Re: All your mentally ill children are belong to us
Marc de Piolenc wrote:
Nomen Nescio wrote:
And yet we expect airport screeners to ignore past acts of terrorism by a wild-eyed fanatic boarding a plan,
I don't recall anybody being required to do that. Quite a stretch, unless you can cite an example.
Read this from Tim May, November 3: It really is no business of government to know the identities of those whose bags/etc. they are checking. Having government able to single out some travellers for special processing is a recipe for this kind of mischief. BTW, the _wrong_ tack to take would be some argument about a "right to travel," some over-ruling of Southwest's or United's right to pick its customers as it wishes. The preferred approach should be to have no ID at the _security_ checkpoint and to not have any laws requiring ID tied to tickets. He suggests having no ID or other history information available to help screeners make their decision, nothing but whatever clues can be gleaned in the brief moments available. Anybody want to fly *those* friendly skies?
On Thu, 8 Nov 2001, Nomen Nescio wrote:
Marc de Piolenc wrote:
Nomen Nescio wrote:
And yet we expect airport screeners to ignore past acts of terrorism by a wild-eyed fanatic boarding a plan,
I don't recall anybody being required to do that. Quite a stretch, unless you can cite an example.
Read this from Tim May, November 3:
It really is no business of government to know the identities of those whose bags/etc. they are checking. Having government able to single out some travellers for special processing is a recipe for this kind of mischief.
BTW, the _wrong_ tack to take would be some argument about a "right to travel," some over-ruling of Southwest's or United's right to pick its customers as it wishes. The preferred approach should be to have no ID at the _security_ checkpoint and to not have any laws requiring ID tied to tickets.
He suggests having no ID or other history information available to help screeners make their decision, nothing but whatever clues can be gleaned in the brief moments available. Anybody want to fly *those* friendly skies?
I will. As long as the folks on my flight have been screened for weaponry, I don't give a fuck if they ar Pol Pot, Georgie Bush (I/II), or OJ Simpson. Even mass murderers (like the above list) should be able to fly if they are weapon-free. How would knowing Bush's _identity_ help to prevent him from killing people? -- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
"Nomen" doesn't get it. One can say it's no business of government while supporting the right of private firms to do background checks on their passengers, or strip searches if that's what they feel is necessary. Of course that also means supporting the right of travelers to take their business elsewhere if they find the measures objectionable. -Declan On Thu, Nov 08, 2001 at 06:30:03AM +0100, Nomen Nescio wrote:
Marc de Piolenc wrote:
Nomen Nescio wrote:
And yet we expect airport screeners to ignore past acts of terrorism by a wild-eyed fanatic boarding a plan,
I don't recall anybody being required to do that. Quite a stretch, unless you can cite an example.
Read this from Tim May, November 3:
It really is no business of government to know the identities of those whose bags/etc. they are checking. Having government able to single out some travellers for special processing is a recipe for this kind of mischief.
BTW, the _wrong_ tack to take would be some argument about a "right to travel," some over-ruling of Southwest's or United's right to pick its customers as it wishes. The preferred approach should be to have no ID at the _security_ checkpoint and to not have any laws requiring ID tied to tickets.
He suggests having no ID or other history information available to help screeners make their decision, nothing but whatever clues can be gleaned in the brief moments available. Anybody want to fly *those* friendly skies?
Nomen Nescio wrote:
He suggests having no ID or other history information available to help screeners make their decision, nothing but whatever clues can be gleaned in the brief moments available. Anybody want to fly *those* friendly skies?
