funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [privacy] U.S. Senators Propose Repeal of National ID

From: "Dennis Henderson" <hendomatic () gmail com>
Date: Tue, 19 Dec 2006 19:50:15 -0600
*sigh* did you actually read my email? I mentioned a solution in the
second paragraph.

<quote>

The concept should be authenticate for purpose (e.g. my bank should
provide authentication for me to use my account, my doctor should provide
authentication for me to get prescription medicines etc).
</quote>

With all due respect, your "solution" was totally surrounded by anecdote and
commentary.

My apologies for not reading the paragraph carefully enough to set off my
"solution" trigger.



The problem is that governments seem to believe an ID card will stop
terrorism, stop fraud, stop illegal immigration, stop underage
drinking/smoking/sex, cure aids, make cold fusion work and cause world
peace. They won't do any of the above, in fact, with some (e.g. fraud)
they have the potential to make them worse.



So, there's several solutions:
1. Introduce an ID card, watch lots of commercial companies abuse it;
watch lots of government employees abuse it; because the back end will be
made to a tight deadline by the cheapest bidder, watch hackers and culture
jammers abuse it; watch the secret services abuse it; watch the whole
relationship 'twixt state and citizen change around.
2. Don't bother, carry on with the current system, though flawed is
working.
3. Use an independently secured, openly verified with key (i.e. public)
auditability of design backend to allow the distribution of identification
tickets for the required service.
4. Move away from the ID culture, only require ID for essential services.

To solve it properly you need a combination of 4 and 3. In some cases,
e.g. opening a bank account, ID shouldn't be required (the money
laundering excuse is a load of bollocks) so we chose 4. In others, e.g.
buying restricted items, a token part of identification is required (hence
not all items should be viewed), so we chose 3.

In simple terms an ID solution needs to be designed according to current
and future need, following the principles of privacy (for the citizen) and
security (e.g. least amount of information presented, high auditability,
open design) and quality (not to the lowest bidder). This is not what the
UK or US governments are doing - they're starting from a position of "we'd
like an ID card and a national database of all our citizens" and then
trying to justify it, design it, then look at the requirement.




OUCH, i had to turn down my "solution" detector.. it just went to 11....

These are the ideas that are very valuable.

Thanks for taking the time to respond again!


Dennis

_______________________________________________
privacy mailing list
privacy () whitestar linuxbox org
http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Previous By Date Next
Previous By Thread Next

Current thread: