Home
Up
Bloggers I Have Met

Privacy Policy

Universal Biometric Identification Card (UBID) Defeated

This is another thread that got me fully engaged again and lead me to find what I believe are "coffin nails" for the national ID card.  There are a few postings from other people that were not included that I thought to be essentially off topic.  In some cases some of the messages are not in chronological order to make the following of certain sub-threads easier.

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Henry J. Boitel
Sent: Wednesday, January 07, 2004 1:05 PM
Subject: An Outline of UBID


[Subject title was formerly "Program to fingerprint U.S. visitors starts"] Responding to Nancy Yanes-Hoffman

Nancy,

Descriptions of the UBID have been included in postings to the BC list since Sept 12, 2001. Here is a summary. I have numbered the paragraphs to facilitate questions or comment.

1. There is no manufacturer or even a designated biometric. There is no company with a vested interest. UBID is a concept into which can be plugged the devices and methods best suited to accomplish the objective.

2. The issuance of identity documents has always been a governmental function. That continues to be the case as illustrated by birth certificates, passports and other official identity documents. This is not to be confused with the fact that private entities issue documents that are used for their own identification purposes. There are not too many places that will accept your health club card as proof of identity, or even your employee card (other than entities that are in some kind of privity with your employer).

3. The concept is that when the government or a private entity has a right to ask you to produce proof of identity, before extending trust or credit to you, they have a right to demand unequivocal proof of identity to the extent that such proof is reasonably possible.

4. The card would include your biometric(s) and minimal information about you - name - unique ID number, photo. The face of the card would likely only include the name, photo and a public, unique ID number. The same information, together with your biometric(s) and some encrypted information used to verify the genuineness of the CARD, would be electronically embedded in the card.

5. Upon presentation, your live biometric(s) would be compared to the embedded biometric(s). In addition, a remote central data base would be simultaneous contacted to confirm that this card was actually issued to the person you claim to be. The remote card verification process is not any more complicated than present credit card transactions. The only function of the central system is to confirm who you are. It does not confirm that you are a good person.

6. The card would probably end up replacing most of the plastic that people now carry. Swipe it at an ATM, and the ATM goes through the foregoing process and then tells you what options are available to the person you have established yourself as being. Present it at a border crossing, and your entitlement to enter or leave is based upon who you have established yourself to be. No other passport document would be necessary.

7. Upon your initial enrollment, your biometric details would be compared to the details of all other enrolled persons to make as certain as possible that you have not enrolled under more than one identity. It may be necessary to have several different levels of enrollment.

A. - No background check of substance - In substance this establishes a relative identity. This is the same person that enrolled on such and such a date. Many transactions need no more than that. This is the person we hired. This is the person who, after being hired, has been granted access to certain parts of the premises or certain information. This is the person who passed his drivers license test. This is the person who opened this bank account.

B. - Moderate background check - Reasonable effort to determine the pedigree and basic history of a person. None of this information is kept on the card. It is the basis for issuance of the card.

C. - More substantial background checks - Somewhat in line with present security clearance levels.

[I approached background checking a bit differently in the original version. Therre is a lot of room to shape that aspect to real world realities and mainenance of privacy]

8. The level of enrollment would only be revealed to checkpoints entitled to know that information and would not be on the card but available via the central data base. In all respects, the UBID card would appear the same for everyone.

9. If you are on an authorized watch list, your presentation of the card would alert the appropriate authorities. There are probably three main categories of watch lists: a) fugitives, b) missing persons (particularly children and incompetents), and c) terrorist watch lists.

10. For certain inquiries - presentation of the card would alert as to whether the person is a citizen, or if the person's presence in the country is or is not legal. For other inquiries, it would alert authorized persons as to whether the individual is a convicted felon, probationer, or awaiting disposition of felony charges.

11. Having established or rejected a claimed identity, the central database would not keep any record of the activities of established identities. It would merely authenticate the claim and bow out of the situation. Records of the particular transaction are maintained by the entity that has requested proof of identity.

12. Upon establishing probable cause, to a judge of competent jurisdiction, that a person is engage in the commission of a crime, tracking can be authorized for a limited period of time pursuant to reasonably described objectives. In short, the process would be essentially the same as any other search warrant or telephone tap.

13. Persons would have the right but never the obligation to store additional personal information on their card - next of kin, person to be notified, medical records, etc., and access to such information would only be available with the individuals explicit cooperation or according to standards that he has caused to be imbedded. E.g. he can provide that any medical facility can read the medical data.

14. There is a downside to any system that is centralized, just as there are downsides to systems that are distributed or to no systems at all.. In fact, I do not see any downsides to the UBID other than that it provides a structure that a repressive regime could pervert to consolidate its control. In balance, I think that the UBID presents less potential for abuse than the present id systems. A UBID would be presumptive proof of identity and would relieve many persons from intentional or negligent abuses that occur on identity issues. It would also substantially defend against identity theft or identity misrepresentation.

15. The standards and limits applicable to the UBID would be clear and specific. Presumptions should be in favor of individual privacy. Any elected official who willfully seeks to pervert the system should be subject to loss of office and criminal penalties. Government employees who willfully seek to pervert the system should be subject to loss of employment and criminal penalties. Private entities that seek to pervert the system might face forfeiture of the right to use the system (as inquirers) and criminal penalties. There must be a commitment to no-nonsense enforcement of the integrity of the system.

16. It has now been recognized that something must be done about either legitimizing or apprehending and deporting illegal aliens. Once the current proposals on that matter shake out, if there is a UBID, it will be almost impossible for an illegal or a fugitive to function without encountering a situation that requires presentation of UBID.

17. A UBID would simply be a rational device for instilling some order in what is essentially a disordered identity environment. It would not breach anonymity in circumstances where anonymity is presently possible. While enrollment might be voluntary, that is something like saying that credit cards, checking accounts and telephones are voluntary.

18. A UBID would not uncover the fact that someone is a terrorist, unless that fact has been independently determined from intelligence or police sources. However, it would create a far more difficult environment for known and unknown terrorists and criminals to navigate.

19. If I were making the decisions purchases, whether by cash or credit, of dangerous instrumentalities such as explosives, firearms, certain poisons and pathogens, would require presentation of a UBID, so that accountability can be tracked when appropriate. Other technologies permit embedding of what are essentially electronic serial numbers in such materials. Thus a good potential will exist for tracking misuse back to those who purchased the item.

20. I do not subscribe to the concept of the "sign of the beast" or to the idea that we must keep at the ready an environment that enables vigilante or revolutionary activities. People with those views will likely be against any ID system., while, ironically, driving a car with a license plate, showing an employee id to get into work, writing a check or using a credit card and collecting social security.

21. There is a certain downside that a UBID presents to the biometrics and security industries as presently constituted. Once a UBID goes into effect, it will make avoid a lot of existing and potential duplication. The same card is used for everything. Swipe it at work, and the equipment at work knows who you are and determines whether you have access rights. Swipe it at your home front door, and it lets you in. Go to the bank, board a plane, etc. The major biometric technologies will be the ones that are used for the universal system. There will be plenty of work available to create such a system and then to service it. Present duplicative efforts will simply have to be directed to other things.

22. Of course, the question arises, how are we to pay for all of this? As already indicated, any person visiting or residing in the Country would be entitled to enrolled and receive a card at no charge. There is presently an enormous amount of money expended by government and private enterprise on substantially less reliable formal and informal id efforts. Similarly, billions are lost as a result of identity theft (i.e., failure of present systems). The initial investment would be a government expense. Thereafter, when any inquiring entity checks the central system for verification, it would incur a small charge or perhaps it would pay a flat rate based upon the number of inquiries it is likely to use. That includes government functions - thus, the cost would, in part, be allocated to various budget lines.

23. As with any such proposal, such a system will take time to create and time to reach universal enrollment levels. That is true with any major project. If we don't start, we will never get there. Putting it off because we cannot implement it immediately, simply assures long term inadequacy.

24. In fact, a large number of people are or shortly will be enrolled in systems that can be shifted to the UBID. Similarly, for the middle range of security card a large number of military, state and federal employees and licensed individuals have officially recorded identity histories.

25. If such a system is treated as pork barrel as usual, it will cost a great deal and probably be grossly deficient. If it is treated as a high priority of national or international civil defense against terrorism and crime and in favor of individual personal security, then it can be done at below the current cost of id systems and identity theft losses.

