The Orange County Register has an editorial on the REAL ID Act this morning that captures the issues magnificently. Among other gems:
The big trouble is that there’s no evidence that this Draconian act, even if fully implemented, would be more than a minor inconvenience for a determined terrorist. But having all that information – including copies of birth certificates and Social Security cards – available in one database would make an irresistible target for identity thieves. And it would be a major inconvenience for millions of innocent Americans and a major expense for state governments – meaning taxpayers.
The
Register‘s conclusion? Congress should “bite the bullet and repeal this useless, intrusive, money-wasting law.”
The Privacy Symposium has up a video of a speech I gave there last year. It’s a pretty good run-down of my thinking on identity systems, and it’s a wonderful exhibition of my willingness to tell bad jokes and just let them hang out there (shudder).
If you’re not already sick of what I have to say, you might enjoy watching it.
Awesome:
A number of readers let us know about the Chaos Computer Club’s latest caper: they published the fingerprint of German Secretary of the Interior Wolfgang Schäuble (link is to a Google translation of the German original). The club has been active in opposition to Germany’s increasing push to use biometrics in, for example, e-passports. Someone friendly to the club’s aims captured Schäuble’s fingerprint from a glass he drank from at a panel discussion. The club published 4,000 copies of their magazine Die Datenschleuder including a plastic foil reproducing the minister’s fingerprint — ready to glue to someone else’s finger to provide a false biometric reading. The CCC has a page on their site detailing how to make such a fake fingerprint. The article says a ministry spokesman alluded to possible legal action against the club.
Any TLF readers going to have the opportunity to go drinking with Sec. Chertoff?
DHS Assistant Secretary for Policy Stewart Baker has ramped up his blogging about REAL ID on the DHS Leadership blog. Accordingly, I’ve ramped up mine on Cato@Liberty. Here are pointers to the latest, in which I:
I’ve finally had a chance to flip through the FISA amendments the House passed a couple of weeks ago. The most striking thing about the bill is how long it is. At 120 pages, it’s twice as long as the RESTORE Act the House passed last fall. And frankly, I’m not sure it’s an improvement, although I don’t have the time or patience right now to read the whole thing in detail. What the Dems appear to have done (and I only skimmed it, so I’m probably missing some of the nuances) is to give some ground on the idea that the Bush administration “authorizations” can be used in place of traditional warrants for foreign-to-domestic communications, but then trying to avoid funny business by imposing an extremely robust system of judicial review of these “authorizations.” That’s certainly better than the Senate bill, which required courts to rubber-stamp the “authorizations.” Certainly, if we’re going to loosen the requirement that eavesdropping on individual Americans doesn’t require a warrant, we should do our best to protect our privacy in other ways. But the result is a bill that’s far more complex than it would have been if Congress had left the existing FISA framework in place and focused on clarifying those edge cases that technological changes have rendered obsolete.
Ultimately, however, none of this may matter very much. The administration has long since made it clear that they’re not interested in good-faith negotiations on this subject, and that they’d veto any legislation that preserves the principle of judicial review. Nor has the Senate shown any particular concern with preserving civil liberties. So in practice, the only FISA legislation that’s likely to pass while George W. Bush is in office would have been bad FISA legislation.
So what might matter the most about the latest House surveillance bill is that the House had the backbone to—again—pass legislation they knew the White House would veto. It’s now looking increasingly likely that neither side will budge, and that Congress won’t produce FISA legislation at all this year. That’s probably the best outcome we realistically could have hoped for. There’s a good chance that our new president will be more respectful of civil liberties than our current one. And hopefully at that point Congress and the new president will be able to craft surveillance legislation that makes the minor changes to the FISA regime that are necessary without gutting Americans’ privacy in the process.
