Discourse.net

Hello + B-e-Id Card

Dear readers of Discourse.net,

I would like to thank Michael for inviting me to be a guest. It is an honor. His kind, generous and ridiculously positive introduction is much appreciated. It might have set expectations that will leave most readers surprised, disappointed, even disgusted with my posts. But this will not stop me.

True to this prediction, I will start with a confession. I am Belgian. (1) But do not worry. None of my posts will be about Belgium (except this one, too late now).

Most people think Belgium is pretty insignificant. The Daily show expressed this sentiment in a couple of episodes where John Stewart suddenly screamed that he “hates” Belgium.(2) The irony being that it is absurd to hate Belgium. Why would anyone hate something so small and harmless? (mind you, this is a cunning tactic that has been very effective for us)

To Belgium’s defense, a quick note on one of Belgium’s many wonderful accomplishments [drums rolling]: the Belgian identity card. This prestigious, much lauded project was introduced a few years ago (notice the Microsoft connection).

In fact, I was about to use my very own “electronic-Belgian-ID-card” to file Belgian taxes on line the other day. But I changed my mind upon discovering that I need to buy a card reader for my pc (or wait for a 24 code card to be mailed by snail mail). Also, recollection of the security and privacy issues did not help either. Yesterday, a new report was presented at the e-Identity conference in the Hague further detailing the huge security issues involved. Hey, at least its better for our government to fail than not to try at all. Or is it? Solutions for the card are in the works. So are the invoices by the various e-security companies. This brings me back to filing my taxes.

More about Belgium, European soccer, copyright law & the music industry, taxes and laments on the strong euro in future post.

(1) note by author: country still exists until further notice, June 13 2008.
(2) a link to the clip would of course be more effective but could not locate it on the Web

Crawford, Continued

It is relatively rare that I find myself agreeing with anything coming out of the Washington Legal Foundation, but it does happen.

And WLF Chief Counsel Richard Samp’s analysis in More on Crawford: The Court Steps Back From Electoral Refereeing, which is published at SCOTUSblog, has a lot I agree with, especially this part, some of which is a more elegant version of what I said yesterday,

I disagree with those who suggest that the Crawford shuts the courthouse door entirely, even to discrete groups of voters who can demonstrate that a nondiscriminatory election regulation imposes a disproportion impact on their groups. While Justice Scalia’s opinion provides little comfort to such groups, Justice Stevens seems quite receptive - suggesting that there are as many as six justices who would allow such suits. Indeed, Justice Stevens virtually invites a follow-on lawsuit by one group of voters: those who have a religious objection to being photographed. He makes clear that while it may be an acceptable burden to require provisional voters to make a single trip to the county courthouse to validate their ballots, the burden becomes unreasonable if a voter is required to make the trip election after election, as Indiana law apparently would require of those with a religious objection to being photographed. Perhaps Justice Stevens calculated that such suits would be relatively uncommon and thus minimally intrusive. Political parties might well be less interested in financing a challenge to a voter ID law if the end result would be to ease ID requirements for a very small group of voters.

Justice Stevens also indicated that a voter ID law is likely unconstitutional if a State charges a fee to provide the mandated ID. Indiana avoided that problem by eliminating its fee for non-driver IDs at the same time that it adopted the voter ID law. Justice Stevens apparently took a stand against ID fees in order to remain consistent with Harper v. Virginia Board of Elections, the 1966 decision that struck down a $1.50 nondiscriminatory poll tax. But the distinction he makes between prohibited ID fees and the other financial burdens imposed by voting regulations is never made clear. It is not at all self-evident why a fee to obtain an ID is any more burdensome than is the cost of transporting oneself to the county courthouse to validate a provisional ballot.

Crawford v. Marion County Election Board: An Electoral, But Not Doctrinal, Nightmare

My first reaction to today’s decision in Crawford v. Marion County Election Board is that it is not as bad as it could be. But then, my expectations for this Supreme Court are pretty low.

Today’s Supreme Court opinion striking down the first set of challenges to Indian’s voter-ID law will probably create an electoral nightmare, and will probably disenfranchise many voters — although how many is disputed. It’s highly likely that those voters — maybe even tens or even conceivably hundreds of thousands of them — would mostly vote Democratic, at least if they voted their pocketbooks, since they are overwhelmingly likely to be poor. Voters without ID will only be allowed to cast provisional ballots, and will have to appear within 10 days with an ID or with an affidavit explaining why they don’t have one. In practice, few if any of these provisional ballots will ever be counted.

But while the opinion may be an electoral nightmare, three things keep it from being the doctrinal nightmare that it could have been: the procedural posture, some of the facts, and the fractured nature of the opinions. Unfortunately, this case is going be spun as holding that “Voter ID laws are constitutional” when in fact it holds only that they are not per se unconstitutional.

Procedurally, this was a facial challenge to the statute. A facial challenge is one where the plaintiffs argue the statute is invalid by its nature and should not be applied to anyone. Rejection of a facial challenge means that it is still open to individual plaintiffs or groups of plaintiffs to explain how the law discriminates unfairly against them given their particular circumstances and should not be applied to them. That’s why the three most conservative Justices wrote separately: they wanted to prevent future fact-based challenges. And on this, they failed.

Factually, the state of Indiana had a few good things going for it. The District Court made a number of factual findings that strengthened its case (although, for the reasons set out in Justice Souter’s opinion, still not to the point I would have swallowed it). For example, the District Court “found that petitioners had “not introduced evidence of a single, individual Indiana resident who will be unable to vote as a result of [the Indiana Law] or who will have his or her right to vote unduly burdened by its requirements.” Furthermore, the District Court found that 99% of voting-age public had a driver’s license. So the number of potentially harmed people was low. (While opinions differ as to whether this fact should matter in a facial challenge — 1% of voters is still high — it won’t be an issue in an as-applied challenge.)

And, one key fact of future significance is that the state offers all citizens a free photo ID. That allowed the three Justices in the lead opinion to distinguish this case from a poll tax. Many other states charge for non-driver photo ID — such as Florida for example. I read this decision to suggest pretty strongly that there are six votes for the proposition that any state which charges for photo ID cannot constitutionally require that voters show a photo ID in order to vote, as this would in effect be a poll tax. (I hope this result doesn’t get lost in the lower court shuffle that is sure to follow.)

Third, this is a very fractured opinion: 3-3 to 2-1. There are some grave and important differences between the two sets of three Justices who joined to form the six-Justice majority. Give the three Justices in the lead opinion different facts, and they might well vote the other way.

Here’s a hurried summary of some key parts of the opinions:

The lead opinion is by Justice Stevens (for himself, Kennedy and the Chief Justice). The key point is at the start, the decision that, “the District Court and the Court of Appeals correctly concluded that the evidence in the record is not sufficient to support a facial attack on the validity of the entire statute”.

This despite the observation that even though preventing vote fraud is obviously a legitimate goal for a state legislature to pursue, “The only kind of voter fraud that SEA 483 addresses is in-person voter impersonation at polling places. The record contains no evidence of any such fraud actually occurring in Indiana at any time in its history.”

Even more troublingly, Stevens notes that, “It is, however, difficult to understand why the State should require voters with a faith-based objection to being photographed to cast provisional ballots subject to later verification in every election when the BMV is able to issue these citizens special licenses that enable them to drive without any photo identification.”

Yet, even this repeat discrimination against religious objectors doesn’t make Stevens find that the statute imposes an undue burden on them. The reason is pretty legalistic, but not totally unreasonable:

Petitioners ask this Court, in effect, to perform a unique balancing analysis that looks specifically at a small number of voters who may experience a special burden under the statute and weighs their burdens against the State’s broad interests in protecting election integrity. Petitioners urge us to ask whether the State’s interests justify the burden imposed on voters who cannot afford or obtain a birth certificate and who must make a second trip to the circuit court clerk’s office after voting. But on the basis of the evidence in the record it is not possible to quantify either the magnitude of the burden on this narrow class of voters or the portion of the burden imposed on them that is fully justified.

As to charges that the law is the partisan hack job everyone knows it to be, Stevens writes that even if the law is partisan, there are neutral reasons for it, and that suffices to survive a facial challenge:

…if a nondiscriminatory law is supported by valid neutral justifications, those justifications should not be disregarded simply because partisan interests may have provided one motivation for the votes of individual legislators. The state interests identified as justifications for SEA 483 are both neutral and sufficiently strong to require us to reject petitioners’ facial attack on the statute. The application of the statute to the vast majority of Indiana voters is amply justified by the valid interest in protecting “the integrity and reliability of the electoral process.

That, like it or not, is pretty standard doctrine.

Scalia (writing for Thomas and Alito), isn’t happy that the door is left open to as-applied challenges. He’d close it now, even before the facts are in:

The lead opinion assumes petitioners’ premise that the voter-identification law “may have imposed a special burden on” some voters, ante, at 16, but holds that petitioners have not assembled evidence to show that the special burden is severe enough to warrant strict scrutiny, ante, at 18–19. That is true enough, but for the sake of clarity and finality (as well as adherence to precedent), I prefer to decide these cases on the grounds that petitioners’ premise is irrelevant and that the burden at issue is minimal and justified.

The good news is that this view gets only three votes. Not even Roberts would buy it.

Souter (for Ginsberg) shows us what a contrary opinion — one more attuned to equal protection and voter rights — looks like, with the key move being very reasonable hypotheses about the nature and extent of the burden on indigent voters (e.g. the cost of travel to get one of those free IDs for people who don’t drive). It’s a good opinion, and there’s a decent chance that some form of it may reappear in a narrower and more fact-rich challenge to voter ID laws.

Breyer (writing alone), suggests there were less restrictive alternatives to achieve the state’s legitimate ends.

Perils of Databases

I spend a fair amount of time these days thinking about ‘threat models’ for national databses and national ID cards.

Today’s New York Times has an article that encapsulates one of the major worries, what we sometimes call the “usual suspect bit”. Read Odyssey of State Capitols and State Suspicion. Now imagine someone informs on you…

Soghoian's Law

Soghoian’s Law of Identity Theft Stupidity: Anyone who publishes their own private financial details in a public discussion of identity theft will eventually find that information used for fraud.

Off to Bologna

By the time you read this, if all goes according to plan I’ll be somewhere over the Atlantic, off to Bologna for what promises to be an unusually interesting workshop organized by Ian Kerr and the the other wonderful people at “On the Identity Trail”.

A short description of the event is at On the Identity Trail in Bologna, Italy for International Workshop on Anonymity.

I’ve done something a bit scary for this conference: I’ve written a paper that showcases my ignorance about something that I care about in the hopes that the high-powered (and geographically diverse) participants will educate me.

