Page 17 of 27
Cryptographer Stefan Brands has a new company, Credentica, that allows people to disclose personal information while maintaining privacy and minimizing the threat of identity theft.
I know Stefan; he’s good. The cryptography behind this system is almost certainly impeccable. I like systems like this, and I want them to succeed. I just don’t see a viable business model.
I’d like to be proven wrong.
Many people say that allowing illegal aliens to obtain state driver’s licenses helps them and encourages them to remain illegally in this country. Michigan Attorney General Mike Cox late last year issued an opinion that licenses could be issued only to legal state residents, calling it “one more tool in our initiative to bolster Michigan’s border and document security.”
In reality, we are a much more secure nation if we do issue driver’s licenses and/or state IDs to every resident who applies, regardless of immigration status. Issuing them doesn’t make us any less secure, and refusing puts us at risk.
The state driver’s license databases are the only comprehensive databases of U.S. residents. They’re more complete, and contain more information – including photographs and, in some cases, fingerprints – than the IRS database, the Social Security database, or state birth certificate databases. As such, they are an invaluable police tool – for investigating crimes, tracking down suspects, and proving guilt.
Removing the 8 million-15 million illegal immigrants from these databases would only make law enforcement harder. Of course, the unlicensed won’t pack up and leave. They will drive without licenses, increasing insurance premiums for everyone. They will use fake IDs, buy real IDs from crooked DMV employees – as several of the 9/11 terrorists did – forge “breeder documents” to get real IDs (another 9/11 terrorist trick), or resort to identity theft. These millions of people will continue to live and work in this country, invisible to any government database and therefore the police.
Assuming that denying licenses to illegals will make them leave is head-in-the-sand thinking.
Of course, even an attempt to deny licenses to illegal immigrants puts DMV clerks in the impossible position of verifying immigration status. This is expensive and time-consuming; furthermore, it won’t work. The law is complicated, and it can take hours to verify someone’s status only to get it wrong. Paperwork can be easy to forge, far easier than driver’s licenses, meaning many illegal immigrants will get these licenses that now “prove” immigrant status.
Even more legal immigrants will be mistakenly denied licenses, resulting in lawsuits and additional government expense.
Some states have considered a tiered license system, one that explicitly lists immigration status on the licenses. Of course, this won’t work either. Illegal immigrants are far more likely to take their chances being caught than admit their immigration status to the DMV.
We are all safer if everyone in society trusts and respects law enforcement. A society where illegal immigrants are afraid to talk to police because of fear of deportation is a society where fewer people come forward to report crimes, aid police investigations, and testify as witnesses.
And finally, denying driver’s licenses to illegal immigrants will not protect us from terrorism. Contrary to popular belief, a driver’s license is not required to board a plane. You can use any government-issued photo ID, including a foreign passport. And if you’re willing to undergo secondary screening, you can board a plane without an ID at all. This is probably how anybody on the “no fly” list gets around these days.
A 2003 American Association of Motor Vehicle Administrators report concludes: “Digital images from driver’s licenses have significantly aided law enforcement agencies charged with homeland security. The 19 (9/11) terrorists obtained driver licenses from several states, and federal authorities relied heavily on these images for the identification of the individuals responsible.”
Whether it’s the DHS trying to protect the nation from terrorism, or local, state and national law enforcement trying to protect the nation from crime, we are all safer if we encourage every adult in America to get a driver’s license.
This op ed originally appeared in the Detroit Free Press.
Seems the UK government has plans to coerce its citizens into a national ID database. Actual pdf document is here, and hopefully mirrored elsewhere.
They’re checking IDs more carefully, looking for forgeries:
Black lights will help screeners inspect the ID cards by illuminating holograms, typically of government seals, that are found in licenses and passports. Screeners also are getting magnifying glasses that highlight tiny inscriptions found in borders of passports and other IDs. About 2,100 of each are going to the nation’s 800 airport checkpoints.
The closer scrutiny of passenger IDs is the latest Transportation Security Administration effort to check passengers more thoroughly than simply having them walk through metal detectors.
[…]
More than 40 passengers have been arrested since June in cases when TSA screeners spotted altered passports, fraudulent visas and resident ID cards, and forged driver’s licenses. Many of them were arrested on immigration charges.
ID checks have nothing to do with airport security. And even if they did, anyone can fly on a fake ID. And enforcing immigration laws is not what the TSA does.
In related news, look at this page from the TSA’s website:
We screen every passenger; we screen every bag so that your memories are from where you went, not how you got there. We’re here to help your travel plans be smooth and stress free. Please take a moment to become familiar with some of our security measures. Doing so now will help save you time once you arrive at the airport.
I know they don’t mean it that way, but doesn’t it sound like it’s saying “We know it doesn’t help, but it might make you feel better”?
And why is this even news?
So Jason—looking every bit the middle-aged man on an uneventful trip to anywhere—shows a boarding pass and an ID to a TSA document checker, and he is directed to a checkpoint where, unbeknown to the security officer on site, the real test begins.
He gets through, which in real life would mean a terrorist was headed toward a plane with a bomb.
To be clear, the TSA allowed CNN to see and record this test, and the agency is not concerned with CNN showing it. The TSA says techniques such as the one used in Tampa are known to terrorists and openly discussed on known terror Web sites.
Also relevant: “Confessions of a TSA Agent“:
The traveling public has no idea that the changes the TSA makes come as orders sent down directly from Washington D.C. Those orders may have reasons, but we little screeners at a screening checkpoint will never be told what the background might be. We get told to do something, and just as in the military, we are expected to make it happen—no ifs, ands or buts about it. Perhaps the changes are as a result of some event occurring in the nation or the world, perhaps it’s based on some newly received information or interrogation. What the traveling public needs to understand the necessity for flexibility. If a passenger asks us why we’re doing something, in all likelihood we couldn’t tell them even if we really did know the answer. This is a business of sensitive information that is used to make choices that can have life changing effects if the information is divulged to the wrong person(s). Just trust that we must know something that prompts us to be doing something.
