A very good observation from Latanya Sweeney in an interview with Scientific American.
Think about it: we leave fingerprints all over the place, just like our SSNs are all over the place. As we use fingerprints to regulate access to more value, the value of collecting fingerprints and faking them will rise.
It won’t be tomorrow or next week, but watch for fingerprint-based identity fraud – if we rely on that biometric too much. DNA has the same quality. Other biometrics, like vein recognition, are neither easy to collect nor to reproduce (though, yes, both of these facts are technology-contingent).
In my book, Identity Crisis, I talked about the qualities of identifiers: fixity, permanence, and distinctiveness. Biometrics like fingerprints and DNA are high on the scale of fixity and permanence, but may drop in reliable distinctiveness with advanced forgery techniques.
The better designed systems will use biometric identifiers that are not only hard to forge, but that are somewhat hard to collect. Biometrics that can only be made available through some volition on the part of the individual will be the most secure.
Over at Reason Julian chastises the Democrats for their spinelessness in passing the FISA “modernization” this weekend:
The hasty passage of the massive USA PATRIOT Act, a scant 45 days after [the 9/11] attacks, was ill-considered but understandable. Six years later, however, the administration has grown comfortable with the prerogatives panic affords. And, perversely, it has learned that it can continue to wield those prerogatives even under a Democratic majority, provided it insists on regarding Congress always and only as a last resort.
Consider the provenance of this “emergency” legislation. President Bush first authorized the National Security Agency to carry out a range of surveillance activities without court order, the full scope of which is still unknown, but which at the least included monitoring communications between persons in the United States and targets abroad. (Wholly international communications had always been exempt from the privacy restrictions imposed by U.S. law.) When this was revealed by
The New York Times late in 2005, the administration insisted that national security required that intelligence agents be allowed to bypass even the super-secret—and highly compliant—FISA courts. Then, following the 2006 midterm elections, which gave Democrats a congressional majority, the Department of Justice abruptly announced that it had found a way to work within FISA after all. Finally, according to The LA Times, a spring ruling by a FISA court judge found that even this restricted version of the six-year-old program ran afoul of the law.
Suddenly it became urgent that Congress “modernize” what was invariably described as “the 1978 FISA statute,” conjuring images of forlorn agents in white polyester leisure suits vainly hunting for al-Qaeda terrorists hidden under Pet Rocks. Yet FISA had already been updated dozens of times since its initial passage, including six major amendments since the September 11 attacks, giving the administration myriad opportunities to request all the “modernization” it required, subject to thorough public debate. But even this manufactured urgency, it seems, was not enough. On the eve of the legislature’s August recess, House Democrats had worked out a compromise bill with Director of National Intelligence Michael McConnell, which preserved a modicum of judicial oversight over the expanded surveillance powers it granted. But the White House pronounced this unsatisfactory, threatening a veto and demanding still broader powers. If Democrats did not yield completely before Congress adjourned, Bush said, they would “put our national security at risk.”
More where that came from. I’ve also got a summary of the bill over at Ars.
The spying bill passed by Congress this weekend, says that:
With respect to an authorization of an acquisition under section 105B, the Director of National Intelligence and Attorney General may direct a person to immediately provide the Government with all information, facilities, and assistance necessary to accomplish the acquisition in such a manner as will protect the secrecy of the acquisition and produce a minimum of interference with the services that such person is providing to the target.
105B requires only that “reasonable procedures [be] in place for determining that the acquisition of foreign intelligence information under this section concerns persons reasonably believed to be located outside the United States.” Court oversight is limited to verifying, after the fact, that these “procedures” are in fact “reasonable.” Notice that it’s easy to imagine that some domestic-to-domestic calls or emails could “concern” a person located outside of the United States.
We’re inching ever closer to giving the executive branch the power to issue Writs of Assistance.
More on the FISA legislation from the Wall Street Journal:
The bill would update the Foreign Intelligence Surveillance Act, known as FISA. It would allow the government to intercept, without warrants, communications between a U.S. resident and a foreign party suspected of involvement in “foreign intelligence” matters. It would drop existing language requiring that the foreigner be suspected more specifically of connections to terrorist groups.
