[clue-talk] national ID card

[erik at ezolan.com]

I'm taking quotes out of several emails and using a junky webmail client,
so I don't have them attributed to their original authors.

> Errors will always creep into databases.  How hard is it to correct
> those errors?  How much more impact will an error have if it affects a
> lot more of your data and life?  How long will it take to fix it?

Depends on if it's a unified database or separate databases in different
formats run by separate organizations.

> Not only were the databases supposed to be kept separate, in some cases
> federal agencies were not allowed to share them.  People worried about
> the possibility of a Gestapo or KGB.  And they had the example of
> Hoover's secret files on politicians and others when he ran the FBI, so
> they had reason to be wary.

And because they're seperate, we'll never know if they're actually keeping
them seperate. Because that would require full access to all of them. Does
anyone have that kind of access at all? A unified database would eliminate
this issue.

> The FBI now has a database of over 500,000 people who could possibly be
> terrorists.  Really?  Maybe the thinking is like that of some AA people:
> Everyone is a terrorist.  You just haven't been caught yet.  Probably
> once someone enters that database, they never get removed, no matter
> what.

Until enough people have this problem and then it gets solved. Solving a
problem with "The one database" is actually possible.  Doing such a thing
with multiple databases in different organizations is closer to
impossible. (Actually, didn't several agencies already get merged into the
Homeland Security?)

> We already have a problem with the govt's no-fly list.  Ted Kennedy was
> on that list because of someone else called T. Kennedy.  It took two
> weeks to get a senator removed from that list!  What chance do we stand?
> And a number of other people suddenly couldn't fly because of that list,
> altho they are not risks.

Make no mistake, in the beginning, lives will be ruined. Then everyone
will look at the issues and *fix* them. This how the system works. This is
how it's always worked, put out the laws and then fix up the problem areas
afterwards. Example: Constitutional Amendments.

> Before I wind up recapitulating everything Sean said, I'll just toss out a
> quote from LBJ: "You do not examine legislation in the light of the
> benefits it will convey if properly administered, but in the light of the
> wrongs it would do and the harms it would cause if improperly
> administered."

So, following this philosophy, you would be against private gun ownership?
Because if you're only looking at the harm it does, instead of the
benefits it conveys, a lot of people are getting killed every year.

> Not the same thing. Security by obscurity is dealing more in the realm of
> secret algorithms, which can sometimes be broken by reverse engineering,
> for example, or by de-compiling. Or by brute-force attacks, perhaps. Not a
> complete example, I realize. There are other cases, such as putting your
> ssh daemon on a different port, which, while not completely effective, can
> still yield positive results.

"...security through obscurity is a controversial principle in security
engineering, which attempts to use secrecy to provide security"

Seems like the same thing to me. Black box. You don't know how it works
and you can't find out. How *do* the multiple government databases work?
How easy is it to find out? Is there a list somewhere where we can find
out how many of these things are? No? Looks like obscurity to me.

A unified database would be very visible and under high scrutiny by everyone.

> Sure, private industry can be as bad, but
> speaking as someone who has been on the inside, doing contract for a
> variety of government projects, few things are more scary than trusting
> the feddies to properly manage ALL my private data.

And you don't think things would change if there was just one database to
work from? You don't think quality or the process would improve if there
was no other way?

Again, there will be problems. But when there's no way to pass the buck,
you either fix it or have an angry mob outside.

Do you guys really think that in a thousand years, we won't have a system
like this? Where no one has an easily searchable life record and a unique
personal number?

Also an interesting note, Albertsons has stopped using the membership card.