Questions of Identity and Privacy

There are legitimate needs in today’s world to establish that I am who I say I am, and that no one else be able to claim to be me. There must be some way to accomplish that, but the Real ID Act is certainly not the way to do it. But if Libertarians are to be taken seriously on the issue, we need to offer a means to accomplish the good without imposing the bad. So, lets look at the needs and the methods for meeting them without establishing a system for tracking and spying on private citizens who are not criminals. The needs, as I see them, along with possible solutions are:

  • Absolute Certainty of Identity – It is desirable that when I board an airplane,that  the airline,  which is responsible for my safety, know that I am who I say I am, and that my fellow passengers are who they claim to be. It is not necessary that the government know when and where I travel, nor is it necessary that the airline maintain a record of that travel after the airplane has arrived safely at its destination. The Airline, would be justified in refusing transport to anyone who will not disclose his true identity, or to impose additional search and security requirements for those who insist on traveling anonymously.Likewise, when a purchase is made in my name, health care is required and I am unable to provide my history, or a vote is cast, it is desirable that an absolute guarantee of identity is available to the seller, the health care facility and the voting officials securing the election from fraud. But it is not necessary, nor desirable, for  government to know what I buy, or where or when, nor what  health care I might require.  The voting officials need to know I am who I say I am, but they have no need to know where I have traveled, what I have bought, nor the status of my prostate.
  • A Unique Identifier – When I google  my name, there are a lot of William Donald Tabor’s out there. Not to mention the Dons, Donalds, Bills, and other alias and variants. And I’m not even a John Smith or a Mohamed Hussein, which number in the tens of millions. So, a name alone is not sufficient to the need. Whether it is social security number, Driver’s License Number, or some other identifier beyond just a name is required. This is not so difficult to accomplish, my credit card has a sixteen digit number and Mastercard is quite capable of handling my purchases without the assistance of the NSA.
  • Resistance to Counterfeiting – Any technology on a card can be defeated, or the card can be stolen, so biometric comparisons will be necessary to establish that the person presenting the card is, in fact, the owner of the card. Technology can reliably express biometric identifers such as finger prints, iris prints and facial landmarks as computer data, but there is no point in putting this information on the card itself. Only a machine readble number is needed. The biometric information is better stored by the card’s issuer at a secure server.  A countrfeiter could simply create a card with my number but his picture and biometric data on it. Only by comparing the stored biometric data with the actual person, is identity assured.
  • Privacy and Control of Access – Real ID or not, privacy today is largely an illusion. Simply blocking Real ID does little, new law would be required to regain the privacy we have lost in recent years to the improvements in computing capability. Police and Homeland Security already have databases of their own and access to privately held data.  We have little control of data once it has been collected. Even such innocuous data as EZ -Pass toll information has been subpoenaed in divorce cases, so it is hard to imagine what the NSA  cannot access once their interest in us has been raised. Real ID would at most standardize and lower the cost of such data mining.

So, how do we meet the legitimate goal of identity protection and still retain, and regain our privacy and curb the lust of government to spy on us?

It would seem that bypassing government and contracting for this service with the private sector would be the best way. Quite simply, our credit card companies already have 90% of the capablility. They need lonely add biometrics  to fullfill all the legitimate goals of Real ID and a medical database link(if desired) to centralize medical records. But the problem of privacy would remain so long as government has the ability to access these records without due process.

One possibility would be to obtain our enhanced ID/credit cards from Swiss banks which are more reluctant to share their data, but new law, possibly even a Constitutional Amendment guaranteeing our control over our own electronic records would ultimately be needed.

If their are better ways to accomplish these goals, I would very much like to hear them, because if we cannot find a way to satisfy the public’s demand for the legitimate needs for identity protection while protecting our privacy rights, Read ID will become reality.

Advertisements

9 Responses to Questions of Identity and Privacy

  1. Reid Greenmun says:

    Okay, so then your solution would be for the government to hire a private firm to determine if we can have access to our Federal government – by way of access to Federal buildings? Somehow I don’t like the notion that a corporation can prevent ME, a citizen, from access to my Federal Government. What redress will I have when (not if) the Corporation screws up and denies me access to my government – especially if I am attempting to speck on behalf of legislation that is up to a time critical vote? Should the Corporate entity delay me and I miss my opportunity to speak – or attend – it is too late to “make it up to me later.

    We all know that Corporations have their own agenda when it comes to attempting to sway our Federal government.

    I am reminded of the old film, Robo Cop. A film that revealed the dangers of our Government turning over Government responsibilites to “the private sector”.

    Corruption is rampid in the Corporate world – as it is our Government. The difference is that we can hold Government more responsible in some cases then the private sector. This is because we are supposed to have open and transparent Government. Corporate decisions are allowed to remain hidden from view of the public.

  2. Don Tabor says:

    No, I don’t want the government to hire anyone. I WANT TO HIRE a company of my choice to guarantee my identity, and to guarantee no one else can claim to be me.

    If my credit/debit cards are linked to a biometric database, and my card issuer will not guarantee payment unless that database is used to confirm my identity, that kind of card will become the unofficial, but universally accepted, means of proving identity. But it will have no connection to government, though the government may, or may not, accept those cards as proof of identity for its own uses, just alike anyone else.

    If the government requires proof of identity for entry into a public building, then that is an entirely different problem, whether they accept these proposed private ID cards or not. I agree that they should not, but that is a separate issue from proof of identity WHEN I WANT TO PROVE IT.

    The important thing is that the database will not be in government hands and will require a subpoena to access it. Unless I get may card from a company outside US jurisdiction, in which case accessing it would require invading Switzerland.

    Government will always have the police powers granted by the people. I want to separate those police powers from private data acquisition, which is going on every day in any case.

    As things stand now, unless you use cash only, your purchases and thus your movements can be tracked by government access of your credit card and banking info, which has become easy to get since the Patriot Act. At one time, such tracking would have required pouring over lots of ledgers by dozens of accountants, but now it can be done with a few keystrokes. Advances in technology have already made privacy a matter of whom we trust with our data, and I would rather trust a credit card issuer of my own choosing than the IRS or Homeland Security. If that issuer proves to be careless with my data, I can take my business elsewhere. You can’t do that with government.

  3. Len Rothman says:

    I understand your reluctance to trust the government. But a few issues pop up:
    1) Who will run the biometric database that everyone agrees is reliable and trustworthy?
    2) Corporate credit entities buy and sell your information with absolute impunity.
    3) In the last year I have gotten no less than 3 warnings from various private agencies that their security has been breached.
    4) How will you enter a restricted access public building if, as you mention, they should not accept your form of identification? Today, that could be anything from City Hall to libraries.
    5) Since stolen identities get credit cards now from information that is obviously not cross checked or verified (such as my ID with a new address in California), how does that make credit agencies any more trustworthy then the guy down the street selling bogus SS numbers?

    It is not an easy solution. And I am not sure that the more ID issuers, the better. It just makes it easier for a Russian cyber gang to issue ID’s under a phony company.

  4. Don Tabor says:

    Len, I think you are conflating a number of separate issues that should be considered separately.

    1) There could be multiple providers for confirming identity. I’m not sure which technology will win out, but the process could be quite simple. You would swipe your card which would read your unique identifying number, and scan a finger or eye print, which would be reduced to data and transmitted to your card issuer. If the number and the biometric data match their records, the transaction is approved, which could be a credit card charge or just an identity check. I would imagine AMEX, VISA, MC and Discover, as well as others would all compete to provide the service. At this point, all that has been done is to verify who you are and if you have the funds or credit for the transaction. The only difference between this and the current situation would be the certainty that the person presenting the card is the registered owner.
    2) If I am unhappy with the treatment of my data by my card isuer, I can take my business elsewhere. There is no alternate DMV if we allow government to provide proof of identity. Beyond that, the information on purchases you make with your card are no more, nor less, available than they are now.
    3)Again, the identity service would not be affected by security breaches. Someone obtaining your biometric data does them no good unless they can duplicate your eye or finger at the point of sale or entry.
    4) Requiring proof of ID of any kind to enter a government building is a Constitutional problem regardless of how that identity is verified.
    5)The identity verification I suggest would simply establish the the person using your card is indeed Len Rothman, other than that, it would be no different than the credit card you now use.

    But no one could board an airplane with a phony Len Rothman ID, or use a counterfeit card to make charges on your account. You could choose to link that identity to a medical database under your control, or not, as you wish, either operated by your cad issuer or some other entity.

  5. Reid Greenmun says:

    Don, how easy will it be for terrorists to infiltrate such businesses and issue “real” IDs to their agents? Think about it, right here in Virginia Beach we have had examples of DMV workers issing false Virginia Driver licences and selling them to illegal aliens at a restaurant across the street from a police precint! The folks issuing the REAL driver’s licences will false information were a ring of long time DMV employees!

    This situation brings us back to the REASON the DHS wants a Federal Government run “REAL ID” program – because the state’s have proven they can’t be trusted to police themselves.

    Of course the Federal government doesn’t have such a stella track record either – here in Tidewater we recall Mr. Walker who was cleared by the DOD with a Secret clearance and sold our military secrets to the Soviets for a pitance.

    As was pointed out here, the private sector uses bottom line rationale when the hire. Often that leads to low pay and high turn over. This makes it even MORE likely that a private firm will have it’s system breached by determined terrorists.

    The DHS has a task of doing what they can to make our nation more secure. We now realize what excellent guided missles our fleet of commercial airlines make. That makes the DHS tasked with figuring out how to prevent another 9-11 attack.

    But now we find that ACCESS to our Federal Government buildings has been added to the scope of the READ ID act. Maybe that is the problem – or at least a place to begin. Citizens should not be denied access to our Federal government.

    Further, this is a state;s rights matter – the Federal Government does not have a Constitutional mandate to force states to change the manner in which states issue driver’s licences.

    Lastly, the REAL ID bill FAILS to include adequate safeguards – and adequate criminal and civil penalities for the protection of the personal information that will be collected and stored in one or more databases as a result of the technology used with the REAL ID card.

  6. Len Rothman says:

    Right now, when someone steals my ID by getting my name, SS#, bank #, etc., they establish a new Len Rothman, with a new address, a new signature, etc. So let us add to that a new biometric data with the thief’s finger/eye print. Simple. Now we have the same situation as before, but with more “trusted” data. This is particularly problematic if you have several providers of biometric data. I may be in each one under Len Rothman, but with different miscreants.

    With all the foul ups in the credit and data base information business, I have not much faith in the ability of the private industry to maintain security. Sure, I can move my business elsewhere, but that means my ID is still floating around with company “A” instead of the new, improved company “B”.

    The data information business today is nothing more than a market place for my information to be bought and sold without any permission or compensation for me. Putting profit on security will only lead to sale of that security for more profit. As the market dwindles, the pressure to sell more and more names for money will increase, and the bar for security will get lower and lower to get more names. If you have a system where the number of databases you have determines your profit, then it won’t take long to lower standards in order to increase sales.

    The reason we have rampant ID theft today is because the credit bureaus deem it too expensive to verify changes of address, etc.. The individual has to pay for a freeze of his own data. Galling to me. They sell my information, they screw up and I have to pay. I don’t feel comfortable letting that kind of business plan provide for my security.

    In addition, these security companies would most likely be international in scope. Much easier to penetrate and provide false ID information if you have offices in Uzbekistan or Nigeria.
    I think, like the police, courts and military, which are agents of our mutual security, only a non-profit entity like an elected government should handle this kind of ID. Safeguards can and should be legislated, not bought and sold like so many pork bellies.

  7. Don Tabor says:

    Perhaps I didn’t explain the Unique Identifier clearly enough.

    The ID transmitted when your identity is checked would be your card number assigned to your account AND the numeric representation of you biometric data collected at the point of ID. That biometric data is read from a scanner and is unique to you. It is checked against a recorded data set to determine if the person presenting the card is indeed you.

    Sure, terrorists could create other false Len Rothmans, just as they can now, when they get multiple driver’s licenses, but they would not be THE Len Rothman. They would not be able to access your bank account, or depend on your credit history or use your electric bill to establish their place of residence. Further, if they try to use your SSN when setting up a bank or credit account, that will not match the bank’s record of which SSN is associated with that Biometric Data set and authorities can be alerted.

    This would be as effective if not more so than Real ID, but would not be in government hands. Further, it would be voluntary, as you need not apply for an enhanced card if you don’t want one, but if you don’t, you should be prepared to prove your identity in some other manner when making a purchase.

    As far as Airline Security is concerned, the whole idea of trying to exclude bad people or weapons from airliners is futile. There will always be ways to get a weapon onto a plane and to create a false identity. The way to prevent a repeat of 9-11 is for the passengers to secure the cabin. As a start, we should allow anyone with a Concealed Handgun Permit to fly armed. Even better would be to issue a handgun with frangible rounds to every 5th adult boarding airplane. Anyone who wants to stand up in that airplane with a box cutter, or handgun, for that matter, to attempt a hijacking is welcome to try.

  8. Britt Howard says:

    The “Real ID” and “REAL” Biometric data has to start somewhere.

    What if a fake Len Rothman submits biometric data before the real Len Rothman does? To fully secure biometric uniqueness due we take mandatory information at birth?

    What about exceptions? Loss of both eyes in an accident? Facial recognition is unreliable. What if both hands are lost in a fire? Surely exceptions would have to be made and somebody would take advantage of that.

    Or invent fake people.

    I think Len and Don or both wrong.

    I mean Don is right that government shouldn’t be trusted. They can’t manage the VISA program, can’t secure the borders, can’t prevent Top Secret info from running away to China, can’t keep the Clintons out of FBI files, can’t restrict the Patriot Act to JUST security (yes, it has found its way inot drug and other non-security crimes, and can’t keep secret documents out of Sandy Berger’s pants! What would a politician be willing to do to hold on to power? How the heck am I supposed to trust the government with anything???

    Then again, as much as I love the Free Market, Len has a point there too. To companies, we human beings are still numbers. Do you trust Enron? Would a Democrat trust Haliburton? How about all those banks going belly up? What would people be willing to do to save a failing company?

    I applaud Don for looking for an alternative. I can’t say it won’t work better than the other alternatives. Perhaps Len can get his ID Govt. agency approved and Don can also get his approved by a licensed & regulated private firm?

  9. Len Rothman says:

    Britt, as a thought, if an elected government handles the ID issue then if there is a problem of information being sold to the highest bidder, the miscreant will go to prison for treason rather than get a salesman of the month plaque.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: