Topic: Telecom, Internet & Information Policy

Rumors that the UK Will Abandon National ID

Via SecureID News, politics.co.uk reports on speculation that incoming Prime Minister Gordon Brown will abandon the UK’s national identification card scheme.

Back-handed encouragement for that has come in an open letter to Brown from Conservative shadow home secretary David Davis:

As chancellor you already bear responsibility for the £58 million of taxpayers money wasted on this expensive white elephant… .Experts in the field warn that, far from making us more secure, ID cards risk making us less safe. By clustering a mass of personal information in one place, ID cards will make us a prize target for hackers, fraudsters and terrorists.

Almost a year ago, the Sunday Times reported on leaked emails showing that the UK national ID scheme is in collapse. Much like the U.S. scheme is now.

Phil Bond Doesn’t Understand Security

Here’s an interesting Washington Technology article on the security issues that would be created by implementing the REAL ID Act. Complying with the law would require states to create huge, nationally accessible databases of information about all licensed drivers and ID card-holders. Computer security guru Bruce Schneier, chief technology officer at BT Counterpane Internet Security, is quoted, saying “Computer scientists don’t know how to keep a database of this magnitude secure.”

The really striking quote from the article, though, goes to a different kind of security: security against terrorist attacks. Information Technology Association president Phil Bond is quoted in a statement on the REAL ID Act:

“Today’s system is the system that helped to bring us the terrorist attacks of Sept. 11, 2001,” said Phil Bond, ITAA president, in the statement. “We know the problem, and we have the technology to fix it.”

How many different ways has Bond gotten security wrong? I can’t list them all, but …

The first is the implied causal relationship between our present-day ID card system and terror attacks. There are many causes of terrorism and terrorist attacks - Ron Paul recently stirred the Republican pot by suggesting they include an interventionist foreign policy. To respond to the literal import of Bond’s statement: the ID system in our country did not cause weak groups elsewhere to adopt the strategy of terrorism. Our current ID and licensing system did not “bring us” the terrorist attacks of September 11, 2001.

But Bond was making purposeful use of inaccurate language. His implication is that the current driver licensing system is so lacking in security measures that it can be treated as an equivalent to a real cause of terrorist attack. This is where Bond’s security ignorance shines like a beacon.

For all the benefits they provide, including a modicum of security, identity systems provide almost no security against committed opponents like terrorist organizations, criminal enterprises, or even hardened criminals. In my book Identity Crisis: How Identification is Overused and Misunderstood, I show how identity acts as an economic and social glue. It brings people together for all kinds of transactions, and it holds them together if and when things go wrong. But I also show how breakable this glue is. Identity does not reveal intention.

People who have studied identity and security know that you can’t extrapolate from the use of identity in every-day transactions to the use of identity in counter-terrorism. Commited bad actors will defraud, inflitrate, or corrupt card issuing systems, or create fraudulent identity documents directly - to say nothing of simply avoiding targets that are controlled by identification checks. (That’s not a big improvement in security. There are far more uncontrolled targets than controlled targets.)

Evidently, Phil Bond is not someone who has studied identity and security, which is a shame given that he is the highly regarded leader of a significant technology-industry trade association.

I’ll Take the Frying Pan over the Fire

Via Ars Technica, here’s a Quad-Cities Online report on the state of Illinois using $1 million in taxpayer dollars to fund litigation in support of an unconstitutional ban on video game violence. The money was taken from other budget areas, including public health, welfare, and economic development.

The ideal would be to give the money back to taxpayers. It rightly belongs to them. But given the choice between using the funds to erode free speech rights or using them to support the welfare state, I’ll take the welfare state.

Announcing: Harper’s Law

Mine is a simple — dumb, even — adaptation of Metcalfe’s Law.

“The security and privacy risks increase proportionally to the square of the number of users of the data.”

— First quoted in this eWeek article about the electronic employment verification system included in the current immigration bill.

(I actually suspect that Briscoe’s et al’s refinement of Metcalfe’s law is more accurate, but that’s just so complicated.)

Patent Rent-Seeking

When I worked in Cato’s DC offices a couple of years ago, I always found it kind of depressing to go to lunch on K Street and see thousands of smart, attractive young men and women crowded around me, the vast majority of whom worked as lobbyists. They were people who otherwise might have been entrepreneurs, journalists, accountants, or doctors, creating wealth and improving society. But instead, they were enticed by the fat paychecks to come to Washington, where their talents are devoted to finding clever ways to enrich their clients at the expense of taxpayers and consumers.

I had a similar sinking feeling when i read this article (via Techdirt) about the flood of young scientists and engineers who are leaving the lab for careers as patent lawyers:

Demand for these specialists is being driven by an explosion in patent applications in recent years and a growing need for lawyers to protect old patents or challenge new ones. The U.S. Patent Office estimates 450,000 patent applications will be filed this year, up from about 350,000 five years ago.

Law professors say they’re seeing more students with strong science backgrounds make the leap to law, where recruiters are snapping them up.

For at least some students who might otherwise gravitate toward a science career, the promise of much bigger paydays is a powerful lure. Others say the opportunities in academia are not as certain as they once were.

“It’s an exciting area of legal practice right now,” said University of Pennsylvania law professor R. Polk Wagner. “Every year I see more and more people coming into law school with technical backgrounds.”

“It almost scares me,” said Wagner, whose proteges include Weathers. “Who’s left in the lab?”

Who indeed?

Now, I believe that some degree of patent protection is beneficial, especially for capital-intensive fields like pharmaceuticals. But we are now far past the point where the marginal patent, or patent lawyer, spurs economic growth. Quite the contrary, in recent years, the patent office has lowered patent standards so much that for the most part, obtaining and litigating over patents has become little more than a form of rent-seeking. A company obtains a patent that covers a broad category of innovation and then uses it to blackmail other companies that have succeeded in the marketplace.How else do we explain a company with no products winning a $612 million settlement from the company that pioneered wireless email? Or the company that pioneered Internet telephony fighting for its life against Verizon, a company that’s not exactly known for its innovative Internet applications? I could bore you to tears with examples of attempts to extort money from productive companies using the patent system. Every single one of those controversies was carried out by bright, ambitious individuals like those in the USA Today article, being paid six-figure salaries to find ways to obtain advantages in the courtroom where they weren’t able to prevail in the marketplace.

The Supreme Court’s recent Teleflex decision should reduce this problem somewhat by raising the bar for patent obviousness. But more fundamental reforms are needed as well. For a start, we should be asking whether certain categories of innovation require patent protection at all. Software and business methods are two obvious choices. Neither category was eligible for patent protection before the late 1980s, and there was certainly no shortage of innovative new software or business models during that time period.