The key question which motivates the paper is this: why are people in common law countries like the US and the UK so much more bothered about ID cards than the people in Western Europe? It’s a puzzle — we fear them, they domesticated them. They had abuses (Nazi Germany and occupied Europe), we had far fewer. Why the difference? Attitudes to authority? Different conceptions of liberty, or citizenship? Counter-balancing aspects of the legal system? None of the above?

[Incidentally, one of the many flaws of the current draft paper is that it pretends Eastern Europe doesn’t exist — mostly because I don’t know enough about contemporary attitudes to ID cards in post-communist Europe.]

The Modern Blacklist

The Lawyers’ Committee for Civil Rights of the San Francisco Bay Area (which is separate from the national group) has an important report out, The OFAC List: How a Treasury Department Watchlist Ensnares Everyday Consumers. (You can view the whole 262-page, three columns per page, OFAC list at the US Treasury.)

The report details how a program that was originally designed to disrupt the finances of terrorists and other hostile foreign groups is now (due to name collisions) blocking the routine financial activities of innocent US persons with the misfortune to having similar names, or the bad luck to have one of the banned persons erroneously linked to them on a credit report.

The good news is that, unlike the no-fly list, the so-called no-buy list is public.

The bad news is that the criteria for getting on it are pretty vague, and there’s no clear way for a person who feels they don’t belong on it to get themselves off it. And for innocent people who happen to have the name “Michael Dooley” or any of the other names or aliases listed in the report, they are going to find that their lives get increasingly difficult as more and more employers, car dealers, mortgage brokers, and even retailers, start checking against this list.

PS. It’s possible I’ll be on Marketplace (NPR) this afternoon discussing this report. There are a ton of issues, and I doubt they’ll use more than a snippet.

Florida Cops Intimidate Would-be Complainants

Via Boing-boing, a link to this absolutely amazing piece of investigative reporting: Police Station Intimidation-Parts 1 and 2 in which "CBS4 News found that, in police departments across Miami-Dade and Broward Counties, large and small, it was virtually impossible to walk in the door, and walk out with a complaint form."

Given I am currently doing work on ID cards, I was particularly struck by this transcript of the reaction of the Sea Ranch Lakes PD in Broward County, not all that far north of here:

cop; We don't give you -- we don't give you a form. Where do you live?
tester: I don't want to say.
officer: You don't want to say?
tester: Where are you going?
officer: You want to play hardball? We'll play hardball. I want ID.
tester: For what?
officer: I'm asking you for ID right now, that's why. Here, hand it to me. Hand it to me.
tester: Are you kidding me? Here.
officer: I said, hand me your ID. What are you doing here? This is --
tester: I came to ask you how to file a complaint.
officer: This is very suspicious.
tester: Asking how to file a complaint is suspicious?
officer: Why don't you shut up?
officer: I say this is very suspicious, that you pull in here at this time of night --
tester: Eight o'clock?
officer: You're constantly butting in.
tester: I'm constantly butting in?
Mike: Sir, I would like to leave.
officer: I would love it, but he's got your driver's license, so you're just going to have to stay.
Mike: Sir, are you detaining us?
officer: Okay, could I give you a ticket right now for improper backing.
Mike: You can do whatever you want, I suppose.
officer: Okay, that means yes, I guess you're saying, right? ANd for backing up, correct, yes?
Mike: I was backing up, sir, because I was leaving.
officer: But because I'm a nice guy, okay, I'm going to give you a warning. Is that fair?
Mike: Yes, sir.
officer: Okay.

The TV station that broke the story reports that "Remarkably, of 38 different police stations tested around South Florida, all but three had no police complaint forms" yet it nonetheless felt obligated to introduce its report by saying that "Most police officers are a credit to the badge, serving the community and the people who pay their salary, getting criminals off the street, making the community safer for everyone." Guess none of those guys happen to work the front desk, eh?

And much of the report is also devoted to quoting Miami police chief John Timoney saying that stuff like this can't and shouldn't happen, if it did it would surely have consequences. Not one suggestion that maybe Timoney himself might be a poster child for intimidatory policing.) To be fair, though, Timoney's department, the City of Miami was one of the few south Florida jurisdictions that actually had complaint form on hand, and trilingual ones at that. Could be due to the high demand?

Join Me at the MIT Real ID Conference

Join me today, in person or virtually, at the MIT Public Forums on the REAL ID Act of 2005.

Miami Won't Be Checking ID (Updated)

According to the local ACLU, whom I'd called to volunteer my services, the news story quoted below is all wrong:

This is a story the AP screwed up in two significant ways and they will soon be releasing a revised, corrected version. First, Chief Fernandez called AP to complain that he did not say that the Miami police would be stopping and demanding identification from people. Second, [executive director of ACLU of Florida,] Howard [Simon] was not told of the alleged stop and ID plan when he was contacted. Howard has talked to the reporter and will now be quoted as saying "If the Miami police plan on stopping people and demanding identification without any reason to believe that there is criminal activity, that is unconstitutional."

Sounds like maybe it's all a a false alarm!

Update: Here's how the start of that AP story reads now:

Police are planning "in-your-face" shows of force in public places, saying the random, high-profile security operations will keep terrorists guessing about where officers might be next.

As an example, uniformed and plainclothes officers might surround a bank building unannounced, contact the manager about ways to be vigilant against terrorists and hand out leaflets in three languages to customers and people passing by, said police spokesman Angel Calzadilla. He said there would be no random checks of identification.

"People are definitely going to notice it," Deputy Police Chief Frank Fernandez said Monday. "We want that shock. We want that awe. But at the same time, we don't want people to feel their rights are being threatened. We need them to be our eyes and ears."

"No Random checks of identification"

All the ID Card You Need?

Given Miami's new policy on ID Cards, I now plan to carry one of these on my person at all times: Bill of Rights - Security Edition:

The Bill of Rights - Security Edition is a single sturdy metal card, 2.5 inches across by 3.5 inches high. Each one is shipped with a fine plastic sheet on each side to protect it from minor scratches.

Update: Did I mention it is guaranteed to set off metal detectors, especially at airports?

Miami Announces Plan for Random ID Checks

Miami cops go 'in-your-face' to deter terrorists - U.S. Security: Miami police announced Monday they will stage random shows of force at hotels, banks and other public places to keep terrorists guessing and remind people to be vigilant.

Deputy Police Chief Frank Fernandez said officers might, for example, surround a bank building, check the IDs of everyone going in and out and hand out leaflets about terror threats.

Leaving aside the obvious point that this won't deter terrorists, who will obviously have some sort of fake ID, and who by implication have already braved the cameras that are always running in banks, this plan sounds like an organized series of illegal suspicionless search.

We accept the dragnet approach to stopping cars on the roads due to the legal rule (legal fiction?) that driving is a 'privilege, and hence more regulable than, well, walking.

But that rule doesn't apply to walking. Although the devil is always in the details, so one needs to know more before taking any firm stands, I don't see the legal (or constitutional) justification for this dragnet approach to pedestrians.

If so, this plan is ripe for challenge, although I wonder if the 11th Circuit is likely to be the most hospitable place for such a law suit.

(Related post: ID Card Required to Ride a Public Bus?)

Update: I'm told that both the police official and the ACLU official quoted in the story now say the article is all wrong.

ID Card Required to Ride a Public Bus?

In Denver, you now have to show an ID card to ride a public bus: Deborah Davis :: Want to Ride? Papers, Please.

But wait! It's not just any bus -- it goes through a federal facility ("the Denver Federal Center, a collection of government offices such as the Veterans Administration, the U.S. Geological Survey, and part of the National Archives"). That does distinguish it a little from a regular bus that goes on a normal street, but not very much, especially as there's no notice as to the ID requirement before you board the bus, unlike at the entrance to a federal building.

The ACLU is on the case, and we'll see what happens to this case presenting one of the issues left open in the unfortunate Hiibel decision.

The aspect of the case that especially caught my eye is the arresting officer's statement in the Incident Report . The arresting officer states that he told the defendant (and I'm sure he honestly believes) that the Supreme Court approved of a requirement that an ID be shown. But -- as I predicted would happen -- this police version of the holding mis-states the law, at least as regards public spaces (federal buildings may be a different story).

In the most recent case on the subject, Hiibel, the Supreme Court explicitly left the "show your ID" question open: the Court said that state legislatures can enact "stop and identify" laws which empower a police officer to require a person to identify themselves -- orally -- in cases where there is some minimal reason to suspect someone (i.e. a Terry stop). That's a far cry from both requiring showing of an ID, and especially from suspicionless ID requirements. Indeed, the Court explicitly did not decide whether an ID could be required.

In contrast, the Nevada Supreme Court has interpreted NRS §171.123(3) to require only that a suspect disclose his name. See 118 Nev., at ___, 59 P. 3d, at 1206 (opinion of Young, C. J.) (The suspect is not required to provide private details about his background, but merely to state his name to an officer when reasonable suspicion exists.). As we understand it, the statute does not require a suspect to give the officer a driver's license or any other document. Provided that the suspect either states his name or communicates it to the officer by other means -- a choice, we assume, that the suspect may make -- the statute is satisfied and no violation occurs.

(The majority also said in no uncertain terms that the decision only applied when there were no 5th Amendment issues, but there presumably are not any in this case either.)

There isn't much doubt that the courts accept that the government can require ID to enter public buildings, although this has occasionally been controversial in connection with some court proceedings in which the issue is whether the defendant must disclose ID. There's some danger that this case might get decided on that issue rather than the broader right to travel which, unfortunately, is being eroded yet again.

Aluminum Foil Does Have Its Uses

Bruce Perens blogs a funny/sad incident involving Richard Stallman, WSIS, RFID and, yes, tin foil (well, aluminum foil, actually):

Richard is opposed to RF ID, because of the many privacy violations that are possible. It's a real problem, and one worth lobbying about. At the 2003 WSIS in Geneva, there was objection to the RF ID cards that were used, resulting in a promise that they would not be used in 2005. That promise, it turns out, was not kept. ...

You can't give Richard a visible RF ID strip without expecting him to protest. Richard acquired an entire roll of aluminum foil and wore his foil-shielded pass prominently. He willingly unwrapped it to go through any of the visible check-points, he simply objected to the potential that people might be reading the RF ID without his knowledge and tracking him around the grounds. This, again, is a legitimate gripe, handled with Richard's usual highly-visible, guile-less and absolutely un-subtle style of non-violent protest.

During his keynote speech at our panel today, Richard gave a moment's talk about the RF ID issue, and passed his roll of aluminum foil around the room for others to use. A number of people in the overcrowded-to-the-max standing-room-only meeting room obligingly shielded their own passes. UN Security was in the room, not only to protect us but because of the crowd issue, and was bound to notice. Richard and I delivered our keynotes, followed by shorter talks by the rest of the panel and then open discussion.

... I was busy with the press for two solid hours. So, I didn't see what happened with Richard. But a whole lot of the people in the room did, and stayed with Richard for the entire process.

Apparently, UN Security would not allow Richard to leave the room.

There's lots of other funny/sad stuff in the whole post.

Ironically, this comes close on the heels of an MIT study showing that aluminum foil hats don't actually work to block CIA mind rays but may amplify them.

Hazards of IDs: Price Discrimination

People often focus on the wrong things when worrying about ID cards. For me, one of the right things to worry about is price discrimination. Not necessarily the illegal sorts, like redlining, but the legal sorts, in which firms try to sort buyers by their ability to pay, or their intensity of preference. In economic terms, in some cases its an attempt to shift consumer surplus to producer surplus; in other cases it's an attempt by a local monopolist to move the apparent supply curve. (I've discussed aspects of this problem in a number of articles, the most accessible of which is probably DeLong & Froomkin, Speculative Microeconomics for Tomorrow's Economy.)

For a real-life example of the kind of price discrimination I mean, see Ed Foster's Gripelog || Dell Has Three Prices For One Part.

National ID Forum Underway

MIT's online forum on the Real ID Act is underway. In an attempt to stir a little controversy, I just posted the following under the title 'Consensus and Controversy', which I reprint here for those not following along. While you're welcome to comment here too, I urge those interested to Join the Real ID forum discussion.

---

Here are a few propositions that I think might form a basis for going forward in reasoned debate.  (I of course welcome debate on the accuracy of these propositions as well as the conclusions that might flow from them)

Base propositions:

1.  A national ID is not the magic bullet that will make the country safe from terrorism.   Given the very poor controls we have on birth certificates at home (not to mention the impossibility of relying on the quality control foreign credentials) it at most it creates a speedbump for foreign terrorists who will need to get phony versions of the credentials used as the basis for issuing the US ID.

2.  A national ID system cannot secure our borders.

3.  A national ID system can, however, assist in making illegal immigration more unpleasant for immigrants by, for example, making it more difficult to employ them.   All other things being equal, this should reduce the incentive for that part of illegal immigration driven primarily by economic considerations.

4. More generally, a national ID system has some substantial potential to be the cornerstone of a national fraud-prevention system.   

5. A national ID system potentially creates new avenues for super-fraud and highly effective identity theft.

6. A national ID system potentially creates new avenues for governmental dossier creation on all citizens who use the national ID.  These opportunities exist even if the system is not misused, and are greater if it is misused.  As Lee Tien put it"'national ID' is not a card, but an entire system of databases, information gathering activities, and human beings making fateful judgments about individuals based on that overall system."

7.  A National Research Council report ("Who Goes There -- Authentication Through the Lens of Privacy") noted this:

Finding 6.5: State-issued driver's licenses are a de facto nationwide identity system. They are widely accepted for transactions that require a  form of government-issued photo ID.

Real ID substantially increases the likelihood that driver's licenses will become a defacto national ID for an even greater range of offline and online transactions.

8.  The extent to which we reap the costs and benefits listed above is very sensitive to how the system is actually implemented.   For example, a well-implemented biometric identifier makes fraud and identity theft more difficult, but also makes it more devastating when it happens since people become more reliant on the ID's security (and it is hard to grow a new retina).

Am I correct that the above propositions are (in the abstract) uncontroversial, and the controversy is in fact about how big and how likely the positive and negative effects are, and how they compare to each other?

Or, as Dan Combs put it in his contribution,

1. REAlID done right = good

2. RealID done wrong = very bad

3. The bar is high for such a system to be good.

        We aren't close yet!

I will add the following personal observations, which I suspect might be more controversial than the above:

I.  For any ID system to be implemented competently (let alone in a fashion that inspires trust) supervisory authority must be taken out of the hapless Department of Homeland Security.

II.  For Real ID to be implemented competently it must have federal funding rather than being left to the states as an unfunded mandate.

III.  Real ID driver's licenses are likely to become a de facto national ID -- much more than current driver's licenses -- not just because of the federal pressure driven by national security needs (or rhetoric) but also because of commercial pressure from a variety of industries.

IV. The ID must be transparent -- end users must be able to read everything coded on the ID itself. 

V.  If we are going to have a real or de facto national ID card, all citizens must have a right to review and correct information held on them in both public and private dossiers linked to the ID.

(For more about what I think, see my paper, The Uneasy Case for National ID Cards.)

MIT REAL ID Forum Online

I'm going to be participating in the MIT REAL ID online Forum this week, and you're invited. Here's the description sent out by co-organizer Daniel Greenwood, Lecturer, MIT Media Lab and Director of the MIT E-Commerce Architecture Program:

Your digital identity and physical identity may be about to merge under a new federal law that requires a standard federally controlled identity card. You are invited to participate in the first Real ID Forum, convened by the MIT Media Lab and MIT E-Commerce Architecture Program. The Real ID Act of 2005, as enacted by Congress and signed by the President, sets up a new federally controlled driver license that can be read by computers according to common national standards. This raises many public policy, technical and business problems and prospects. The act is binding starting in less than three years.

