The issue of a national ID card has been increasingly encroaching into the public mindset. This is a worrisome issue and one that I am fighting against, because it is exactly the kind of thing our legislature thinks will make us more secure and will get them reelected without actually increasing our security.

Security expert Bruce Schneier had this very insightful article about it:
http://www.startribune.com/stories/1519/4698350.html


As a security technologist, I regularly encounter people who say the United States should adopt a national ID card. How could such a program not make us more secure, they ask?

The suggestion, when it's made by a thoughtful civic-minded person like Nicholas Kristof in the New York Times, often takes on a tone that is regretful and ambivalent: Yes, indeed, the card would be a minor invasion of our privacy, and undoubtedly it would add to the growing list of interruptions and delays we encounter every day; but we live in dangerous times, we live in a new world....

It all sounds so reasonable, but there's a lot to disagree with in such an attitude.

The potential privacy encroachments of an ID card system are far from minor. And the interruptions and delays caused by incessant ID checks could easily proliferate into a persistent traffic jam in office lobbies and airports and hospital waiting rooms and shopping malls.

But my primary objection isn't the totalitarian potential of national IDs, nor the likelihood that they'll create a whole immense new class of social and economic dislocations. Nor is it the opportunities they will create for colossal boondoggles by government contractors. My objection to the national ID card, at least for the purposes of this essay, is much simpler.

It won't work. It won't make us more secure.

In fact, everything I've learned about security over the last 20 years tells me that once it is put in place, a national ID card program will actually make us less secure.

My argument may not be obvious, but it's not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails.

It doesn't really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.

The first problem is the card itself. No matter how unforgeable we make it, it will be forged. And even worse, people will get legitimate cards in fraudulent names.

Two of the 9/11 terrorists had valid Virginia driver's licenses in fake names. And even if we could guarantee that everyone who issued national ID cards couldn't be bribed, initial cardholder identity would be determined by other identity documents... all of which would be easier to forge.

Not that there would ever be such thing as a single ID card. Currently about 20 percent of all identity documents are lost per year. An entirely separate security system would have to be developed for people who lost their card, a system that itself is capable of abuse.

Additionally, any ID system involves people... people who regularly make mistakes. We all have stories of bartenders falling for obviously fake IDs, or sloppy ID checks at airports and government buildings. It's not simply a matter of training; checking IDs is a mind-numbingly boring task, one that is guaranteed to have failures. Biometrics such as thumbprints show some promise here, but bring with them their own set of exploitable failure modes.

But the main problem with any ID system is that it requires the existence of a database. In this case it would have to be an immense database of private and sensitive information on every American -- one widely and instantaneously accessible from airline check-in stations, police cars, schools, and so on.

The security risks are enormous. Such a database would be a kludge of existing databases; databases that are incompatible, full of erroneous data, and unreliable. As computer scientists, we do not know how to keep a database of this magnitude secure, whether from outside hackers or the thousands of insiders authorized to access it.

And when the inevitable worms, viruses, or random failures happen and the database goes down, what then? Is America supposed to shut down until it's restored?

Proponents of national ID cards want us to assume all these problems, and the tens of billions of dollars such a system would cost -- for what? For the promise of being able to identify someone?

What good would it have been to know the names of Timothy McVeigh, the Unabomber, or the DC snipers before they were arrested? Palestinian suicide bombers generally have no history of terrorism. The goal is here is to know someone's intentions, and their identity has very little to do with that.

And there are security benefits in having a variety of different ID documents. A single national ID is an exceedingly valuable document, and accordingly there's greater incentive to forge it. There is more security in alert guards paying attention to subtle social cues than bored minimum-wage guards blindly checking IDs.

That's why, when someone asks me to rate the security of a national ID card on a scale of one to 10, I can't give an answer. It doesn't even belong on a scale.

I guess I'm not seeing how something that like would be very helpful. I carry my drivers license. It's legit. I think that's enough. A card like that, which WOULD be forged, would just be a gigantic waste of everyone's money.

This is almost like in that movie.. where we all get barcodes implanted in our skin :|

I agree with Syd, I have my license, so that is about it.

Driver's Licences are enough. If this place gets weirder I am going to Canada.

Driver's Licences are enough. If this place gets weirder I am going to Canada.

I am with Sarah.. but, doesn't it say 'national?"

Driver's Licences are enough. If this place gets weirder I am going to Canada.

Problem is unless you're behind the whell of a car you aren't required to have a drivers license. Not saying I supposed a national ID card, but drivers licenses aren't mandatory (which I belive the proposed cards would be, so they don't fit the bill).

Problem is unless you're behind the whell of a car you aren't required to have a drivers license. Not saying I supposed a national ID card, but drivers licenses aren't mandatory (which I belive the proposed cards would be, so they don't fit the bill).

Then why not just make that the reason for all people to get a license? This just seems as one more thing to 'control'

Problem is unless you're behind the whell of a car you aren't required to have a drivers license. Not saying I supposed a national ID card, but drivers licenses aren't mandatory (which I belive the proposed cards would be, so they don't fit the bill).
It is called a "State ID" and everyone can and often does get one. Your driver's license is a State ID + Driving Privileges. You can get a State ID without the Driving Privileges just as easy.

You aren't required to have one, no, but you can get one.

It is called a "State ID" and everyone can and often does get one. Your driver's license is a State ID + Driving Privileges. You can get a State ID without the Driving Privileges just as easy.

You aren't required to have one, no, but you can get one.

Then, the only difference is that it will be mandatory?

:rolleyes: Hello everyone, :rolleyes: we have this in place already and they utilize it enough. It is called your social security number. To prove a point. I recieved a letter from an attorney's office from CA yesterday informing me of my rights to participate in a class action lawsuit in an incident that took place 20 years ago. I have moved 8 times since then. It had to be the SSN. Lets play follow the number and not the card. A national ID card will do nothing but create paperwork that needs to be shifted through in time of need. Screw the card and issue everyone a little old lady with a heavy purse. That will be just as effective.

I don't like the idea of the Nat. Govt. being able to identify me with a number. Though I'm not positive, they may already be doing that hehe. (besides my SSN)

If the ID system is not working at a state level, it sure as hell wont work on a National level. I think it would be smarter to work on making State ID's more secure (harder to forge).

Then, the only difference is that it will be mandatory?
Mandatory and federal instead of state. Where State IDs are only linked to a state computer, the federal license would also likely contain a "threat rating" and other things of that nature.

I call that a violation of the 10th amendment...

:rolleyes: Hello everyone, :rolleyes: we have this in place already and they utilize it enough. It is called your social security number. To prove a point. I recieved a letter from an attorney's office from CA yesterday informing me of my rights to participate in a class action lawsuit in an incident that took place 20 years ago. I have moved 8 times since then. It had to be the SSN. Lets play follow the number and not the card. A national ID card will do nothing but create paperwork that needs to be shifted through in time of need. Screw the card and issue everyone a little old lady with a heavy purse. That will be just as effective.

Weren't they thinking about getting rid of SSNs because of the whole identity theft thing?

:rolleyes: Hello everyone, :rolleyes: we have this in place already and they utilize it enough. It is called your social security number. To prove a point. I recieved a letter from an attorney's office from CA yesterday informing me of my rights to participate in a class action lawsuit in an incident that took place 20 years ago. I have moved 8 times since then. It had to be the SSN. Lets play follow the number and not the card. A national ID card will do nothing but create paperwork that needs to be shifted through in time of need. Screw the card and issue everyone a little old lady with a heavy purse. That will be just as effective.
An SSN# is nothing like a Photo ID. The level of security on it is pathetically low in comparison and the SSN is specifically marked as not supposed to be used for identification.

An SSN# is nothing like a Photo ID. The level of security on it is pathetically low in comparison and the SSN is specifically marked as not supposed to be used for identification.

Agreed on the level of security on it but that doesn't mean that the government isn't using it for security purposes. Increase the level of security on it. It will be two fold Shrink ID theft and increase the ability to track people. When it all boils down, security is best described as being able to locate someone who doesn't want to be located. My case in point. How did they find me. The Post office only holds change of address for a short period of time. But for me to move 8 times and from three states, they found me by my SSN Period. Don't think that the SSN isn't used for security. It is and always will be. A photo ID means nothing. I think everyone here as said it. They can be forged. A SSN can be stolen from a live person or taken from a deceased person. Either way we are still recognized by that number.

As far as the SSN not being used for ID, then why is it mandatory on transfers of titles on homes. I hate giving my SSN out but I recently sold my house and had to give it out to the escrow agent. I double checked before I gave it out and it is standard policy. Why to make sure that I am who I say I am. Instead of having to fly to CA and show ID, they took my SSN as a form of ID as to it being me and not someone else.

Credit card forms also ask for it, so they are able to find your credit report. Another form of ID so to speak. That number has many uses. We need to beef up the security on it I agree.

