Update: Howard Dean on ID Cards: Not So Bad, but Not So Good

Larry Lessig, a member of the Dean Net Advisory Net, responds to the news article that inspired my item Howard Dean on ID Cards: Bad. Bad. Bad. with what declan doesn’t get (how to read). In it Larry points to the full text of Dean's talk (starts at page 10).

Larry, like the first commentator on the earlier item, also points to the Register's timely reminder that the source of this report has a very bad track record for carelessly sliming Democrats on tech issues. Fair enough.

Indeed, the full text of Dean's speech isn't as bad as the news account made it sound. It does contain many nods towards privacy rights. And it actually makes a point I agree with — the current privacy baseline is low, as we've ceded a lot of privacy already. Having said that, though, it does seem to me that this speech is fairly described as a strong endorsement of ubiquitious smart card readers (not mandatory, just standards-driven) for PCs in order to create a world in which communications are better authenticated, and access to information can be more properly rationed (e.g. age restrictions). Would that be a better world? I have my doubts. Is it a likely world? Alas, yes. Could it be implemented in ways that are more or less evil? Absolutely, and I'll have lots to say about that in coming months.

Here are what I see as the key parts of Dean's speech:

And any PC or desktop can anonymously be used to launch an attack with far more devastating consequences than we’ve ever witnessed.

September Eleventh was a wake-up call to increase the level of security at critical points in our public infrastructure such as airports.

Now we must focus on the perimeter — the desktop, the laptop and the PC. This cannot wait. In recent weeks, even Microsoft has declared that the security of the PC is a critical issue —- right now. Thousands of Microsoft engineers have been re-assigned from other projects to the PC security detail.

It is time to take a serious look at hardware and smart-card based solutions.

I believe that the states — and therefore you — will lead the way in the discovery and implementation of greater digital security. Some of you have already begun this process.

States can move faster than the federal government to ensure that employees accessing the state’s network are indeed who they say they are – and that they are doing legitimate business.

We must tighten driver’s license standards among the states. Fortunately, this work has already begun, led by the American Association of Motor Vehicle Administrators’ Task Force on ID Security.

Beyond that, we must move to smarter license cards that carry secure digital information that can be universally read at vital checkpoints.

And we must include new security features to provide ever-greater protection against counterfeiting.

Issuing such a card would have little effect on the privacy of Americans. I understand that you will be discussing privacy issues at a later workshop in this important conference —- but let’s take a moment to look at privacy in America today.

In many ways, privacy is the new urban myth.

So, is the answer to create an Orwellian Ministry of Information? No. It’s about creating safe passage through a free but threatened life.

We will not, and should not, tolerate a call to erode privacy even further —- far from it.
Americans can only be assured that their personal identity and information are safe and protected when they are able to gain more control over this information and its use.

Again, this points to Smart Card adoption and development of card readers that limit information access but also confirm it —- when appropriate.

The same Smart Card that confirms that a person is a registered voter can also be used to validate age in a liquor store.

The Smart Card owner may decide to put her medical information into the card database, which can be accessed by an Emergency Medical Technician with a universal authorization code. That EMT can learn the blood type and complete medical history of an unconscious accident victim. The beauty of the Smart Card is that the liquor store doesn’t know anything but age, and the hotel doesn’t know about non-hotel purchases, and the state knows nothing about any of it.

On the Internet, this card will confirm all the information required to gain access to a state network — while also barring anyone who isn’t legal age from entering an adult chat room,
making the internet safer for our children, or prevent adults from entering a children’s chat room and preying on our kids.

My view is that the technology is here but that Americans are reluctant to adopt it. It’s time
to overcome our fears. It’s time to get interested.

Many new computer systems are being created with card reader technology. Older computers can add this feature for very little money.

While not a call for mandatory smart card readers, it's certainly an endorsement of them, and a suggestion that we'd be better off if they were ubiquitious.

As I noted above, I'll have much more to say about this in a month or two, when I re-draft my paper on ID cards.

Meanwhile, having more facts, I now think the headline on the original item was too negative.

This entry was posted in ID Cards and Identification. Bookmark the permalink.