The first forum is on online discussion, facilitated by experts in the relevant fields, and taking place from Monday, September 19th at 3pm Eastern Time through Friday, September 23rd. Is the Real ID going to be a National Identity for the USA? Does it represent the ultimate convergence of physical identity cards and your digital log in? Are the privacy, civil liberties and administrative issues addressed adequately? How should the various competing interests surrounding implementation of the Real ID Act be balanced? These are among the questions that will be addressed in the online Forum. There will also be a face to face meeting, held at the MIT Media Lab in November, 2005. To find out more information and to register for this free program, please see http://ecitizen.mit.edu/realid.html

The tracks and moderators include:

Track 1. Real ID And National Convergence of Physical and Digital Identity (facilitated by Dan Combs, President of Global Identity Solution)

Track 2: The Need for a Secure Driver License (facilitated by Colleen Gilbert, Executive Director, Coalition for a Secure Driver's License)

Track 3: The Need for Privacy and Civil Liberties (facilitated by Lee Tien, /Senior Staff Attorney, /Electronic Frontier Foundation)

Track 4: Practical Implementation Issues (facilitated by David Lewis, Former CIO, Massachusetts and President of American Association of Motor Vehicle Administrators)

Track 5: Balancing Interests Going Forward (facilitated by Professor Michael Froomkin, University of Miami School of Law)

In addition, there will be a section of the web site called What is Real ID? This is where we'll house the background information on the Act itself.

While you are encouraged to register and participate from the start of this event, we will be accepting new participants throughout the week. Again, to find out more information and to register for this free program, please see http://ecitizen.mit.edu/realid.html. We sincerely hope you will join us for this important and timely event.

My track won't actually get under way until Wednesday, but it all promises to be interesting and informative.

"The cutest puppy pianist on the planet"

The recent bombings presumably will only strengthen the British government’s current effort to mandate national ID cards. The good people at eclectech, though, have now brought us the ultimate musical (and flash) commentary on the UK’s national ID card effort:The Very Model of a Modern Labour Minister. Go there now.

Stefan Brands's "Identity Corner"

The Identity Corner is a new blog by Stefan Brands, who is one of the top applied cryptographers in the world, yet also a very fluent writer on the social policy implications of cryptographic systems.

Brands’s book, Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy remains one of the best works on digital certificates and the policy questions that surround them.

I’m sure this will be interesting for anyone who cares about the technological version of ‘identity politics’.

The (Alleged) Dark Side of Google

Speaking of Google, here’s an interesting if (so far) overwrought item on The Dark Side of Google: as it puts books online it will not only know what you search for but what you read…one search history to rule them all and in the DB bind them…

Hiibel Loses 5-4 On Narrowest Grounds

Hiibel lost today, 5-4, but on narrower grounds than you’d guess from reading the case summary which says baldly that he lost on both 4th and 5th Amendment grounds. It’s pretty much a disaster on the 4th, but the 5th is only a part disaster. Most importantly, the Court punted on the issue of whether the 5th Amendment would apply if the suspect really had something to hide. Justice Kennedy’s majority opinion says that since Hiibel had not only nothing to hide but no reason to think he did, he can’t take the 5th.

Of course there’s a catch-22 there: if you can only assert the 5th when you are guilty, or near guilty, or reasonably fearful you are guilty, that suggests the cops ought to be investigating you, which pretty much undermines the privilege.

But at least the issue survives, however mangled, for another day.

The dissents are here and here.

One down, six to go….

Update: I forgot to mention that although the media will say the case states that “police can require IDs” what it actually states is that legislatures can require suspects to tell police their names (not ‘show ID’—the majority states that the statute at issue is satisfied by an oral statement) when the police have a reasonable suspicion that a crime has been committed, the person is relevant, and are investigating it. The distinction will undoubtedly be lost on the ground, and erased by subsequent cases, but it’s there for now.

ID Standards: the Trans-National Dimension

Here’s the 2-page outline of the talk I gave today at the seminar on ID cards and human rights.

Serious human rights issues can arise if foreign adopters of US technologies intend to use them in harmful ways. Even if the US were to adopt an ID requirement that was hedged with sufficient legal safeguards that it did not harm human rights values, the same technologies might be subject to abuse elsewhere. Thus, any US decision to impose ID requirements on visitors will in effect export US data collection requirements to foreign governments. In addition to creating incentives to build domestic ID card regimes where these do not already exist, the creation of a defacto standard will favor particular technologies making it more likely that these are adopted elsewhere.

I do not believe that ID cards are inherently incompatible with democratic values and human rights. Many countries in Europe have national ID systems, and while there have been accounts in which misuse of these government databases figured, it would be very hard to say that data misuse is more common in Europe than, say, in the US–which at present does not have ID cards; if anything I suspect the contrary may be true since Europe is now committed in principle to a system of data protection (even if the practice is somewhat more porous than the principle might suggest).

The debate over ID cards both at home and trans-nationally needs to take careful account of how cards relate to other types of deployed sensors, and how the data collected is stored in databases.

As our ability to collect, store, collate, search and cross-reference data increases both the potential benefits and the potential costs of a national ID regime grow. Among the serious costs is the potential for misuse. This potential is higher in countries that do not have well-developed policies for data protection, and highest in those that lack mechanisms to ensure the protection of human rights generally – or which actively are not interested in human rights. Thus, even if we can design a domestic system that gives us more of the benefits and fewer of the costs, we should also be sensitive to the spillover effects of what we are building.

For example, if the United States (or any other large economy such as the EU) were to start requiring biometric identifiers from foreign visitors, this will set a de facto international standard. Millions of people travel to the US every year. Thus, there will be a strong incentive abroad to conform when possible to US requirements. In the case of ID information, if we are going to require visitors to the US have verifiable records available in order to issue them a temporary ID card, this creates pressure on foreign governments and markets to have that data available in the form we demand. Currently that requirement is satisfied for some visitors by passports; but for many it also requires a visa and the US plans to require increased data from all visitors in the near future.

