Topic: Telecom, Internet & Information Policy

April Fool’s Dud

Over the weekend, I put an April Fool’s Day post up on Tech Liberation Front, indicating a security breach in the NAPHSIS EVVE system.  It was almost instantaneously debunked by a commenter.  Thank you so much, blogosphere … .  The post was intended to illustrate some issues with identification-based security and the REAL ID Act.

The National Association for Public Health Statistics and Information Systems has developed and implemented the Electronic Verification of Vital Events system to allow immediate confirmation of the information on a birth certificate presented by an applicant to a government office anywhere in the nation irrespective of the place or date of issuance.

That sounds neat, but it is being incorporated into the REAL ID national ID system apparently without regard to the security issues involved. If we are going to use driver’s licenses for security purposes, each link in the chain of issuance is then a potential vulnerability.

What if the NAPHSIS EVVE system and others like it were compromised and made to confirm the issuance of birth certificates that didn’t actually exist? We could have untold numbers of licenses issued based on fraud. The system we have now, which provides a modicum of security, could collapse as fraudulently acquired driver’s licenses proliferate.

Two weeks ago, at the meeting of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, I asked Stewart Baker, Assistant Secretary for Policy at DHS, what counter-measures might be employed by attackers on the REAL ID national ID system. He said, “We have done some thinking about that …” I’m not sure our confidence should be inspired.

Every weakness in the system should be explored carefully. I summarized some of them in Appendix A of my testimony at the Homeland Security and Governmental Affairs Committee last week.

REAL ID, the Race Card

I testified in Congress yesterday, at a hearing on the REAL ID Act in the Senate Homeland Security and Governmental Affairs Committee’s Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia.  My testimony is here.

An issue that I sought to highlight comes from studying the REAL ID regulations carefully: The standard that the Department of Homeland Security selected for the 2D bar code that would go on REAL ID compliant cards includes race/ethnicity as one of the data elements. 

DHS does not specifically require inclusion of this information, but states are likely to adopt the entire standard.  Thus, starting in May 2008, many Americans may be carrying nationally uniform cards that include race or ethnicity in machine-readable formats – available for scanning and collection by anyone with a bar code reader.   Government agencies and corporations may affiliate racial and ethnic data more closely than ever with information about our travels through the economy and society.

This was not intended by the authors of the REAL ID Act, nor was it intended by the regulation writers at the Department of Homeland Security.  The Belgian colonial government in 1930s Rwanda had no intention to facilitate the 1994 genocide in that country either, but its inclusion of group identity in ID cards had that result all the same.

The woman in the image below, believed to be a genocide victim, is categorized as a Tutsi just below her photograph.  Her name is not seen, as it appears on the first page of this folio-style ID document.  The names of her four children, though, are written in on the page opposite the photo.

The lessons of history are available to us. The chance of something like this happening in the United States is blessedly small, but it is worth taking every possible step to avoid this risk, given an always-uncertain future.  In a society that strives for a color-blind ideal, the federal government should have no part in creating a system that could be used to track people based on race. 

 photo by Jerry Fowler, USHMM

Update on Hillary 1984

The mysterious creator of the Orwellian YouTube ad about Hillary Clinton has been unmasked. He is Philip de Vellis, a strategist with Blue State Digital, a digital consulting firm with ties to rival Sen. Barack Obama. The ad ended with a plug for Obama, but the Obama campaign had denied any knowledge of it. Blue State designed Obama’s website; the company fired de Vellis yesterday. And Democratic operative de Vellis was properly chastened: “I want to make it clear that I don’t think that Hillary Clinton is Big Brother or a bad person or anything.”

DHS Privacy Committee Meeting Tomorrow

The DHS Data Privacy and Integrity Advisory Committee meets tomorrow (Mar. 21) at the Crowne Plaza Washington National Airport in Arlington. 

The morning agenda is heavy on REAL ID, and we’ll hear from Jonathan Frenkel, a Senior Policy Advisor at DHS who was one of the key officials responsible for writing the recently issued regulations.

REAL ID News and Views

An interesting report says that at least one member of the Carter-Baker Commission would not have signed on to its recommendation to use REAL ID as a voter ID card had she known more about it.

Meanwhile, the Boston Globe editorializes against REAL ID, calling it “unrealistic.”

Greater safety is imperative. But given its flaws, the Real ID law should be scrapped. The country needs to invest more thought, time, debate, and money into how best to upgrade driver’s licenses.

Confidentiality

Washington University School of Law professor Neil Richards and George Washington University Law School professor Daniel Solove have an important new law review article out.  Privacy’s Other Path: Recovering the Law of Confidentiality is a useful reminder of a dimension of privacy apart from the privacy torts so famously inspired by Warren and Brandeis in their 1890 Harvard Law Review article.

Confidentiality is the idea that you can share information subject to restrictions on further disclosure and use.  There are often implicit understandings about how shared or mutually created information should be treated.  It’s an important point that’s been conveniently forgotten in government arguments for “data retention,” for example.  Confidentiality in the financial services sphere has been eviscerated by the Bank Secrecy Act and the Supreme Court cases that followed it, as well as Smith v. Maryland in the telecommunications context.

Richards and Solove’s work has its awkward turns - they characterize continental Europe’s focus on dignity and America’s focus on liberty as highly individualistic, while suggesting that confidentiality is ”based on the protection of relationships.”  If these characterizations are relevant at all, confidentiality can be seen just as much as a protection of individuals, the difference being that confidentiality is rooted more deeply in contract.  Small matter, though. 

Overall a good work, and an important reminder.

(HT: Schneier)