[clue-talk] national ID card

[Dennis J Perkins]

On Sun, 2007-07-01 at 12:14 -0500, erik at ezolan.com wrote:
> I'm taking quotes out of several emails and using a junky webmail client,
> so I don't have them attributed to their original authors.
> 
> > Errors will always creep into databases.  How hard is it to correct
> > those errors?  How much more impact will an error have if it affects a
> > lot more of your data and life?  How long will it take to fix it?
> 
> Depends on if it's a unified database or separate databases in different
> formats run by separate organizations.

Or if the parties in charge of the databases are interested in fixing
them or are overwhelmed by their work.

> 
> > Not only were the databases supposed to be kept separate, in some cases
> > federal agencies were not allowed to share them.  People worried about
> > the possibility of a Gestapo or KGB.  And they had the example of
> > Hoover's secret files on politicians and others when he ran the FBI, so
> > they had reason to be wary.
> 
> And because they're seperate, we'll never know if they're actually keeping
> them seperate. Because that would require full access to all of them. Does
> anyone have that kind of access at all? A unified database would eliminate
> this issue.

Then you could also argue that since we will never know if they are only
collecting information sanctioned by law, that they can collect
anything.

You need oversight.  And yes, I know, who watches the watchers?

> > The FBI now has a database of over 500,000 people who could possibly be
> > terrorists.  Really?  Maybe the thinking is like that of some AA people:
> > Everyone is a terrorist.  You just haven't been caught yet.  Probably
> > once someone enters that database, they never get removed, no matter
> > what.
> 
> Until enough people have this problem and then it gets solved. Solving a
> problem with "The one database" is actually possible.  Doing such a thing
> with multiple databases in different organizations is closer to
> impossible. (Actually, didn't several agencies already get merged into the
> Homeland Security?)

Some did, but some are still independent.  The FBI and IRS, for
instance.

> > We already have a problem with the govt's no-fly list.  Ted Kennedy was
> > on that list because of someone else called T. Kennedy.  It took two
> > weeks to get a senator removed from that list!  What chance do we stand?
> > And a number of other people suddenly couldn't fly because of that list,
> > altho they are not risks.
> 
> Make no mistake, in the beginning, lives will be ruined. Then everyone
> will look at the issues and *fix* them. This how the system works. This is
> how it's always worked, put out the laws and then fix up the problem areas
> afterwards. Example: Constitutional Amendments.

It's the word "ruined" that bothers me.  This is why in theory, it
should be proved "beyond a doubt" that someone is guilty before finding
them guilty.

Laws are often band-aids.  But legislators should try to consider these
things before passing laws.

And how long before "everyone looks at the issues and fixes them?  It
took a civil war to fix slavery.  (Not technically true but that was the
result.)  Issues don't get fixed immediately.  It might take years
before someone feels bothered enough to fix problems.  

> > Before I wind up recapitulating everything Sean said, I'll just toss out a
> > quote from LBJ: "You do not examine legislation in the light of the
> > benefits it will convey if properly administered, but in the light of the
> > wrongs it would do and the harms it would cause if improperly
> > administered."
> 
> So, following this philosophy, you would be against private gun ownership?
> Because if you're only looking at the harm it does, instead of the
> benefits it conveys, a lot of people are getting killed every year.
> 
> > Not the same thing. Security by obscurity is dealing more in the realm of
> > secret algorithms, which can sometimes be broken by reverse engineering,
> > for example, or by de-compiling. Or by brute-force attacks, perhaps. Not a
> > complete example, I realize. There are other cases, such as putting your
> > ssh daemon on a different port, which, while not completely effective, can
> > still yield positive results.
> 
> "...security through obscurity is a controversial principle in security
> engineering, which attempts to use secrecy to provide security"
> 
> Seems like the same thing to me. Black box. You don't know how it works
> and you can't find out. How *do* the multiple government databases work?
> How easy is it to find out? Is there a list somewhere where we can find
> out how many of these things are? No? Looks like obscurity to me.
> 
> A unified database would be very visible and under high scrutiny by everyone.

By everyone?  Under this administration?

> > Sure, private industry can be as bad, but
> > speaking as someone who has been on the inside, doing contract for a
> > variety of government projects, few things are more scary than trusting
> > the feddies to properly manage ALL my private data.
> 
> And you don't think things would change if there was just one database to
> work from? You don't think quality or the process would improve if there
> was no other way?

Having worked with such a database at my last employer, I would not
count on it.  They had invested too much time and money, plus the
reputations of a few high-level execs, on this unified database to even
consider fixing the system.

> Again, there will be problems. But when there's no way to pass the buck,
> you either fix it or have an angry mob outside.

Or you ignore the problem.

> Do you guys really think that in a thousand years, we won't have a system
> like this? Where no one has an easily searchable life record and a unique
> personal number?

I hope not.

Have you considered why Western Europe has strong privacy laws?  What
happened when the Nazis conquered a country?  They used the records to
arrest Jews and possible opponents.