Rich Graves makes some very good points, but he said something I want to riff on. (And as a measure of how apologetic some folks are getting about discussing anything not on Perry's List of Approved Topics, Rich unfortunately labeled his post "[ID point semi-off-topic]..." In fact, the issue of credentials and identity is NOT off-topic, not even semi-off-topic. It is central to the themes of our list. I urge all to read Chaum's seminal work on "credentials without identity.") At 1:05 AM 11/5/95, Rich Graves wrote:
Proving legal residency requires a combination of two documents, one each from specified lists. Most commonly a driver's license, green card (which is actually pink), or birth certificate from list A, and a social security card from list B.
Chris Hibbert's SSN FAQ talks a little bit about how this works, and why it's a Good Thing. Basically, for privacy and security reasons, it is a very good idea to separate the issues of identity and authorization.
I don't care how securely you can authenticate who I am -- by PGP, retinal scan, whatever. I do not want a single digitizable token to be the key to my identity. Even if that identity cannot be forged (and everything can be forged), it can be used to track me, by the government, by the Direct Marketing Association, by the private investigators of certain wacky ....
Chris's (or Chris') points are admirable, but getting more and more irrelevant by the day. The notion of unlinking identity and authorization by separate pieces of identification is another form of "security through obscurity." The two forms of credentials can be linked in data bases. Just because one piece of ID has citizenship or voting status and another has other stuff is meaningless, provided the ID forms can be linked. As they can, in multiple ways. The credit tracking agencies can do this trivially, with names, social security numbers, driver's license numbers, addresses, phone numbers, etc. All are pointers into the cloud of numbers that constitutes one's dossier. Happily, Chaum's work on "credentials without identity," based essentially on the kind of "blinding" used in digital cash (with some differences, of course), allows for one to display a credential showing one is old enough to enter a bar or library (in 2005), without revealing a name (which is just another credential). --Tim May Views here are not the views of my Internet Service Provider or Government. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."