The idea of introducing an ID card is really unnecessary. We have Passports, Drivers Licences, Birth Certificates, National Insurance/Social Security numbers, you name it... we don't need another tier of bureaucracy. It's going to confuse things.

Also, What useful information could be on an ID card that isn't available from any of the other sources? Would there be specific criteria that would need to be met for the issue of an ID card? What happens if they are mandatorily issued and you are found without one, or it's lost?

What's next, a curfew?

It has "Thin end of the wedge" written all over it.

The idea of introducing an ID card is really unnecessary. We have Passports, Drivers Licences, Birth Certificates, National Insurance/Social Security numbers, you name it... we don't need another tier of bureaucracy. It's going to confuse things.

Also, What useful information could be on an ID card that isn't available from any of the other sources? Would there be specific criteria that would need to be met for the issue of an ID card? What happens if they are mandatorily issued and you are found without one, or it's lost?

What's next, a curfew?

It has "Thin end of the wedge" written all over it.

They just want a slot on the ID card to say "Evil Doer" and they figure if they get enough methods of identification one of them is bound to magically develop the wording and infallible Evil Doer detection mechanism.

Not that I am agreeing with this idea but...

The idea of introducing an ID card is really unnecessary. We have Passports, Drivers Licences, Birth Certificates, National Insurance/Social Security numbers, you name it... we don't need another tier of bureaucracy. It's going to confuse things.

Like said, not everyone has a drivers licence, passports can easily be misconscrwed (just bring in someone else's id), and the rest is essentially useless without some sort of valid picture ID.

Did I miss something? :D

Also, What useful information could be on an ID card that isn't available from any of the other sources? Would there be specific criteria that would need to be met for the issue of an ID card? What happens if they are mandatorily issued and you are found without one, or it's lost?

Whatever information that is on your most valid, crucial cards... I would assume. Putting it all on to one card wouldn't be such a bad I idea if you ask me... they are less likely to be fake, if done properly.

Putting it all on to one card wouldn't be such a bad I idea if you ask me...
..until you lose it, or someone steals it, or a hacker gets into the database where all the info on the card conveniently appears on their screen...

*shudders* I can feel what little privacy Americans have left going down the drain...

Not that I am agreeing with this idea but...



Like said, not everyone has a drivers licence, passports can easily be misconscrwed (just bring in someone else's id), and the rest is essentially useless without some sort of valid picture ID.

Did I miss something? :D



Whatever information that is on your most valid, crucial cards... I would assume. Putting it all on to one card wouldn't be such a bad I idea if you ask me... they are less likely to be fake, if done properly.

Read the article I posted, it discusses how any positive benefits are overruled by the negative repercussions of the infrastructure required to support it in a non-ideal world.

Sieg Heil! Papers please!

Not that I am agreeing with this idea but...

Like said, not everyone has a drivers licence, passports can easily be misconscrwed (just bring in someone else's id), and the rest is essentially useless without some sort of valid picture ID.

Did I miss something? :D[/quote]
Yep. The fact that if someone doesn't have a Drivers License, Passport OR a National Insurance number (SSN to you ;) ) then they are most likely a minor, unable to travel more than a few miles from their home without assistance. This makes them a minimal risk.

Whatever information that is on your most valid, crucial cards... I would assume. Putting it all on to one card wouldn't be such a bad I idea if you ask me... they are less likely to be fake, if done properly.Anything can be faked. But if security officials think they've got a nigh foolproof system in an all-singing all-dancing ID card, then the chances are they'll just get complacent.

And we wouldn't want THAT now, would we?

:)

Yep. The fact that if someone doesn't have a Drivers License, Passport OR a National Insurance number (SSN to you ;) ) then they are most likely a minor, unable to travel more than a few miles from their home without assistance. This makes them a minimal risk.

Anything can be faked. But if security officials think they've got a nigh foolproof system in an all-singing all-dancing ID card, then the chances are they'll just get complacent.

And we wouldn't want THAT now, would we?

:)


You're right. I was just just merely suggesting that having one card with all that information would make sense.. but I was leaving out the entire security issue. When placing any kind of importance on a "one" piece of ID, you are blatantly putting yourself at risk.

Why can't they do something more along the lines of finger prints, wouldn't that be harder to forge and hardly evasive?

Why can't they do something more along the lines of finger prints, wouldn't that be harder to forge and hardly evasive?

Good security involves at least two of the three components: something you are, something you have, something you know.

The idea behind a Photo ID is that it meets two of the three. Something you have and something you are that can be verified against the picture on the ID.

Finger print scanners have also been shown to be bypassable with clear jelly.

That said, identification does not make for good security and often has nothing to do with security. It can even make you less secure.

