I must admit it is very frustrating to read, frankly, ignorant security columns on the op-ed page of America's most prestigious newspaper, the New York Times (reg. req.). Columnist Nicholas Kristof is the culprit this time, with a couple of half-baked security measures (May I See Your ID?). In response I ask Kristof, may I see your security analyst credentials?
The first idea is, as the title gives it away, a renewed call for a national ID card. Argues Kristof:
If the right is willing to imprison people indefinitely and send young people off to die in Iraq in the name of security, then why is it unthinkable to standardize driver's licenses into a national ID?
This is an argument, why?
Hey, I'm not too happy with the imprisoning people indefinitely thing either (at least without, you know, some judicial process), but Guantanamo makes national ID cards a good idea how? And sending troops overseas to war justifies national ID cards at home because...? Let's try that argument again: "If the right is willing to send young people off to die in Afghanistan in the name of security, then why is it unthinkable to standardize driver's licenses into a national ID." Make any more sense?
More than 100 nations have some kind of national ID card. And the reality is that we're already moving toward a government ID system — using driver's licenses and Social Security numbers to prove who we are — but they neither protect our privacy nor stop terrorists. Instead, they simply promote identity theft.
You might think he would have made a stronger case in favor of a national ID card before he brings out the "everyone else is doing it" argument. You know, identity theft is a serious problem. National ID cards solve this how? Many security experts believe that they may, in fact, exacerbate the identity theft problem. A real security expert, Bruce Schneier, wrote, in Crypto-Gram Newsletter - December 15, 2001 - National ID Cards:
Identity theft is already a problem; if there is a single ID card that signifies identity, forging that will be all the more damaging. And there will be a great premium for stolen IDs (stolen U.S. passports are worth thousands of dollars in some Third World countries).
But, whatever, Kristof continues:
At least seven of the Sept. 11 hijackers, some living in Maryland hotels, managed to get Virginia ID cards or driver's licenses, which can be used as identification when boarding planes. Americans routinely travel to and from Canada, Mexico and the Caribbean with just a driver's license.
And I guess that foreigners won't be allowed to get these ID cards and will not be permitted to live in Maryland hotels? Of course, we will have to issue some sort of identification to foreigners ... and we all know how reliable the identity paperwork from foreign countries is. As Scheier notes, "Some of the 9/11 terrorists who had stolen identities stole those identities overseas." Yep, national ID cards will stop that.
Some U.S. officials privately fret that security may depend on a harried immigration officer in Maine who is handed a forged Guam or North Dakota driver's license. One undercover federal study underscored the vulnerability last year by using off-the-shelf materials to forge documents that were then used to get driver's licenses in seven states and the District of Columbia. The forgeries worked in each place attempted.
And having a national ID card will stop people from forging documents to get the licenses how? And I guess that Kristof is guaranteeing that relying on a single national ID card won't lull that harried Maine officer into complacency?
So why not plug this hole with a standardized, hard-to-forge national ID card/driver's license that would have a photo, a fingerprint and a bar code that could be swiped to check whether the person is, for example, a terror suspect who should not be allowed onto a plane?
Yeah, because we know who the terror suspects are and terror suspects are happy to properly register themselves with the government. They also, when asked politely, explain to the airline counter clerk that, yes, someone else packed their luggage and they are carrying gifts for strangers. And from Schneier again, "Biometric information, whether it be pictures, fingerprints, retinal scans, or something else, does not prevent counterfeiting; it only prevents one person from using another's card. And this assumes that whoever is looking at the card is able to verify the biometric."
Schneier summed up the national ID issue best I think:
I am not saying that national IDs are completely ineffective, or that they are useless. That's not the question. But given the effectiveness and the costs, are IDs worth it? Hell, no.
Kristof's other concern is with the availability of instructions for creating weapons of mass destruction:
The other area where I'd like to see a tougher approach has to do with "cookbooks" to make anthrax, sarin and other chemical, biological or nuclear weapons. Over the last few years, I've collected a horrifying set of booklets, typically sold at gun shows or on the Internet, detailing how to make mustard gas, VX, anthrax or "home-brew nerve gas."
....Sure, I cherish the First Amendment. But remember what Alexander Bickel, the eminent First Amendment scholar, told the Supreme Court when he argued on behalf of this newspaper in the Pentagon Papers case. Pressed by the justices on whether publication could be blocked if 100 Americans would certainly die as a result, he reluctantly agreed: "I am afraid that my inclinations to humanity overcome the somewhat more abstract devotion to the First Amendment."
Funny quote from Bickel, that. Why, if I knew for certain that Kristof's column would lead to certain death for even one person, let alone 100, I would have to agree with Kristof that "In these exceptional circumstances, we are — I hate to admit it — better off banning books."
Now, whether or not it should be legal to publish information about making WMDs is a serious question and one that shouldn't be addressed lightly. But lightly, in a few paragraphs, is how Kristof deals with it. He couldn't even write an entire column on the issue? There are many questions he doesn't even raise, such as, how and where do you draw the lines on such information? Is a recipe for ricin bannable? What about flight simulator software? What about dual-use items?
Maybe, for certain types of exceptional information, we should have more control. But to simply come out and say, "we are ... better off banning books" is not a terribly compelling argument by itself. I am surprised that the New York Times is the source for this perfunctory argument in favor of censorship.
nice fisking...
in response to Cypherpunk's issue with state-ID, currently those aren't used for all the things a national-ID would be used for as proposed in the article, or as proposed by some at the Stanford Privacy Conf last weekend. Also, the centralized nature of the data is worrisome, for privacy reasons. The idea that those with access only have to go to one spot for lots of data on you is disconcerting, if they are part of the government but get improper access, or there is a cracking of security by outsiders, or something incorrect is placed there. People sign up for a driver's license with the expectation that it has to do with driving (they take a driving test to get it, so the queue is this is for driving) even though it gets used for things like check writing, access to bars, use of a credit card at times, and various other things (it's no longer allowed as ID for entry to and from Mexico and Canada post 9/11). But the social expectation is that it's for particular purposes, and so if people's personal information goes elsewhere, it is disturbing and causes distrust. Case in point is the bar in Massachusetts that swiped all patron's DL's and has maintained a database of names, addresses, heights, weights, eye colors, ages, dob's, etc. for more than 10 years. That's not why people gave them their ID and it violates our expectations.
People sometimes feel like they have a little more access to their state agencies and representatives than on a national level, so there is some comfort for those who hope to limit law enforcement's access to personal information to authorized, proper searches. That may not be realistic, but it still is the hope of many.
Also, the matrix program has been disturbing enough to people that of the 16 states that signed up, 5 remain. I think it reflects the public's pressure on their states to get out because they are afraid of potential abuses.
The government doesn't have a great track record of scrupulous regard for the public's personal info. We should take this seriously and prevent easy access because every time the government increases the scope of their information and datasharing, there are some abuses that cause people significant and unnecessary pain and suffering.
Posted by mary hodder on March 17, 2004 06:52 PM | Permalink to Comment
I don't understand the problem with national ID cards. We already have state ID cards, right? Every American has the ability to receive a government-issued ID card. How is doing that at the national rather than state level a threat?
As it is, states all recognize each other's ID cards, so the system is as strong as its weakest link, the state which makes it easiest to get or forge an ID card. Having states standardize their ID card issuance procedures can only improve security. And I don't see a meaningful difference between that an a national ID card.
Posted by Cypherpunk on March 17, 2004 05:58 PM | Permalink to Comment