I already have...years ago. And I would gladly take whatever accrued risk there was to have those civilized times return. Marc de Piolenc
The confusion "Nomen Nescio" shows in thinking that an is-a-person government tracking system fixes the airline security problem is common these days. It's the same confusion that causes many to think national I.D. cards will fix current pressing problems. They won't. This is the same "security ticket" problem that shows up in computer security with malicious actors obtaining passwords or other access permissions. The time-honored alternative for airline security, and many other types of security, is to not rely on permission slips or identity credentials. Rather, it is to PHYSICALLY inspect. Think of this a "capability," in OS/KeyKOS/E language terms. Instead of some security or identity credential, a direct determination that an object (passenger) can only have certain kinds of access and property combinations ("no bombs allowed with passenger"). The way to ensure that an object or agent does not go outside certain bounds (e.g., to erase or overwrite files) is not to trust some issuer of a credential from afar but to require specific allocation of access rights in the object or actor itself. (This is not meant to be the most concise or elegant phrasing of what capabilities are. Cf. the usual sources, includinging Hardy, Tenenbaum, Miller, etc.) Now if El Al or another airline wishes to require identity credentials issued by California or Israel or whatever, this is their choice (in a free market, that is). As I have written about in the past, some airlines already use credentialling systems very similar to a "web-of-trust" or "introducers" model. Private transport companies, for example. Much the way companies hire people they know, or get to know. "Vouching for" and all that stuff. There is no one single security model. Security is part of an ecology of actors, with methods, capabilities, and propagation of belief/trust issues. The problem I have with the current regime of soldiers with M-16s demanding identity credentials is the simple-minded nature of it, losing the nuances of market alternatives, and accelerating trends toward a identity-centric state. Nomen Nescio and others should read Chaum's "Credentials without identity" papers. A true name is just another credential, not necessarily more important than any of several other credentials. People should think deeply about this issue. --Tim May, Citizen-unit of of the once free United States " The tree of liberty must be refreshed from time to time with the blood of patriots & tyrants. "--Thomas Jefferson, 1787
At 09:46 AM 11/8/2001 -0800, Tim May wrote:
The confusion "Nomen Nescio" shows in thinking that an is-a-person government tracking system fixes the airline security problem is common these days. It's the same confusion that causes many to think national I.D. cards will fix current pressing problems. They won't.
[...] Nomen Nescio and others should read Chaum's "Credentials without identity" papers. A true name is just another credential, not necessarily more important than any of several other credentials. People should think deeply about this issue.
Indeed. It's popular to frame this as a "this or that" question - like we've got a choice between terrorism (or insecurity) and security without privacy, and it's time for some group of people to deliberate carefully about the right choice to make, or the right way to balance mutually exclusive options. There is no such choice - the is no other side to bargain with, who will accept our privacy or autonomy or liberty in exchange for guaranteed safety. We can't build any sort of reliable security infrastructure on top of our existing identity scheme. Our current scheme doesn't provide for one-to-one mappings between people and identities, it doesn't provide for reliable ways to validate a proposed match between a meat body and an identity, and it provides a multitude of informal and traditional ways to adopt additional or alternate identities in a perfectly legitimate and orderly way. There's simply no way to enforce or implement an "identity" system meant to track humans if all of the elements of the system are pure information, because people who want to defeat the system will report misleading or incomplete information. It's also wildly impractical to even think of issuing some sort of physical token to the *billions* of people on Earth - people cannot (and will not) preserve them against loss, theft, damage, and so forth - nor can they be trusted not to falsely report loss or theft, or to sign up for multiple identities. Tokens which become associated with negative histories will be "lost" immediately; and tokens associated with positive histories will be targets of fraud and theft. The only way to manage identity with the robustness required to provide the sort of trackability and accountability required for an application like that proposed is to use some sort of biometric identifier. Nazi Germany (and I don't bring them up just for shock value) understood that, and used tattooed numbers on the arms of Jews and other unfortunates to eliminate the possibility of identity fraud or theft. In light of the logistical and capital requirements which a high-tech biometric system would require - and since we're talking about international travel and international border crossing, a strong ID project must be worldwide, not just US-based - it's simply not possible to think that we'd be able to use some sort of sexy high-tech retinal scanners, fingerprint scanners, hand geometry scanners, and so forth, to form the biometric basis of identity in such a system. The infrastructure doesn't exist, and can't be developed and deployed in anywhere near the time scale which would be required to address our current security problems, and the initial and recurring costs would be astronomical. The only way we could implement a system like that, starting this year, would be with good old-fashioned human-readable or human-measurable factors which are unchangeable, or at least very difficult to change - and that means something like tattooing or branding every living human being, on a part of their body that's likely to be publically visible, so an unmarked person (or person with altered marks) would be immediately conspicuous. A human readable-mark like a tattooed number would allow border guards, immigration workers, employers, and others to verify a person's status and provide updates using analog technology like telephones, faxes, or slow dialup modems which are universally available and whose installation and maintenance are relatively well understood. So let's say we do tattoo a number on the inside of everyone's forearm - would that incredible infringement on privacy and freedom and autonomy guarantee us our safety? No, it would not - it would allow us to identify people who had done bad things in the past, and restrict their access to places or things which we anticipate might allow them to cause very great damage in the future - but it would do nothing at all to identify people who have not yet been caught doing anything wrong. It also would not stop otherwise disqualified people from seizing controlled resources by trickery or force, or from assembling destructive things out of otherwise unremarkable consumer goods (like the truck bomb which struck the Murrah federal building in OKC.) Tim McVeigh wasn't wanted or suspected of anything prior to the OKC bombing - identity-based security wouldn't have prevented him from renting the truck, nor buying the fertilizer and airplane fuel used to build his bomb. All of the alleged WTC hijackers passed through immigration and other checkpoints without being detected as dangerous - if the technology and techniques we're discussing wouldn't even have prevented known attacks in the past, how can we imagine they'll be effective in the future? It's a popular fantasy, this idea that people will faithfully report a "true name" which can be matched to a database of past actions which will reliably predict future behavior - but it's a failure in every way, from the notion of a true, unique name, to the idea that access to dossiers can be both widely available and reliable, to the idea that it's possible to know what someone will do tomorrow based on knowledge of his behavior in the past. I can understand why people want to believe that it's possible - much like people want to believe that Marx' vision of Communism is possible, even in the face of many failed attempts which created only misery and starvation and death - but I'm disappointed to see that people's wish that it were possible turns out to be stronger than their common sense which should tell them that it is not. When people talk about "ID checks", they're going down a slippery slope which leads to either ridiculously ineffective charades like our existing airport security - or to a deadly efficient system like forearm tattoos. Is there anyone who wants any part of either of those visions of the future? Can anyone articulate a feasible identity system, using technology available today in third-world countries, which would have prevented events like the WTC attack or the OKC bombing? How about anthrax in the mail? If so, do you really want to live in that world? If not, isn't it time we abandoned this "ID card" fairy tale, and start thinking about how to solve our current problems using the abilities and limitations of our current situation? -- Greg Broiles -- gbroiles@parrhesia.com -- PGP 0x26E4488c or 0x94245961 5000 dead in NYC? National tragedy. 1000 detained incommunicado without trial, expanded surveillance? National disgrace.
On 8 Nov 2001, at 11:58, Greg Broiles wrote:
It's a popular fantasy, this idea that people will faithfully report a "true name" which can be matched to a database of past actions which will reliably predict future behavior - but it's a failure in every way, from the notion of a true, unique name, to the idea that access to dossiers can be both widely available and reliable, to the idea that it's possible to know what someone will do tomorrow based on knowledge of his behavior in the past.
Right. To be brutally specific, identification is generally useless for preventing suicide bombings, because suicide bombers tend not to be repeat offenders. George
Tim May wrote:
Nomen Nescio and others should read Chaum's "Credentials without identity" papers. A true name is just another credential, not necessarily more important than any of several other credentials. People should think deeply about this issue.
I would like to read these papers. Are they available on-line? Marc de Piolenc -- Remember September 11, 2001 but don't forget July 4, 1776 Rather than make war on the American people and their liberties, ...Congress should be looking for ways to empower them to protect themselves when warranted. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. - Benjamin Franklin
On Thursday, November 8, 2001, at 07:09 PM, F. Marc de Piolenc wrote:
Tim May wrote:
Nomen Nescio and others should read Chaum's "Credentials without identity" papers. A true name is just another credential, not necessarily more important than any of several other credentials. People should think deeply about this issue.
I would like to read these papers. Are they available on-line?
If they are, search engines will very likely have indexed them. I would do the search for you, but your retainer has expired. Some of the primary papers are: David Chaum. Showing credentials without identification: Signatures transferred between unconditionally unlinkable pseudonyms. In Advances in Cryptology --- Eurocrypt '85, pages 241--244, New York, 1985. Springer-Verlag. Chaum, D. and J.H. Evertse, Showing credentials without identification: signatures transferred between unconditionally unlinkable pseudonyms, Proceedings of Crypto '86, Springer-Verlag, 1987. There is much discussion on the Cypherpunks list, and even reference in the Cyphernomicon. --Tim May "The Constitution is a radical document...it is the job of the government to rein in people's rights." --President William J. Clinton
Tim May wrote:
I would like to read these papers. Are they available on-line?
If they are, search engines will very likely have indexed them.
I would do the search for you, but your retainer has expired.
Just thought you might know offhand. Search engines it is... Marc de Piolenc
participants (7)
-
Declan McCullagh -
F. Marc de Piolenc -
georgemw@speakeasy.net -
Greg Broiles -
measl@mfn.org -
Nomen Nescio -
Tim May