Friday, February 11, 2005

PRIVACY - The Number of the Beast?

ZDNet reports that the "Real ID Act" (no stupid acronyms this time, so Hollywood or the music industry must not be involved) passed the House of Representatives by a substantial margin. The bill wants to encourage states to standardize, computerize, and network their drivers' license and ID systems by witholding federal dollars from states that don't play along. The article also suggests that federal employees would be able to refuse to recognize the validity of state ID's that don't comply.

Opposition has come from all over the political spectrum. The federal government has a tradition of opposing any form of a national ID system. The Social Security Administration opposes the use of our SSN's as identifiers, though we've seen how much weight that carries. This bill seems to fly in the face of all of that by essentially demanding 50 theoretically separate state ID systems that are actually all the same and happen to be sharing information.

The bill also mandates that ID's store certain information. Given a nationwide database, this would make it possible for the government to track people almost anywhere in the country by essentially having agents ask "papers, please" and cross-referencing the database.

As I sit here typing this article, I'm conneted to the internet via a Bluetooth connection provided by my cell phone and my iBook laptop. The technology exists for a police officer to do much the same thing, except that he could, with an ID card that the Real ID Act demands, figure out everywhere you had been by looking up who else had scanned your card, where, and why.

Scary, huh?

So will this make us safer?

The supporters of the bill sure seem to think so. But I wonder.

The funny thing about databases is that they do a lot more than store information. They also create meta-information about what they're storing. The information in the database is valuable, but so is the information about the records, such as who has accessed it, where, when, and why. And this data tends to take on a life of its own.

For example, not only is your credit rating valuable to certain people, like prospective lenders, but information on who else has looked your credit rating up is valuable as well.

This, to me, reveals one fatal flaw with the whole proposed system: it's still based on human-generated data. If someone acquires an ID based on a fraudulent social security number, suddenly that ID is in not one, but 50 different systems. That lends it a lot more validity, even though it's totally fake. And the networked nature of the system will serve only to perpetuate false information and make it that much harder to uncover the truth.

The ZDNet article quotes supporters of the bill as stating that some of the 9/11 hijackers had state ID's. These are suicide bombers. They knew they were going to die. I wonder if people on Capitol Hill really understand what that means.

The Real ID Act seems designed, not to make us safer, but to make us feel safer. And a false sense of safety is much worse than what we have now.