> But my primary objection isn't the totalitarian potential of national IDs, nor the likelihood that they'll create a whole immense new class of social and economic dislocations. Nor is it the opportunities they will create for colossal boondoggles by government contractors. My objection to the national ID card, at least for the purposes of this essay, is much simpler:
I understood this to be something different from what Schneier describes. (Though I could be mistaken.) I took this to be primarily an API for Internet applications to verify an end user's identity claims. I realize there are physical cards involved, and those could be problematic, but the API part sounds better.
The failure modes Scheier describes would still be applicable, of course. But as a developer, I might still appreciate having the system available. I couldn't trust its responses beyond a reasonable doubt. But still it might be valuable to have some extra degree of certainty about a user's identity, in some scenarios.
Let's say, for example, I'm developing an online liquor store. Let's say I accept various forms of payment, some of which don't come with age verification. I might appreciate a simple, unified ID API for that purpose. Granted, it would still be possible for minors to exploit the vulnerabilities Schneier describes and buy alcohol from me. But conceivably, if that happened, the law might grant me immunity, because I checked against the government API and the failure was on the government's part. Which would be a valuable assurance for me as the developer or business owner.
In Finland we have a system based on authenticating through your bank (TUPAS[1]). It works pretty well, and is easy, at least for the end-user, to use (you just select your bank and get redirected to their login site; the banks system then passes your info to the site). I don't know what kind of requirements there are for businesses to use it though.
Huh? The point of national identity is not to improve safety - it is to improve effectivity. Which it does.
I wish my country emulated this instead of having this corporate conglomerate that takes major cash to let anyone use the same system as is used for banking identification.
Based on your username I'm guessing the country is Sweden. Which corporate conglomerate and which system are you referring to? Telia e-legitimation? BankID?
The company that produced the solution Telia used have exited that market (and focus on providing smart card solutions for companies and organizations like the public care providers).
Not security in the sense of tracking people with malign intent, but security of the identity system against attacks and fraud.
It's hard to see how a decently-implemented electronic ID wouldn't at first seem to be significantly more secure than the current mix of services that exist at the moment. Think how much havoc a determined individual (who knew and hated you) could cause if they were determined to usurp or disrupt your identity: I'm pretty sure all kinds of government and private services could be diverted with phone calls, lies and trivially-forged paper documents.
On the other hand a central system has the risk of all the data being stolen, sold or subjected to denial of service. It's a difficult thing to weigh up.
"in over a decade, no security breaches have been reported"
False! If someone has access to your Estonian ID card for about 11.5 hours or 27 hours (depending if the card uses 1024-bit or 2048-bit RSA keys), he can decrypt documents or forge e-signatures, even without knowing your PIN code: https://eprint.iacr.org/2012/417.pdf
There are a few scenarios where I, as a developer, would find it very helpful to be able to verify real-world identities. For example, I've worked on applications where there were incentives for Mallory to impersonate Alice and attempt to legally bind Alice to something. Having a way to verify that the end user is truly Alice would be great in that type of scenario.
On the other hand, there are lots of apps where you don't really need to be able to verify the end user's identity. Like Twitter. I can imagine a world where such applications require verified ID from all users, just because the government makes it really easy to do so. That would be a big loss for privacy an anonymity. As has been discussed at length elsewhere, providing an anonymous (or pseudonymous) voice for people is one of the Internet's most important function.
I did not expect to see so many people so strongly against identity cards. I have had one for a while and it's very convenient and useful.
How is this different from passports? The government already has your basic information. Why passports and not identity cards? To me, my ID card is like a passport in credit card dimensions.
"How is this different from passports?...Why passports and not identity cards? To me, my ID card is like a passport in credit card dimensions."
Your passport can't really be used for online identification. An ID card can. But this also means your online activity can potentially be tracked. Who will have access to this data and for what purpose will it be used? What control will users have over their data? Lot's of peeople (including me) don't trust the competence or goodwill of our governments over such matters.
But there are also many instances where we readily give up some of our most personal information. For example, a lot of European countries require your fingerprints when you apply for a passport. This is stored as biometric information on the passport. When you travel, some countries will also take your fingerprints before allowing you into their country. Many travellers are happy to do that. So yes, when it comes to privacy and identity we often exhibit contradictory behaviour and opinions.
Isn't that because the US is so big (and also with a huge economy I guess)? Most countries are much smaller (like Estonia, or its neighbouring countries) and leaving the country isn't as big a deal.
It's definitely possible, but much more unlikely than going without a passport, for two reasons:
1) The expanse and culture of the U.S. favors driving cars, so most people learn to drive a car. A driver's license is most people's form of photo ID.
