At 01:10 AM 11/9/2001 +0100, Nomen Nescio wrote:
[...] A few other irrelevant points have been made. Given that ID is not perfectly reliable, do we need to tattoo numbers on people's forearms? This is the fallacy of perfection. ID can be combined with a simple thumbprint for biometric identification (already widely used for cashing checks) and you will raise the cost of forgery considerably.
Bullshit. There's no real-time on-line database of ordinary citizen fingerprints available to match versus ID cards, even if the cards (which don't exist and haven't been issued) were available. Thumbprints taken in banks don't do anything to immediately ID the person cashing a check - they provide evidence about who got the money, if the check turns out to have been fraudulent or stolen .. but to be worth much, the fingerprint needs to be matched to a name (which is only possible if that finger of that person has been fingerprinted and archived before, and they're both good, readable prints), or to a physical body, which might happen after an arrest. They're evidence which is useful in court, but they don't do a thing to tell the bank whether or not the transaction is likely to fail. So, yeah, sure, thumbprints would let us know if the dead suicide bomber's "real name" was really the one he used to rent the truck or buy the plane ticket .. or if he just got started on his project early enough to get his stolen identity matched to his real fingerprint .. but how, exactly, is that going to Save the Children? I agree that it will help law enforcement agents make a nice crisp presentation in Congressional hearings about how they dug up the suicide bomber's Permanent Record all the way back to preschool less than 45 minutes after they turned a daycare center into a slaughterhouse .. but I don't really give a shit about that. The only way you can use fingerprints and ID cards to begin to prevent the killing in the first place looks like this: 1. Reliably fingerprint everyone on the planet and record their "true name", whatever that is, and issue ID cards to them with that data. 2. Cross-reference the data in (1) with existing criminal, intelligence, mental health data, making sure that in the process of doing that you don't screw up people's right to privacy in medical records, reveal existing investigations, or reveal intelligence sources/methods. 3. Distribute cheap and reliable fingerprint readers all over the planet (or maybe all over the US, though it's hard for me to imagine other countries will cooperate with (1) unless they get them too) so that people's fingerprints can be imaged locally. 4. Build a real-time database capable of storing & retrieving the data from (1) and (2) given fuzzy images from (3), and a network capable of providing simultaneous access for millions of clients. 5. Give access to (4) to everyone who needs it, but prevent them from using the data they gather (like fingerprint images and personal data) for ID theft or impersonation. 6. Develop either an algorithm/expert system which decides which people ID'd within the system are allowed to do certain things (like "board a plane", "buy av gas", "rent a truck", etc), or delegate that decision to many thousands of minimum-wage clerks, who will not be susceptible to trickery nor bribes. Can you get that up and running in, say, 60 days? California has been trying for years to get a vastly less ambitious system working even a little bit at the Department of Motor Vehicles - at one point (several years in) they figured out that they had to throw away everything they'd done so far and start all over again. A project like you propose in your casual, offhand manner is probably 100 times more expensive and more complicated that California's .. but that doesn't seem to scare you. The IRS's computer system is in similar disarray - they can't always find records or correlate things, and they've gone ahead and assigned everyone nice easy numbers, and they operate on a timeframe of months and years, not seconds ticking by at a departure gate or a gas station pump. The FBI tried to build a database of disqualified firearm purchasers for use in the "instant check" process and it's proved to have an error rate of between 5 and 10%. If the CA DMV, the IRS, and the FBI can't get these sorts of databases up and running given their already generous budgets (millions and billions) and timeframes measured in years, how can you possibly think that anything like this is even possible - even before reaching the "is it a good idea?" question.
Many of the hijackers would have been caught simply by cross-referencing their IDs against existing databases. That's what El Al does and they have an excellent safety record in the most terrorist-infested part of the world.
Hmm. Then it's funny that Mohammed Atta (likely the worst-looking on paper, since he's the guy who was meeting with an Iraqi intelligence agent in Prague and had outstanding criminal/traffic warrants) was able to clear Customs when he re-entered the country. The "ID card" fairy tale still loses. Further, your "perfection isn't necessary" argument would be reasonable if we weren't talking about trying to solve a terrorist problem - but it's my impression that's the context of this discussion. The interesting thing about terrorism is that its direct effects aren't especially important - it's the secondary effects on people not physically affected by the event which give terrorism its power. Losing 5000 people in one day to an identifiable cause - or the 3 or 4 that we've lost to anthrax - is absolutely nothing, statistically speaking. Red meat and cigarettes probably kill a WTC's worth of people every day in the US alone - and we probably lose an anthrax letter's worth of deaths every day to even more obscure stuff like bee stings or wading pools. Those events are powerful not because of the people killed and property damaged, but because of the fear that the other 230 million people in the US feel (+ more worldwide), because they're faced with the possibility of successful, similar attacks - and that's why a mealy-mouthed "my security system isn't perfect but it'll reduce the marginal success rate and that's still valuable" doesn't even come close to solving the problem, because people are already freaked out about a statistically insignificant risk. Reducing that infinitesimal risk further without eliminating it is a waste of time. (Accordingly, some measures do nothing to reduce the actual risk but make people feel better because of their superstitious beliefs about the power of guns or databases or the application of arbitrary screening and sorting rules. The placebo effect created by these measures isn't unimportant - but let's create it by more traditional and less risky means, like prayer and faith in supreme beings and/or ritual pledges of allegiance or other ceremonies, instead of wasting lots of time and money creating unstable oppression systems ripe for misuse or takeover.) -- Greg Broiles -- gbroiles@parrhesia.com -- PGP 0x26E4488c or 0x94245961 5000 dead in NYC? National tragedy. 1000 detained incommunicado without trial, expanded surveillance? National disgrace.