I have no idea why Kip Hawley is surprised that the TSA is as unpopular with Americans as the IRS.
EDITED TO ADD (1/30): The TSA has a blog, and Kip Hawley wrote the first post. This could be interesting….
EDITED TO ADD (1/31): There is some speculation that the “Confessions of a TSA Agent” is a hoax. I don’t know.
Almost three years ago I blogged about SmartWater: liquid imbued with a uniquely identifiable DNA-style code. In my post I made the snarky comment:
The idea is for me to paint this stuff on my valuables as proof of ownership. I think a better idea would be for me to paint it on your valuables, and then call the police.
That remark aside, a new university study concludes that it works:
The study of over 100 criminals revealed that simply displaying signs that goods and premises were protected by SmartWater was sufficient to put off most of the criminals the team interviewed.
Professor Gill said: “According to our sample, SmartWater provided a strong projected deterrent value in that 74 per cent of the offenders interviewed reported that they would in the future be put off from breaking into a building with a SmartWater poster/sign displayed.
“Overall, the findings indicate that crime reduction strategies using SmartWater products have a strong deterrent effect. In particular, one notable finding of the study was that whilst ‘property marking’ in general acts as a reasonable deterrent, the combination of forensic products which SmartWater uses in its holistic approach increases the deterrent factor substantially.”
When scored out of ten by respondents in regard to deterrent value, SmartWater was awarded the highest average score (8.3 out of a score of 10) compared to a range of other crime deterrents. CCTV scored 6.2, Burglar Alarms scored 6.0 and security guards scored 4.9.
Of course, we don’t know if the study was sponsored by SmartWater the company, and we don’t know the methodology—interviewing criminals about what deters them is fraught with potential biases—but it’s still interesting.
Also note that SmartWater is not only sprayed on valuables, but also sprayed on burglars and criminals—tying them to the crime scene.
Investigative report on passport fraud worldwide.
Six years after 9/11, an NBC News undercover investigation has found that the black market in fraudulent passports is thriving. On the streets of South America, NBC documented the sale of stolen and doctored passports, and travel papers prized by terrorists: genuine passports issued under false names. For a few thousand dollars, an undercover investigator was able to purchase several entirely new identities from organized criminal networks with access to corrupt government employees. The investigator obtained passports from Spain, Peru, and Venezuela and used the Peruvian and Venezuelan passports to travel widely in the Western Hemisphere, with practically no scrutiny.
I just did a Q&A on the Freakonomics blog. Nothing regular readers of this blog haven’t heard before, but it was fun all the same. There’s also a Slashdot thread on the Q&A.
I didn’t write about this story at first because we’ve seen it so many times before: a disk with lots of personal information is lost. Encryption is the simple and obvious solution, and that’s the end of it.
But the UK’s loss of 25 million child benefit records—including dates of birth, addresses, bank account information, and national insurance numbers—is turning into a privacy disaster, threatening to derail plans for a national ID card.
Why is it such a big deal? Certainly the scope: 40% of the British population. Also the data: bank account details; plus information about children. There’s already a larger debate on the issue of a database on kids that this feeds into. And it’s a demonstration of government incompetence (think Hurricane Katrina).
In any case, this issue isn’t going away anytime soon. Prime Minister Gordon Brown has apologized. The head of the Revenue and Customs office has resigned. More is certainly coming.
And this is an easy security problem to solve! Disk and file encryption software is cheap, easy to use, and effective.
The “War on the Unexpected” is being fought everywhere.
In Australia:
Bouncers kicked a Melbourne man out of a Cairns pub after paranoid patrons complained that he was reading a book called The Unknown Terrorist.
At the U.S. border with Canada:
A Canadian firetruck responding with lights and sirens to a weekend fire in Rouses Point, New York, was stopped at the U.S. border for about eight minutes, U.S. border officials said Tuesday.
[…]
The Canadian firefighters “were asked for IDs,” Trombley said. “I believe they even ran the license plate on the truck to make sure it was legal.”
In the UK:
A man who had gone into a diabetic coma on a bus in Leeds was shot twice with a Taser gun by police who feared he may have been a security threat.
In Maine:
A powdered substance that led to a baggage claim being shut down for nearly six hours at the Portland International Jetport was a mixture of flour and sugar, airport officials said Thursday.
Fear is winning. Refuse to be terrorized, people.
Synthetic identity theft is poised to become a bigger problem than regular identity theft:
Unlike traditional identity thieves, who purloin people’s information to get loans or make purchases, fraudsters like Mr. Rose mix legitimate and phony data to create synthetic identities. This kind of fraud doesn’t usually directly affect consumers. The big losers are banks, which get stuck with loan defaults and unpaid credit-card bills that identity thieves leave behind.
Actually, real people do get harmed:
The men paired fake names with Social Security numbers of real people. Adam Gregory, the purported Las Vegas resident, had the Social Security number of a real California resident.
The conspirators needed addresses for their synthetic identities and for a dozen or so shell companies that helped to facilitate the scam. Eventually they rented 200-odd apartments in 14 states. They kept binders of data in their Phoenix headquarters to keep the details straight.
The duo acquired business licenses, usually online, for the dummy businesses. A few had real offices with furniture; others rented “virtual” office space. After Messrs. Rose and Newton triggered the credit bureaus to set up no-hit files for their synthetic identities, their shell companies fed false data to credit bureaus.
More here.
Sidebar photo of Bruce Schneier by Joe MacInnis.