26. One of the concerns about biometric ID systems is that someone will capture your biometric details and then masquerade as you. Of course, that is true with regard to any identity system, but less true of biometric systems since you actually have to be present to be compared to your stored biometric. You also have to present a card with your photo on it and your biometric within it. It seems to me that the usually depicted scenario of someone stealing your card or your losing it, does not present a material risk because of the nature of biometrics and because of the unique three point verification process - you, the card you present, and the central database check as to card authenticity.

27. It would be a mistake to assume that the UBID will provide absolutely secure proof of identity, particularly in its early stages - but even thereafter. The system should have a built in or optional insurance provision to safeguard against errors and fraud.

28. As much as technically possible, the system should be an open system. There should be no secrets about how it works. When secrets are needed, they are simply a way of temporarily hiding vulnerabilities that eventually will be known.

29. To the extent possible, other countries should be encouraged to adopt the same system so that there is a common identity platform, thereby facilitating the accuracy of identifying international travelers and bringing down the cost for everyone.

30. Efforts to defraud the system would incur criminal penalties and may also involve periods of suspension of the entitlement to have a UBID card. or have history of card fraud embedded in the fraudsters card.

31. Although participation would be nominally voluntary for adults, once the system starts, enrollment of all newborns would be a requirement. The UBID would take the place of the birth certificate.

32. A lost or stolen UBID card would not be a major problem. The individual brings fingers and face and irises to the local registration location and buys a new card. The registration location verifies the biometrics and other information with the central database..

33. As with any ":living" system, improvements in the security or utility of the UBID will be taken on with the passage of time. It would be foolish to assume that nothing will change.

34. There are a variety of ways that the UBID can be used for remote transactions such as purchases over the internet. That would unduly extend the length of this summary.

32. This does not describe every element, potential problem or benefit of a UBID system. It is not a spec. It merely is an effort to outline the concept with sufficient particularity to be meaningful. It was originally proposed, back on September 12, 2003 with the idea that it could be constructively discussed and appropriately improved. Hope springs eternal.

Best wishes,
Henry J. Boitel
New York
 

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Huffman, Joseph K
Sent: Thursday, January 08, 2004 10:01 AM
Subject: Re: An Outline of UBID


Henry wrote:
"...if there is a UBID, it will be almost impossible for an illegal or a fugitive to function without encountering a situation that requires presentation of UBID."

I'm at a loss to understand how this statement can be true unless we were allow the police to set up checkpoints and stop everyone walking down the sidewalk and every passenger in every vehicle that drives down the road and track the amount of food purchased by every family and compare it to the known number of people in that family. Otherwise one only needs one person with a valid ID to support several illegals/fugitives and the best result you can claim is that you made things inconvenient for them.

Henry also wrote:

"purchases, whether by cash or credit, of dangerous instrumentalities such as explosives, firearms, certain poisons and pathogens, would require presentation of a UBID, so that accountability can be tracked when appropriate. Other technologies permit embedding of what are essentially electronic serial numbers in such materials. Thus a good potential will exist for tracking misuse back to those who purchased the item."

This is a fantasy. And this is something I am somewhat of an expert on. I grew up on a farm and still own farm land. I have an ATFE license to manufacture high explosives and I manufacture many hundreds of pounds of explosives each year. Firearms, explosives, and poisons can be made with tools and materials found in almost every garage, hardware store, and grocery store. Restrictions on these things will be no more successful than the restrictions on recreational drugs which enter this country by the ton.

The firearms registry in Canada has been an expensive and dismal failure and would be an essential part of any attempt of tracking commercially produced firearms. Countries with complete bans on private ownership of firearms have thriving black markets in firearms.

Explosives can be made from kitchen matches, household supplies, and farm fertilizer purchased by the ton by even small farmers. A few hundred pounds would be easily diverted without suspicion and would be more than enough to cause tremendous damage. Here is a detonation of just FOUR pound of high explosives, made with common everyday materials, with four gallons of gasoline I detonated about 10 days ago:

http://www.joehuffman.org/FlashTek/JuliaFireball.wmv

I presume Henry is referring to taggants when he mentions "essentially electronic serial numbers" which are easily removed from things such as farm fertilizer. Not only that when studies were done regarding insertion of these taggants in commercially produced explosives and gunpowder adverse effects occurred (from
http://www.hodgdon.com/news/taggants.htm):

-----
The taggant was blended with HMX, an explosive material. The HMX began deteriorating in the morning after being mixed with the taggant material. All personnel were evacuated from the site by noon. The HMX detonated and destroyed the plant that afternoon. Goex sued Aerospace Corporation (prime contractor for the study), stating that the taggant was the only foreign material in the mix, thus was the direct cause of the explosion. Goex was not successful in the lawsuit, but was successful in getting out the message about the potential hazard of adding taggants into some high explosives.
-----

Even if fertilizer and explosives can be successfully "tagged" and then tracked down to the individual user then the taggants must be added at the time of sale. If that is the case then the terrorist has the entire supply chain available to find a weak spot to obtain their explosives (or components) without the taggants. If the taggants are added prior to the final sale then hundreds or even thousands of users will have the same "serial number" in their batch of fertilizer or explosives. In the case of farm fertilizer the applicators and trucks that carry this fertilizer are only very rarely stored under lock and key. They are most often in open fields or sheds 24 hours a day. Many farmers don't even have enough shed space to store all of their equipment.

Poisons -- these are so incredible easy to acquire and make by the hundreds of pounds I won't even both going into detail. Nearly every household already has the components to make poison gases and fluids and if "serial numbers" and the tracking were to be put in place life as we know it would come to a halt.

In short, attempting to successfully track "dangerous instrumentalities" will have a tremendous cost associated with changing the entire way of doing business and conducting our day-to-day life for hundreds of millions of people. And my contention is that even if you were to successfully implement such a system it would be as easily defeated by similar methods and perhaps even the same people that smuggle recreational drugs into this country.

So tell me again, what problem does a UBID solve that can't be solve some other way or is problem without a good solution?


Joe Huffman
Senior Research Scientist
Cyber Security Group
Pacific Northwest National Laboratory
Richland, WA

509-375-2201

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Henry J. Boitel
Sent: Thursday, January 08, 2004 10:58 AM
Subject: Re: An Outline of UBID


Responding to Joe Huffman

Joe,

I have numbered your points A, B , C and D within your reply, and my comments are:.

A. You say you are at a loss to understand why a UBID would interfere with the functioning of an illegal or a fugitive. If a biometric id is necessary for all credit card purchases, certain kinds of other purchases, air travel, building entry, etc., it will be almost impossible for you to function without encountering a situation that requires presentation of your biometrics. Can efforts be made to evade such encounters - of course. Will it make achieving your objective a lot more difficult and will it increase the chances of your being discovered? Absolutely.

B. Biometric ID necessary to purchase explosives and firearms. In the US today, some things that are particularly suited to be explosives or firearms can be easily acquired. My point is that whenever such materials or items are purchased, an unequivocal ID should be required and recorded. I accept your point that, even without "particularly suited" materials and items, someone with the necessary knowledge and skill can take some ordinary items and convert them into explosives or firearms. We cannot create a risk-free environment, we can only make reasonable efforts to reduce the risk or to preserve information that will help in tracking back to points of purchase. As regards the general subject of firearms registration, I accept that there are differing points of view that are not likely to be reconciled, just as there are on most regulatory matters.

C. Yes I am talking about electronic ID particles that are mixed with, molded into or adhered to objects. I am not familiar with the studies that you mention, but they all sound like the Kitty Hawk stage of substance tracking. The reference you site goes back to 1996, and appears to be the latest thing that gun powder dealer can cite. I do not have any expertise in this area, but from what I have read, it has progressed substantially since 1996.

D. You conclude: "So tell me again, what problem does a UBID solve that can't be solve some other way or is problem without a good solution?"

The word "solve" is an overstatement. I could just as easily ask you what problems handguns solve. Identity is the orientation point around which all security systems must position their processes and objectives. A UBID provides the closest thing we have to unequivocal identification of people. It is a tool used to assist in prevention or solution of crime. It is also a tool to assist in expediting the cessation of otherwise unwarranted intrusions upon the privacy and respect of people.

Henry J. Boitel
New York

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Huffman, Joseph K
Sent: Thursday, January 08, 2004 12:06 PM
Subject: Re: An Outline of UBID


Regarding our discussion points A, B, C, and D.

A: Credit cards are not necessary for functioning in our society. Cash and money orders, both of which can be completely anonymous, work for everything I can think of. Or are you going to outlaw those too?

UBID presentation at building entrances? All buildings? All public buildings? All commercial buildings? Malls and grocery stores? Will a parent taking their children to the store be required to present the UBID for their children as well? What is it you are talking about where you can significantly impede a fugitive from functioning yet not create a tremendous burden on the ordinary person? Then look at the bandwidth requirements for access to the central database when you have nearly 300 million people trying to access it multiple times on a daily basis. And what happens if the database or the communication link goes down? No more ingress to the building? If not, then the fugitive that MUST have access cuts the communication channel, the doors go open and they enter. If ingress is prohibited when the channel is cut then all valid users are denied entry by a terrorist severing the communication lines. You loose either way. A central database for clearing all the queries? THAT (and it's power and communication lines) will be the target of terrorist attack. If our entire country was built around everyone having to access that database multiple times on a daily basis can you imagine the havoc it would raise if that database were suddenly inaccessible? You are creating a single point failure system for the entire country.


B: Henry wrote:
----
We cannot create a risk-free environment, we can only make reasonable efforts to reduce the risk or to preserve information that will help in tracking back to points of purchase.
----
I'm reminded of the analogy used by computer security experts to explain cryptology efforts to the layman. Almost all of our encryption technology is very good. We use it as a gate in the fence around things we wish to protect. Some encryption represents a gate a half-mile high, others a mile high. The fence connected to the gate and around the things we wish to protect is only three feet high. And so it is with your proposal to require ID for purchase of "dangerous instrumentalities". Commercial firearms and explosives already require ID, but without a means of tracking them past the retail purchase level this is almost meaningless (or rather only a fence three feet high). At this point tracking is impossible and I suspect this is an unsolvable problem without a level of intrusion into ordinary life that is unacceptable to even the most tolerate of people (random or even systematic body cavity searches).

C: Taggants are not electronic ID particles. They are color coded (at the microscopic level) particles. Perhaps you are confusing them with RFID tags which are much more expensive. The article I quoted was merely the first one I found. A more recent one (September 2001) is from the Institute of Makers of Explosives:

http://www.ime.org/printtaginexp.htm

A recommendation is:

----
The addition of identification taggants to commercial explosives must be based on sound science and a cost-benefit analysis. Until new technologies can be embraced, it is not in the best interests of the public, the environment, law enforcement or industry to mandate identification taggants in commercial explosives.
----

I could find numerous others, including the ATF (now the ATFE) reports, that all conclude (in my words) "present technology doesn't work and there very difficult problems yet to be solved before this is a useful tool".

D: Henry wrote:
----
The word "solve" is an overstatement. I could just as easily ask you what problems handguns solve.
----
That is beyond the scope of this forum. But if they don't solve any problems then why do nearly all police carry them?

Henry also wrote:
----
Identity is the orientation point around which all security systems must position their processes and objectives. A UBID provides the closest thing we have to unequivocal identification of people. It is a tool used to assist in prevention or solution of crime. It is also a tool to assist in expediting the cessation of otherwise unwarranted intrusions upon the privacy and respect of people.
----

This is too vague for me to understand. Give me specifics -- and almost for certain I will be able to demonstrate the cost far, far exceeds the marginal benefits. You will only be able to catch the most stupid of the people trying to bypass the protections you have implemented. And in most cases you would not have needed the UBID to catch them anyway.

Don't get me wrong. I spent the last year successfully researching a new biometric method. I think there are legitimate applications for it and nearly all biometrics. But a UBID, as near as I can tell is, at best a waste of time, most likely an invitation to abuse, and in the worst case a necessary tool to implement genocide against some racial/religious/political/sexual-orientation group. Spend your (our) money on things that work rather than things that cannot succeed and are an invitation to severe abuse.


Joe Huffman
Senior Research Scientist
Cyber Security Group
Pacific Northwest National Laboratory
Richland, WA

509-375-2201


-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Henry J. Boitel
Sent: Thursday, January 08, 2004 3:57 PM
Subject: Re: An Outline of UBID


Joe,

The problems and my inadequacies are both sufficiently large without overstating either of them.

(A) The only time one needs to present a UBID is under those circumstances that identification is presently required. The only area in which I would expand present identification requirements is in the purchase of explosives, firearms and ammunition.

As to the single point failure issue - that would not be the case. Comparison of the individual is to the card. The cards validity (but not the biometric) are then confirmed to a central database. More bandwidth is used on the internet in the United States in one minute than would be required for the central data base confirmatiory processes in 24 hours. If the central data base and its backups or regional mirrors should all fail, there is at least the local verification to the card. It is difficult to believe that some bad guy or group is going to falsify a card and then present it with the hope that all central verification will fail. Of course, when there is a system failure, it will be a local judgment call as to whether to risk honoring cards presented by strangers.

(B) The fence analogy is not helpful. [Although it may cast doubt upon the claim that guns are good protection.:- :-) ]

(C) Lest we get off on a sidetrack, keep in mind that backtracking to explosives was only an option mentioned and is not an integral part of the the UBID concept. You are right. taggants are microscopic color coded or otherwise marked particles that are so mixed into another substance that they permit one batch to be distinguished from other batches, while at the same time not impairing the use of the substance they are tagging. A quick look at the internet sites makes clear that the gun lobby does not like taggants and the opposition appears to be at least, in part, ideological. Compare your references to:

1. "Tagging Explosives" by Karl S. Kruszelnicki (2003) http://www.abc.net.au/science/k2/moments/s42124.htm
and
2. Science and Technology for Army Homeland Security: Report 1 (2003) (Board on Army Science and Technology) ( http://www.nap.edu/openbook/0309087015/html/136-142.htm

(D) You have said you do not understand my point that identification of persons is the central point of reference for most security situations and that a universal ID system would cost a lot more than it is worth.

I bet you have a wallet full of ID cards, some others that you leave home in the rare situations that you may need them, and one you wear on your person. We live in an ID card world and almost all of our ID cards are insecure.. A UBID would simplify the ID environment, while enhancing ID security. There is not much more I can say on the subject.
---------
On a somewhat related subject, how would you feel about a requirement that an RFID must be permanently imbedded in all firearms so that when a firearm is in the area it gives off a distinctive signal that can be detected by an appropriate receiver and would also convey the weapon's make, model and serial number?

Best wishes,
Henry
Henry J. Boitel
New York
 

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Ian Williams
Sent: Thursday, January 08, 2004 5:11 PM
Subject: Re: An Outline of UBID


Henry,

If a UBID were truly feasible, why complicate the process with an ID card. If the UBID system operated on such a reliable comm infrastructure and were accurate & capable enough to measure the uniqueness of 1:300+M; and report an accurate response immediately, then it doesn't need a card for identification. It should be able to tell you who you are, not validate who you claim?

If you state to allow verification to the card should the central database be unavailable then I have to agree that there will remain the potential for exploitation, not even accounting for the issue of establishing the "Foundation Identity".
Ian S. Williams
Principal
Identity Systems Group Inc.

Phone: 416.702.3015
Fax: 416.352.5741

www.idsysgroup.com


-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Christopher Effgen
Sent: Thursday, January 08, 2004 5:46 PM
Subject: Re: An Outline of UBID


HB: (A) The only time one needs to present a UBID is under those circumstances that identification is presently required. The only area in which I would expand present identification requirements is in the purchase of explosives, firearms and ammunition.

CE:I would be interested in a list of those present circumstances so that we may begin a discussion wherein we can set out the scope of those circumstances in which the card would be used.

For example for employment?
To apply for employment would we have to produce our identity card?
When we clock in or out would be by means of the card?
Would our employer be able to require us to use the card to enter certain parts of the building?

What about law enforcement?
Would we have to produce the card when we were stopped or questioned by the police?
Would the police be able to associate investigative reports with the numerical identifier used with the card?
Would traffic or other minor citations of the law be associated with the card?
Would arrests or convictions be associated with the card?

What about our school records?
Would a child or his or her parents need to produce a card in order for the child to attend public school?
Would a parent or child need to produce a card in order to partake in a subsidized school lunch program?
Would a person need to produce a card in order to graduate from an educational institution?
Would the institution be require to associate the individual with the card in order for the person to qualify for a grant or loan of any type?

What about commerce?
Would one be able to apply for credit without a card?
Would the production of a card be required to join as member in "COSTCO" or a similar company organized for commercial purposes?
For security purposes could a group require the card to be produced in order to attend a concert, view a film, travel on a commercial vehicle?

What other information would be able to be associated with the card?

Or put it another way what restrictions will stop the misuse of the card?

What will happen when the government misuses card related information? Will it come forward and take responsibility of its wrongdoing?

On a somewhat related subject, how would you feel about a requirement that an RFID must be permanently imbedded in all firearms so that when a firearm is in the area it gives off a distinctive signal that can be detected by an appropriate receiver and would also convey the weapon's make, model and serial number?

The first thing a criminal and many citizens would do is destroy the RFID. I can see a thief selecting what house to rob based on the location of the RFID. I also see the police justifying the use of force in entry as a result of a similar process. The thief might or might not rob you. He may rob you for your gun, but the police will break down your door.

Christopher

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Henry J. Boitel
Sent: Thursday, January 08, 2004 7:41 PM
Subject: Re: An Outline of UBID


Ian,

1. The card does not complicate the process. It simplifies the process, makes it more securely under the control of the user, avoids total reliance upon a network connection, provides a physical layer of security that includes a photo, and provides a repository for non-ID information that the user may wish to have with him - such as optional medical info or keys to such info, persons to notify, electronic receipts captured in credit transactions, etc. The primary purpose of the network connection is to verify that that is a card that was actually issued and not a fabrication. Except under narrow circumstances, the network is not used to verify a biometric.

2. If for any reason the network connection goes down, the verification to card is still performed locally. The integrity of the card cannot be verified over the network, but the local checkpoint has the option of omitting that step.

3. Take each of the situations just described and compare the security they offer to the security presently available - i.e., no biometric ID.

If there are weaknesses in all of this, they are not going to be exposed by conclusory assertions. If person to card verification presents a material vulnerability, please describe what it is and whether there are any credible studies that establish that vulnerability. The same applies to network verification of card integrity ( A process very similar to the check that is made when you present your credit card locally and the network verifies it as a presently valid card with available credit, but with a somewhat more robust interaction between card and the central database.).

Henry J. Boitel
New York

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Henry J. Boitel
Sent: Thursday, January 08, 2004 7:52 PM
Subject: Re: An Outline of UBID


Christopher,

My responses are interlineated Most of your questions are really not UBID questions. Existing, and often long standing policies and practices involve the use of ID cards and ID procedures and accumulation of information relating to individuals. By and large, as will be illustrated by my responses, basic policy will be the same with a UBID as it otherwise would have been, unless governmental or private entities change their policies. The fact that it is a single card and system, will actually reduce cost, provide relatively uniform standards and avoid repeated unnecessary background checks.

Christopher Effgen wrote:

HB: (A) The only time one needs to present a UBID is under those circumstances that identification is presently required. The only area in which I would expand present identification requirements is in the purchase of explosives, firearms and ammunition.

CE:I would be interested in a list of those present circumstances so that we may begin a discussion wherein we can set out the scope of those circumstances in which the card would be used.
For example for employment?
To apply for employment would we have to produce our identity card?
When we clock in or out would be by means of the card?
Would our employer be able to require us to use the card to enter certain parts of the building?
HJB: In situations, such, as employment, where an employer currently has the right to issue an ID card, time clock, access pass, the card could and probably will be used for that purpose. In those situations, the card employer could - simply rely upon the card or require measurement against the biometric at each checkpoint, or also require reconfirmation of card integrity by the network.



What about law enforcement?
Would we have to produce the card when we were stopped or questioned by the police?
Would the police be able to associate investigative reports with the numerical identifier used with the card?
Would traffic or other minor citations of the law be associated with the card?
Would arrests or convictions be associated with the card?

HJB: Contrary to some impressions, police do not have a right to simply stop anyone and ask for identification. We do not and hopefully will never live in a police state. However, in those circumstances where the police have a right to ask you to identify yourself (which certainly would include when you are arrested), he would have a right to ask you to produce your UBID card. There is no obligation to carry a UBID card, but not having it with you will result in a more cumbersome ID process of the type presently experienced by arrested persons.

HJB: At present, when a person is arrested and fingerprinted, a rap sheet is initiated if he does not already have a criminal record. If the person is convicted once, then all subsequent arrests and dispositions become part of that rap sheet. If he is never convicted of any crime, then the arrest and charge history is (or should be) expunged. When a person with an existing rap sheet is arrested, that rap sheet becomes available to the arresting officers, the prosecutors and the court, so that they can use what it shows to make various discretionary decisions, such as whether to press the current charges, whether to offer a plea and what bail conditions to set.

HJB: I would anticipate that the situation would be the same when a UBID is initiated. The rap sheet would reference the persons name AND his UBID number. If the records are expunged then there ceases to be an connection to the UBID.

HJB: Those on the list who are familiar with the criminal justice process are aware that when a person is arrested, one of his biggest problems is waiting for his identity to be established. It has not been unknown for the process to be intentionally prolonged as a pressure tactic. The UBID will eliminate that wait. People who now sometimes languish in very difficult or horrid circumstances, sometimes for several days, will be able to be more expeditiously processed and brought before a magistrate.

HJB: Under present circumstances, governmental and private employers and others do background checks have a right to know if a person is a convicted felon. That fact is a matter of public record.

HJB: As noted in the UBID outline, there will be circumstances under which persons entitled to know such information will be advised that the presenting individual is a convicted felon. (My own inclination is that procedures for the sealing of such records ought be available after a certain period of good conduct. My inclination also is that disclosure of felony convictions via UBID should only be available to limited categories of inquirers. However, the present trend is toward greater harshness. )

HJB: You ask about whether certain things will be "associated with the card". Actually, nothing is associated with the card. In present circumstances just about everything you do with other people or entities is associated with your name and some other narrowing facts, such as date of birth, address, etc. In effect, they are the only way we have thus far been able to . . . well... . identify you. That is your identity. The card simply makes certain that you are who you say you are. The number on the card is the equivalent of the previously used identity factors, without automatically revealing as much information about you as those identity factors would reveal.

HJB: With the exception of felony convictions, fugitive warrants and high level watch lists and missing persons reports, nothing is carried by the central system about you. The system merely verifies your identity. Separate paths of information presently maintained by the criminal, traffic, school, employer, and other databases would continue to be maintained by them.

HJB: When you are charged with a minor offense, such as a speeding ticket, in most jurisdictions such a charge does not become part of a criminal rap sheet, but is likely part of a motor vehicle rap sheet. All such charges are presently keyed to your drivers license. In the future, your drivers license number and your public UBID number would likely be the same.


What about our school records?
Would a child or his or her parents need to produce a card in order for the child to attend public school?
Would a parent or child need to produce a card in order to partake in a subsidized school lunch program?
Would a person need to produce a card in order to graduate from an educational institution?
Would the institution be require to associate the individual with the card in order for the person to qualify for a grant or loan of any type?
HJB: If you have to prove who you are to be part of the foregoing programs then you have to produce your UBID for that purpose. It is the way you establish your identity. It does, in a more reliable way, what birth certificates, baptismal certificates, drivers licenses and school id's presently do.


What about commerce?
Would one be able to apply for credit without a card?
Would the production of a card be required to join as member in "COSTCO" or a similar company organized for commercial purposes?
For security purposes could a group require the card to be produced in order to attend a concert, view a film, travel on a commercial vehicle?
HJB: A private entity, such as a bank or credit card company or buying club or video rental club presently has the right to ask you to identify yourself as a condition of their dealing with you. At present you do so with whatever they require - most often a drivers license and one or more additional proofs. Whether or not they will switch to a UBID will be up to them. They can accept identity on your say so or ask for ten identity references. My guess is that they will go for the UBID. On the other hand, whenever anyone asks for your identity, you will have a right to proffer your UBID and demand that it be accepted as proof of your identity and that you not be required to disclose a lot of personal information and wait a month before your are accepted as being who you claim to be. An enormous amount of harassment and bureaucratic nonsense will be eliminated from the lives of a large portion of the population.

HJB: The last of the foregoing questions is not really a UBID question, but a social environment question. You ask: "For security purposes could a group require the card to be produced in order to attend a concert, view a film, travel on a commercial vehicle? " To a large extent, right now, when you enter upon private property, you may be asked to provide identification, even though you tender cash for entry or already have a ticket. 20 years ago, who would have imaged that there would come a time that we have to be searched to enter a public building or airport or to go to a political speech. We should want to see all that reduced rather than increased. There is nothing about the UBID plan that contemplates it being used to gain entry to places in which ID is not presently required.

HJB: Having just said that, this is an appropriate point to mention a concept not yet included in the UBID outline. In some entry situations, the issue is not whether you are who you say you are, but whether you fit into a certain class. Are you a man or a woman (entry to rest rooms)? Are you over 13 or over 17 or over 21 (entry to theaters and some other places in which age is a valid category)? Are you a member? In short your entry is not recordable to your identity, but is conditioned by your status. I call this verification of status rather than verification of identity. The detail of how that would work can be discussed at another time.


What other information would be able to be associated with the card?

HJB: I am not sure I understand the question. The UBID system collects nothing except felony convictions, fugitive warrants, missing person warrants and high level watch lists. It reveals only that you are or are not who you say you are and, under narrowly defined circumstances, one or more of the foregoing items (convictions, etc.)


Or put it another way what restrictions will stop the misuse of the card

What will happen when the government misuses card related information? Will it come forward and take responsibility of its wrongdoing?
HJB: The UBID outline makes clear that the penalties for misuse of the card by either the public or private sector would result in serious penalties. There is nothing about the UBID plan that would relax existing rules against personal data abuse, discrimination, etc. The entire field of personal data collection, and the exchange and sale of same has almost been totally unregulated. One of the obstacles to regulation are real and fictitious claims concerning the need to identify people. The order placed on things by a UBID system should make it easier for the federal and state governments to regulate personal data abuse. I personally believe there should be substantial protective regulation, but the UBID plan is neutral on what regulation there should be other than with regard to the integrity of the UBID system, itself.


On a somewhat related subject, how would you feel about a requirement that an RFID must be permanently imbedded in all firearms so that when a firearm is in the area it gives off a distinctive signal that can be detected by an appropriate receiver and would also convey the weapon's make, model and serial number?


The first thing a criminal and many citizens would do is destroy the RFID. I can see a thief selecting what house to rob based on the location of the RFID. I also see the police justifying the use of force in entry as a result of a similar process. The thief might or might not rob you. He may rob you for your gun, but the police will break down your door.
HJB: You have taken my question to Joe Huffman slightly out of context. In any event, I was positing an RFID that is imbedded in a way that would require destruction of the firearm in order to remove it. I do not understand the rest of your comment on this point.

Henry
Henry J. Boitel
New York

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Juddk712
Sent: Friday, January 09, 2004 6:03 AM
Subject: Re: An Outline of UBID


Central national database-regional database-state database-county database-city/town database.

Communications-land lines, cellphone back up, RF back up, SAT back up.

Power-Generator back up, UPS back up

NASA mentality-redundancy
 

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Huffman, Joseph K
Sent: Friday, January 09, 2004 11:58 AM
Subject: Re: An Outline of UBID


You are restricting your thinking to physical security and not including the entire system to include software security. And NASA's primary adversary is "mother nature", not an intelligent and perhaps well financed attacker. Single point failure systems where the consequences are the shutdown of the entire country should be dismissed out of hand with only a few seconds worth of thought.

Joe Huffman
Senior Research Scientist
Cyber Security Group
Pacific Northwest National Laboratory
Richland, WA

509-375-2201
 

-----Original Message-----
From: Huffman, Joseph K
Sent: Friday, January 09, 2004 11:49 AM
To: The Biometric Consortium's Discussion List
Subject: RE: An Outline of UBID


(A) Henry, earlier you stated:
...it will be almost impossible for you to function without encountering a situation that requires presentation of your biometrics.

Now you are saying the only time a UBID need be presented are the current situations where an ID are presented. Currently one can get alone just fine without having an ID card. One can obtain housing, food, use public transportation, and with a little bit of resourcefulness low paying work. I do not see the UBID hindering a determined adversary. To the extent you increase the dependence on a UBID for functioning in our society you increase our vulnerability to an attack on the system. To the extent you decrease our dependence on a UBID you decrease it's usefulness as a deterrent to hostile adversaries. We lose both ways. To the extent you make the UBID less dependent on the central database (the single point failure) the more vulnerable you are to a single issuer of the card being bribed or otherwise corrupted. To the extent you make the UBID more dependent on the central database the more vulnerable you are to the single point failure. Spend the money and effort on something else not guaranteed to fail.

Can you explain the advantage of expanding present identification requirements for explosives, firearms, and ammunition? Do you even know what the current requirements are? And just because you have raised the requirements at one spot (the gate) how does that improve the problem of losing track of them once they are purchased (the low fence)?

The bandwidth used by the entire internet is irrelevant -- the bandwidth to the central (or distributed) database IS relevant. That data has to go through a single (or few) "pipes", not distributed over millions of "pipes". When you do your calculations be sure to add in the updates to the database (people moving, dying, born, arrested, etc.) as well as the multiple queries for each person each day as they go about their lives.

The update situation brings up the issue of data integrity. A central database of this scale will require thousands of people to have access to modify the data. It will only take one bribe, extortion, whatever to corrupt the system.

(B) I realized I didn't explain the fence analogy as well as I should have. We (computer security people) put up gates (cryptography) and worry about how tall they are (the number of bits in the key or insisting on difficult to guess passwords for example) but ignore the much weaker points in the system (such as people putting their passwords on sticky pads on their computer monitors). Another analogy is "an iron door on a grass hut". And so it is with a UBID, we already have a form of ID that represents a gate many feet tall but the fence on either side of that gate is easy to step over.

You have completely lost me on your claim to doubt that guns are good protection. If you believe that is true I suggest you tell your local police that and request they stop carrying theirs.

(C) Reference 1. is a news article that is rather short on verifiable fact and appears to be an opinion piece as much as anything. The second reference you suggest is essentially nothing more than wishful thinking. I suggest you read following -- the ATF has no ideological alignment with "the gun lobby":

http://www.atf.gov/pub/treas_pub/taggant/98/main_report.htm
The statistics in Table S.1 and Figure S.1 show that careful consideration must be given to mandating the use of identification taggants in commercial high explosives and blasting agents in the U.S., since the great majority of criminal bombings are committed with other materials and in improvised devices. While the use of existing identification taggant technologies may be a factor in future strategies
.
.
.
[Discussing the situation in Switzerland] SRS officials stated that taggants play a role in building evidence, but never directly identify the perpetrator of a criminal act involving explosives.
.
.
.
The Swiss can always trace tagged explosives back to the manufacturer, but it is difficult to trace explosives to the last legal purchaser(s).
 

These last lines should get us out of the realm of a UBID. Until the taggant in the explosive is tied to a single (or a relatively few) individuals the benefit of a UBID is minimal at best. Continuing in the same ATF report:

Based on the information developed concerning the Swiss identification tagging program, the ESG believes that, while the program is reasonably effective in Switzerland, as it now exists, it could not be readily implemented in the U.S.
 

http://www.atf.gov/pub/treas_pub/taggant/98/exe_summ.htm

Homemade explosives can be manufactured from chemicals found in a wide range of products that are used everyday in the U.S. The easy availability of these potentially explosive chemicals is compounded by the fact that information on making bombs is readily available from a variety of sources, including thousands of sites on the Internet. Based on currently available information, rendering common chemicals inert would impact negatively on their legitimate uses, as is the case with AN fertilizer. Further, at this time, establishing regulations for the purchase of small quantities of precursor chemicals appears to be impractical, given their prevalence in the American home. The ESG believes that industry-based voluntary control and public awareness programs are the most reasonable, immediate means of addressing this problem.

(D) You are correct that I have a wallet full of cards that with a little stretch of the imagination can be called ID cards. But it's the fence and gate analogy again. The UBID only raises the gate while the fence(s) remain low.

And finally you ask:
On a somewhat related subject, how would you feel about a requirement that an RFID must be permanently imbedded in all firearms so that when a firearm is in the area it gives off a distinctive signal that can be detected by an appropriate receiver and would also convey the weapon's make, model and serial number?

How I feel in regards to this proposal is irrelevant. My feelings are for recreational use. But perhaps your wording is a clue to explain your fascination with a UBID -- more on that later. Having a RFID permanently embedded in a firearm is not technically possible. In order for the RFID to function it must not be encased in metal -- a Faraday shield which does not allow electromagnetic radiation to pass through it. The RFID would have to be either on the surface of a metal part or embedded in some electrical non-conductor. The plastic or wood grips come to mind or the polymer frame of many modern handguns. In which case it is easily removed with a Dremel tool without destroying the gun. Regardless, the RFID can be defeated by wrapping the entire firearm in aluminum foil -- a Faraday shield. Beyond that the scanners would be quite useful for not only legal uses (by the police and security guards) but for illegal purposes (detecting undercover police officers or selecting unarmed private citizens as victims). As it is a mugger runs the chance his victim selection process (except in political jurisdictions that have an active victim disarmament program, such as NYC and all of MA) will suffer a catastrophic failure resulting in his permanent injury or death if he cannot determine apriori the absence of a firearm on his victims. Giving them a tool to improve their victim selection process would be unwise.

I'm beginning to wonder about you Henry. Feeling is irrelevant to the truth and rational decision making. It turns out that about half of the population base their decisions on rational thought and about half base them on emotions. No, it's not all the women are emotional based and all the men are rational. Its about 60/40 men and 40/60 women that are rational/emotional. One of the responses to stress and feeling out of control of a situation is to control SOMETHING -- even if it is useless or even counter productive to the current situation. Our response to airplane security is one of those cases. All the audits and tests (some of them illegal) of airport security that I am aware of show that it is still trivial to get knives and forbidden objects (including loaded firearms) onboard airplanes. And this is without any special technological assistance (upon request by a government agency I recently wrote a proposal for a method to make it nearly certain to take any reasonably sized object onboard an airplane without detection -- with the cooperation of someone who has access to an x-ray machine for testing I believe I could perfect such a method in my garage in a few weeks with a few hundred dollars worth of materials and tools). Our investment in millions and millions of dollars in trying to prevent such items getting on the plane was almost totally worthless. That money would have been much better spent training and putting armed marshals on board some significant portion of the planes (putting explosive sniffers at the gates is probably a good idea, but explosives detection needs a lot more work before it is fool-proof, have I told you about my personal tests of explosives detectors at airports? 100% failure on their part to detect my deliberate contamination of my brief case with explosive components -- even when I gave them small objects to test that had been "salted"). But it made people feel better to make the security guards federal employees. In that sense, making people feel better, it was a success. And so it is with a UBID, as near as I can tell it would make people feel better but accomplish nothing useful.

Another issue that is perhaps more closely related that might appear at first glance is that many people "want to believe" and they evaluate something on the best possible outcome. What also needs to be done is to evaluate something on what the worst possible outcome is and can we accept that mode of failure? I do this rather instinctively and dismiss many lines of thought very early on. And so it is with UBID, which I suspect has earned me a reputation as a nut/extremist/whatever. I completely and totally dismiss the UBID and present as proof it's potential for abuse -- as in a tool for genocide. End of story, no more discussion needed. In this posting and the ones to follow I will endeavor to demonstrate in all the detail necessary that this system cannot provide the benefits people wish it to deliver -- no matter how much you "want to believe". Other security experts, such as Bruce Schneier who I quoted a few days ago and whose expertise you dismissed, do similar things. They explore one or two paths, discover it leads to an unsolvable fatal flaw and dismiss the entire idea. People that "want to believe" dwell on the benefits and dismiss the fatal flaws. When I used to work at Microsoft we would describe that type of thinking as "then angels flew of his ass and made everything work". You have to believe in magic, magic that has never before been demonstrated to work and has repeatedly been demonstrated to fail, to believe that a central database of this size can be made to work as securely and reliably as you "want to believe" it to work when faced with determined and perhaps well financed adversaries.

Your "wanting to believe" shows up again in your proposal of the RFID in all firearms. You appear to think only of the benefits and not the fatal flaws that can be exploited.

From a different email you sent:

HJB: Contrary to some impressions, police do not have a right to simply stop anyone and ask for identification. We do not and hopefully will never live in a police state. However, in those circumstances where the police have a right to ask you to identify yourself (which certainly would include when you are arrested), he would have a right to ask you to produce your UBID card. There is no obligation to carry a UBID card, but not having it with you will result in a more cumbersome ID process of the type presently experienced by arrested persons.

I presume you refer to police power and authority, not rights. Police to the best of my knowledge do have any rights above and beyond the average private citizen. But beyond that -- are you saying that if you don't have your UBID your fingerprints will be forcibly taken? And until the check on your fingerprints comes up "clean" you will remain in custody? An what if you don't have fingerprints? I have a friend with psoriasis on his fingers -- no fingerprints. Or what if they soaked their fingers in bleach the night before? Do they have to remain in custody until their fingerprints grow back? Please explain how this works and you still claim having a UBID is "voluntary".



Joe Huffman
Senior Research Scientist
Cyber Security Group
Pacific Northwest National Laboratory
Richland, WA
509-375-2201

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Daniel E Munyan
Sent: Friday, January 09, 2004 12:23 PM
Subject: Re: An Outline of UBID


Colleagues;

I believe that what Henry is proposing with the UBID is not a panacea by any means. It is rather an initiative that will make it easier for law abiding citizens to function in an identification and credential laden society with less of a chance of identity theft or mistaken identity and all of the bad things that can flow out of it. Integrated multinational schemes of identification and integration will speed commerce, lower anxiety over the presence of foreign visitors (them here or us there), and generally allow human beings to finally become part of the electronic globalization in which most of their possessions and their "stuff" resides.

Despite protestations to the contrary, Identity smartcards are working to speed identification versus paper sources, and are being rolled out all over the world. The Hong Kong Identity card is a very good example. I have seen the design for their "US Visit" program, and it is quick, efficient, and respectful of its users. It works well because everyone in HK will already have a UBID when the immigration control is finished. It remarkably quickens flow through immigration points in detailed demonstrations. Smartcards have been in use in different forms for years and though nothing is perfect, they have worked well to increase security of financial transactions. Biometrically enabled smartcards are just one more addition to an existing proven technology.

As Bill from the DOT pointed out, and as NYC proved over a decade, very bad people don't just break one law, they break many laws. You are more likely to catch a wanted felon drinking alcohol from an open container in public or running a stop sign than robbing a bank. The main terrorists wanted in the 9-11 bombings had overstayed their VISA's. They could have easily been stopped at the airport if coordinated systems were in place to look for them. When Joe says he can easily thwart security countermeasures, he is saying that from the standpoint of a law abiding citizen. Because he would never cross that line (we all hope after seeing the explosion video), we can be relatively sure that he will do little to attract attention elsewhere that might lead to criminal or terrorist plans being thwarted by indirect means, as they often are.

Sincerely,

Daniel Munyan, CISSP, CISM/CISA
 

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Henry J. Boitel
Sent: Friday, January 09, 2004 1:28 PM
Subject: Re: An Outline of UBID


Joe,

I hope you are not going to send me a bill for diagnosis and therapy :-P

See Dan Munyan's thoughtful comments. He pretty much covers it.

As far as explosives and firearms and tags and RFID are concerned, they are somewhat off the central point and even further beyond my expertise then most of the rest of this stuff. Suffice it to say that I have a strong sense from what I have read, but not recently researched, tagging of explosives and electronic tagging of firearms is or quickly will be possible. If that is not so, it is one less thing you will have to worry about, although you may still need your UBID to acquire same.

In terms of the card vs central database issue, I do not really follow your argument. However, you might want to take a look at a short article in the Daily Record (Glasgow) - Jan 9, 2004 - "HOW THE BIOMETRIC CARD WILL WORK" http://www.dailyrecord.co.uk/news/content_objectid=13797004_method=full_siteid=89488_headline=-HOW-THE-BIOMETRIC-CARD-WILL-WORK-name_page.html

If you can put aside your fundamental disagreement with the concept of the UBID, is there anything within your cyber-security realm that you feel might be a worthwhile addition to the UBID concept so as to make it a least a bit less useless or a bit more secure?

Best wishes,
Henry J. Boitel
New York

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Huffman, Joseph K
Sent: Friday, January 09, 2004 2:08 PM
Subject: Re: An Outline of UBID
 

-----Original Message-----
From: Daniel E Munyan
Sent: Friday, January 09, 2004 12:23 PM
Subject: Re: An Outline of UBID

[snip]
Despite protestations to the contrary, Identity smartcards are working to speed identification versus paper sources, and are being rolled out all over the world. The Hong Kong Identity card is a very good example. I have seen the design for their "US Visit" program, and it is quick, efficient, and respectful of its users. It works well because everyone in HK will already have a UBID when the immigration control is finished. It remarkably quickens flow through immigration points in detailed demonstrations. Smartcards have been in use in different forms for years and though nothing is perfect, they have worked well to increase security of financial transactions. Biometrically enabled smartcards are just one more addition to an existing proven technology. [snip]

The main terrorists wanted in the 9-11 bombings had overstayed their VISA's. They could have easily been stopped at the airport if coordinated systems were in place to look for them. When Joe says he can easily thwart security countermeasures, he is saying that from the standpoint of a law abiding citizen. Because he would never cross that line (we all hope after seeing the explosion video), we can be relatively sure that he will do little to attract attention elsewhere that might lead to criminal or terrorist plans being thwarted by indirect means, as they often are. [snip]

---End Original Message----

I don't have a problem with small scale use of biometrics or ID cards -- particularly when used by private business. Only when they become mandatory for the general public and/or the (accidental or forced) failure of the system means disaster for nearly everyone.

The overstayed VISA's were apparently not a point of concern to the 9-11 hijackers because they were not enforced. Had they been enforced they most likely would have not overstayed them -- a minor inconvenience to them. This is not to say the VISA's shouldn't be enforced. Just that enforcing them by no means represents a significant obstacle to the determined adversary. I think it would be careless to assume the adversaries of our security are lazy, stupid, or a combination of both such that they were likely to get caught running a red light or some such minor offense. For the everyday, garden variety, low I.Q. criminal, sure, you will catch a lot of those -- but at what cost in the worst case?

How many of you have viewed some of the training tapes we captured in the Afghan caves?  I have. The techniques taught are not "state of the art", but they aren't anything to sneeze at either. Our criminals in prison also go through training in being criminals (I have also seen clandestine videos of some of their practice sessions). Our overseas adversaries are far more sophisticated, train in well coordinated teams, do extensive preliminary ground work and planning, make long term plans and operations, and have motives and drives different and far stronger than our everyday criminals. The methods we use to success against our criminals cannot be counted on to defeat those who regard our entire culture as evil and something to be destroyed even if it means their individual death.

As for ME "crossing the line" with my hobbies of firearms and explosives you should be fairly comfortable that I won't do something immoral and/or illegal. The Federal Government has seen fit to not only issue me a license to manufacture explosives (which I didn't really need to acquire for the things I wanted to do) but to grant me a security clearance with access (on a need to know basis) of this country's national security secrets. It is my job to find (and sometimes, if possible, to fix) holes in security systems. The exercising of my skills to criticize the UBID proposal should not be interpreted (as you correctly inferred) that I would actually exploit any weaknesses exposed in such a system to the detriment of our national security or personal gain. My motivation for this criticism is because I believe any resources spent in the direction of a UBID are much better spent in other areas -- the details of those other areas are not really appropriate topics for this forum.

And, I probably should add, all the opinions expressed in this forum are mine and do not necessarily reflect the policies or opinions of PNNL or PNNL management.


Joe Huffman
Senior Research Scientist
Cyber Security Group
Pacific Northwest National Laboratory
Richland, WA

509-375-2201
 

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Huffman, Joseph K
Sent: Friday, January 09, 2004 3:02 PM
Subject: Re: An Outline of UBID


No charge Henry. Although my pysch 101 professor thought I should pursue the subject my degrees are in electrical engineering. It would be inappropriate to charge for professional services in an area in which I am not a professional. :-)

I will read the reference you supplied and get back to you with my comments, if any. Thank you.

Their are two fundamental problem with tagging explosives:
Explosives are easy to make from common everyday materials -- I believe, but haven't tested this, that I could walk into your office completely naked with my hands empty, walk out an hour later, and have the office blow up a few seconds after I closed the door behind me as I was leaving using only materials and tools I found in your office. Fully clothed and with relatively small amounts of money and time one can bring down a Federal Building from the exterior using improvised explosives.
The taggant materials added to commercial explosives "point" to the manufacture not the purchaser or whoever he distributes them to. The tags need to be added at the last possible link in the security chain to "point" to the end user. This leaves the entire supply chain vulnerable to diversion of untagged material. Adding additional tags at each step (or even at the end point) in the supply chain is impractical to the best of my knowledge. If there exists a way to add them at each point along the distribution path I may be persuaded this is a worthwhile endeavor.
In regards to the security of a UBID: As I understand it, it is already an iron door on a grass hut. Making the door two inches thick instead of one inch thick is pointless. That is, the effort to improve it's security and usefulness must reside outside the UBID itself, the total system needs to be changed to make a material difference. To the best of my knowledge, short of something rather revolutionary, I believe this means another step or two closer to a police state. As much as people want to believe there exists some magic to make them safe the reality may be that freedom isn't free and complete or even good security cannot be obtained. It may be that if we trade some of our freedom for temporary security we will end up with neither (apologies to Ben Franklin for mangling his quote). If that is the case then the correct solution involves minimizing the damage done by those who plot to harm us, good intelligence to discover their plans before they strike, and the cultivation of the skills and tools necessary to act on that intelligence in a productive manner. But probably the most difficult job will be educating the public that although the occasional losses we suffer in a state of freedom may be dreadful, the magnitude of our loss of freedom in a futile attempt to obtain security would be even greater and buy us little.


Joe Huffman
Senior Research Scientist
Cyber Security Group
Pacific Northwest National Laboratory
Richland, WA
509-375-2201

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Henry J. Boitel
Sent: Friday, January 09, 2004 4:14 PM
Subject: Re: An Outline of UBID


Joe,

While I disagree with you on the utility and ramifications of a UBID, I fully agree with your last sentence: " But probably the most difficult job will be educating the public that although the occasional losses we suffer in a state of freedom may be dreadful, the magnitude of our loss of freedom in a futile attempt to obtain security would be even greater and buy us little.".

I propose a UBID in good part because it substantially narrows identity issues that are presently the predicate for treating everyone like a suspect and that have rapidly constricted the environment of freedom under which many of us were privileged to have lived. We are in vital need of a path back to what used to be normalcy.

As far apart as we may be on some perceptions, it is good to know that our ultimate objective is pretty much the same.

Have a good weekend and keep your powder dry,

Best wishes,
Henry J. Boitel
New York


-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of Huffman, Joseph K
Sent: Sunday, January 11, 2004 11:28 PM
Subject: Re: An Outline of UBID


I've been an activist for civil rights for many years and I learned a long time ago that although it's easy to ascribe evil intent to your adversaries in most cases that is simply not the case. In most situations that I have been on opposite sides of a passionate debate with someone we both wanted the same end goal -- a better life for everyone. The worlds we envisioned that would bring us to that better life may have been incompatible and irreconcilable but the knowledge that they did not have evil intent made it possible to debate the issue in a civil manner. And so it has been with you. I have known for sometime that although I regarded your ideas as a threat to all of humanity (only a slight exaggeration) they did not come from an evil heart.

My weekend went well -- time was spent with friends and family. And certainly my "powder" will be kept dry. Last weekend I finished my new explosives magazine:

http://www.boomershoot.org/TajMahal/Magazine.htm

The ATFE inspector is to show up sometime in March to okay it and I plan to have about 2000 pounds of high explosives in it by the first weekend of May. Come on out and join us for some fun when we detonate it (in increments of 1, 2, and 4 pounds). A hundred or more other people are coming from as far away as Texas, Arizona, and New Jersey. You would be most welcome to attend as well. :-)

Joe Huffman
Senior Research Scientist
Cyber Security Group
Pacific Northwest National Laboratory
Richland, WA

509-375-2201
 

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of optisec
Sent: Saturday, January 10, 2004 12:06 AM
Subject: Is there life after the UBID


The discussions on whether the UBID will prove to be a fail-safe tool against terrorism, identity fraud, weapons and explosives falling into the hands of evil doers, illegal residency, and knowing who everybody is at any time anywhere, is a misconception of biometrics, the ID card, and reality.

Today, in the US, every person who drives a motor vehicle is required to have a 'legal' driver's license. Every vehicle on the road is required to be tested once every year to meet minimum safety standards: good tires, brakes, suspension, lights, etc. Automobile manufacturers are required to meet minimum safety standards and tests for proving that they meet such minimum standards.

As a result of all these standards and regulations, have motor vehicle deaths been reduced to zero? The answer is NO. Would we then prefer to eliminate all these regulations and allow anyone who wishes to drive on the road in vehicles with bad brakes, tires, and missing or non-functioning lights, as well as automobiles without airbags, safety belts, ABS, etc? One would have to be irrational to say YES, even though all of the above still do not totally eliminated deaths on the road. What all of the above measures have done, is reduce the number of injuries and deaths as a result of human and mechanical failure.

Yes, there are persons driving illegally as well as legally who are causing traffic accidents and deaths. However, by having the above regulations in place, we have been able to reduce fatalities and make the average citizen's life far safer and more secure.

I am not an authority on US Constitutional law, but I image one could argue that the requirement for one to have a drivers license is an infringement on his Constitutional rights. One could argue (TIC), that if the founders of the Constitution wrote that every citizen had the right to bear arms, and these same founders traveled by horse when carrying such arms or when they traveled to sign the Constitution, then the government does not have the right to control who rides on horses or drives vehicles. The law in the West was one shot 'horse thieves', so why are automobile thieves not being shot today?

Tradition is a fine thing, but times have changed, and the requirements of modern society are a bit different then when the West was founded and the Constitution was written.

An ID card or UBID, whatever you wish to call it, will, on the one hand, infringe on one's right to absolute privacy, and on the other hand, make ones life far safer and easier. Just as in the case of having to pass a driving test and meet certain standards in order to obtain a driver's license, so to there are certain standards that must be met in order to obtain an ID card.

Should an ID card be mandatory? Is the need for obtaining a driver's license a voluntary choice? If you want to drive on public property, you are required to own a legal driver's license. The same should hold true with an ID card. If you wish to remain on your property for the rest of your stay on earth, so be it. But if you wish to leave your place of birth, conduct transactions with other members of society, receive government benefits, and travel, then you should be required to identify yourself.

No one has argued that a driver's license infringes on one's rights. In obtaining a driver's license one provides proof of identification, residency, and other relevant information depending on State laws. To my knowledge, nobody has ever gone to the Supreme Court to argue against a driver's license being an infringement on one's Constitutional Rights. Has there been any movement in the US protesting how the information on one's driver's license is being protected? Has there been a movement to return all the credit cards that US citizens hold, because the credit card companies, which are providing financial services that make financial transactions easier and faster, are not providing 100% protection against fraud nor proven that all the information is totally secure? Credit card carriers know that the system has some failures and dangers involved, but the benefits far outweigh the disadvantages: ROI. Credit card holders, while owning and using their credit cards every day, are putting pressure on the credit card industry to improve security standards to protect against identity fraud. The credit card industry itself is now in the process of introducing new technology to protect against fraud and better secure the information it holds. However, without first having introduced the credit card with then know security measures, we would be facing long lines in banks to withdraw cash, traveling with travelers checks, and filling our pockets with loose change.

People are afraid of change. This was true when the automobile began replacing horses, when automation replaced the assembly line, and when plastic replaced checks and cash.

An ID card or UBID will not be perfect. In the beginning it will be faced with what may appear to be endless problems, but you need to begin somewhere. The present state of identity fraud has reached a level that requires logical solution and sound thinking.

If the United States where to look at how other democratic and free societies are introducing and using ID cards every day by its citizens for hundreds of millions of safe transactions, it would become apparent that Big Brother is not their to spy on you, but rather to protect you against the evils and "Bad Guys" that did not exist when the US Constitution was written.

Yona Flink
OptiSec Ltd. Israel
Mobile: +972 5 430 8727

-----Original Message-----
From: The Biometric Consortium's Discussion List On Behalf Of James Childers
Sent: Saturday, January 10, 2004 9:43 AM
Subject: Re: Is there life after the UBID


Yona,

Your comments are well thought out however they are based upon a principle misconception about the United States constitution and law.

First - the United States is not a "Democracy" in the truest sense of the word. We are a Democratic Representative Constitutional Republic. Individuals within the States elect their representatives to govern them at the local and state level. Each state within this republic has representation in our national assembly - both in the upper house (Senate) and lower house (House of Representatives). Up until the XVII Amendment to the constitution in 1912 Senators were appointed by the states to their seats. The XVII Amendment allows for state-wide election of senators.

The United States is a tight confederation of independent "states"...Thus the "United" States. One is not a resident of "The United States", but a resident in which state they reside and since the states are unified under a common national constitution, thus a resident or citizen of the "United" States.

Second -The central authority of the national constitution was purposefully limited to few centralized powers in the Federal Government with all other powers being relegated to "the states and the people respectively" (X Amendment). Even the power of the FEDERAL GOVERNMENT is split into three distinctive and separate entities - The Legislative Branch (Congress) - The Executive Branch (The Presidency and day-to-day working branch of the government) and the oversight of the Judicial Branch (Courts). Congress makes the laws - The Executive Branch enforces these laws and the Judicial branch determines if these laws are just and in line with the original intent of the founding principles of the constitution.

These centralized powers are designed to be limited to guaranteeing ALL citizens of the several states certain rights, freedoms and responsibilities and to have a central federal government oversee the interaction of the states particularly in regard to "interstate commerce", national defense and international treaties that would be binding upon the several states. Each of the laws passed by our national assembly(ies) both state and federal must pass these constitutional tests. I personally believe that the Patriot Act will not pass constitutional muster and thus will be invalidated eventually by the Supreme Court.

Thus the power of the local governments to regulate the use of a motor vehicle and to issue Drivers Licenses is not a power that was prohibited under the national constitution nor was driving a motor vehicle a right enumerated in the Constitution. Freedom of movement and travel is guaranteed by the US Constitution although driving is not an enumerated right and thus can be considered a privilege and thus subject to licensing and other restrictions by the local state authorities.

Since the operation of a motor vehicle involves skill, training and a working knowledge of the rules of the road, local states began "licensing" individuals the right to operate a motor vehicle during the early part of the last century. Eventually they added a photograph and personal information to better identify "authorized" individuals. Since then the "license" or identification has been used for many additional programs not originally intended.

Third - The Drivers License has become our de facto national standard ID because it is a common standard among the states (i.e. something that every state issues). We could have used hunting or fishing licenses or any other form of statement of individual identity. The Drivers License just happened to be convenient and something that most people possess. There are many people in the US that do not have a drivers license or a local government ID card.

Additionally it must be noted that you are NOT REQUIRED to produce identification or a license if an officer stops you on the street UNLESS you are operating a motor vehicle. The right to "privacy" is not specifically mentioned in the constitution although it is inferred by the IV, V and IX Amendments - The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

The crux of the argument involving airline passenger identification in the US is the question of the guaranteed right to freedom of movement and travel vs. the "privilege" of traveling on a private aircraft and the ability of the airline to grant or deny this privilege based upon a verifiable statement of identity against a known list of "denied persons". There is no requirement for ID for traveling on a Bus or Train. So why an airplane ( I ask this rhetorically of course )?

We in the US are coming to grips with some very tough issues. Nationally there is a consensus that we need a single form of verifiable ID. The real question is how will our government(s) both local and national use this information and how will it infringe upon our rights and freedoms guaranteed through the bloodshed of our forefathers and enumerated in our national constitution?

We KNOW that we need to positively identify threats to our republic, but how do we do this within the framework of our existing constitutional limitations? Maybe (and I say this with great trepidation) it will involve another constitutional convention. These laws, limitations, rights, freedoms and responsibilities have kept our republic strong throughout the last 200+ years and they are not lightly discarded nor trampled upon.

Sorry for the civics lesson, but I hope this helps.

James Childers
CEO
Artemis Solutions Group LLC
Biometrics Direct TM
Secure Biometric Authentication for Home and Office TM
Smart Card Supply -
PVC, Smart Cards, Printers and Accessories