Real ID and you


Don't look now, but the DHS guidelines are out and they want to turn you into a number
Sometimes I wonder why the same stories keep cropping up.

Here's what two security experts had to say about Real ID and data security.

Two other big-picture concerns about Real ID come to mind: Looking at the overall concept of a national identification database, and given existing data security controls in large distributed systems, one wonders how vulnerable this system-of-systems will be to data loss or identity theft resulting from unscrupulous employees, flawed technologies, external compromises or human error--even under the best of security conditions. And second, there is no clear guidance on the limits of how the Real ID database would be used. Other homeland security initiatives, such as the Patriot Act, have been used and applied--some say abused--for purposes far removed from anything related to homeland security. How can we ensure the same will not happen with Real ID?

As currently proposed, Real ID will fail for several reasons. From a technical and implementation perspective, there are serious questions about its operational abilities both to protect citizen information and resist attempts at circumvention by adversaries. Financially, the initial unfunded $11 billion cost, forced onto the states by the federal government, is excessive. And from a sociological perspective, Real ID will increase the potential for expanded personal surveillance and lay the foundation for a new form of class segregation in the name of protecting the homeland.

Does that sound familiar? It should. Here's what I said almost two years ago.

My first problem is the assumption that the details of your life are somehow trumped by national security concerns. This database will track you, everything from the flights you took to the last time you gassed up your car to the fifty pounds of fertilizer you bought last week for your garden. It ALL goes into the data base.

It's easy to see how this can be abused, look no further than the War on Drugs and the tactics used there. At one point, the DEA was going after garden supply stores because the stores weren't providing sales records on people who bought growlights and supplies for indoor gardening. Of course, that old canard about "why worry if you have nothing to hide" was trotted out.

Once the system exists, it can be perverted to any use. If you have done anything questionable, or even if a policeman or agent has a beef with you or something you have done, your records will be flagged and your freedom will be curtailed. It doesn't matter if it is a mistake or if you prove you are innocent. As anyone who has had tangles with the IRS can tell you, it's almost impossible to "clear your name." If you manage to get your record cleared one place, it can trigger "inquires" elsewhere. Just as mistakes with the DEA, INS, and FDA have triggered IRS investigations. Once in the "system," it assumes you are guilty without overwhelming and uncontested proof that you are innocent.

My second concern is system security. Let's face it, these central databases are not known for being secure. Even if one part of the system is secure, it only takes one hole to reveal all the details of your life. Or to put it another way, even if your credit card information was totally secure, once everything is connected, there is nothing that can stop your credit card number and personal info from being sold by anyone plugged into the system.

Wow.

Could it be that I actually knew what I was talking about?

Real ID is a bad idea that just keeps getting worse.

Hat tip to Shadowmonkey, who introduced me to the phrase Real IDiots.

— NeoWayland

Posted: Thu - May 3, 2007 at 04:44 PM  Tag


 ◊  ◊   ◊  ◊ 

Random selections from NeoWayland's library


Pagan Vigil "Because LIBERTY demands more than just black or white"
© 2005 - 2009 All Rights Reserved