5/8: Robert Blake's Wife/Calif DMV

jimbobjoe · 05-20-2001, 11:23 PM

Hello all,

I specialize in driver's license privacy issues, and I just wanted to add my two cents really quickly.

First, one could easily defend that the national id infrastructure is already setup, and some states have adopted it, for more information, see http://www.aamva.org/aamvanet/standa...ndrd000630.pdf

I wrote this article a few weeks ago, perhaps it is an interesting way of discussing things. It was in the context of responding to someone who had said there was no point to fighting for privacy issues related to ID's.

____________________
"Personally, I don't think this [centralized governmental databases of
citizens' identifying information] is a truly worthy cause to fight for. The
way you have worded everything on your website is propaganda and you make it
sound like innocent people are going to be punished unfairly if they are
identified. I think these kinds of modern identification are very dependable
and useful in many areas, especially as criminals are becoming smarter. I
believe it is a waste of time to try and get people riled up over an issue
that is not of true danger to them, and that will probably benefit innocent
citizens because guilty parties cannot fake their identities if their DNA is
on file. People have nothing to fear...unless they are hiding something."

"Anonymous"

---------
May I take a few seconds to respond to Anonymous? Should it be "quote worthy" I encourage that it be posted to your list.

Perhaps you're right, after all, there is no mathematical proof that government will automatically take information on its citizens and use it for unsavory purposes. While we do have historical evidence that it almost always happens, we shall assume that modern democratic governments are much more serious about civil rights than their predecessors.

So lets discuss the meat of your response: controlling crime. You mention that criminals are getting smarter. I think that that is a defendable concept. But why should that be the case....? Is it the raising of the intelligence curve, or is the new opportunities available to them?

Identity theft is a crime that requires a lot of intelligence and cunning. Consider the fact that it's a crime that is relatively new. Have you ever read articles about people's identities being stolen fifty years ago? How about 25 years ago? Neither have I. In fact, it seems that identity theft is a new, and mostly American, phenomenon.

Let me give you an anecdote. Several months ago a person walked into an Ohio Savings Bank right here in Columbus. In their hand they had a fraudulent death certificate, a fraudulent will claiming that they were the executor the deceased's estate. Within minutes they cashed a life insurance policy and walked out with $60,000 in cash. I believe that the person has not been caught yet.

Most financial institutions these days tend to be pretty vigilant about checking and double checking identity. I'm sure he was asked to show a photographic ID. And of course, they double checked the Social Security Number on the death certificate to make sure it corresponded with the SSN on the life insurance policy.

And that's all they did. The name on the death certificate was wrong, the birthdate of the individual was wrong, the names of the parents of the individual were wrong, in fact, the only thing that was correct was the Social Security Number.

You can't blame the bank teller...their attitude was if the SSN was correct, then it all must be good, since it's so hard for a criminal to get the SSN in the first place.

Welcome to the world of cause and effect relationships--a world seemingly little understood by modern law enforcement. Perhaps another example will help you.

In 1992 the California DMV introduced their new driver's license...at that time probably the world's most sophisticated identity card. It had holograms, it had color changing materials, it was printed on PVC plastic that reacted specially to different solvents. It was protected by a database full of Social Security Numbers, digitized pictures and fingerprints.

So the DMV went out of its way to advertise the security of its new document. Several months later, perfect copies of new California driver's licenses started to appear, much to the suprise and chagrin of the DMV. How could this happen?

Turns out that the licenses were made by DMV employees who were bribed, in some instances thousands of dollars per fraudulent document.

The cause was this...the advertising campaign. By convincing people the new license was significantly more secure than the previous one, people would be more likely to assume that the new license was genuine, therefore they probably would be less likely to do other types of identity checks which they may have done with the seemingly less secure previous license. The effect was that criminals then had more justification to put time and resources into getting the harder to counterfit document, thereby beating all its silly anti-counterfitting mechanisms.

As they say, security is only as good as its weakest link. When people think of the weakest link associated with driver's licensing, they may think of how easy it may be to reproduce the document, or the original documents submitted to get the license in the first place (birth certificates, et cetera) or perhaps the amount of information collected on the person (SSN's, photographs, fingerprints, et cetera.) The fact is, California's problem was caused by neither of these, in fact, it occurred in spite of securing all of them.