2) A puritanical history makes for strict age limits on alcohol and tobacco; young adults must show photo ID in order to enter many bars and clubs where alcohol is served.
These two factors mean that most Americans have an ID by the time they are 21. In fact, I don't know anyone who doesn't have one.
I don't know. Social Security Numbers (SSN) we have are a national ID number in pretty much everything but name. And even though they are explicitly not supposed to be used as identification (it says so on the card), that's how it's used 99% in practice.
This is very impressive and I hope it works out well for them. It has some serious risks in terms of privacy/government surveillance, however. A single theft of a backup and the entire country's data is violated.
The other issue I see is Estonia/EU doesn't exactly have the most robust freedom of expression:
"The main theme of the two principal Jorj X. McKie stories, Whipping Star and The Dosadi Experiment, is the Bureau of Sabotage, an interesting concept in government that is kind of like a ninja GAO.
The idea is that all governments and other bureaucracies tend to snowball over time, finally becoming juggernauts that crush mere humans unthinkingly. So the Bureau of Sabotage was founded with a legal right to throw wrenches into the gears of bureaucracies. No agency can sabotage the BuSab itself.
So what keeps the BuSab from turning into a juggernaut? Their promotion policy. The way you get promoted is to sabotage your boss."
> Estonia’s approach makes life efficient: taxes take less than an hour to file, and refunds are paid within 48 hours
Yes, sacrificing privacy and liberty can provide conveniences - this is nothing new; we've known it since Huxley's Brave New World, if not earlier.
That doesn't mean these policies are something we want to emulate, such as their stance on sex trafficking[0], free speech[1], and other human rights. Authoritarian policies like 'national identity' initiatives are very strongly correlated with abuses in human and civil rights.
Neither of those links support your assertion that identity schemes are "authoritarian" or "are very strongly correlated with abuses in human and civil rights"
> your assertion that identity schemes are "authoritarian"
Well, no, that assertion is a subjective statement, so it's not possible to cite that. (Hence why I didn't - the footnote appears immediately after the portion of text being cited).
The links are intended to demonstrate that there are a number of other aspects of Estonian society that we might not want to emulate. Cherry-picking one benefit would be misleading.
> or "are very strongly correlated with abuses in human and civil rights"
The original sentence was "Authoritarian policies ... are very strongly correlated with abuses in human and civil rights". Would it be clearer if I replaced the word "policies" with "governments"?
Perhaps I misinterpreted your post, but what I got from it is that you were against identity schemes (attaching the adjective "authoritarian" to them).
Estonia might be an authoritarian hellhole, but I wouldn't say the ID system has anything to do with it. That edit probably would help :)
This is a very impressive, forward-thinking initiative. No doubt it'll falter, act clunky and glitchy at first, and probably be cracked at least once, but this is the direction societies are moving in, and it's good of (and likely, for) Estonia to take the plunge first.
An interesting point to consider: How would a formalized electronic ID scheme affect our present concerns with respect to governments spying on their citizens? On the one hand, putting everyone's public lives online will make it a lot easier to start aggregating data for unwholesome purposes, and puts everyone's personal information in potentially vulnerable computer systems. On the other hand, there are huge efficiency gains and convenience benefits that come from digitizing everything, and maybe having a government bureaucracy centered around digital records will confer that medium with the level of discretion the bureaucracy currently gives paper records.
Depending on the implementation, it would be possible to limit the government's collection of data to the following:
1) The underlying identity info such as SSN, photo, name, birthdate, etc. Which most governments already have even without this system.
2) A record of each request from a third party to authenticate a user. E.g. if I user my government ID to sign up for Facebook, that signup event will be logged.
Again, it depends on the implementation. The above two would almost certainly be collected in even the most privacy-respecting implementation. But, it's certainly possible to devise an implementation that enables the government to collect far more.
Well, the largest and most sinister actors already have tools that aggregate said data into vulnurable systems for unwholesome purposes. What would a national ID give them that they don't already have?
Most people in the UK don't have to do a tax return, if you do have to do a tax return doing it online (at least if you have the relevant information handy) isn't difficult - probably takes me 30 minutes on a simple year and on a complex year I pay an accountant to do it.
Exactly, if our going to allow all of the hackable information to be stored online by your government so you can shave 20mins from a yearly task then your a fuc*g idiot.
I like it. Its not as if U.S. states don't, as a practical matter, require government issued identification.
I envision (I'm not the only one for sure) something like the Madison Project [1], i.e., an online voting platform where people can discuss and vote on legislation, regulations, budgets, etc., in their jurisdiction (and submit edits and amendments), while allowing anonymous or pseudo-anonymous participation and allowing people to prove they're electors, political party members, etc., for users' filtering. So we can invest our time and energy in exhausting discussions with anonymous people, knowing they have a stake in the outcome and that we're not wasting our time on a discussion with someone who has absolutely no incentive to seek a successful solution.
This provides a missing piece. Only a government-issued digital ID can provide sufficient reliability and trustworthiness for such an application.
Without doing any other research this article seems like a total whitewash. It doesn't discuss any existing or potential problems with such a scheme. The author isn't listed which makes me question whether they either know nothing about technology, privacy, or have conflicts of interest.
I really REALLY hope this takes off at a EU level. And that the Estonians will reap some benefits by being the first to pave the way, so maybe some healthy competition on providing the best services to citizens will ensue between EU countries...
What is the major benefit of something like this? I can't think of a single transaction I've undertaken in the past few months (either online or offline) where it would have been to my advantage to authenticate my real name. I frequently need to authenticate an ongoing relationship (my gym membership, logging in to Amazon Prime), but in none of these situations does it matter who I am, just that I'm the same person I was before. Generally those counterparties get that information anyway, but I consider that information leakage an artifact of the authentication process, not a beneficial feature of the system.
We already have solid methods for identifying ourselves as the same person as we used to be (various public keys, for example), and if we want to establish a consistent identity across multiple contexts/domains, we also have that option. This really doesn't benefit consumers in any way.
Maybe in the past few months you never transacted with your Country's public administration. I have, and I would like very much to do 90% of those interactions online, without having to personal relay information from one part of the administration to another part.
It's very easy for me to make a single in-band communication with my government (show up one day, show that I'm me) and establish login credentials proving that I'm me. I see no advantage to a general online identification system that goes beyond that.
So you can show up once at one institution and after that do everything in your life online using those credentials you acquired, either with private persons, companies or state/public institutions?
I'm from Belgium where we have a national electronic id. It's main use to me is filing my tax online. Supposedly I can also do certain administrative task with it but I have needed it at the moment.
The level of tracking and privacy violations online is already disturbing and downright creepy
This would take it to a whole new level.
There are other bad things possible, for example, I can already see Media Industry lawyers rubbing their hands, tie National ID cards to ISP database and overnight suing people would become easier.
the problem to solve here is that for each government service you get a different account.
One for the entity managing your retirement funds, one for the national healthcare, one for the tax filing, one for requesting a certificate etc, one for filing a request with the police etc, one for the city council services, one for the district, one for the region, one for the university, one for the separate agency that manages scholarships etc.
I am, honestly, listing the ones I had to cope with.
In my country, each entity manages their own system, with different bugs, varying level of security and screw ups, incompatible data, delays of up to two weeks to receive a PIN when signing up for a new service and the occasional "wait, you are not supposed to exist" moments.
I'd take a unified, compatible multifactor auth system like the estonian one every day. Heck, there was even an OpenID bridge some years ago!
On that note, I'll be in Tallinn for September and October 2014 as part of world travels. Any recommendations from locals or past travellers? I'm at http://about.alexeymk.com
It's useful to note that, while a country, Estonia's population is smaller than that of most large US cities (1.3mil). What can work for Estonia may not be something particularly portable to larger nation states. Still interesting stuff.
1.3 million is a really tiny number. Why is it so small? The city of Tucson, Arizona has about 1 million people and it's in the middle of an uninhabitable desert.
Probably the second one. It will be hard for anyone to believe what your name is if the only thing you can present to back up your claim is piece of oficially looking plastic and all other people can present digital signature that can be verified online. You'll probably will be able to participate in activities that don't require trust in your identity. Buying a muffin, sure. Renting an apartment, no chance in hell.
Unless you're living on hitting people up for spare change - or being paid under the table in cash - There is very little you can do. Cash a check? Open a bank account? Buy a car? Maybe you can buy it, but the registration, insurance and the license to drive the thing already require a state issued ID.
The person presenting a UK license or passport is the easy case. The person presenting a non-European passport and a pile of letters from the Home Office? Not so much. But then, discriminating against foreigners was the point of the law.
A National ID Card Wouldn't Make Us Safer
- Bruce Schneier
https://www.schneier.com/essays/archives/2004/04/a_national_...
> But my primary objection isn't the totalitarian potential of national IDs, nor the likelihood that they'll create a whole immense new class of social and economic dislocations. Nor is it the opportunities they will create for colossal boondoggles by government contractors. My objection to the national ID card, at least for the purposes of this essay, is much simpler:
> It won't work. It won't make us more secure.