Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Politech mailing list archives

FC: Progressive Policy Institute on why smartcard-licenses are so terrific
From: Declan McCullagh <declan () well com>
Date: Wed, 20 Feb 2002 18:24:20 -0500
Previous Politech message:

"Progressive Policy Institute wants biometric license-smartcards"
http://www.politechbot.com/p-03158.html

Excerpt from PPI report released this month:
http://www.politechbot.com/p-03149.html
By way of background, the Progressive Policy Institute is an arm of the Democratic Leadership Council. 

-Declan

---

Date: Wed, 20 Feb 2002 17:15:54 -0500
From: Rob Atkinson <ratkinson () dlcppi org>
To: declan () well com
Subject: Re: Progressive Policy Institute wants biometric license-smartcards

Declan,
Thank you for the opportunity to respond to the comments below. Though I know the debate over improving the ID system is heated, I must say that I was taken aback by some of what I've read. When I had lunch with Ralph Hoefelmeyer at the Smart Card Alliance meeting, I thought we had an open and polite give-and-take on the issue (we even beamed business cards to each other - hmm, what does that say about privacy?). Then he publically denounces me and others who believe in third way governance (such as Bill Clinton and Tony Blair) as Nazis. It's a prime example of the fact that opponents of smart ID cards can gain no ground by shedding light on the issue, so they set the debate on fire. I believe all of the issues raised by list members are addressed in our reports (www.ppionline.org) but I will make a few points here:
--Consolidating various cards onto your driver's license makes you no more prone to losing it than consolidating various cards in your wallet. In fact, under our proposal it's more convenient to have them on one smart card: you go to the DMV to get a new license, then redownload the other applications from your PC. No multiple phone calls, no waiting for new cards to arrive by snail mail, and most importantly, no worries that someone will use your card (since they can't match the onboard biometrics), thereby forcing you to fight with the credit bureaus to clear up the identity theft confusion. Moreover, no one has to put multiple applications on one card, they can get additional smart cards from private providers for other applications if they choose.
--Many people respond to our specific proposal with variations on the same unfalsifiable generality: no card is fraud-proof, no database is hack-proof, no government agency is bribe-proof, no computer is error-proof, and so on. These are all true as far as they go -- nothing made by humans is flawless -- but these "arguments" ignore the fact that our proposal will make all of these bad things harder than the current system. Smart ID cards are far more secure and far harder to fake than the current gold standard for identification, which is a card using decades old technology with an erasable 2D bar code painted on the back. Inability to achieve perfection does not justify a refusal to improve.
--To elaborate on the database issue, I'd like to point out that the fact that every database is hackable does not stop people from submitting highly personal data to other people on a daily basis. Every time I use my credit card, visit my doctor, or pay my taxes I run the risk that somebody will either hack in or gain authorized access for an impermissable purpose. However, unlike a few of the most vocal people in this debate, that knowledge does not paralyze me with fear, because I am able to balance the (very low) risk against the (very high) benefits. Moreover, I think it's silly to think that the DMV databases will become permanent targets of hackers, since under our proposal those databases will contain no more information than is currently written on the front of the card you flash every time you want to buy a beer, plus an encrypted "ephemeral" biometric that is of no use to anyone because it cannot be recreated latently. Moreover, we call for strict privacy prote! ctions for driver's liscence data, including a prohibition on DMVs from selling any information stored on the card.
--As for using smart ID cards to track your movements, I would point out that upgrading the card does not change the rules under which The Government (whatever that means) can ask to see the card. The Government can track your movements today using a pen and paper to jot down your driver's license number (or SSN, or license plate, or library card), but that has not turned the U.S. into the dystopia that so many privacy advocates bemoan in Cassandra-like agony. Moreover, even contactless cards will not give out high-powered signals they way the toll booth transponders do, so the idea that The Government can track our movements using remote sensors is almost as paranoid as the idea that The Government would ever bother to do so; after all, the red light cameras only catch the license plates of red light runners, not every car that passes through the intersection. If you're that worried about it, however, I suppose you can keep The Government from tracking your smart ID card b! 
y storing it under your aluminum foil hat.
I believe that the debate over public policy needs to take place in the real world, where costs and benefits are weighed. If we use ludicrously unlikely worst-case scenarios and logical extremes as definitive reasons not to do something, we would never do anything. The fact that Politech readers use computers and connect them to the Internet (no system is unhackable!) shows that they have some ability to weigh reasonable risks against reasonable benefits. I'd expect to hear some of these arguments from heavily-armed militia members who don't use the toilets in their trailers because they think public sewers are a U.N. conspiracy, but it irks me to hear them from people who should know better. If you and your readers think that makes me dismissive of privacy concerns, fine. But it doesn't make me a Nazi. 

Regards,

Rob Atkinson


Rob Atkinson
Vice President, and
Director, Technology and New Economy Project
Progressive Policy Institute
600 Pennsylvania Ave., S.E.
Suite 400
Washington, DC 20003
202-608-1239
fax 202-544-5014
email: ratkinson () dlcppi org
web:   www.ppionline.org




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • FC: Progressive Policy Institute on why smartcard-licenses are so terrific Declan McCullagh (Feb 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]