If the US requires historic biometric data, that creates pressure on foreign countries to integrate that into both new and existing domestic identification regimes in order to make it easier for their citizens to travel to the US. But even if US consular employees or their agents just take a biometric reading at the time of issuing a visa, that has substantial implications for how foreign governments will act domestically.

Second, and as important, whatever system the US adopts creates an industry to serve it. The prices of technologies that meet the US’s requirements drop relative to alternatives because the technology is proven, in use, and may benefit from economies of scale and even a ‘halo effect’ due to approval by the US. Consequently similar technologies are more likely to be adopted abroad simply because they will tend to appear cost-effective compared to alternatives. (Biometrics would not be the first time the US government has tried to use market power to set defacto standards for new technologies. This is exactly the strategy the government attempted, unsuccessfully with the Clipper chip. The major difference between the scenarios is that Clipper required adoption by the private sector as an initial matter to become a standard; here, as the governments have a monopoly on border control, it can set the standard more or less unilaterally)

Two conclusions flow from this short sketch, one obvious the other maybe less so.

1. Any US decision to adopt a biometric identifier for foreign visitors needs to be evaluated not just in terms of how it may meet whatever domestic US needs we are trying to satisfy, but also against the worst-case uses we can imagine in the hands of repressive regimes.

In particular, one needs to be sensitive to how the information, or more likely the requirement that the information be provided, could be used by repressive governments. An effective biometric system – at present still something of a hope rather than a reality – could be used to deny people employment on political grounds, to track movements and political associations. Combined with other architectures of control it can be used to prevent anonymous online speech, create dossiers of ‘reliability’, and even – in the really wrong hands – round people up. All of these things are possible without a strong ID system, but an ID system, especially one backed by reliable biometrics, makes them easier.

2. There are three reasons why any requirement we impose on visitors to the US substantially increases the chance that similar requirements will form part of a US domestic ID system in fairly short order:

● One of the most difficult – even intractable – issues in designing a domestic ID card system is how to integrate temporary visitors into the system. Collecting large amounts of data at or before the border goes a very long way to solving this problem.
● Just as foreign countries will find the technologies used at the US border to be cheaper and proven, so too with any plan to build a biometrically based domestic infrastructure.
● If the US imposes biometric ID requirements on foreigners, then other governments are certain to retaliate by returning the favor. This creates an incentive for the US to have a domestic infrastructure which makes it easy for US citizens to travel to those countries…and the circle is complete.

ID Cards At Their Worst

The biggest trouble with national ID cards is that if you have an evil government, they make bad things easier.

Shanghai monitors Internet cafes: SHANGHAI’S INTERNET cafes and bars are being plagued with video cameras and hi-tech logging software, put in place by authorities to make absolutely certain no “forbidden sites” are viewed.

According to yahoo.com and the Shanghai Daily newspaper, Yu Wenchang from the Shanghai Culture, Radio and TV Administration said monitoring will begin in all 1,325 of Shanghai’s geek centres by the end of June.

Banned websites include both pornographic sites and sites with “superstitious content,” such as Falun Gong, the site of a spiritual group.

A number of people have already been sent to prison for downloading and uploading banned material, and it looks like with the new system in place even more will get busted.

The newspaper report also says that all people in Internet cafes will now have to enter the number on an identification card, as proof that they are over 16 years of age. Cafes allowing underage users to surf the web will be fined at first, and if caught again they will have their licenses revoked.

It doesn’t follow from this, necessarily, that ID cards make bad government more likely, or that they necessarily have the same bad effects under decent governments.

I’m certainly prepared to believe that if you have a government that wants to engage in thought control, you have much bigger problems than a little card. On the other hand, governments and indeed everyone, tend to go for what’s cheap and easy. If an ID card regime makes some choices cheaper and easier than they were formerly, surely it increases the odds that people will advocate them?

Schneier: National ID is Single Point of Failure for Security

Security Guru Bruce Schneier (who wrote the book that was my intro to serious crypto) argues in an op-ed that A National ID Card Wouldn’t Make Us Safer primarily because the GIGO problem for the data we’d use to issue the card makes it near worthless as a security device. What’s worse, he says, a national ID card becomes a single point of failure for security if people trust it.

I agree about the GIGO problem (everyone serious does too as far as I can tell). And I agree that the ID cards have about no value as an anti-terrorism tool, although that’s where the political push is coming from (their real virtues if they exist, are elsewhere). And I’ve argued before that over-reliance could be a problem in other ways, but didn’t make the single-point-of-failure argument. May have to add that to the list…

National ID Card Issues in a Nutshell

Here’s a story that implicates a vast number of the isses about national ID cards all in one debate. Florida’s own Gov. Bush lobbies for drug-tracking database.

The stated goals for this propsal are pretty laudable: to crack down on prescription drug abuse, e.g. the Rush-style doctor shopping.

The actual details of the proposal make it clear that the project has no chance of achieving its stated goals, since participation by pharmacists and doctors will be optional. If you are a pill mill, you won’t play. Plus, it won’t provide answers in real time, and will use old data, so it won’t be very effective in the best of circumstances. (Sounds pretty boondoggle-like … these are solved problems.)

No one knows what it will cost or how to pay for it.

The proponents are trying to push it through the legislature in a rush.

So far, this is all pretty standard for all too many ID card proposals.

Bonus Florida angle: if the proposal does make it through the legislature, it will be open to attack on the grounds that the legislature is now functus officio.

UK Moves Closer to ID Cards

Wendy Grossman summarizes the UK’s lurch towards national ID cards in A national database or 60,000 more policemen:

the expectation is that legislation to create the national database whose physical manifestation will be a national identify card will be upon us in a matter of weeks, and it’s a good idea to be ready in case they don’t give us much time to comment. Though there may not be much to comment on.

If the Children Bill is any guide (see particularly Part II, Section 8), national identity card legislation will follow the trend to be completely vague and put off all the important nuts and bolts into regulations – secondary legislation that can be passed with minimal debate. The Childrens Bill, by the way, creates a national database of all children under 18. In other words, we can vote down the national database/identity card now, but in 20 years being numbered and tracked will seem normal to emergent adults.

There’s lots more, too.

Meet Dudley Hiibel

I’m going to be writing in detail about this case, so I will put off blogging about it until I have my ideas sorted, but let me just say for now that Hiibel v. Sixth Judicial District Court of Nevada, Humboldt County looks to be a major, major privacy/civil liberties case.

Update: Howard Dean on ID Cards: Not So Bad, but Not So Good

Larry Lessig, a member of the Dean Net Advisory Net, responds to the news article that inspired my item Howard Dean on ID Cards: Bad. Bad. Bad. with what declan doesn’t get (how to read). In it Larry points to the full text of Dean’s talk (starts at page 10).

Larry, like the first commentator on the earlier item, also points to the Register’s timely reminder that the source of this report has a very bad track record for carelessly sliming Democrats on tech issues. Fair enough.

Indeed, the full text of Dean’s speech isn’t as bad as the news account made it sound. It does contain many nods towards privacy rights. And it actually makes a point I agree with — the current privacy baseline is low, as we’ve ceded a lot of privacy already. Having said that, though, it does seem to me that this speech is fairly described as a strong endorsement of ubiquitious smart card readers (not mandatory, just standards-driven) for PCs in order to create a world in which communications are better authenticated, and access to information can be more properly rationed (e.g. age restrictions). Would that be a better world? I have my doubts. Is it a likely world? Alas, yes. Could it be implemented in ways that are more or less evil? Absolutely, and I’ll have lots to say about that in coming months.

Here are what I see as the key parts of Dean’s speech:

And any PC or desktop can anonymously be used to launch an attack with far more devastating consequences than we’ve ever witnessed.

September Eleventh was a wake-up call to increase the level of security at critical points in our public infrastructure such as airports.

Now we must focus on the perimeter — the desktop, the laptop and the PC. This cannot wait. In recent weeks, even Microsoft has declared that the security of the PC is a critical issue —- right now. Thousands of Microsoft engineers have been re-assigned from other projects to the PC security detail.

It is time to take a serious look at hardware and smart-card based solutions.

I believe that the states — and therefore you — will lead the way in the discovery and implementation of greater digital security. Some of you have already begun this process.

States can move faster than the federal government to ensure that employees accessing the state’s network are indeed who they say they are – and that they are doing legitimate business.

…

We must tighten driver’s license standards among the states. Fortunately, this work has already begun, led by the American Association of Motor Vehicle Administrators’ Task Force on ID Security.

Beyond that, we must move to smarter license cards that carry secure digital information that can be universally read at vital checkpoints.

And we must include new security features to provide ever-greater protection against counterfeiting.

Issuing such a card would have little effect on the privacy of Americans. I understand that you will be discussing privacy issues at a later workshop in this important conference —- but let’s take a moment to look at privacy in America today.

In many ways, privacy is the new urban myth.

…

So, is the answer to create an Orwellian Ministry of Information? No. It’s about creating safe passage through a free but threatened life.

We will not, and should not, tolerate a call to erode privacy even further —- far from it.
Americans can only be assured that their personal identity and information are safe and protected when they are able to gain more control over this information and its use.

Again, this points to Smart Card adoption and development of card readers that limit information access but also confirm it —- when appropriate.

The same Smart Card that confirms that a person is a registered voter can also be used to validate age in a liquor store.

The Smart Card owner may decide to put her medical information into the card database, which can be accessed by an Emergency Medical Technician with a universal authorization code. That EMT can learn the blood type and complete medical history of an unconscious accident victim. The beauty of the Smart Card is that the liquor store doesn’t know anything but age, and the hotel doesn’t know about non-hotel purchases, and the state knows nothing about any of it.

On the Internet, this card will confirm all the information required to gain access to a state network — while also barring anyone who isn’t legal age from entering an adult chat room,
making the internet safer for our children, or prevent adults from entering a children’s chat room and preying on our kids.

…
My view is that the technology is here but that Americans are reluctant to adopt it. It’s time
to overcome our fears. It’s time to get interested.
…
Many new computer systems are being created with card reader technology. Older computers can add this feature for very little money.

While not a call for mandatory smart card readers, it’s certainly an endorsement of them, and a suggestion that we’d be better off if they were ubiquitious.

As I noted above, I’ll have much more to say about this in a month or two, when I re-draft my paper on ID cards.

Meanwhile, having more facts, I now think the headline on the original item was too negative.

Howard Dean on ID Cards: Bad. Bad. Bad.

Howard Dean’s (19 month old) ‘smart ID’ plan is not very smart at all.

Maybe someone could ask one of these Dean Net Advisory Net guys about it if one should happen to see them.

Actually, when I first heard about it I was very enthusiastic about the idea of the “Net Advisory Net,” a sort of open source advisory group. But has it actually done anything? Or is it window dressing?

Update: Having now been directed to the text of Dean’s speech, I think this was a little harsh. I should have said Howard Dean on ID Cards: Not So Bad, but Not So Good.