Wednesday, December 15, 2004

National ID Cards

Samizdata has a piece on National ID Cards and Identity theft.
[Thanks to Wretchard(aka The Belmont Club) for the reference.]

I didn't comment. It looked to have gotten out of control with the government incompetency and evil control freaks comments.

I suppose I can comment here. (since no one is reading this thing anyway.)
If properly implemented a national ID card can provide some levels of protection. The name coincidence that is in the Samizdata piece would be less likely to happen if the use of Biometrics is utilized. (There was a comment there to this.) Biometrics being a retinal scan, finger print, Iris scan, hand print, etc. These would all relate to the individual in a manner that can't be duplicated. Of course, the problem comes with who ever is running the database system. Can they properly place data into the system without Buggering the whole thing up? [Maybe Granted can comment here. He's a DBA type so I think he has more of a clue here than I do.]

I've looked at this debate before and have found some interesting information from Bruce Schneier.
Bruce Schneier is:

an internationally renowned security technologist and author. Described by The Economist as a "security guru," Schneier is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.

He also is part of Counterpane.

Mr. Schneier points out in this article that National ID cards won't make you any safer. In fact it may make us less safe.

In fact, everything I've learned about security over the last 20 years tells me that once it is put in place, a national ID card program will actually make us less secure.

My argument may not be obvious, but it's not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails.

It doesn't really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.

The first problem is the card itself. No matter how unforgeable we make it, it will be forged. And even worse, people will get legitimate cards in fraudulent names.

Two of the 9/11 terrorists had valid Virginia driver's licenses in fake names. And even if we could guarantee that everyone who issued national ID cards couldn't be bribed, initial cardholder identity would be determined by other identity documents ... All of which would be easier to forge.

Read the article, it's not technical so it's easy enough to understand.

Mr. Schneier also runs a free email newsletter Cryptogram. I've been getting it for a while and it is worth reading.
Personally, I don't think the ID cards are a good idea. There is to much likelihood that the information related to them will at some point be abused. With the potential for data mining and data collection these days, I'd hate to have a system so easily subverted against the citizen. Not that the government intends to do this presently, but with a tool available, sooner or later it will be abused. (Yes, the aerosol can was not made or intended to be a flame thrower, but you can't tell me no one has tried it.)
I've heard the argument that if the cards are uniform, like a national driver's license, then there will be less abuse. I'd say on the contrary, the uniform card would allow for abuse to be more wide spread due to its being uniform. You don't have to have 50 variations to copy and subvert, just one.
Lastly, there is the cost/benefit ratio. Will the cost of the bureaucracy and equipment for this National ID really benefit us in the end. I've not found any cost estimates, but I'm betting it will be astoundingly expensive.

No comments: