Date: Thu, 17 Jan 2002 20:38:47 EST From: freemanaz@aol.com Subject: [azpeace] ALERT: National ID Cards from DMV? To: azpeace@yahoogroups.com Reply-To: azpeace@yahoogroups.comALERT: NATIONAL ID CARDS FROM DMV?
PROTECT YOUR PRIVACY!
Electronic Frontier Foundation ACTION ALERT
(Issued: Jan. 17, 2002 / Expires: February 8, 2002)
Introduction:
The American Association of Motor Vehicle Administrators (AAMVA) Special
Task Force on Identification Security has recommended that the diver's license become the functional equivalent of a national ID card and has requested that Congress adopt and fund the Driver Record Information Verification System (DRIVers), so that "state agencies and federal agencies such as the Immigration and Naturalization Service, the Social Security Administration, the Bureau of Vital Statistics, and, if necessary, the Federal Bureau of Investigation, can share information."
What You Can Do:
* Mail or e-mail the EFF letter below to Linda Lewis of the AMVAA (contact info below). * Contact your legislators about this issue. For information on how to contact your legislators and other government officials, see EFF's "Contacting Congress and Other Policymakers" guide at: http://www.eff.org/congress.html * Join EFF! For membership information see: http://www.eff.org/support/
Sample Letter (or Phone Script):
Dear Ms. Lewis:
I oppose the AAMVA proposal to technologically modify the driver's license and adopt it as a national ID card. I also oppose the AAMVA's efforts to get Congress to adopt and fund the Driver Record Information Verification System.
Most Americans oppose efforts to create a national government database of personally-identifiable information because of the potential abuses and malfunctions any such system would necessarily
create. Even the Bush administration has stated that it does not support national ID cards.
National ID cards are simply not worth the risks to privacy and civil liberties posed by increased and increasing ability to track people.
Sincerely,
[sign name here, include full address for maximum effect]
Who to Contact:
Linda Lewis, President and CEO American Association of Motor Vehicle Administrators 4301 Wilson Blvd., Suite 400, Arlington, VA 22203 +1 703-522-4200 llewis@aamva.org http://www.aamva.org/
Tips:
Please remember to be polite but firm. Ranting, swearing, or lack of clear focus and resolve will not make a good impression. Try to make it brief (1-3 paragraphs written, or a few sentences spoken) and clear, without getting into nitpicky details. Re-casting the letter in your own
words will be more effective than copy-pasting our sample.
Activists Around the World
This alert is primarily for U.S. residents. However, national ID schemes
and other surveillance measures are on the rise globally, so keep an eye
out in your own jurisdiction for similar issues you can act on.
Background:
Among the most questionable responses to the Sept. 11 tragedy is the call for a national ID card or system. Although the Bush Administration has so far rejected the idea, many others -- including commercial vendors -- are clamoring for some kind of national ID system. Oracle chairman Larry Ellison has been in the forefront of these calls, but he's not alone.
The most recent proposal is by the American Association of Motor Vehicle
Administrators. The AAMVA's Special Task Force on Identification Security has recommended that the driver's license become the functional equivalent of a national ID card. The AAMVA wants to "produce a uniform,
secure, and interoperable driver's license/ID card to uniquely identify an individual." In a 90-page document, the AAMVA has already issued a "National Standard for the Driver License/Identification Card."
The AAMVA also wants Congress to adopt and fund the Driver Record Information Verification System (DRIVers), so that "state agencies and federal agencies such as the Immigration and Naturalizaion Service, the
Social Security Administration, the Bureau of Vital Statistics, and, if necessary, the Federal Bureau of Investigation, can share information."
There's no question that ID systems can be useful for many purposes -- we use them every day -- or that the driver's license is the de facto ID card in modern America.
But the driver's license is a *de facto* ID only, and should not become even more of an identification mechanism. The purpose of the driver's license is to prove that one is licensed to drive, and no more (in fact,
with current cryptographic authentication protocols, there is no real reason for the DL to contain any readily-accessible personally identifiable information at all). The state DMVs do not exist to, and are poorly equipped to, provide authentication or identity certification
(even if acting presently in such a capacity, to an extent, without any clear rationale). Rather, DMVs exist to regulate motor vehicle registration and operation in their states; any identification functions
performed by them are secondary and ill-considered functions tacked on in recent decades by state legislatures for convenience purposes. The issue of whether our government should be issuing identity certifications in the first place, given their global history of abuse, is a matter of serious and unsettled public concern and debate. Such a permanent duty is not, and should not be, settled firmly on the shoulders of state departments of motor vehicles, making this AAMVA proposal doubly alarming.
The United States, like other countries, already has a *narrowly-applied* national identification system, namely the passport. Its required use is
*sharply* limited, in accord with constitutional and UN privacy, freedom
of association and right to travel principles, and always has been. If the US were to require the repressive and invasive use of passports or other identity papers for *domestic* travel and other domestic purposes,
there would be a massive public outcry. Yet this AAMVA proposal is nothing less than precisely such a system, thinly disguised by our familiarity with the strictly *de facto* use of the drivers license (and non-driver state ID card) as an identifier.
Likewise, the Social Security Number, which was intended for a narrow, limited purpose has become another de factor national identifier, with many negative repercussions, including increased identity theft, abuse by the medical and commercial sectors, and an overall degradation in personal privacy in the United States (the "harass-o-matic" privacy invasion products most of us get spam ads for every other day are a direct result
of the trackability by anyone, of anyone in this country due to the widespread misuse of the SSN as a general identifier, as just one example).
Our current federal identification systems have been sorely abused for half a century and more, and certainly will be again. Some examples include police racial profiling, including the recent post-9/11 unwarranted intrusion into the lives of innocent Arab-Americans by the FBI; a pattern of abuse (recently resulting in numerous indictments) by IRS employees of Americans' personally-identifiable information tied to the Social Security/Taxpayer Identification Number; and the terrible abuse of census records to round up Japanese-Americans and put them in WWII "internment" (prison) camps. Furthermore, these systems are increasingly vulnerable to compromise, and the serious problem of "identity theft" is on the rise, wreaking havoc with the lives of numerous innocent people every day.
We may have to live with the current passport system and the even more flawed SSN system, but we should not use these "necessary evils" as models for even more restrictive and flawed "human livestock" cataloging and tracking systems.
It's quite unclear how a new national ID system shared between governmental agencies would help prevent terrorism -- and dubious whether it is worth the risks to privacy posed by increased and increasing ability to track individuals.
Computer security expert Bruce Schneier explains that a national ID system has four basic components: a card that contains information about
the person; a database (or set of databases) of information linked to the card; a system for checking the card data against the database; and some
sort of registration procedure that verifies the information.
He goes on to say: "The way to think about the security of this system is no different from any other security countermeasure. One, what problem are IDs trying to solve? Two, how can IDs fail in practice? Three, given
the failure modes, how well do IDs solve the problem? Four, what are the
costs associated with IDs? And five, given the effectiveness and costs, are IDs worth it?"
ID system proponents seem to think that the problem is being unable to verify identity. But it's not at all clear how that helps against terrorism. For instance, most of the hijackers were in the United States
legally and had no "bad" record with the FBI. Simply knowing who someone
is doesn't mean you know that person should or shouldn't be allowed to board an airplane. As Schneier puts it, "much of the utility of the national ID card assumes a pre-existing database of bad guys. We have no
such database."
Schneier notes that IDs can fail in practice many different ways. Each component of the system can fail: cards can be counterfeited, databases can be wrong or compromised; those who check IDs can be careless, make mistakes or, even worse, be compromised. Schneier concludes that IDs are
"prone to errors and misuse, and are likely to be blindly trusted even when wrong."
Even state DMV officials appear aware of the weaknesses in their systems. At a recent hearing on ID cards before the California State Assembly Judiciary Committee attended by an EFF representative, an official of the California DMV anticipated questions about card fraud and admitted that counterfeiters can make "very passable forged driver's licenses, including the magstripe." He also explained that while California has around 30 million thumbprints on file, their data isn't good enough to be used for computer matching -- so they would probably need to collect thumbprints again for use on driver's licenses.
Perhaps none of these problems is insoluble. But what's clear is that it
would take an enormous commitment of resources to "harden" the system, and an enormous commitment to pay attention to maintain it. Schneier's rough calculation: "tough" cards might cost a dollar each; creating and maintaining the database will cost a few times that per person, registration will cost many times that per person (assume 250 million Americans); then factor in the costs associated with hardware, software,
and person-hours of checking IDs.
Even worse, a national ID card or system carries tremendous risks to civil liberties. Fundamentally, of course, an ID system aims to uniquely
identify people and permits them to be tracked across their transactions
and to be linked to all the informational traces thereby created. History tells us that ID systems have a strong momentum toward a checkpoint mentality. Those who push for ID systems are well aware of this and try to start small. During the attempt to introduce the Australia Card, one planning document stated: "It will be important to minimize any adverse public reaction to implementation of the system. One possibility would be to use a staged approach for implementation, whereby only less sensitive
data are held in the system initially with the facility to input additional data at a later stage when public acceptance may be forthcoming more readily." Police who are given powers to demand ID invariably have powers to detain people who do not have the card, or who
cannot prove their identity. Great Britain, for instance, began issuing wartime ID cards in 1939 in order to administer rations. In 1952, the system was discontinued because police had too much discretion to stop people for ID checks.
Do we really trust our DMVs, or any other ID bureaucracy, to run this system? EFF fears that we'll end up with the worst of both worlds: a system that isn't good enough to protect against terrorism, but is good enough to create an internal passport system for ordinary, law-abiding Americans.
Amazingly -- or perhaps not so amazingly -- the AAMVA's recommendations and press releases don't even mention personal privacy. Indeed, AAMVA will soon be holding a conference to talk about its plans, and it is inviting commercial vendors to display their wares.
EFF urges its members and readers to contact the AAMVA to express opposition to this ill-considered proposal.
Links:
AAMVA Website: http://www.aamva.org/
Bruce Schneier's Crypto-Gramm newsletter article on national IDs: http://www.counterpane.com/crypto-gram-0112.html#1
EFF Privacy Archive: http://www.eff.org/Privacy/
EFF's "Privacy Now!" Campaign: http://www.eff.org/privnow/
About EFF:
The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the
most linked-to Web sites in the world: http://www.eff.org/
Contacts:
Will Doherty, EFF Online Activist / Media Relations wild@eff.org +1 415 436 9333 x111
Katina Bishop, EFF Offline Activist / Education Dir. katina@eff.org +1 415 436 9333 x101
- end -
------------------------ Yahoo! Groups Sponsor ---------------------~--> Tiny Wireless Camera under $80! Order Now! FREE VCR Commander! Click Here - Only 1 Day Left! http://us.click.yahoo.com/WoOlbB/7.PDAA/ySSFAA/MtTslB/TM ---------------------------------------------------------------------~->
To unsubscribe from this group, send an email to: azpeace-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/