Tag: privacy

Idaho May Implement REAL ID—by Mistake

Ten years ago, Idaho came out strongly against the REAL ID Act, a federal law that seeks to weave state driver licensing systems into a U.S. national ID. But Department of Homeland Security bureaucrats in Washington, D.C., have been working persistently to undermine state resistance. They may soon enjoy a small success. A bill the Idaho legislature sent to the governor Friday (HB 513) risks putting Idahoans all the way in to the national ID system.

Idaho would be better off if the legislature and Governor Butch Otter (R) continued to refuse the national ID law outright.

Idaho’s government was clear about the federal REAL ID Act in 2008. The legislature and governor wrote into state law that the national ID law was “inimical to the security and well-being of the people of Idaho.” They ordered the Idaho Transportation Department to do nothing to implement REAL ID.

Since then, the DHS has threatened several times to prevent people living in non-compliant states from going through TSA checkpoints at the nation’s airports. The DHS has always backed down from these threats—the feds would get all the blame if DHS followed through—but the threats have done their work. Compliance legislation is on the move in a number of states.

One of those states is Idaho, where that bill with Governor Otter would call for compliance with the REAL ID Act’s requirements “as such requirements existed on January 1, 2016.” That time limitation is meant to keep Idahoans out of the nation-wide database system that the REAL ID Act requires. But the bill might put Idahoans into the national ID system by mistake.

When the original “REAL ID Rebellion” happened with Idaho at the forefront, DHS was under pressure to show progress on the national ID. DHS came up with a “material compliance checklist,” which is a pared-back version of the REAL ID law. Using this checklist, DHS has been claiming that more and more states are in compliance with the national ID law. It is a clever, if dishonest, gambit.

Practical state legislators in many states have believed what the DHS is telling them, and they think that they should get on board with the national ID law or else their state’s residents will be punished. DHS is successfully dividing and conquering, drawing more power to Washington, D.C.

Rights in the Balance

The right to swing my fist ends where the other man’s nose begins.

The saying, it turns out, has some of its pedigree in Prohibition, during which the right to serve drinks was said to interfere with the rights of the family. But misapplication to “group rights” aside, it’s a phrase that captures our system of rights well. You are (or should be) free to do whatever you wish, so long as you don’t injure others in their rights.

You can see society hammering out the dividing line between rights in a case that produced a jury verdict last Friday: Hulk Hogan vs. Gawker. The provocative website published a mid-2000 video of the former wrestler and TV personality having sex with a friend’s wife. Hogan sued and won a verdict of $115 million, which Gawker will appeal.

The argument on Hulk’s side is that public exposure of a person’s intimate moments and bodily functions violates a right to privacy. The free speech argument is that a person has a right to broadcast and discuss anything he or she pleases.

These are both important rights. The privacy right is a little younger, having developed since about 1890. The free speech right pre-existed its 1791 acknowledgement in the Bill of Rights, so speech has a stronger heritage. But the dividing line will never be decided once and for all. Common practices and common mores will set and reset the line between these rights through accretion and erosion, the way a winding river divides a plain. That way of producing rules is very special: common law courts deciding in real cases what serves justice best.

Building the Bitcoin Ecosystem: Privacy Edition

Many in the Bitcoin community seek increased financial privacy. As I wrote in a 2014 study of the Bitcoin ecosystem, “Bitcoin can facilitate more private transactions, which, when legal in the jurisdictions where they occur, are the business of nobody but the parties to them.” That study identified “algorithmic monitoring of Bitcoin transactions” as a rather likely and somewhat consequential threat to the goal of financial privacy (pg. 18). It was part of a cluster of similar threats.

Good news: The Bitcoin community is doing something about it.

The Open Bitcoin Privacy Project recently issued the second edition of its Bitcoin Wallet Privacy Rating Report. It’s a systematic, comparative study of the privacy qualities of Bitcoin wallets. The report is based on a detailed threat model and published criteria for measuring the “privacy strength” of wallets. (I’ve not studied either in detail, but the look of them is well-thought-out.)

Reports like this are an essential, ecosystem-building market function. The OBPP is at once informing Bitcoin users about the quality of various wallets out there, and at the same time challenging wallet providers to up their privacy game. It’s notable that the wallet with the highest number of users, Blockchain, is 17th in the rankings, and one of the most prominent U.S. providers of exchange, payment processing, and wallet services, Coinbase, is 20th. Those kinds of numbers should be a welcome spur to improvement and change. Blockchain is updating its wallet apps. Coinbase, which has offended some users with intensive scrutiny of their financial behavior, appears wisely to be turning away from wallet services.

Bitcoin guru Andreas Antonopolis rightly advises transferring bitcoins to a wallet you control so that you don’t have to trust a Bitcoin company not to lose it. The folks at the Open Bitcoin Privacy Project are working to make wallets more privacy protective. Kudos, OBPP.

There’s more to do, of course, and if there is a recommendation I’d offer for the next OBPP report, it’s to explain in a more newbie-friendly way what the privacy threats are and how to perceive and weigh them. Another threat to the financial privacy outcome goal—ranked slightly more likely and somewhat more consequential than algorithmic monitoring—was: “Users don’t understand how Bitcoin transactions affect privacy.”

Minnesota to Become a National ID State?

When Congress passed the REAL ID Act, it hadn’t held a hearing to examine the merits and demerits—or practicalities—of instituting a U.S. national ID. Unworkable, the Chairman of the Senate Homeland Security Committee called it. In the U.S. House, REAL ID was attached to a must-pass military spending bill after the House vote on that bill. REAL ID wasn’t a shining example of democratic deliberation.

But REAL ID requires state cooperation. States must convert their driver licensing bureaus into arms of the U.S. Department of Homeland Security. This means that states may deliberate openly about whether databases of information about their residents should be poured into a national ID system. (This is a clear requirement from the statute. States that commit to REAL ID compliance now eventually must “[p]rovide electronic access to all other States to information contained in the motor vehicle database of the State.”)

Minnesota is a state where Department of Homeland Security bureaucrats have recently pressured elected officials to fall in line. And in Minnesota today a “Legislative Working Group on Real ID Compliance” will meet to discuss “possible compliance measures.” The chair of the group is Rep. Peggy Scott (R) and the alternate chair is Sen. Scott Dibble (DFL).

Now, the Minnesota legislature is moving pretty fast. Their governor appears to have been successfully buffaloed by the Department of Homeland Security. But at least there is an open meeting that Minnesotans and interested advocates can attend to inform the legislature.

So now the question can be joined: Will Minnesota’s elected officials put the state’s residents into a national ID system?

The web page on which this meeting is listed appears as though it will change. Other members of Minnesota’s “Legislative Working Group on REAL ID Compliance”—folks who will have a big say on whether Minnesota becomes a national ID state—are listed below.

The War against Cash, Part I

Politicians hate cash.

That may seem an odd assertion given that they love spending money (other people’s money, of course, as illustrated by this cartoon).

But what I’m talking about is the fact that politicians get upset when there’s not 100 percent compliance with tax laws.

They hate tax havens since the option of a fiscal refuge makes confiscatory taxation impractical.

They hate the underground economy because that means hard-to-tax economic activity.

And they hate cash because it gives consumers an anonymous payment mechanism.

Let’s explore the animosity to cash.

Is a ‘Non-Federal’ License Still a National ID?

The Department of Homeland Security has been pressuring state legislatures to implement our U.S. national ID law, the REAL ID Act. States are free to set their own policies because the DHS will always back down. But many state legislators don’t know that. They’re in a bind where they feel obligated to obey federal mandates, but they want to do right by the citizens of their states. Law-abiding Americans shouldn’t have to scrounge up long-lost identity documents, stand in line at DMVs, and see themselves entered into a national ID system just so they can carry a driver’s license.

So practical legislators are seeking that golden compromise, which the REAL ID Act seems to hold out. But watch your wallet, because a “non-federal” license may still be a national ID.

REAL ID permits the issuance of “non-federal” licenses and IDs. These can be issued without the many stringent, time-consuming, and annoying requirements of REAL ID. Such a card simply has to state clearly on its face that it may not be accepted by federal agencies for official purposes, and it must use unique designs or colors to indicate this.

But REAL ID also requires compliant states to give all other states access to the information contained in their motor vehicle databases. The law requires them to share all the data printed on the REAL ID cards, as well as driver histories, including motor vehicle violations, suspensions, and points on licenses.

That leaves an open question: Does the REAL ID Act require nationwide info-sharing on every licensee? Or just the licensees who carry REAL ID cards?

The question is important, because of the huge data security implications from exposing data about every driver to the motor vehicle bureau of every other state. A good reason to avoid REAL ID is to avoid the risk that a rogue DMV employee in any state can access the data of drivers in all the others. That’s a recipe for mass-scale identity fraud.

Drivers who are worried about identity fraud and their privacy should be able to opt out of this information sharing. While we’re at it, the privacy of security-conscious drivers could be protected if “non-federal” licenses came without the “machine-readable zone” that REAL ID requires. It allows easy collection of driver data and tracking with every swipe or scan of the card in a digital reader.

States should really resist REAL ID entirely. Congress should stop funding it and repeal the unnecessary and burdensome national ID law. But if there are to be “non-federal” IDs from compliant states, it would be nice if they offered Americans a way to opt out of the insecure information-sharing requirements in this national ID system.

What Is Real REAL ID Compliance?

This fall, the Department of Homeland Security and its pro-national ID allies staged a push to move more states toward complying with REAL ID, the U.S. national ID law. The public agitation effort was so successful that passport offices in New Mexico were swamped with people fearing their drivers’ licenses would be invalid for federal purposes. A DHS official had to backtrack on a widely reported January 2016 deadline for state compliance.

DHS continues to imply that all but a few holdout states stand in the way of nationwide REAL ID compliance. The suggestion is that residents of recalcitrant jurisdictions will be hung out to dry soon, when the Transportation Security Administration starts turning away travelers who arrive at its airport checkpoints with IDs from non-compliant states.