I agree we should have some sort of id card for children under 18 but not necesarily for adults.

Putting it all on to one card wouldn't be such a bad I idea if you ask me... they are less likely to be fake, if done properly.

Yeah but if one does get stolen, you wouldn't just get the drivers license #, or the social security #, or the passport ID #, you'd get allllll of them at once.

Yeah but if one does get stolen, you wouldn't just get the drivers license #, or the social security #, or the passport ID #, you'd get allllll of them at once.

You're right, I just have too many cards.. ;)

I'm all for the idea! We can call it an Ident-I-Eeze. It can encode every single piece of information about you, your body, and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and it would therefore represent technology's greatest triumph to date over both itself and plain common sense.

Just don't lose it.

I'm all for the idea! We can call it an Ident-I-Eeze. It can encode every single piece of information about you, your body, and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and it would therefore represent technology's greatest triumph to date over both itself and plain common sense.

Just don't lose it.

That's why you implant it under the skin, so it can't be conveniently lost by criminals attempting to conceal their identity.

That's why you implant it under the skin, so it can't be conveniently lost by criminals attempting to conceal their identity.
Yup. It's only a matter of time before we'll all look like dev's avatar.

I'm all for the idea! We can call it an Ident-I-Eeze. It can encode every single piece of information about you, your body, and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and it would therefore represent technology's greatest triumph to date over both itself and plain common sense.

Just don't lose it.

I love you. Did I say that before?

:D

Can anyone say 1984?

this is gonna be a waste of money!! i agree with some posts that "licenses aren't mandatory...national id's will be". but aren't SSN enough? why isn't SSN valued as much as it should be? true, it doesn't have a picture on it but your whole life's info is on that number and proof of identity can be validated by providing certain specific pieces of information, no?

btw..isn't the whole SS funds program thing gonna end soon? i heard it's gonna be for all people born before a certain date. anybody know what that date is?

Social Security cards are VERY easy to fake. Most institutions will not accept them as a form of ID.

What occured on 9/11 was an absolute tragedy, and something that will affect us most likely for the rest of our lives. Unfortunately, as a result of that, there are a certain amount of people in government thoughout the country (or anywhere, for that matter), who will use what happened as an excuse to push their own, personal agendas forward. Flown under the banner of "safety and security", and quite often, followed by the phrase "We are doing this for YOUR benefit". Well, pardon me if I'm just a tad suspicious. I remember seeing a special on updated prison security measures a few years back. One of the officers interviewed on the show was asked, if the new, electronic safeguards made him feel more at ease on the job. He replied, "No. Because man's greatest asset, is his ingenuity". He went on to describe how inmates had breached electronic security measures before, that were supposed to have been "unbreachable", and that they now had to enclose their keys between sheaths, because in at least one case, an inmate had been able to replicate a cell key, by memorizing the groves in the officer's own set, just by looking at it.

My point being this....

When it comes to the concept of "security", I think we are being sold a stale bag of pigshit by our federal governments. We are being lulled into a false sense of security with alot of these proposed new security measures (which itself is bad enough), and I'm sure most of the time, I think these propositions are more self-serving than anything else. Quite possibly in ways we are not even aware of. They are becoming more and more intrusive, especially to your average, law abiding citizen, and we are being looked down upon for not supporting them. But if you think your government in quesition will be satisified, if and when these new cards are implimented, then I suggest you think again. Because we are already experimenting with implanted microchips in humans, which would do the exact, same thing, and would be much more difficult to tamper with. Barring actual physical amputation of your limb. But at what point do we say, "enough is enough"? At least from my perspective, we should have been saying this a long time ago.

Resurrecting thread because of this story. (http://www.msnbc.msn.com/id/6237364/)

That may be a first step towards a 'national id card'. Or national implant.

FDA approves computer chip for humans
Devices could help doctors with stored medical information

The Associated Press
Updated: 6:38 p.m. ET Oct. 13, 2004


WASHINGTON - Medical milestone or privacy invasion? A tiny computer chip approved Wednesday for implantation in a patient’s arm can speed vital information about a patient’s medical history to doctors and hospitals. But critics warn that it could open new ways to imperil the confidentiality of medical records.

The Food and Drug Administration said Wednesday that Applied Digital Solutions of Delray Beach, Fla., could market the VeriChip, an implantable computer chip about the size of a grain of rice, for medical purposes.

With the pinch of a syringe, the microchip is inserted under the skin in a procedure that takes less than 20 minutes and leaves no stitches. Silently and invisibly, the dormant chip stores a code that releases patient-specific information when a scanner passes over it.

