Articles by Jim Harper 
Jim is the Director of Information Policy Studies at The Cato Institute, the Editor of Web-based privacy think-tank Privacilla.org, and the Webmaster of WashingtonWatch.com. Prior to becoming a policy analyst, Jim served as counsel to committees in both the House and Senate.
Former IRS Commissioners Doris Meissner and James Zigler editorialize in today’s New York Times about their support for “secure, biometric Social Security cards” as an essential part of immigration law reform.
The give-away line?: “To insist on secure documents with biometric identifiers is not a call for a national ID.” They provide no logical support for this naked assertion. Because it’s false.
Strengthened “internal enforcement” of immigration law means federal surveillance and tracking of all workers. All of them. Including you.
I’ll be speaking tomorrow at the Security and Liberty Forum hosted by the Privacy and Technology Committee of the American Civil Liberties Union of North Carolina and the Department of Computer Science, UNC-Chapel Hill.
That’s Saturday, April 14, 2007 from 1-5 p.m., Chapman Hall on the UNC Campus.
If only . . .
I welcome the critical email I recently received about my April Fool’s Day post. The discussion has some interesting provocations, but more importantly it illustrates some security/privacy thinking that more people need to get their heads around.
Here’s my critic:
As a Systems Analyst, I applaud your efforts influencing public policy on such important issues as information privacy and security. However, I strongly disagree with your tactics, and methodology. Propigating fear through disseminating false information is a terrorist style tactic and in the long run I think it does more harm then good.
Continue reading →
It’s sure to be the best thing since ALF 3! American.com‘s “2.0” happy hour!
Host: David Robinson
Location: Panache Restaurant
1725 Desales St. NW, Washington, DC View Map
When: Thursday, April 5, 6:00pm
Phone: 202 657 9892
Please join us to celebrate the launch of the new, improved American.com. Those in attendance will include David Robinson, managing editor; Marianne Wasson, associate editor; Ben Newell, editorial assistant; members of the web design team; and most importantly, a bunch of our contributors.
Panache has agreed to extend its happy hour until 8 PM — featuring $5 martinis and house wines. Come raise a glass…
About the site:
American.com is the web site of The American—AEI’s magazine of business and economics. We have a new look and a great mix of stories, from an expert take on the Blackstone IPO to reflections on Islamic banking to a review of a new book on the economics of wikis. We offer original content—and links to the best business coverage from around the web—every day.
Leave it to the blogosphere (in the person of one David McElroy) to instantaneously debunk my ham-handed April Fool’s Day post claiming a security breach in the the NAPHSIS EVVE system. Congratulations, David. (Who says it’s such a good thing to have smart readers?!)
The National Association for Public Health Statistics and Information Systems has developed and implemented the Electronic Verification of Vital Events system to allow immediate confirmation of the information on a birth certificate presented by an applicant to a government office anywhere in the nation irrespective of the place or date of issuance.
That sounds neat, but it is being incorporated into the REAL ID national ID system apparently without regard to the security issues involved. If we are going to use driver’s licenses for security purposes, each link in the chain of issuance is then a potential vulnerability.
What if the NAPHSIS EVVE system and others like it were comprimised and made to confirm the issuance of birth certificates that didn’t actually exist? We could have untold numbers of licenses issued based on fraud. The system we have now, which provides a modicum of security, could collapse as fraudulently acquired driver’s licenses proliferate.
Two weeks ago, at the meeting of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, I asked Stewart Baker, Assistant Secretary for Policy at DHS, what counter-measures might be employed by attackers on the REAL ID national ID system. He said, “We have done some thinking about that . . .” I’m not sure our confidence should be inspired by that.
Every weakness in the system should be explored carefully. I summarized some of them in Appendix A of my testimony at the Homeland Security and Governmental Affairs Committee last week.
Early this morning, I came across an AP story about a breach of the NAPHSIS EVVE system. At this point, it looks like it has been taken down and I can’t find it anywhere on the Web – I could imagine national security folks wanting to contain the PR damage. I’ll reproduce it below from my cache. If anyone can find it on the Web – especially an update – please let me know in the comments.
I think the implication of this are huge. Beyond billions in welfare fraud going to whatever criminal organization might have placed this software, we have a security hole a mile wide in the passport issuance system, social security cards, and drivers’ licenses. Good thing this has been caught now. Imagine if REAL ID were in place and we were relying on this system for ID security.
Continue reading →
Links to this Drug Enforcement Administration page are traversing the blogosphere, along with instructions not to submit phony tips.
Submitting phony tips would be improper and unwise, especially if you are doing so from an IP address than can be linked back to you. You wouldn’t want to interfere with the federal government’s ever-growing usurpation of state power and its ever-more-thorough meddling in people’s business.
I testified in Congress yesterday, at a hearing on the REAL ID Act in the Senate Homeland Security and Governmental Affairs Committee’s Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia. My testimony is here.
An issue that I sought to highlight comes from studying the REAL ID regulations carefully: The standard that the Department of Homeland Security selected for the 2D bar code that would go on REAL ID compliant cards includes race/ethnicity as one of the data elements.
DHS does not specifically require inclusion of this information, but states are likely to adopt the entire standard. Thus, starting in May 2008, many Americans may be carrying nationally uniform cards that include race or ethnicity in machine-readable formats – available for scanning and collection by anyone with a bar code reader. Government agencies and corporations may affiliate racial and ethnic data more closely than ever with information about our travels through the economy and society.
This was not intended by the authors of the REAL ID Act, nor was it intended by the regulation writers at the Department of Homeland Security. The Belgian colonial government in 1930s Rwanda had no intention to facilitate the 1994 genocide in that country either, but its inclusion of group identity in ID cards had that result all the same.
The woman in the image below, believed to be a genocide victim, is categorized as a Tutsi just below her photograph. Her name is not seen, as it appears on the first page of this folio-style ID document. The names of her four children, though, are written in on the page opposite the photo.
The lessons of history are available to us. The chance of something like this happening in the United States is blessedly small, but it is worth taking every possible step to avoid this risk, given an always-uncertain future. In a society that strives for a color-blind ideal, the federal government should have no part in creating a system that could be used to track people based on race.
Cross-posted from Cato@Liberty
Michael Arrington has a write-up at TechCrunch about the unamed News Corp./NBC Universal joint venture set to launch later this year as a competitor to YouTube.
Arrington’s key points come from an announcement call he listened in on:
The two key messages Chernin and Zucker were selling were (1) a focus on respecting copyright, and (2) the fact that they were creating what they called “the largest advertising platform on earth.” That may be good messaging to stockholders, but it isn’t what the public cares about.
Working name, given by Google: “Clown Co.” Let’s see if they can escape it when they actually come up with a brand and a product.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.