Actually, I say the weakest link security wise with driver's licenses is the sheer number of participants. If the technology used for the California license was used to issue ID badges for a building in which only 500 people worked, and there was only one or two entrances to said building, then you would have a fairly reliable security structure. But the California license is held by some 25 million people, issued by hundreds of DMV offices with thousands of employees (all of whom have access to the ID making equipment), and it is verified not just at one or two places, verification can occur at millions of places all around the state, banks, airline ticket counters, liquor stores, et cetera. I don't care if California did collect DNA and encode the magnetic stripe with the individuals sequence; it is entirely absurd to believe that you can create anything that can be secure under such unwieldly circumstances.

The second weakest link is the association of convenience with photographic ID's. I'll let you in on a secret: security and convenience are mutually exclusive and there's an inverse tradeoff between them. In the long run, it is impossible to have something which is inherently more secure *and* convenient at the same time.

Here's an extreme example. I have to admit that instead of using a key to open my apartment, it probably would be more secure to have a device that reads my fingerprint to unlock the door. And I wouldn't have to have my keys on me, all I need is my thumb. I admit that that security may also be desired for my computer, both at home and at work. And it also would be neat to use it to access my bank accounts as well.

It is hard to fool a fingerprint reader...but the assumption that it isn't possible is folly. I bet it is possible if a lot of resources were put into it. Is it worth putting those resources to get into my apartment? Probably not...I barely like coming into my apartment as it is. How about my computer? Not really. My work computer...well some interesting things are there...but it still would be a lot of effort. And I don't need to go into details about my bank account. However, if you could access all of those things with just one fake fingerprint, then it may become worth the time and money invested.

I could just add the fingerprint reader in addition to the key on my apartment, the password of my work and home computers, the ATM card for my bank accounts...but that's more inconvenient than what I am doing now and is not worth my time. In the long run, I am sacrificing convenience for security, although it appears that security is somehow strengthened by using my fingerprint...for everything. Which would be my folly.

Consider the usefullness of the driver's license as any identifying document, and all the neat things it can do...other than being able to drive a car. No one is trying to counterfit licenses just to drive a car. They'll just drive. Perhaps they are doing it to have an ID stating an older age than they are, but they aren't going to spend thousands of dollars to do it. And please do not tell me that we are collecting Social Security Numbers, fingerprints and driver's images just so that we can make it that much harder for a 17 year old to get a good fake ID.

In my long winded way, I'm saying that people do in fact have a lot to fear--misguided attempts at protecting people and their identity are more likely to backfire than anything. Add to that the potential danger of governments misusing this information, then how can you not think this "is a truly worthy cause to fight for"?