Listening to this latest panel at the 2008 Tech Policy Summit has given me a great idea. This panel is focusing on the topic of privacy and features:
Kara Swisher, Co-Executive Editor, AllThingsD.com (Session Host)
Leslie Harris, President and CEO, Center for Democracy & Technology
Joanne McNabb, Chief, California Office of Privacy Protection
Jules Polonetsky, Chief Privacy Officer, AOL
Anyway, on to my idea. The panel concluded that privacy policies are complicated and incomprehensible, but at the same time they didn’t seem to believe that they could be simple. This makes sense to me. Privacy policies deal with myriad legal issues, they concern lots of information, and that information is constantly changing. So, it seems that we’re never going to boil down these agreements to two or three paragraphs, let alone a crisp, short privacy slogan.
But clearly the economy contains many complicated transactions and complicated products targeted at consumers. People buy cars and computers and both products are improving all the time–suggesting that consumers are selecting the good products leaving the poor products to fade away.
That said, how is it that people pick these things? I know that many people come to me when they buy a computer and I advise them since I know a thing or two about silicon filled boxes. My dad’s a gear-head and advises people about cars. But outside of those informal networks there are other resources for buyers. CNET rates a ton of tech products.
Car & Driver rates cars. Consumer Reports rates everything.
Continue reading →
Julian has a great piece in the American Spectator reminding conservatives that they used to care about civil liberties:
After the humiliations of Watergate, however, conservative legal thinkers began to insist that Congress and the courts had overstepped their bounds. During the Reagan administration, the Heritage Foundation began urging repeal of the Foreign Intelligence Surveillance Act, which had been passed in 1978 as a result of the Church Committee’s findings.
The campaign stalled due in large part not to the hand wringing of civil libertarians but to the opposition of the intelligence community. “We hear people say we can’t get the surveillance we need or can’t meet the court’s standard,” said Edward O’Malley, who headed the FBI’s intelligence division under President Reagan. “That’s just not true. We have no problem getting the surveillance we need, and the court also has protected the rights of Americans, which is necessary. … We support this 100 percent.”
There were then, as there are now, exceptions on the right. The FISA law — now damned by conservatives as an impossibly burdensome, possibly even unconstitutional obstacle to legitimate executive surveillance — was opposed by the New York Times’s designated conservative columnist William Safire, who feared that it would “turn every telephone instrument in every home into a suspected household spy.”
Acknowledging conservatives “natural inclination to help the law,” Safire nevertheless urged that it be trumped by “a responsibility to protect the law-abiding individual from the power of government to intrude.” By then, however, he was probably in the minority among right wingers.
L-1 Identity Solutions is acquiring the ID Systems business of REAL ID supporter Digimarc.
Presumably, this will get Digimarc out of the national ID business – and the national ID advocacy business. We’ll see what L-1 does.
It is possible to make money with biometrics outside of a national ID infrastructure, of course. Indeed, it’s penny-wise and pound-foolish for folks in this industry to pursue the small, government-centered market REAL ID would create when there could be a big, diverse identity and credentialing marketplace.
As I noted in previous installments of this series, our government seems to have an increasingly hard time keeping tabs on sensitive data. Unfortunately, there’s been another incident on this front. The Washington Post reported this morning that:
“A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years’ worth of clinical trial data, including names, medical diagnoses and details of the patients’ heart scans. The information was not encrypted, in violation of the government’s data-security policy. NIH officials made no public comment about the theft and did not send letters notifying the affected patients of the breach until last Thursday — almost a month later. They said they hesitated because of concerns that they would provoke undue alarm.”
Undue alarm? Geez, I can’t imagine why! My friend Leslie Harris of CDT notes in story that, “The shocking part here is we now have personally identifiable information — name and age — linked to clinical data. If somebody does not want to share the fact that they’re in a clinical trial or the fact they’ve got a heart disease, this is very, very serious. The risk of identity theft and of revealing highly personal information about your health are closely linked here.”
But hey, we wouldn’t want to provoke “undue alarm” by telling those folks about the data breach! Pathetic. As I’ve pointed out before, if this happened in the private sector, trial lawyers would be salivating and lawsuits would be flying. By contrast, when the government loses personal information—information that his usually more sensitive than that which private actors collect—about the most that ever comes out of it is another GAO report calling for “more accountability.”
I can’t wait to see how well all our health care records are “secured” once we have socialized medicine in this country.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.