January 03, 2004

National ID Card That Respects Privacy?

As a libertarian, I’ve generally opposed ideas like national identification cards, but I have to admit I’ve never thoroughly thought through the issue (whew, I’m glad I’m writing, not talking!). Turns out I had a common misconception about the whole concept, cleared up by this interesting Wired article:

The truth is, any identification system is inherently neutral; it can either respect privacy or threaten it.

…a privacy-friendly card is feasible if it follows one simple rule: verification, not identification. In other words, the card would confirm identity but wouldn’t allow the government to pick you out of a crowd. There’s a model: In 1995, Canadian entrepreneur George Tomko invented an innovative technology that made it possible to lock packets of data in encrypted files, using a fingerprint as a private key. After clearing a background check, the users of a Tomko-like card would receive a digitized packet of information that said, for example, they were cleared to cross a particular border. They’d download the parcel onto a card and lock it with a thumbprint.

Using this card at a border checkpoint, they’d swipe it and then provide a thumbprint. If the print decrypted the file, the system would verify their identity. Because the fingerprints wouldn’t be stored in a central database, individuals would retain complete control over how much personal information was revealed. To maximize privacy, the system would keep no identifiable records of who had passed through, and it would not be linked with any other databases that might allow predictions of future behavior.

Portions italicized by me. Those familiar with Public Key Encryption (e.g. PGP or RSA) hopefully get the idea. For those who aren’t, here’s the basic scheme. You have two digital keys. You keep one of them secret (the private key), and you can freely distribute the other one (you guessed it — the public key). Your public key can only encrypt messages, and your private key can only decrypt messages (and, of course, is the only key that can decrypt a message encrypted by your public key). This way, anybody can send you an encrypted message, but only you can decrypt it. An added feature of this is that you can digitally sign a message using your private key, which people can verify using your public key, proving that you were the one who sent the message.

Anyway, I hope that was clear enough. You can find a more in-depth explanation of it here. Anyway, it seems to me that the verification feature of this card is pretty similar to the digital signature of RSA, only your thumbprint is used as the private key (yeah, it’s not really private, but nobody would be encrypting messages here, just verifying that your thumbprint matches your card). Sounds to me lilke it protects privacy just fine.

The Wired story covers a new card by Steven Brill’s company, Verified Identity Card, Inc. (V-ID), but it’s not quite as good at protecting privacy as Tomko’s system since its database stores fingerprints (in Tomko’s system, you put your print on your card, not on any of the checkpoint’s systems). While Brill claims his system doesn’t link the prints to any names, I don’t see how he can prove that short of making his code open-source, which I rather doubt he will.

Of course, as the Wired article points out, the government needs to get on the ball as well, but given how poorly it implemented the anti-spam law (which preempts some existing state laws and will simply move spammers offshore — who’ll now have a nice big list of valid e-mail addresses to spam), this could take quite a while.

January 03, 2004 09:06 PM in Politics, Technology | Permalink
Trackback
Sorry, Trackback pings are disabled for now. Drop me an e-mail and I'll manually update the page to link back to you.
Comments