05-20-2001, 11:23 PM	#34
jimbobjoe Kinda New Member Join Date: May 2001 Posts: 1	more on national id Hello all, I specialize in driver's license privacy issues, and I just wanted to add my two cents really quickly. First, one could easily defend that the national id infrastructure is already setup, and some states have adopted it, for more information, see http://www.aamva.org/aamvanet/standa...ndrd000630.pdf I wrote this article a few weeks ago, perhaps it is an interesting way of discussing things. It was in the context of responding to someone who had said there was no point to fighting for privacy issues related to ID's. ____________________ "Personally, I don't think this [centralized governmental databases of citizens' identifying information] is a truly worthy cause to fight for. The way you have worded everything on your website is propaganda and you make it sound like innocent people are going to be punished unfairly if they are identified. I think these kinds of modern identification are very dependable and useful in many areas, especially as criminals are becoming smarter. I believe it is a waste of time to try and get people riled up over an issue that is not of true danger to them, and that will probably benefit innocent citizens because guilty parties cannot fake their identities if their DNA is on file. People have nothing to fear...unless they are hiding something." "Anonymous" --------- May I take a few seconds to respond to Anonymous? Should it be "quote worthy" I encourage that it be posted to your list. Perhaps you're right, after all, there is no mathematical proof that government will automatically take information on its citizens and use it for unsavory purposes. While we do have historical evidence that it almost always happens, we shall assume that modern democratic governments are much more serious about civil rights than their predecessors. So lets discuss the meat of your response: controlling crime. You mention that criminals are getting smarter. I think that that is a defendable concept. But why should that be the case....? Is it the raising of the intelligence curve, or is the new opportunities available to them? Identity theft is a crime that requires a lot of intelligence and cunning. Consider the fact that it's a crime that is relatively new. Have you ever read articles about people's identities being stolen fifty years ago? How about 25 years ago? Neither have I. In fact, it seems that identity theft is a new, and mostly American, phenomenon. Let me give you an anecdote. Several months ago a person walked into an Ohio Savings Bank right here in Columbus. In their hand they had a fraudulent death certificate, a fraudulent will claiming that they were the executor the deceased's estate. Within minutes they cashed a life insurance policy and walked out with $60,000 in cash. I believe that the person has not been caught yet. Most financial institutions these days tend to be pretty vigilant about checking and double checking identity. I'm sure he was asked to show a photographic ID. And of course, they double checked the Social Security Number on the death certificate to make sure it corresponded with the SSN on the life insurance policy. And that's all they did. The name on the death certificate was wrong, the birthdate of the individual was wrong, the names of the parents of the individual were wrong, in fact, the only thing that was correct was the Social Security Number. You can't blame the bank teller...their attitude was if the SSN was correct, then it all must be good, since it's so hard for a criminal to get the SSN in the first place. Welcome to the world of cause and effect relationships--a world seemingly little understood by modern law enforcement. Perhaps another example will help you. In 1992 the California DMV introduced their new driver's license...at that time probably the world's most sophisticated identity card. It had holograms, it had color changing materials, it was printed on PVC plastic that reacted specially to different solvents. It was protected by a database full of Social Security Numbers, digitized pictures and fingerprints. So the DMV went out of its way to advertise the security of its new document. Several months later, perfect copies of new California driver's licenses started to appear, much to the suprise and chagrin of the DMV. How could this happen? Turns out that the licenses were made by DMV employees who were bribed, in some instances thousands of dollars per fraudulent document. The cause was this...the advertising campaign. By convincing people the new license was significantly more secure than the previous one, people would be more likely to assume that the new license was genuine, therefore they probably would be less likely to do other types of identity checks which they may have done with the seemingly less secure previous license. The effect was that criminals then had more justification to put time and resources into getting the harder to counterfit document, thereby beating all its silly anti-counterfitting mechanisms. As they say, security is only as good as its weakest link. When people think of the weakest link associated with driver's licensing, they may think of how easy it may be to reproduce the document, or the original documents submitted to get the license in the first place (birth certificates, et cetera) or perhaps the amount of information collected on the person (SSN's, photographs, fingerprints, et cetera.) The fact is, California's problem was caused by neither of these, in fact, it occurred in spite of securing all of them. Actually, I say the weakest link security wise with driver's licenses is the sheer number of participants. If the technology used for the California license was used to issue ID badges for a building in which only 500 people worked, and there was only one or two entrances to said building, then you would have a fairly reliable security structure. But the California license is held by some 25 million people, issued by hundreds of DMV offices with thousands of employees (all of whom have access to the ID making equipment), and it is verified not just at one or two places, verification can occur at millions of places all around the state, banks, airline ticket counters, liquor stores, et cetera. I don't care if California did collect DNA and encode the magnetic stripe with the individuals sequence; it is entirely absurd to believe that you can create anything that can be secure under such unwieldly circumstances. The second weakest link is the association of convenience with photographic ID's. I'll let you in on a secret: security and convenience are mutually exclusive and there's an inverse tradeoff between them. In the long run, it is impossible to have something which is inherently more secure and convenient at the same time. Here's an extreme example. I have to admit that instead of using a key to open my apartment, it probably would be more secure to have a device that reads my fingerprint to unlock the door. And I wouldn't have to have my keys on me, all I need is my thumb. I admit that that security may also be desired for my computer, both at home and at work. And it also would be neat to use it to access my bank accounts as well. It is hard to fool a fingerprint reader...but the assumption that it isn't possible is folly. I bet it is possible if a lot of resources were put into it. Is it worth putting those resources to get into my apartment? Probably not...I barely like coming into my apartment as it is. How about my computer? Not really. My work computer...well some interesting things are there...but it still would be a lot of effort. And I don't need to go into details about my bank account. However, if you could access all of those things with just one fake fingerprint, then it may become worth the time and money invested. I could just add the fingerprint reader in addition to the key on my apartment, the password of my work and home computers, the ATM card for my bank accounts...but that's more inconvenient than what I am doing now and is not worth my time. In the long run, I am sacrificing convenience for security, although it appears that security is somehow strengthened by using my fingerprint...for everything. Which would be my folly. Consider the usefullness of the driver's license as any identifying document, and all the neat things it can do...other than being able to drive a car. No one is trying to counterfit licenses just to drive a car. They'll just drive. Perhaps they are doing it to have an ID stating an older age than they are, but they aren't going to spend thousands of dollars to do it. And please do not tell me that we are collecting Social Security Numbers, fingerprints and driver's images just so that we can make it that much harder for a 17 year old to get a good fake ID. In my long winded way, I'm saying that people do in fact have a lot to fear--misguided attempts at protecting people and their identity are more likely to backfire than anything. Add to that the potential danger of governments misusing this information, then how can you not think this "is a truly worthy cause to fight for"?

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode	Rate This Thread:

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)