The bill also would clarify that the government can intercept foreigner-to-foreigner communications that pass through U.S. lines or switches. The government long has had the power to intercept purely foreign communications.
If a U.S. resident is the chief target of surveillance of his or her communications with a foreigner, the government would have to obtain a warrant from the special FISA court.
Congressional Democrats won a few concessions before the Senate passed the bill late Friday. New wiretaps would have to be approved by the director of national intelligence and the attorney general, not only the attorney general.
So let me get this straight: the White House says “we think we should be able to eavesdrop on virtually any domestic-to-foreign phone call without court oversight, based on the say-so of one of the president’s subordinates.” And the Democrats response was “Hell no! Warrantless spying should require the say-so of
two of the president’s subordinates!”
It’s a good thing we don’t have a rubber-stamp Republican Congress any more.
Apparently, in the last 48 hours, the Bush administration has launched a full-court press to re-write the Foreign Intelligence Surveillance Act to further expand the administration’s powers to engage in domestic surveillance with minimal judicial scrutiny. EFF says that the Democrats’ alternative to the Bush administration’s bill is a “sham compromise that poses a grave danger to Americans’ privacy.” Even if they’re wrong about that, Congress certainly shouldn’t pass legislation this important with this little time for public scrutiny and debate. Apparently, the Senate passed the legislation yesterday, and the House has been debating it today.
I have to say I find this just baffling:
With time running out before a scheduled monthlong break and the Senate already in recess, House Democrats confronted the choice of accepting the administration’s bill or letting it die. If it died, that would leave Democratic lawmakers, who have long been anxious about appearing weak on national security issues, facing an August fending off charges from Mr. Bush and Republicans that they left Americans exposed to terror threats.
There was no indication that lawmakers were responding to new intelligence warnings. Rather, Democrats were responding to administration pleas that a recent secret court ruling had created a legal obstacle in monitoring foreign communications relayed over the Internet. They also appeared worried about the political repercussions of being perceived as interfering with intelligence gathering. But the disputes were significant enough that they were likely to resurface before the end of the year.
The Bush administration’s approval ratings are in the low 30s, Alberto Gonzales is widely recognized as an embarrassment, and Congress won’t be up for re-election for more than a year. So what, exactly, is the Democratic leadership afraid of? The people who are likely to be taken in by the administration’s smears on this issue are going to almost all be either partisan Republicans or so clueless that they will have long since forgotten about this argument by the time they go to the polls next year.
The REAL ID Act is, of course, still the law of the land. But with 17 states objecting to, or refusing to carry out, this federal surveillance mandate, its prospects for implementation look bleak indeed. Now, for a second time, the U.S. Senate has declined to prop up the failing policy of herding law-abiding Americans into a national ID system.
Yesterday, the Senate considered an amendment that would have added $300 million to the Department of Homeland Security appropriations bill for fiscal year 2008. The money would have gone to grants to states for REAL ID implementation. Though it’s a paltry amount compared to the huge cost of implementing, the idea was to lure state governments back into REAL ID using taxpayer dollars collected by the feds.
The Senate voted to table the amendment, effectively killing it. Senator Alexander (R-TN), who offered the amendment, has taken the approach that REAL ID should be funded or scrapped. If he’s a straight-shooter, he should now turn to the business of scrapping this wrongheaded law. REAL ID is dead, but it needs a stake in the heart to stop it from walking around searching for personal information to consume.
A few interesting tidbits can be found in the vote tally. Senator Susan Collins (R-ME) voted against tabling the amendment, indicating once again that she supports REAL ID even though her state was the first in the nation to reject it, with both parties opposed to REAL ID.
REAL ID will continue to twitch, but we’re in the early part of the endgame for this national ID law.
With the National Governors Association meeting in Traverse City, Michigan, this weekend, the Detroit Free Press has seen fit to lay out some sensible thinking on the REAL ID Act:
[The governors] ought to do themselves and their states a service by serving a definitive notice on Washington that the Real ID Act is not just unworkable but unacceptable and ought to be repealed before it takes effect next year. . . .
Several states already have flatly said no to implementing Real ID. The NGA should, too.
Good stuff. The FreeP gets it.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.