Did People Think No One Would Recognize REAL ID If Introduced Under Another Name?
from the pass-id,-indeed dept
Last year, it became clear that REAL ID was dead on arrival as pretty much everyone was against it, and states were refusing to implement it. With the changing of the administration, it seemed like REAL ID was finally going to die completely… but apparently not just yet. EFF alerts folks to the fact that the same concept has basically been reintroduced under the name PASS ID, as if that would trick people:
Proponents seem to be blind to the systemic impotence of such an identification card scheme. Individuals originally motivated to obtain and use fake IDs will instead use fake identity documents to procure “real” drivers’ licenses. PASS ID creates new risks — it calls for the scanning and storage of copies of applicants’ identity documents (birth certificates, visas, etc.). These documents will be stored in databases that will become leaky honeypots of sensitive personal data, prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database. Despite some alterations to the scheme, PASS ID is still bad for privacy in many of the same ways the REAL ID was.
But why let that stop the gov’t from coming up with more ways to keep tabs on you?
Comments on “Did People Think No One Would Recognize REAL ID If Introduced Under Another Name?”
On the National Security Defense...
EFF explains in the article:
PASS ID operates on the same flawed premise of REAL ID — that requiring various “identity documents” (and storing that information in databases for later access) will magically make state drivers’ licenses more legitimate, which will in turn improve national security.
The “improve national security” defense is odd, misplaced, and won’t work. Recently, my mom somehow got a fascination of, and started researching 9-11 as if it was a conspiracy. She brought it up and we had a 3 hour phone conversation about it last week. What’s interesting is that she’s not a putz, in fact, she has a Doctorate.
I think the boomers are waking up to a lot more than people let on, and using the guise of “National Security” just won’t cut the mustard. So here’s my advice to fellow Senate friends: Be more creative. Maybe say it will protect us from bears, goblins, oilmen and robber-barons as these seem to be bigger threats these days.
Steve Gibson and Bruce Schneier talk about security. Steve hardly talks about things like airport security and terrorism and how that relates to security but anyone interested in the technical dynamics and ramifications of these subjects in detail should really consider listeining to Bruce Schneier. He has a lot of good insights on his podcasts.
As far as preventing identity theft and fake ID’s, Steve does discuss a good method that would work but would be scary to implement. Basically give the government a public/private key pair and when you go in to get your ID and pictures taken and such they look up your record and on some small chip on your ID or something that they can scan, even a USB drive or whatever, they have a high quality picture of you with all required information (ie: full name, drivers license number, etc..) that’s digitally signed by the government. Then, in order for someone to pretend to be you they would either have to have access to the government computers (or hack them) that have the private key (or access to it) or they would have to do a cryptographic attack (highly unlikely). Unless someone leaked the key out to the public of course, but if that happens everyone will know it and the key will expire.
Yeah, and just imbed that chip under your skin or tattoo a bar code on your forehead … that will be great
Re: Re: Re:
“..or tattoo a bar code on your forehead”
The Nazi’s had a variant of that….but just for Jews.
Awfully presumptuous to say a cryptographic attack would be highly unlikely. There are plenty of algorithms that seemed solid at the time they were released and later found to be flawed or more trivial to hack than originally thought. Then there’s the fact that every government device that would need to read the ID would need access to the government’s private key to decrypt the contents of the ID in some form – so there’s the potential to break the private key out of a device.
Re: Re: Re:
No, not you had a central government location that had the private key and data flowed via telecommunications to that central location for things to get signed and then the signature flowed back.
As far as the cracking thing is concerned, you are right, some ciphers have been cracked, but they often get cracked gradually whereby we start finding algorithms that yield higher and higher statistical probabilities of cracking the key. The government should replace the keys and ciphers long before the cipher is actually cracked.
For example DES was “cracked” (well, some financial institutions still even use that because it’s still often difficult enough to decrypt) but part of that is because the government didn’t really give the public much time to test it before adopting. Most of that is also because computers have gotten quicker. But as the key gets larger the quickness needed exponentially increases and computers bandwidth is advancing at a limited rate and most cryptographers take that rate vs bandwidth needed to crack a cipher in a reasonable period of time into consideration. WEP was cracked but only because it wasn’t really designed to be a mainstream standard, it was designed by a bunch of people who just wanted some temporary way of encrypting data. It was later adopted as a mainstream standard and the cipher it uses still hasn’t really been cracked (I believe it uses RC4), just the poor WEP implementation. Heck, Diffie-Hellman key exchange still hasn’t been cracked.
But regardless encryption is a cat and mouse game. Keys expire and are replaced by new keys and ciphers get updated and replaced. The point is that it’s highly unlikely that a key will suddenly get cracked by some random person because cracking this stuff is a gradual process whereby when we do start to get even remotely close to cracking it we replace the cipher long before it gets cracked. Heck, many of the ciphers that are considered “cracked” and that have been replaced by better ciphers are still pretty secure even today.
Re: Re: Re: Re:
Besides, if these ciphers are so insecure why would most banks use them and most secure websites (ie: https). I have yet to hear of well established ciphers being cracked to extract anyone’s personal information (ie: not DES or ciphers that are known to be flawed but ciphers like AES, ciphers generally accepted as secure by cryptologists. And cryptologists tend to be very very conservative in terms of what they will consider secure, often going far far beyond things that are not even remotely practical for anyone to crack).
Welcome To 1984 ....and 1944
I leave my house I forget my arm band, damn I am shot for being a jew in Germany …. I wake up … realize wait I am german and it was all a dream …. I wake up again… I am in a german in america … Oops forgot my Federal id ….
Blastoff Network is coming! It will launch to the world on October 26, 2009, and will change the way we use the internet forever!
Sign up is “FREE”…
Launch your Blastoff Network and get paid! When you invite your friends to join the Blastoff Network, you will get paid every time they make a purchase within the Blastoff Network. Just think about getting paid every time your friends buy a song on iTunes, books at Barnes & Noble or a new TV at Target. And as your friends begin to invite their friends, you will see your network and your income begin to virally grow. So spread the word and get ready to Blastoff!
Don’t miss this opportunity to Blastoff and make money with the rest of us on October 26, 2009!
Be ready to Blastoff!
Just For Fun! Ever Get Spoiked?, http://www.youtube.com/watch?v=j2oGysxM-j4
I think the boomers are waking up to lots extra than human beings let on, and the use of the guise of "National Security" just may not reduce the mustard. So right here’s my recommendation to fellow Senate buddies: Be more creative. Maybe say it’ll protect us from bears, goblins, oilmen and robber-barons as those seem to be bigger threats nowadays.
professional dissertation help UK
Thank you for sharing your professional opinion, students also face similar problems on educational portals, in addition, they must work on their research papers, in which case I advise you to contact https://primeessay.org/article-critique-writing.html
If you are looking for help with writing a discussion board post for college I would like to recommend this essay writing company https://papers-land.com/help-me-write-my-discussion-board-post-for-college/ They cooperate only with high-quality writers and offer good prices