At 06:41 PM 10/04/2001 -0400, Arnold G. Reinhold wrote:
I too am very nervous about the prospect of national ID cards. I have an idea for a possible compromise, but I have not made up my mind on it. I'm interested in hearing other people's opinions.
The idea is a federal standard for secure drivers' licenses. These would be cards containing a chip that stores an electronically signed and time stamped data file consisting of the driver's name, date of birth, height, address, photo, and scanned signature, as well as endorsements such as truck, school bus, motorcycle and hazmat operator licenses. All this information is contained in existing drivers' licenses, but in a way that is too easy to forge.
It's a really, *really* bad idea. It's politically much easier to successfully oppose an obviously bad thing, like National ID cards and other internal pass laws, than to successfully oppose incremental changes in existing systems. And forcing states to use uniform practices means that you can't find a place to have a driver's license merely indicate your driving skills, as opposed to hundreds of other uses. For instance, collecting SSNs for driver's licenses, which makes it possible to correlate drivers databases with most other databases in the country, was done back in the 80s, and in many states the SSN is printed on the DL or IS the DL number. (The Federal Privacy Act had little effect on this process - it's just a law, so future laws can easily change it, and did so.) Another big change in DL policies was the requirement for citizenship papers to get permission to drive. Here in California that was largely done to prevent the clear and present danger of people speaking Spanish while driving, and many other states have jumped on the harassing-immigrants bandwagon. Since many jobs need driver's licences (or at least transportation), immigrants now have a major financial incentive to get them, so the price and supply of corruption in motor vehicle departments has gone up substantially. Before this, the main people who needed high-quality driver's licenses were convicted bad drivers who were trying to dodge the system, and that was easier to stop. (There was also a demand for fake ID for underage drinkers, but low-quality fakes are fine for that, and they don't need to be databased.) Driver's licenses have increasingly become tools of social control - the common excuse is "deadbeat dads", and in many states conviction for drug possession offenses also gets them suspended. Until 9/11, you could still routinely travel without government ID, though many airlines have a policy of training their people to lie about "no, that's always been the policy". ACLU Cards with pictures would have helped that - don't leave home without one - but I doubt we'll have that freedom again for a while. New Jersey, BTW, encodes lots of information in the DL number - the S8235 at the beginning of mine was a Soundex for "Stewart", the 5 digits at the end encoded birthdate and I think race or eye color, and some of the middle six digits may have also encoded that, though some were just serial numbers. It provides some security against licenses forged by people who don't know the rules. [They're also listed in plaintext. The forms let you update your address, but not most of the personal data, so my weight still shows what I weighed when I was 22.] As long as there's a driver's license number printed on the card, it's a unique ID for database lookups attached to your name. If the other certifications are encrypted, that means that *you* don't know what they say, but cops who run the card through a computer lookup will - and cops will *have* to run the card through a computer lookup to use them, whereas now they can just look at them if they want. If you could get a card that just had your picture and the certifications, and not your name or address, that might be an improvement, but it ain't gonna happen. And meanwhile, in many states you've got some flexibility about whether the license lists the address where you get snailmail or the address where you sleep or the address where you own land. Expect any uniform standards to erase that. What can the ability to do database lookups do? Well, if the signatures indicate that you're black, or a Registered Republican Voter, or a Welfare Recipient, or a Registered Drug Offender, it's much easier for anybody who wants to target you do do so. If the databases are only accessible to authorized users, that increases the demand for bribable authorized users, especially if the expanded set of uses expands the set of authorized users. It's possible to keep the different sets of information separate, if there's the technical skill and political will to do so, but there's little enough of the former and none of the latter among the kinds of people who'd make the requirements for that kind of system. Bill Stewart --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com