Think UPC code. The identifier, emblazoned on a food item, brings up its name and price on the cashier’s screen.

Chip's dual uses raise alarm
The VeriChip itself contains no medical records, just codes that can be scanned, and revealed, in a doctor’s office or hospital. With that code, the health providers can unlock that portion of a secure database that holds that person’s medical information, including allergies and prior treatment. The electronic database, not the chip, would be updated with each medical visit.

The microchips have already been implanted in 1 million pets. But the chip’s possible dual use for tracking people’s movements — as well as speeding delivery of their medical information to emergency rooms — has raised alarm.

“If privacy protections aren’t built in at the outset, there could be harmful consequences for patients,” said Emily Stewart, a policy analyst at the Health Privacy Project.

To protect patient privacy, the devices should reveal only vital medical information, like blood type and allergic reactions, needed for health care workers to do their jobs, Stewart said.

An information technology guru at Detroit Medical Center, however, sees the benefits of the devices and will lobby for his center’s inclusion in a VeriChip pilot program.

“One of the big problems in health care has been the medical records situation. So much of it is still on paper,” said David Ellis, the center’s chief futurist and co-founder of the Michigan Electronic Medical Records Initiative.

'Part of the future of medicine'
As “medically mobile” patients visit specialists for care, their records fragment on computer systems that don’t talk to each other.

“It’s part of the future of medicine to have these kinds of technologies that make life simpler for the patient,” Ellis said. Pushing for the strongest encryption algorithms to ensure hackers can’t nab medical data as information transfers from chip to reader to secure database, will help address privacy concerns, he said.

The U.S. Department of Health and Human Services on Wednesday announced $139 million in grants to help make real President Bush’s push for electronic health records for most Americans within a decade.

William A. Pierce, an HHS spokesman, could not say whether VeriChip and its accompanying secure database of medical records fit within that initiative.

“Exactly what those technologies are is still to be sorted out,” Pierce said. “It all has to respect and comport with the privacy rules.”

Applied Digital gave away scanners to a few hundred animal shelters and veterinary clinics when it first entered the pet market 15 years ago. Now, 50,000 such scanners have been sold.

To kickstart the chip’s use among humans, Applied Digital will provide $650 scanners for free at 200 of the nation’s trauma centers.

Implantation costs $150 to $200
In pets, installing the chip runs about $50. For humans, the chip implantation cost would be $150 to $200, said Angela Fulcher, an Applied Digital spokeswoman.

Fulcher could not say whether the cost of data storage and encrypted transmission of medical information would be passed to providers.

Because the VeriChip is invisible, it’s also unclear how health care workers would know which unconscious patients to scan. Company officials say if the chip use becomes routine, scanning triceps for hidden chips would become second nature at hospitals.

Ultimately, the company hopes patients who suffer from such ailments as diabetes and Alzheimer’s or who undergo complex treatments, like chemotherapy, would have chips implanted. If the procedure proves as popular for use in humans as in pets, that could mean up to 1 million chips implanted in people. So far, just 1,000 people across the globe have had the devices implanted, very few of them in the United States.

The company’s chief executive officer, Scott R. Silverman, is one of a half dozen executives who had chips implanted. Silverman said chips implanted for medical uses could also be used for security purposes, like tracking employee movement through nuclear power plants.

Such security uses are rare in the United States.

Meanwhile, the chip has been used for pure whimsy: Club hoppers in Barcelona, Spain, now use the microchip to enter a VIP area and, through links to a different database, speed payment much like a smartcard.


© 2004 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

A little humor thrown in...

http://eclectech.co.uk/clarkeidcards.php

They're trying to make these in the UK now, and nobody really cares, but the fact we're being made to PAY for them is what's getting up people's noses.

If/when I get mine I won't even bother to take it out with me, it can stay in the house, useless bloody thing. My drivers lisence is good enough for ID and it can stay that way.

Those kinds of ID can be forged so easily, that it's a ridiculous idea even to try to impliment them, in my opinion. What's the point, we already have photo ID, our national insurance/social security cards, why do we need another piece of plastic that contains all our information on it?!

What a "genius" idea. I might as well photocopy my N.I.N. and stick it up in the shopping centre. I've been pick pocketed before, and when these new cards come in, guaranteed there will be more cases of it, and worse, because this time they wouldn't just get my money, but my whole identity.

Now only that but they're making me pay for it as well. So what if I don't pay it, they'll arrest me or something. Nice country I live in, huh?

[/end rant]

amy