces me and others who believe in third way governance (such as Bill 
Clinton and Tony Blair) as Nazis.  It's a prime example of the fact that 
opponents of smart ID cards can gain no ground by shedding light on the 
issue, so they set the debate on fire.  I believe all of the issues raised 
by list members are addressed in our reports (www.ppionline.org) but I will 
make a few points here:

--Consolidating various cards onto your driver's license makes you no more 
prone to losing it than consolidating various cards in your wallet.  In 
fact, under our proposal it's more convenient to have them on one smart 
card: you go to the DMV to get a new license, then redownload the other 
applications from your PC.  No multiple phone calls, no waiting for new 
cards to arrive by snail mail, and most importantly, no worries that 
someone will use your card (since they can't match the onboard biometrics), 
thereby forcing you to fight with the credit bureaus to clear up the 
identity theft confusion.  Moreover, no one has to put multiple 
applications on one card, they can get additional smart cards from private 
providers for other applications if they choose.

--Many people respond to our specific proposal with variations on the same 
unfalsifiable generality: no card is fraud-proof, no database is 
hack-proof, no government agency is bribe-proof, no computer is 
error-proof, and so on.  These are all true as far as they go -- nothing 
made by humans is flawless -- but these "arguments" ignore the fact that 
our proposal will make all of these bad things harder than the current 
system.  Smart ID cards are far more secure and far harder to fake than the 
current gold standard for identification, which is a card using decades old 
technology with an erasable 2D bar code painted on the back.  Inability to 
achieve perfection does not justify a refusal to improve.

--To elaborate on the database issue, I'd like to point out that the fact 
that every database is hackable does not stop people from submitting highly 
personal data to other people on a daily basis.  Every time I use my credit 
card, visit my doctor, or pay my taxes I run the risk that somebody will 
either hack in or gain authorized access for an impermissable 
purpose.  However, unlike a few of the most vocal people in this debate, 
that knowledge does not paralyze me with fear, because I am able to balance 
the (very low) risk against the (very high) benefits.  Moreover, I think 
it's silly to think that the DMV databases will become permanent targets of 
hackers, since under our proposal those databases will contain no more 
information than is currently written on the front of the card you flash 
every time you want to buy a beer, plus an encrypted "ephemeral" biometric 
that is of no use to anyone because it cannot be recreated 
latently.   Moreover, we call for strict privacy prote!
ctions for driver's liscence data, including a prohibition on DMVs from 
selling any information stored on the card.

--As for using smart ID cards to track your movements, I would point out 
that upgrading the card does not change the rules under which The 
Government (whatever that means) can ask to see the card.  The Government 
can track your movements today using a pen and paper to jot down your 
driver's license number (or SSN, or license plate, or library card), but 
that has not turned the U.S. into the dystopia that so many privacy 
advocates bemoan in Cassandra-like agony.  Moreover, even contactless cards 
will not give out high-powered signals they way the toll booth transponders 
do, so the idea that The Government can track our movements using remote 
sensors is almost as paranoid as the idea that The Government would ever 
bother to do so; after all, the red light cameras only catch the license 
plates of red light runners, not every car that passes through the 
intersection.  If you're that worried about it, however, I suppose you can 
keep The Government from tracking your smart ID card b!
y storing it under your aluminum foil hat.

I believe that the debate over public policy needs to take place in the 
real world, where costs and benefits are weighed.  If we use ludicrously 
unlikely worst-case scenarios and logical extremes as definitive reasons 
not to do something, we would never do anything.  The fact that Politech 
readers use computers and connect them to the Internet (no system is 
unhackable!) shows that they have some ability to weigh reasonable risks 
against reasonable benefits.  I'd expect to hear some of these arguments 
from heavily-armed militia members who don't use the toilets in their 
trailers because they think public sewers are a U.N. conspiracy, but it 
irks me to hear them from people who should know better.  If you and your 
readers think that makes me dismissive of privacy concerns, fine.  But it 
doesn't make me a Nazi.

Regards,

Rob Atkinson


Rob Atkinson
Vice President, and
Director, Technology and New Economy Project
Progressive Policy Institute
600 Pennsylvania Ave., S.E.
Suite 400
Washington, DC 20003
202-608-1239
fax 202-544-5014
email: ratkinson () dlcppi org
web:   www.ppionline.org




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------