Howard Dean's speech calling for smartcard-based national ID [priv]

[Declan McCullagh <declan () well com>]

Column on Dean's privacy views:
http://news.com.com/2010-1028-5146863.html

---

GOV. HOWARD DEAN
STATE OF VERMONT
Prepared remarks to state DMV administrators

March 27, 2002
Pittsburgh, Pennsylvania

[...]

It is time to take a serious look at hardware and smart-card based
solutions.

I believe that the states -- and therefore you -- will lead the way in
the discovery and implementation of greater digital security. Some of
you have already begun this process.

States can move faster than the federal government to ensure that
employees accessing the state’s network are indeed who they say they
are and that they are doing legitimate business.

But it would be shortsighted to imagine that your work is limited to
solving these problems only for state employees.

State Chief Information Officers, and each of you here today, have
tremendous power to forge a solution that will set the standards for
securing devices for all of us, not just those accessing state
resources.

We must develop flexible solutions that will likely require the use of Smart
Cards and some form of hardened security in a reader or desktop device.

For example, one state’s Smart Card driver’s license must be
identifiable by another state’s card reader. It must also be easily
commercialized by the private sector and included in all PCs over time
-- making the Internet safer and more secure.

In an age where identity and trust are paramount, the fact remains
that the only viable form of universal identity in the U.S. today is
the state-issued driver’s license.  Think about it: When you entered
the airport or the train station to travel to this conference, how
many times did you use your driver’s license to prove your identity?
Remember -- this is the same driver’s license that teenagers alter in
order to get into a club or buy cigarettes. Terrorists do it all the
time. They did it on September Eleventh.

As you know, states have made great strides in developing drivers
licenses that are difficult to counterfeit --- even by ingenious
teenagers.  But the question remains --- how does an airline agent at
the Pittsburgh airport know what an Alaska or Florida license is
supposed to look like, let alone identify a counterfeit?

It is clear that the state issued driver’s license is the current
identification standard. It is also clear that this is certainly an
inadequate way to go through this uncertain world.

Many in private and public life have called for a national
identification card. In spite of Larry Ellison’s offer to provide the
necessary software for free --- this has raised a public outcry
concerning privacy and sharing too much private information with the
government.

We can’t let this become our briar patch. I’m from Vermont and believe
me, government is kept at a respectful but very conscious distance.
Reality demands that we understand ---First --- that the rise of
empowered individuals whose single mission is to destroy Americans
means that we have to fight them at an INDIVIDUAL level and second ---
that we have already ceded our private information to faceless credit
card companies and direct marketers who then sell it for a profit.
Now --- I believe that our nation has the technological capacity to
protect both our privacy and our way of life.

And I am convinced that these complex solutions rest in a successful
partnership between private enterprise and government --- led by state
governments.  As we stand here today, please accept the vital
challenge I offer each of you.

The solutions you create to protect your state’s networks must be
implemented in a complimentary manner, allowing interaction between
every state of the Union.

We must tighten driver’s license standards among the
states. Fortunately, this work has already begun, led by the American
Association of Motor Vehicle Administrators’ Task Force on ID
Security.

Beyond that, we must move to smarter license cards that carry secure
digital information that can be universally read at vital checkpoints.
And we must include new security features to provide ever-greater
protection against counterfeiting.

Issuing such a card would have little effect on the privacy of
Americans.  I understand that you will be discussing privacy issues at
a later workshop in this important conference --- but let’s take a
moment to look at privacy in America today.

In many ways, privacy is the new urban myth.

Your credit card company knows every flight you’ve taken; they know
your rental car, your hotel, the movies you watched, and where you had
breakfast. Credit card companies have a stake in knowing everything
about you because it’s a marketer’s dream.

The information for sale regarding your private life is detailed --
and lucrative.  When it comes to the Internet, every web page you have
ever visited, every e-mail you have ever sent, every word you have
ever typed, is stored somewhere and can be accessed by someone with
the right skills. And as you well know, it’s not just the Good Guys
who possess these skills.

What’s the fastest growing crime in the U.S.? Identity theft ---
stealing individuals’ identities --- not just their credit card
numbers but their very existence.  So, is the answer to create an
Orwellian Ministry of Information? No. It’s about creating safe
passage through a free but threatened life.

We will not, and should not, tolerate a call to erode privacy even
further --- far from it. Americans can only be assured that their
personal identity and information are safe and protected when they are
able to gain more control over this information and its use.

Again, this points to Smart Card adoption and development of card
readers that limit information access but also confirm it --- when
appropriate.

The same Smart Card that confirms that a person is a registered voter
can also be used to validate age in a liquor store.

The Smart Card owner may decide to put her medical information into
the card database, which can be accessed by an Emergency Medical
Technician with a universal authorization code. That EMT can learn the
blood type and complete medical history of an unconscious accident
victim.

The beauty of the Smart Card is that the liquor store doesn’t know
anything but age, and the hotel doesn’t know about non-hotel
purchases, and the state knows nothing about any of it.

On the Internet, this card will confirm all the information required
to gain access to a state network -- while also barring anyone who
isn’t legal age from entering an adult chat room, making the internet
safer for our children, or prevent adults from entering a children’s
chat room and preying on our kids.

A Smart Card reader at the airport, adapted to a universal standard
perhaps designed by those in this very room, could match the ticket
and the baggage with the card presenter.

Recently, Sen. Dick Durbin of Illinois and Rep. Jim Moran of Virginia
introduced legislation to provide funding to states to increase the
security features of driver’s licenses. The Moran Bill provides
additional and specific funding to states to develop Smart Card
capabilities.

I strongly support these efforts and urge you to do the same.

The European Union is ahead of us because they adopted Smart Card
technology long ago. The EU has ambitious plans to deploy Smart Cards
and Smart Card readers throughout the continent -- and to securely
deliver electronic government services, electronic banking, and
electronic commerce.  Hong Kong is using Smart Card technology with
biometrics at security check points.

My view is that the technology is here but that Americans are reluctant to
adopt it. It’s time to overcome our fears

The American resistance to the Smart Card also came from the private
sector, which was initially the only card issuer. It costs $15 to
produce a chip-bearing card versus 80 cents to issue a card without
the security chip. Costs have now gone down dramatically.

Many new computer systems are being created with card reader
technology. Older computers can add this feature for very little money.

[...]
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)