Re: How to win the new war
Tim May wrote:
On Friday, September 14, 2001, at 08:53 AM, Howie Goodell wrote:
<snip>
One example: the IDs for airplane crews, and eventually everyone who travels or goes near an airliner, could be "smart cards" containing their owners' biometric identifiers -- like fingerprints, voice, picture, and retinal scan -- cryptographically signed by the agency that collected them.
You are not a friend of ours. This is such a leap into the Surveillance State Void that I am speechless that any member of our list, even Choate or Farr, could advocate it.
... In fact the scanners could be designed without removable storage or communications links: after a few days they would erase
This last point is crucial. Most of the debate about
Allow me to re-quote the end of my paragraph, and following paragraph which was the one I really cared about: their records unless they were read out after a hijacking. personal identification assumes there is a fundamental trade-off between being insecure and becoming a police state; therefore democracies have to settle for some compromise that is only halfway secure and only halfway free. This is not true today. Electronic and cryptographic technology like David Chaum's "blind signature" and "personal representative" lets us design systems with both strong security and strong protection of privacy and individual freedom. (See his August, 1992 _Scientific American_ article, "Achieving Electronic Privacy".) My point was that we should sell crypto as a way to achieve security. That's a product people are buying this week. Cryptographic protocols can square the circle; provide both privacy and security. So let's be imaginative and sell, sell, sell! These smart cards don't need to be connectable to your identity; just your body and a responsible party's signature. American Airlines and Lloyds put $1B behind my biometrics being one of an authorised class of pilots or plane cleaners. Who I am isn't necessary. Biometric scanners can be open source as well as unconnected. The signature on the card can be blind (albeit after a mind-boggling number of Chaumian challenges.) Databases of biometrics can be separated from identity and accessed through remailers. If we can get the bandwagon rolling our way, we have a chance to steer it. If not -- well, you're better at those metaphors. Take care! Howie Goodell -- Howie Goodell hgoodell@cs.uml.edu Pr SW Eng, WearLogic Sc.D. Cand HCI Res Grp CS Dept U Massachussets Lowell http://people.ne.mediaone.net/goodell/howie Dying is soooo 20th-century! http://www.cryonics.org
At 01:44 PM 9/14/2001 -0400, Howie Goodell wrote:
These smart cards don't need to be connectable to your identity; just your body and a responsible party's signature. American Airlines and Lloyds put $1B behind my biometrics being one of an authorised class of pilots or plane cleaners. Who I am isn't necessary.
No, but what's going to sound more comforting to worshippers at the temple of the power trip: 1. Credentials without privacy violation, which chart a careful course between the risks of overidentification and the risks of overauthorization/overpermissiveness, a la Chaum - or 2. A big centralized database/control center, where serious-looking men with guns and uniforms will sit in swivel chairs and look at computer screens 24x7, using zoom lenses and database queries to inspect every movement or deviation from what's considered normal? This isn't just a technical question, it's a marketing question, and people are learning/have learned to feel safer when someone's monitoring them, and others, too. People believe that their experience as a subject of control and the exercise of power makes them safe - and that the feeling of not being controlled, or the idea that others are not being actively controlled (or at least monitored, to ensure that their internalized controls are functioning) is scary to them. Things aren't going to get better until people learn to abandon the false security of the control fetish, and learn to operate in an environment where uncertainty and risk are significant factors. -- Greg Broiles gbroiles@well.com "We have found and closed the thing you watch us with." -- New Delhi street kids
Greg Broiles wrote:
At 01:44 PM 9/14/2001 -0400, Howie Goodell wrote:
These smart cards don't need to be connectable to your identity; just your body and a responsible party's signature. American Airlines and Lloyds put $1B behind my biometrics being one of an authorised class of pilots or plane cleaners. Who I am isn't necessary.
No, but what's going to sound more comforting to worshippers at the temple of the power trip:
1. Credentials without privacy violation, which chart a careful course between the risks of overidentification and the risks of overauthorization/overpermissiveness, a la Chaum -
or
2. A big centralized database/control center, where serious-looking men with guns and uniforms will sit in swivel chairs and look at computer screens 24x7, using zoom lenses and database queries to inspect every movement or deviation from what's considered normal?
The point we need to make is that you can be far *safer* with Chaumian anonymous credentials etc. How long would it take to persuade people to have their biometrics checked and compared with a central server and recorded forever -- even this week? The key point is to rely on a digital signature. The rest is incremental. Howie Goodell -- Howie Goodell hgoodell@cs.uml.edu Pr SW Eng, WearLogic Sc.D. Cand HCI Res Grp CS Dept U Massachussets Lowell http://people.ne.mediaone.net/goodell/howie Dying is soooo 20th-century! http://www.cryonics.org
participants (2)
-
Greg Broiles -
Howie Goodell