Knowing the intimate details


A security expert tells why the ID cards required by the Real ID program will document your life to anyone who wants to read it.
In my posts about the Real ID program, I've covered the network side of things. Now William Jackson talks about the really big hole, the ID card itself.

I’m talking specifically about the part of the act establishing minimum requirements for state-issued driver’s licenses and ID cards, which falls prey to one of the most dangerous IT errors: designing a system to handle sensitive information without considering security requirements.

Under the law, the new cards must contain, in machine-readable format (read: digital), the holder’s name, date of birth, address, ID number, signature and photo. The act not only fails to require any encryption or other security for data stored on the cards, but also mandates the creation of shared state databases of sensitive information with no security or access restrictions.

This is particularly disturbing given the type and amount of data the act requires states to gather on citizens. States must “capture digital images of identity source documents so that the images can be maintained in electronic storage in transferable format” for 10 years. Each state must provide all other states electronic access to this data.

The ability of any Tom, Dick or Harry with a card reader to capture a copy of your vital statistics from your driver’s license is worrisome. The creation of unsecured databases containing digital images of your birth certificate and other documents is even more so.

Under the terms of this act, every bartender, bank teller or cop who swipes your electronic card is free to do as he or she pleases with the information that is captured. States are free to sell their databases to anyone for any reason, and even to access other states’ databases and sell that data.

There is no way the information on those cards can be made secure. There is enough there to steal your identity five or six times over. Add 50+ "secure" computer networks (more than that if you add all the banks and everyone who you do business with), and your life is an open book. From your social security number to the yesterday's lunch at the salad bar, it will all be there and it will all be accessible.

Here is the scary thing. The Real ID will catch an estimated 3% more than existing procedures.

And the people who are really motivated to fool the system will.

Hat tip to Sunni Maravillosa.

— NeoWayland

Posted: Sat - December 17, 2005 at 05:13 AM  Tag


 ◊  ◊   ◊  ◊ 

Random selections from NeoWayland's library


Pagan Vigil "Because LIBERTY demands more than just black or white"
© 2005 - 2009 All Rights Reserved