USA joins league of civilized nations

…and gets a machine-readable national ID card! Only traitors like Bruce Schneier who hate America are opposed to this glorious new plan:

The United States is getting a national ID card. The REAL ID Act (text of the bill and the Congressional Research Services analysis of the bill) establishes uniform standards for state driver’s licenses, effectively creating a national ID card. It’s a bad idea, and is going to make us all less safe. It’s also very expensive. And it’s all happening without any serious debate in Congress. […]

The REAL ID Act requires driver’s licenses to include a “common machine-readable technology.” This will, of course, make identity theft easier. Assume that this information will be collected by bars and other businesses, and that it will be resold to companies like ChoicePoint and Acxiom. It actually doesn’t matter how well the states and federal government protect the data on driver’s licenses, as there will be parallel commercial databases with the same information. […]

REAL ID also prohibits states from issuing driver’s licenses to illegal aliens. This makes no sense, and will only result in these illegal aliens driving without licenses – which isn’t going to help anyone’s security. (This is an interesting insecurity, and is a direct result of trying to take a document that is a specific permission to drive an automobile, and turning it into a general identification device.)

REAL ID is expensive. It’s an unfunded mandate: the federal government is forcing the states to spend their own money to comply with the act. I’ve seen estimates that the cost to the states of complying with REAL ID will be $120 million. That’s $120 million that can’t be spent on actual security.

And the wackiest thing is that none of this is required. In October 2004, the Intelligence Reform and Terrorism Prevention Act of 2004 was signed into law. That law included stronger security measures for driver’s licenses, the security measures recommended by the 9/11 Commission Report. That’s already done. It’s already law.

REAL ID goes way beyond that. It’s a huge power-grab by the federal government over the states’ systems for issuing driver’s licenses.

REAL ID doesn’t go into effect until three years after it becomes law, but I expect things to be much worse by then. One of my fears is that this new uniform driver’s license will bring a new level of “show me your papers” checks by the government. Already you can’t fly without an ID, even though no one has ever explained how that ID check makes airplane terrorism any harder. I have previously written about Secure Flight, another lousy security system that tries to match airline passengers against terrorist watch lists. I’ve already heard rumblings about requiring states to check identities against “government databases” before issuing driver’s licenses. I’m sure Secure Flight will be used for cruise ships, trains, and possibly even subways. Combine REAL ID with Secure Flight and you have an unprecedented system for broad surveillance of the population.

Is there anyone who would feel safer under this kind of police state? […]

If you haven’t heard much about REAL ID in the newspapers, that’s not an accident. The politics of REAL ID is almost surreal. It was voted down last fall, but has been reintroduced and attached to legislation that funds military actions in Iraq. This is a “must-pass” piece of legislation, which means that there has been no debate on REAL ID. No hearings, no debates in committees, no debates on the floor. Nothing.

Near as I can tell, this whole thing is being pushed by Wisconsin Rep. Sensenbrenner primarily as an anti-immigration measure. The huge insecurities this will cause to everyone else in the United States seem to be collateral damage.

He includes links to various protest organizations in his blog entry, by the way.

Could someone explain to me why this issue is controversial?

I really didn’t think this thread was about the death penalty, but I’ll pretend I did, to troll.

Because not everyone wants to live in a police state?

Would this bill have more support if it was the FAKE ID act? I think, on the name alone, it would totally draw in support from the critical 18-21 demographic.

Long standing American tradition of not letting the federal government have anything ih in the way of monitoring powers over the population. A lot of people see this level of population-cataloguing as the first step towards a police state.

In the context of the modern world I think that’s nutso really and America needs to adapt it’s attitudes towards these things a little bit. A federal national ID database isn’t the first step towards a police state.

The biggest impact is going to be further marginilizing the illegal immigrants who do our dirty work. That could get ugly.

So you are saying a police state would NOT start a national id database?

So you are saying a police state would NOT start a national id database?[/quote]

That’s an amusingly irrelevant question. Building highways isn’t the first step towards a police state. Are you saying a police state would NOT build highways?

The earliers posts by Sneider explain it better: http://www.schneier.com/crypto-gram-0404.html#1

As a security technologist, I regularly encounter people who say the United States should adopt a national ID card. How could such a program not make us more secure, they ask?

The suggestion, when it’s made by a thoughtful civic-minded person like Nicholas Kristof in the New York Times, often takes on a tone that is regretful and ambivalent: Yes, indeed, the card would be a minor invasion of our privacy, and undoubtedly it would add to the growing list of interruptions and delays we encounter every day; but we live in dangerous times, we live in a new world…

It all sounds so reasonable, but there’s a lot to disagree with in such an attitude.

The potential privacy encroachments of an ID card system are far from minor. And the interruptions and delays caused by incessant ID checks could easily proliferate into a persistent traffic jam in office lobbies and airports and hospital waiting rooms and shopping malls.

But my primary objection isn’t the totalitarian potential of national IDs, nor the likelihood that they’ll create a whole immense new class of social and economic dislocations. Nor is it the opportunities they will create for colossal boondoggles by government contractors. My objection to the national ID card, at least for the purposes of this essay, is much simpler.

It won’t work. It won’t make us more secure.

In fact, everything I’ve learned about security over the last 20 years tells me that once it is put in place, a national ID card program will actually make us less secure.

My argument may not be obvious, but it’s not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails.

It doesn’t really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.

The first problem is the card itself. No matter how unforgeable we make it, it will be forged. And even worse, people will get legitimate cards in fraudulent names.

Two of the 9/11 terrorists had valid Virginia driver’s licenses in fake names. And even if we could guarantee that everyone who issued national ID cards couldn’t be bribed, initial cardholder identity would be determined by other identity documents… all of which would be easier to forge.

Not that there would ever be such thing as a single ID card. Currently about 20 percent of all identity documents are lost per year. An entirely separate security system would have to be developed for people who lost their card, a system that itself is capable of abuse.

Additionally, any ID system involves people… people who regularly make mistakes. We all have stories of bartenders falling for obviously fake IDs, or sloppy ID checks at airports and government buildings. It’s not simply a matter of training; checking IDs is a mind-numbingly boring task, one that is guaranteed to have failures. Biometrics such as thumbprints show some promise here, but bring with them their own set of exploitable failure modes.

But the main problem with any ID system is that it requires the existence of a database. In this case it would have to be an immense database of private and sensitive information on every American – one widely and instantaneously accessible from airline check-in stations, police cars, schools, and so on.

The security risks are enormous. Such a database would be a kludge of existing databases; databases that are incompatible, full of erroneous data, and unreliable. As computer scientists, we do not know how to keep a database of this magnitude secure, whether from outside hackers or the thousands of insiders authorized to access it.

And when the inevitable worms, viruses, or random failures happen and the database goes down, what then? Is America supposed to shut down until it’s restored?

Proponents of national ID cards want us to assume all these problems, and the tens of billions of dollars such a system would cost – for what? For the promise of being able to identify someone?

What good would it have been to know the names of Timothy McVeigh, the Unabomber, or the DC snipers before they were arrested? Palestinian suicide bombers generally have no history of terrorism. The goal is here is to know someone’s intentions, and their identity has very little to do with that.

And there are security benefits in having a variety of different ID documents. A single national ID is an exceedingly valuable document, and accordingly there’s greater incentive to forge it. There is more security in alert guards paying attention to subtle social cues than bored minimum-wage guards blindly checking IDs.

That’s why, when someone asks me to rate the security of a national ID card on a scale of one to 10, I can’t give an answer. It doesn’t even belong on a scale.

Identification and Security

In recent years there has been an increased use of identification checks as a security measure. Airlines always demand photo IDs, and hotels increasingly do so. They’re often required for admittance into government buildings, and sometimes even hospitals. Everywhere, it seems, someone is checking IDs. The ostensible reason is that ID checks make us all safer, but that’s just not so. In most cases, identification has very little to do with security.

Let’s debunk the myths one by one. First, verifying that someone has a photo ID is a completely useless security measure. All the 9/11 terrorists had photo IDs. Some of the IDs were real. Some were fake. Some were real IDs in fake names, bought from a crooked DMV employee in Virginia for $1,000 each. Fake driver’s licenses for all fifty states, good enough to fool anyone who isn’t paying close attention, are available on the Internet. Or if you don’t want to buy IDs online, just ask any teenager where to get a fake ID.

Harder-to-forge IDs only help marginally, because the problem is not making sure the ID is valid. This is the second myth of ID checks: that identification combined with profiling can be an indicator of intention.

Our goal is to somehow identify the few bad guys scattered in the sea of good guys. In an ideal world, what we’d want is some kind of ID that denotes intention. We’d want all terrorists to carry a card that says “evildoer” and everyone else to carry a card that said “honest person who won’t try to hijack or blow up anything.” Then, security would be easy. We’d just look at people’s IDs and, if they were evildoers, we wouldn’t let them on the airplane or into the building.

This is, of course, ridiculous, so we rely on identity as a substitute. In theory, if we know who you are, and if we have enough information about you, we can somehow predict whether you’re likely to be an evildoer. This is the basis behind CAPPS-2, the government’s new airline passenger profiling system. People are divided into two categories based on various criteria: the traveler’s address, credit history, and police and tax records; flight origin and destination; whether the ticket was purchased by cash, check, or credit card; whether the ticket is one way or round trip; whether the traveler is alone or with a larger party; how frequently the traveler flies; and how long before departure the ticket was purchased.

Profiling has two very dangerous failure modes. The first one is obvious. The intent of profiling is to divide people into two categories: people who may be evildoers and need to be screened more carefully, and people who are less likely to be evildoers and can be screened less carefully. But any such system will create a third, and very dangerous, category: evildoers who don’t fit the profile.

Oklahoma City bomber Timothy McVeigh, DC sniper John Allen Muhammed, and many of the 9/11 terrorists had no previous links to terrorism. The Unabomber taught mathematics at Berkeley. The Palestinians have demonstrated that they can recruit suicide bombers with no previous record of anti-Israeli activities. Even the 9/11 hijackers went out of their way to establish a normal-looking profile; frequent-flier numbers, a history of first-class travel, etc. Evildoers can also engage in identity theft, and steal the identity-and profile-of an honest person. Profiling can actually result in less security by giving certain people an easy way to skirt security.

There’s another, even more dangerous, failure mode for these systems: honest people who fit the evildoer profile. Because actual evildoers are so rare, almost everyone who fits the profile will turn out to be a false alarm. This not only wastes investigative resources that might be better spent elsewhere, but it causes grave harm to those innocents who fit the profile. Whether it’s something as simple as “driving while black” or “flying while Arab,” or something more complicated like taking scuba lessons or protesting the current administration, profiling harms society because it causes us all to live in fear…not from the evildoers, but from the police.

Security is a trade-off; we have to weigh the security we get against the price we pay for it. Better trade-offs are to spend money on intelligence and analysis, investigation, and making ourselves less of a pariah on the world stage. And to spend money on the other, non-terrorist, security issues that affect far more Americans every year.

Identification and profiling don’t provide very good security, and they do so at an enormous cost. Dropping ID checks completely, and engaging in random screening where appropriate, is a far better security trade-off. People who know they’re being watched, and that their innocent actions can result in police scrutiny, are people who become scared to step out of line. They know that they can be put on a “bad list” at any time. People living in this kind of society are not free, despite any illusionary security they receive. It’s contrary to all the ideals that went into founding the United States.

Because not everyone wants to live in a police state?[/quote]

How does a police state follow from a national id card? Hell, a national id-card is nothing. I was isssued a personal identity number when I was born and that number is on all my official records, and most of my financial records, and despite this I see no sign of impending doom nor do I hear the trample of jack-booted thought police.

Because not everyone wants to live in a police state?[/quote]

How does a police state follow from a national id card? Hell, a national id-card is nothing. I was isssued a personal identity number when I was born and that number is on all my official records, and most of my financial records, and despite this I see no sign of impending doom nor do I hear the trample of jack-booted thought police.[/quote]

Like I said, it’s more about long held American paranoias regarding big-brother government than about any rational objections. The actual implementation being considered is stupid for a lot of reasons (see Quaro’s post above) but that won’t be the reason for backlash on this, it will be the same sentiment MS expressed.

We already have a personal identity number (our social security number) – why do we need a national photo ID in addition to it?

Because not everyone wants to live in a police state?[/quote]

How does a police state follow from a national id card? Hell, a national id-card is nothing. I was isssued a personal identity number when I was born and that number is on all my official records, and most of my financial records, and despite this I see no sign of impending doom nor do I hear the trample of jack-booted thought police.[/quote]

I think you need to read everything posted above carefully.

It’s obviously only a real issue when the Dems are doing it.

BTW, the fact that this happened without a real debate should tell you all you need to know.

Meh, I don’t see the problem either.

Leeloo Dallas mul-ti-pass. Mul-ti-pass.

Here’s the big question, as I see it:

Will we, in any way, be forced to carry or present this ID card in situations where previously we would not have been required to present a driver’s license/passport/SSID? That’s my litmus test for police state vs. stupid pork project to feel good about TEH WAR ON TERRAR!

H.

This is the first thing that came to mind upon reading this.

Then the annoyance at our overreaching government. Fucking government.

In all likelihood, probably not. However, since an emphasis is being placed on these cards being standardized and “machine readable”, we’ll probably see at least some increase in places where you merely showed your driver’s license previously looking to add the ability to scan your ID card as well.

In doing so, you create more of a record of your movements, and at scanning points that don’t merely record the cards they’ve seen but verify them against the national database, it creates the potential for the mapping of your activities, even if it’s not directly or deliberately designed to.

Personally, I’m not as much worried about my privacy being invaded by the government as I am from interested third parties with access to the system, legally or otherwise. A national database with all that information tied to a single machine-readable card has to be a identity thief’s wet dream.

The other big question is, of course, why should we have this? I mean, that’s always been kind of the barometer for US lawmaking… if there’s not a reason to have something, why have it?