Would a National Biometric Authentication Scheme Work? 178
Ian Lamont writes "The chair of Yale's CS department and Connecticut's former consumer protection commissioner are calling for the creation of a robust biometric authentication system on a national scale. They say the system would safeguard privacy and people's personal data far more effectively than paper-based IDs. They also reference the troubled Real ID program, saying that the debate has centered around forms of ID rather than the central issue of authentication. The authors further suggest that the debate has led to confusion between anonymity and privacy: 'Outside our homes, we have always lived in a public space where our open acts are no longer private. Anonymity has not changed that, but has provided an illusion of privacy and security. ... In public space, we engage in open acts where we have no expectation of privacy, as well as private acts that cannot take place within our homes and therefore require authenticating identity to carve a sphere of privacy.' The authors do not provide any suggestions for specific biometric technologies, nor do they discuss the role of the government in such a system. What do you think of a national or international biometrics-based authentication scheme? Is it feasible? How would it work? What safeguards need to be put in place?"
It would work to... (Score:1, Interesting)
Open acts not private? (Score:4, Interesting)
This could destroy that.
Are Fingerprints Unique (Score:3, Interesting)
The idea that every fingerprint is unique is a untestable hypothesis, since you'd have to fingerprint everyone ever born, right? We assume it's correct because we've never found examples of fingerprints that were identical.
So my question is this: if we were to fingerprint everyone in the US (all 300+ million of us)... does anyone think we might find that matching set? No one has ever done a fingerprint database of that size, right? With a quick search, I couldn't find out how many prints were in AFIS.
On the topic more directly, I'd say this would be nearly impossible. Ignoring the privacy concerns that people would use to try to stop thing going into effect... does anyone think we would be able to convince most/all of the 20 million or so illegal aliens in the US to do this? I would think you would run into the same problems in just about any other country, except somewhere like China.
That's what my Tbird was for. (Score:3, Interesting)
Wrong question, but here's the answer: No. (Score:3, Interesting)
The question isn't unique IDs, it's tyranny. We hack tyranny first.
Re:And how well would that work? (Score:5, Interesting)
That turned out well, didn't it?
commonly confused (Score:5, Interesting)
Authentication is when you identify(as in Identity) yourself, when you want to(say, to enter your home), or to get that 5% rebate at that place you like to eat at.
Anonymity is when someone else wants you to identify yourself, and you refuse.
Imputability is when someone's done something and 1) you want to Identify them properly, and 2) do something about some of the people you identify(presumably because something they did was wrong)
Anonymity is something private citizens like, in part because they don't much like imputability. That is when they do something, and it's not tied to their Identity.
Forcing someone to authenticate themselves is something the police, for one, likes, because
1) It prevents them from being blamed for mis-identifying someone
2) If they catch you doing something, and impute it once you authenticated yourself, they're fairly sure they impute it in such a way, it will follow you for a long long time(if they can impute your "identity" more on that later.
However, it has its drawbacks
1) If you authenticate yourself with falsified credentials, you get someone else blamed for your acts
2) It doesn't deal with the fact that you may be unable(damaged or lost credentials)/unwilling to identify yourself/automated systems may mis-indentify you
It doesn't solve the question of "Identity" itself either. Like when the no-fly list(falling under imputability) lists names(which can be the same for two people), leading to the same result as a falsified authentication.
Just a quick summary:
Identity: Who you are
Authentication: Proving who you are
Anonymity: Not having to say who you are
Imputability: Blaming who you are
The four are interlinked, but often confused, as in the article.
People interested in laws like RealID need to pay a lot more attention to distinctions between all four. Until the authentication part can be more more foolproof, the imputability is scary(you can be blamed for stuff you haven't done), the anonymity, well it's scary to those who'd rather deal with people they can identify(and therefore impute, think contracts to keep it in the white hat sphere). And the Identity, well that's the real problem. If you have a single, centralized database, any single mistaken Identity becomes life-altering, if not actually life-threatening(correcting someone's id with falsified credentials in order to make their lives a living hell? Yes, it can do that).
Does that bother you a little? I know it does me.
Re:What's the real subject here? (Score:3, Interesting)
The question of when anonymity is going to have very different answers depending on who you ask. Most law abiding citizens would object to being ID'ed dozens of times a day as they go about their business, but for a "track the terrorist" system this is what would have to happen, and is what DHS would want. Right now it's too blatantly oppressive and logistically difficult to ID everyone who walks into the subway or drives through a toll booth, but with biometrics + cctv this becomes entirely possible. It has all the totalitarian control of "your papers, please" in an unobtrusive, easy to ignore package. There are plenty of times in daily life when it is appropriate to need to provide a secure ID, but they are always when the person being IDed is a willing active participant in the process. If simply being able to see a person is enough for them to be confirmed (and location updated) against a national database, then we all lose that bit of participation and choice. And is not the ability to be an active willing participant in the function of our government the very heart of our Democracy?
Re:It would work to... (Score:3, Interesting)
Last I checked (1999 or there abouts), there were 535 members of congress, of which 29 had been accused of spousal abuse, 7 had been arrested of fraud, 19 had been accused of writing bad checks, 117 had bankrupted at least two businesses, 3 had been arrested for assault, 71 couldn't get a credit card due to bad credit, 14 had been arrested on drug-related charges, 8 had been arrested for shoplifting, 21 were defendants in then-ongoing lawsuits. In 1998 alone, 84 were stopped for drunk driving.
Sure looks to me as if we're quite happy to give people another chance.
Re:Theft of biometric tokens (Score:3, Interesting)
The more efficient ones imply insert THEIR data against your name in the database index:
Its easy when you know how, and the go'mint computer can do zillions of transactions a second.