Did People Think No One Would Recognize REAL ID If Introduced Under Another Name?

from the pass-id,-indeed dept

Last year, it became clear that REAL ID was dead on arrival as pretty much everyone was against it, and states were refusing to implement it. With the changing of the administration, it seemed like REAL ID was finally going to die completely… but apparently not just yet. EFF alerts folks to the fact that the same concept has basically been reintroduced under the name PASS ID, as if that would trick people:

The plan sounds equally as bad and unnecessary:

Proponents seem to be blind to the systemic impotence of such an identification card scheme. Individuals originally motivated to obtain and use fake IDs will instead use fake identity documents to procure “real” drivers’ licenses. PASS ID creates new risks — it calls for the scanning and storage of copies of applicants’ identity documents (birth certificates, visas, etc.). These documents will be stored in databases that will become leaky honeypots of sensitive personal data, prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database. Despite some alterations to the scheme, PASS ID is still bad for privacy in many of the same ways the REAL ID was.

But why let that stop the gov’t from coming up with more ways to keep tabs on you?

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Did People Think No One Would Recognize REAL ID If Introduced Under Another Name?”

Subscribe: RSS Leave a comment
Chuck C says:

On the National Security Defense...

EFF explains in the article:
PASS ID operates on the same flawed premise of REAL ID — that requiring various “identity documents” (and storing that information in databases for later access) will magically make state drivers’ licenses more legitimate, which will in turn improve national security.

The “improve national security” defense is odd, misplaced, and won’t work. Recently, my mom somehow got a fascination of, and started researching 9-11 as if it was a conspiracy. She brought it up and we had a 3 hour phone conversation about it last week. What’s interesting is that she’s not a putz, in fact, she has a Doctorate.

I think the boomers are waking up to a lot more than people let on, and using the guise of “National Security” just won’t cut the mustard. So here’s my advice to fellow Senate friends: Be more creative. Maybe say it will protect us from bears, goblins, oilmen and robber-barons as these seem to be bigger threats these days.

Anonymous Coward says:

Steve Gibson and Bruce Schneier talk about security. Steve hardly talks about things like airport security and terrorism and how that relates to security but anyone interested in the technical dynamics and ramifications of these subjects in detail should really consider listeining to Bruce Schneier. He has a lot of good insights on his podcasts.


As far as preventing identity theft and fake ID’s, Steve does discuss a good method that would work but would be scary to implement. Basically give the government a public/private key pair and when you go in to get your ID and pictures taken and such they look up your record and on some small chip on your ID or something that they can scan, even a USB drive or whatever, they have a high quality picture of you with all required information (ie: full name, drivers license number, etc..) that’s digitally signed by the government. Then, in order for someone to pretend to be you they would either have to have access to the government computers (or hack them) that have the private key (or access to it) or they would have to do a cryptographic attack (highly unlikely). Unless someone leaked the key out to the public of course, but if that happens everyone will know it and the key will expire.

Anonymous Coward says:

Re: Re:

Awfully presumptuous to say a cryptographic attack would be highly unlikely. There are plenty of algorithms that seemed solid at the time they were released and later found to be flawed or more trivial to hack than originally thought. Then there’s the fact that every government device that would need to read the ID would need access to the government’s private key to decrypt the contents of the ID in some form – so there’s the potential to break the private key out of a device.

Anonymous Coward says:

Re: Re: Re:

No, not you had a central government location that had the private key and data flowed via telecommunications to that central location for things to get signed and then the signature flowed back.

As far as the cracking thing is concerned, you are right, some ciphers have been cracked, but they often get cracked gradually whereby we start finding algorithms that yield higher and higher statistical probabilities of cracking the key. The government should replace the keys and ciphers long before the cipher is actually cracked.

For example DES was “cracked” (well, some financial institutions still even use that because it’s still often difficult enough to decrypt) but part of that is because the government didn’t really give the public much time to test it before adopting. Most of that is also because computers have gotten quicker. But as the key gets larger the quickness needed exponentially increases and computers bandwidth is advancing at a limited rate and most cryptographers take that rate vs bandwidth needed to crack a cipher in a reasonable period of time into consideration. WEP was cracked but only because it wasn’t really designed to be a mainstream standard, it was designed by a bunch of people who just wanted some temporary way of encrypting data. It was later adopted as a mainstream standard and the cipher it uses still hasn’t really been cracked (I believe it uses RC4), just the poor WEP implementation. Heck, Diffie-Hellman key exchange still hasn’t been cracked.

But regardless encryption is a cat and mouse game. Keys expire and are replaced by new keys and ciphers get updated and replaced. The point is that it’s highly unlikely that a key will suddenly get cracked by some random person because cracking this stuff is a gradual process whereby when we do start to get even remotely close to cracking it we replace the cipher long before it gets cracked. Heck, many of the ciphers that are considered “cracked” and that have been replaced by better ciphers are still pretty secure even today.

Anonymous Coward says:

Re: Re: Re: Re:

Besides, if these ciphers are so insecure why would most banks use them and most secure websites (ie: https). I have yet to hear of well established ciphers being cracked to extract anyone’s personal information (ie: not DES or ciphers that are known to be flawed but ciphers like AES, ciphers generally accepted as secure by cryptologists. And cryptologists tend to be very very conservative in terms of what they will consider secure, often going far far beyond things that are not even remotely practical for anyone to crack).

bill says:


Blastoff Network is coming! It will launch to the world on October 26, 2009, and will change the way we use the internet forever!

Sign up is “FREE”…

Launch your Blastoff Network and get paid! When you invite your friends to join the Blastoff Network, you will get paid every time they make a purchase within the Blastoff Network. Just think about getting paid every time your friends buy a song on iTunes, books at Barnes & Noble or a new TV at Target. And as your friends begin to invite their friends, you will see your network and your income begin to virally grow. So spread the word and get ready to Blastoff!

Don’t miss this opportunity to Blastoff and make money with the rest of us on October 26, 2009!

Be ready to Blastoff!


Mandy Angelica says:

I think the boomers are waking up to lots extra than human beings let on, and the use of the guise of "National Security" just may not reduce the mustard. So right here’s my recommendation to fellow Senate buddies: Be more creative. Maybe say it’ll protect us from bears, goblins, oilmen and robber-barons as those seem to be bigger threats nowadays.
professional dissertation help UK

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...