Thursday, November 8, 2007

Of Driver's Licenses, Privacy, and Thinking Like a Computer Geek

The recent debacle of Hillary and the Driver's Licenses causes Roger Simon to point out that illegal immigrants will get driver's licenses if they need them to be employed or otherwise function in modern society.

But the real problem is that we're once again conflating the privilege of driving with the necessity of being able to reliably identify individuals.

Anybody who's ever done any security work knows that you divide the security problem into three independent pieces:

  • Identification. Can the individual be named?

  • Authentication. Can the individual prove that he is who he says he is?

  • Authorization. Given that the individual is who is says he is, what is he allowed to do?

Government IDs conflate these three requirements to varying degrees. For example, a driver's license has your name (identification), your picture (a cheesy form of authentication), and the types of vehicles you are allowed to drive (authorization). On the other hand, a birth certificate only provides identification without authentication or authorization, while a social security card provides identification and authorization, but no authentication.

The US has resisted a national ID card for years. Privacy advocates complain that it's the one missing ingredient necessary to implement an efficient police state. Unfortunately, the government has worked around that and has most of the ingredients for the police state at hand in one form or another, at least for law-abiding citizens. The only people that can't be tracked are the ones that society has the most vested interest in tracking.

A national ID will plug those holes. The trick is to decouple identification, authentication, and authorization. You can issue illegals IDs after you're satisfied that they're either who they say they are or, barring that, that you're pretty sure that their current identification isn't hiding anything that would jeopardize individuals (through ID theft or other fraud, for instance) or national security (through state- or non-state sponsored violence or other shenanigans). Once initially authenticated, individuals can authenticate themselves, either through their picture, some other form of biometric (like a fingerprint), or a passphrase.

But you don't have to grant privileges on the ID card. Indeed, by promising not to grant or revoke privileges as a consequence of identifying and authenticating yourself (e.g. you promise not to deport people if they show up for IDs and they're not obviously terrorists or con men), you can get broad compliance for all people in the country, be they citizens, legal residents, or illegal residents.

From there, attaching authorization is pretty trivial. Are you a legal resident? Are you a citizen? Can you drive? Can you own a gun? Are you qualified to operate a Belchfire 9000 Model Z? If you're worried about the government revoking rights you already have, then don't provide centralized authorization. There are plenty of ways of attaching authorization to an ID without putting everything in the Big Database in the Sky.

But it's time to solve the problem. I'd love to live in a country where I could be who I say I am. That day is past. It's time for a national ID that works.

No comments: