Did People Think No One Would Recognize REAL ID If Introduced Under Another Name?

from the pass-id,-indeed dept

Last year, it became clear that REAL ID was dead on arrival as pretty much everyone was against it, and states were refusing to implement it. With the changing of the administration, it seemed like REAL ID was finally going to die completely... but apparently not just yet. EFF alerts folks to the fact that the same concept has basically been reintroduced under the name PASS ID, as if that would trick people:
The plan sounds equally as bad and unnecessary:
Proponents seem to be blind to the systemic impotence of such an identification card scheme. Individuals originally motivated to obtain and use fake IDs will instead use fake identity documents to procure "real" drivers' licenses. PASS ID creates new risks -- it calls for the scanning and storage of copies of applicants' identity documents (birth certificates, visas, etc.). These documents will be stored in databases that will become leaky honeypots of sensitive personal data, prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database. Despite some alterations to the scheme, PASS ID is still bad for privacy in many of the same ways the REAL ID was.
But why let that stop the gov't from coming up with more ways to keep tabs on you?


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Chuck C, Aug 21st, 2009 @ 4:31pm

    On the National Security Defense...

    EFF explains in the article:
    PASS ID operates on the same flawed premise of REAL ID -- that requiring various "identity documents" (and storing that information in databases for later access) will magically make state drivers' licenses more legitimate, which will in turn improve national security.

    The "improve national security" defense is odd, misplaced, and won't work. Recently, my mom somehow got a fascination of, and started researching 9-11 as if it was a conspiracy. She brought it up and we had a 3 hour phone conversation about it last week. What's interesting is that she's not a putz, in fact, she has a Doctorate.

    I think the boomers are waking up to a lot more than people let on, and using the guise of "National Security" just won't cut the mustard. So here's my advice to fellow Senate friends: Be more creative. Maybe say it will protect us from bears, goblins, oilmen and robber-barons as these seem to be bigger threats these days.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 21st, 2009 @ 4:56pm

    Steve Gibson and Bruce Schneier talk about security. Steve hardly talks about things like airport security and terrorism and how that relates to security but anyone interested in the technical dynamics and ramifications of these subjects in detail should really consider listeining to Bruce Schneier. He has a lot of good insights on his podcasts.

    http://crypto-gram.libsyn.com/

    As far as preventing identity theft and fake ID's, Steve does discuss a good method that would work but would be scary to implement. Basically give the government a public/private key pair and when you go in to get your ID and pictures taken and such they look up your record and on some small chip on your ID or something that they can scan, even a USB drive or whatever, they have a high quality picture of you with all required information (ie: full name, drivers license number, etc..) that's digitally signed by the government. Then, in order for someone to pretend to be you they would either have to have access to the government computers (or hack them) that have the private key (or access to it) or they would have to do a cryptographic attack (highly unlikely). Unless someone leaked the key out to the public of course, but if that happens everyone will know it and the key will expire.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      ..., Aug 21st, 2009 @ 6:07pm

      Re:

      Yeah, and just imbed that chip under your skin or tattoo a bar code on your forehead ... that will be great

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 21st, 2009 @ 6:42pm

      Re:

      Awfully presumptuous to say a cryptographic attack would be highly unlikely. There are plenty of algorithms that seemed solid at the time they were released and later found to be flawed or more trivial to hack than originally thought. Then there's the fact that every government device that would need to read the ID would need access to the government's private key to decrypt the contents of the ID in some form - so there's the potential to break the private key out of a device.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Aug 21st, 2009 @ 9:30pm

        Re: Re:

        No, not you had a central government location that had the private key and data flowed via telecommunications to that central location for things to get signed and then the signature flowed back.

        As far as the cracking thing is concerned, you are right, some ciphers have been cracked, but they often get cracked gradually whereby we start finding algorithms that yield higher and higher statistical probabilities of cracking the key. The government should replace the keys and ciphers long before the cipher is actually cracked.

        For example DES was "cracked" (well, some financial institutions still even use that because it's still often difficult enough to decrypt) but part of that is because the government didn't really give the public much time to test it before adopting. Most of that is also because computers have gotten quicker. But as the key gets larger the quickness needed exponentially increases and computers bandwidth is advancing at a limited rate and most cryptographers take that rate vs bandwidth needed to crack a cipher in a reasonable period of time into consideration. WEP was cracked but only because it wasn't really designed to be a mainstream standard, it was designed by a bunch of people who just wanted some temporary way of encrypting data. It was later adopted as a mainstream standard and the cipher it uses still hasn't really been cracked (I believe it uses RC4), just the poor WEP implementation. Heck, Diffie-Hellman key exchange still hasn't been cracked.

        But regardless encryption is a cat and mouse game. Keys expire and are replaced by new keys and ciphers get updated and replaced. The point is that it's highly unlikely that a key will suddenly get cracked by some random person because cracking this stuff is a gradual process whereby when we do start to get even remotely close to cracking it we replace the cipher long before it gets cracked. Heck, many of the ciphers that are considered "cracked" and that have been replaced by better ciphers are still pretty secure even today.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Aug 21st, 2009 @ 9:45pm

          Re: Re: Re:

          Besides, if these ciphers are so insecure why would most banks use them and most secure websites (ie: https). I have yet to hear of well established ciphers being cracked to extract anyone's personal information (ie: not DES or ciphers that are known to be flawed but ciphers like AES, ciphers generally accepted as secure by cryptologists. And cryptologists tend to be very very conservative in terms of what they will consider secure, often going far far beyond things that are not even remotely practical for anyone to crack).

           

          reply to this | link to this | view in chronology ]

  •  
    icon
    Hephaestus (profile), Aug 22nd, 2009 @ 11:32pm

    Welcome To 1984 ....and 1944

    I leave my house I forget my arm band, damn I am shot for being a jew in Germany .... I wake up ... realize wait I am german and it was all a dream .... I wake up again... I am in a german in america ... Oops forgot my Federal id ....

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    bill, Oct 9th, 2009 @ 10:47am

    money

    Blastoff Network is coming! It will launch to the world on October 26, 2009, and will change the way we use the internet forever!

    Sign up is "FREE"...

    Launch your Blastoff Network and get paid! When you invite your friends to join the Blastoff Network, you will get paid every time they make a purchase within the Blastoff Network. Just think about getting paid every time your friends buy a song on iTunes, books at Barnes & Noble or a new TV at Target. And as your friends begin to invite their friends, you will see your network and your income begin to virally grow. So spread the word and get ready to Blastoff!

    Don't miss this opportunity to Blastoff and make money with the rest of us on October 26, 2009!

    Be ready to Blastoff!

    http://www.blastcashback.com

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Daniel Minteer, Nov 23rd, 2009 @ 2:07pm

    Spoiked

    Just For Fun! Ever Get Spoiked?, http://www.youtube.com/watch?v=j2oGysxM-j4

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This