Did People Think No One Would Recognize REAL ID If Introduced Under Another Name?

from the pass-id,-indeed dept

Last year, it became clear that REAL ID was dead on arrival as pretty much everyone was against it, and states were refusing to implement it. With the changing of the administration, it seemed like REAL ID was finally going to die completely... but apparently not just yet. EFF alerts folks to the fact that the same concept has basically been reintroduced under the name PASS ID, as if that would trick people:
The plan sounds equally as bad and unnecessary:
Proponents seem to be blind to the systemic impotence of such an identification card scheme. Individuals originally motivated to obtain and use fake IDs will instead use fake identity documents to procure "real" drivers' licenses. PASS ID creates new risks -- it calls for the scanning and storage of copies of applicants' identity documents (birth certificates, visas, etc.). These documents will be stored in databases that will become leaky honeypots of sensitive personal data, prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database. Despite some alterations to the scheme, PASS ID is still bad for privacy in many of the same ways the REAL ID was.
But why let that stop the gov't from coming up with more ways to keep tabs on you?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: pass id, politics, privacy, real id, security


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Chuck C, 21 Aug 2009 @ 4:31pm

    On the National Security Defense...

    EFF explains in the article:
    PASS ID operates on the same flawed premise of REAL ID -- that requiring various "identity documents" (and storing that information in databases for later access) will magically make state drivers' licenses more legitimate, which will in turn improve national security.

    The "improve national security" defense is odd, misplaced, and won't work. Recently, my mom somehow got a fascination of, and started researching 9-11 as if it was a conspiracy. She brought it up and we had a 3 hour phone conversation about it last week. What's interesting is that she's not a putz, in fact, she has a Doctorate.

    I think the boomers are waking up to a lot more than people let on, and using the guise of "National Security" just won't cut the mustard. So here's my advice to fellow Senate friends: Be more creative. Maybe say it will protect us from bears, goblins, oilmen and robber-barons as these seem to be bigger threats these days.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Aug 2009 @ 4:56pm

    Steve Gibson and Bruce Schneier talk about security. Steve hardly talks about things like airport security and terrorism and how that relates to security but anyone interested in the technical dynamics and ramifications of these subjects in detail should really consider listeining to Bruce Schneier. He has a lot of good insights on his podcasts.

    http://crypto-gram.libsyn.com/

    As far as preventing identity theft and fake ID's, Steve does discuss a good method that would work but would be scary to implement. Basically give the government a public/private key pair and when you go in to get your ID and pictures taken and such they look up your record and on some small chip on your ID or something that they can scan, even a USB drive or whatever, they have a high quality picture of you with all required information (ie: full name, drivers license number, etc..) that's digitally signed by the government. Then, in order for someone to pretend to be you they would either have to have access to the government computers (or hack them) that have the private key (or access to it) or they would have to do a cryptographic attack (highly unlikely). Unless someone leaked the key out to the public of course, but if that happens everyone will know it and the key will expire.

    link to this | view in chronology ]

    • identicon
      ..., 21 Aug 2009 @ 6:07pm

      Re:

      Yeah, and just imbed that chip under your skin or tattoo a bar code on your forehead ... that will be great

      link to this | view in chronology ]

      • identicon
        Skeptic, 24 Aug 2009 @ 12:11pm

        Re: Re:

        "..or tattoo a bar code on your forehead"

        The Nazi's had a variant of that....but just for Jews.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Aug 2009 @ 6:42pm

      Re:

      Awfully presumptuous to say a cryptographic attack would be highly unlikely. There are plenty of algorithms that seemed solid at the time they were released and later found to be flawed or more trivial to hack than originally thought. Then there's the fact that every government device that would need to read the ID would need access to the government's private key to decrypt the contents of the ID in some form - so there's the potential to break the private key out of a device.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Aug 2009 @ 9:30pm

        Re: Re:

        No, not you had a central government location that had the private key and data flowed via telecommunications to that central location for things to get signed and then the signature flowed back.

        As far as the cracking thing is concerned, you are right, some ciphers have been cracked, but they often get cracked gradually whereby we start finding algorithms that yield higher and higher statistical probabilities of cracking the key. The government should replace the keys and ciphers long before the cipher is actually cracked.

        For example DES was "cracked" (well, some financial institutions still even use that because it's still often difficult enough to decrypt) but part of that is because the government didn't really give the public much time to test it before adopting. Most of that is also because computers have gotten quicker. But as the key gets larger the quickness needed exponentially increases and computers bandwidth is advancing at a limited rate and most cryptographers take that rate vs bandwidth needed to crack a cipher in a reasonable period of time into consideration. WEP was cracked but only because it wasn't really designed to be a mainstream standard, it was designed by a bunch of people who just wanted some temporary way of encrypting data. It was later adopted as a mainstream standard and the cipher it uses still hasn't really been cracked (I believe it uses RC4), just the poor WEP implementation. Heck, Diffie-Hellman key exchange still hasn't been cracked.

        But regardless encryption is a cat and mouse game. Keys expire and are replaced by new keys and ciphers get updated and replaced. The point is that it's highly unlikely that a key will suddenly get cracked by some random person because cracking this stuff is a gradual process whereby when we do start to get even remotely close to cracking it we replace the cipher long before it gets cracked. Heck, many of the ciphers that are considered "cracked" and that have been replaced by better ciphers are still pretty secure even today.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 Aug 2009 @ 9:45pm

          Re: Re: Re:

          Besides, if these ciphers are so insecure why would most banks use them and most secure websites (ie: https). I have yet to hear of well established ciphers being cracked to extract anyone's personal information (ie: not DES or ciphers that are known to be flawed but ciphers like AES, ciphers generally accepted as secure by cryptologists. And cryptologists tend to be very very conservative in terms of what they will consider secure, often going far far beyond things that are not even remotely practical for anyone to crack).

          link to this | view in chronology ]

  • icon
    Hephaestus (profile), 22 Aug 2009 @ 11:32pm

    Welcome To 1984 ....and 1944

    I leave my house I forget my arm band, damn I am shot for being a jew in Germany .... I wake up ... realize wait I am german and it was all a dream .... I wake up again... I am in a german in america ... Oops forgot my Federal id ....

    link to this | view in chronology ]

  • identicon
    bill, 9 Oct 2009 @ 10:47am

    money

    Blastoff Network is coming! It will launch to the world on October 26, 2009, and will change the way we use the internet forever!

    Sign up is "FREE"...

    Launch your Blastoff Network and get paid! When you invite your friends to join the Blastoff Network, you will get paid every time they make a purchase within the Blastoff Network. Just think about getting paid every time your friends buy a song on iTunes, books at Barnes & Noble or a new TV at Target. And as your friends begin to invite their friends, you will see your network and your income begin to virally grow. So spread the word and get ready to Blastoff!

    Don't miss this opportunity to Blastoff and make money with the rest of us on October 26, 2009!

    Be ready to Blastoff!

    http://www.blastcashback.com

    link to this | view in chronology ]

  • identicon
    Daniel Minteer, 23 Nov 2009 @ 2:07pm

    Spoiked

    Just For Fun! Ever Get Spoiked?, http://www.youtube.com/watch?v=j2oGysxM-j4

    link to this | view in chronology ]

  • identicon
    Mandy Angelica, 29 Mar 2019 @ 12:13am

    I think the boomers are waking up to lots extra than human beings let on, and the use of the guise of "National Security" just may not reduce the mustard. So right here's my recommendation to fellow Senate buddies: Be more creative. Maybe say it'll protect us from bears, goblins, oilmen and robber-barons as those seem to be bigger threats nowadays.
    professional dissertation help UK

    link to this | view in chronology ]

  • identicon
    emilyray, 21 Jun 2020 @ 9:56am

    education

    Thank you for sharing your professional opinion, students also face similar problems on educational portals, in addition, they must work on their research papers, in which case I advise you to contact https://primeessay.org/article-critique-writing.html

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.