At 09:46 AM 11/8/2001 -0800, Tim May wrote:
The confusion "Nomen Nescio" shows in thinking that an is-a-person government tracking system fixes the airline security problem is common these days. It's the same confusion that causes many to think national I.D. cards will fix current pressing problems. They won't.
[...] Nomen Nescio and others should read Chaum's "Credentials without identity" papers. A true name is just another credential, not necessarily more important than any of several other credentials. People should think deeply about this issue.
Indeed. It's popular to frame this as a "this or that" question - like we've got a choice between terrorism (or insecurity) and security without privacy, and it's time for some group of people to deliberate carefully about the right choice to make, or the right way to balance mutually exclusive options. There is no such choice - the is no other side to bargain with, who will accept our privacy or autonomy or liberty in exchange for guaranteed safety. We can't build any sort of reliable security infrastructure on top of our existing identity scheme. Our current scheme doesn't provide for one-to-one mappings between people and identities, it doesn't provide for reliable ways to validate a proposed match between a meat body and an identity, and it provides a multitude of informal and traditional ways to adopt additional or alternate identities in a perfectly legitimate and orderly way. There's simply no way to enforce or implement an "identity" system meant to track humans if all of the elements of the system are pure information, because people who want to defeat the system will report misleading or incomplete information. It's also wildly impractical to even think of issuing some sort of physical token to the *billions* of people on Earth - people cannot (and will not) preserve them against loss, theft, damage, and so forth - nor can they be trusted not to falsely report loss or theft, or to sign up for multiple identities. Tokens which become associated with negative histories will be "lost" immediately; and tokens associated with positive histories will be targets of fraud and theft. The only way to manage identity with the robustness required to provide the sort of trackability and accountability required for an application like that proposed is to use some sort of biometric identifier. Nazi Germany (and I don't bring them up just for shock value) understood that, and used tattooed numbers on the arms of Jews and other unfortunates to eliminate the possibility of identity fraud or theft. In light of the logistical and capital requirements which a high-tech biometric system would require - and since we're talking about international travel and international border crossing, a strong ID project must be worldwide, not just US-based - it's simply not possible to think that we'd be able to use some sort of sexy high-tech retinal scanners, fingerprint scanners, hand geometry scanners, and so forth, to form the biometric basis of identity in such a system. The infrastructure doesn't exist, and can't be developed and deployed in anywhere near the time scale which would be required to address our current security problems, and the initial and recurring costs would be astronomical. The only way we could implement a system like that, starting this year, would be with good old-fashioned human-readable or human-measurable factors which are unchangeable, or at least very difficult to change - and that means something like tattooing or branding every living human being, on a part of their body that's likely to be publically visible, so an unmarked person (or person with altered marks) would be immediately conspicuous. A human readable-mark like a tattooed number would allow border guards, immigration workers, employers, and others to verify a person's status and provide updates using analog technology like telephones, faxes, or slow dialup modems which are universally available and whose installation and maintenance are relatively well understood. So let's say we do tattoo a number on the inside of everyone's forearm - would that incredible infringement on privacy and freedom and autonomy guarantee us our safety? No, it would not - it would allow us to identify people who had done bad things in the past, and restrict their access to places or things which we anticipate might allow them to cause very great damage in the future - but it would do nothing at all to identify people who have not yet been caught doing anything wrong. It also would not stop otherwise disqualified people from seizing controlled resources by trickery or force, or from assembling destructive things out of otherwise unremarkable consumer goods (like the truck bomb which struck the Murrah federal building in OKC.) Tim McVeigh wasn't wanted or suspected of anything prior to the OKC bombing - identity-based security wouldn't have prevented him from renting the truck, nor buying the fertilizer and airplane fuel used to build his bomb. All of the alleged WTC hijackers passed through immigration and other checkpoints without being detected as dangerous - if the technology and techniques we're discussing wouldn't even have prevented known attacks in the past, how can we imagine they'll be effective in the future? It's a popular fantasy, this idea that people will faithfully report a "true name" which can be matched to a database of past actions which will reliably predict future behavior - but it's a failure in every way, from the notion of a true, unique name, to the idea that access to dossiers can be both widely available and reliable, to the idea that it's possible to know what someone will do tomorrow based on knowledge of his behavior in the past. I can understand why people want to believe that it's possible - much like people want to believe that Marx' vision of Communism is possible, even in the face of many failed attempts which created only misery and starvation and death - but I'm disappointed to see that people's wish that it were possible turns out to be stronger than their common sense which should tell them that it is not. When people talk about "ID checks", they're going down a slippery slope which leads to either ridiculously ineffective charades like our existing airport security - or to a deadly efficient system like forearm tattoos. Is there anyone who wants any part of either of those visions of the future? Can anyone articulate a feasible identity system, using technology available today in third-world countries, which would have prevented events like the WTC attack or the OKC bombing? How about anthrax in the mail? If so, do you really want to live in that world? If not, isn't it time we abandoned this "ID card" fairy tale, and start thinking about how to solve our current problems using the abilities and limitations of our current situation? -- Greg Broiles -- gbroiles@parrhesia.com -- PGP 0x26E4488c or 0x94245961 5000 dead in NYC? National tragedy. 1000 detained incommunicado without trial, expanded surveillance? National disgrace.