December 14, 2009

Biometric ID and Immigration Reform

Flashback: No Real Debate for Real ID

Originally Published on May 10, 2005

Wired - Hundreds of civil liberties groups, immigrant support groups and government associations oppose the Real ID Act, a piece of legislation that critics say would produce a defacto national ID card, cost states millions of dollars, and punish undocumented immigrants.

Yet despite widespread opposition to the bill, it passed through the House last week and is expected to easily pass through the Senate on Tuesday.

The legislation is raising questions not only about privacy and costs but about the ways in which critical legislation gets passed in Congress.

That's because lawmakers slipped the bill into a larger piece of legislation -- an $82 billion spending bill -- that authorizes funds for the Iraq war and tsunami relief, among other things, and is considered a must-pass piece of legislation.

It's not the first time Congress has slipped contentious bills into larger legislation that is almost guaranteed to pass. In 2003, Congress augmented Patriot Act surveillance powers with wording slipped into the Intelligence Authorization Act, a bill that authorized funding for intelligence agencies.

Critics, such as the American Civil Liberties Union, say lawmakers slipped the Real ID Act into the relatively uncontroversial spending bill in order to avoid a congressional debate over the ID measure.
"The legislation was created in the backrooms of Congress without hearings and without any real understanding or thought about what was being created," said Barry Steinhardt, director of the ACLU's technology and liberty program...
Among other things, the legislation would force states to produce standardized, tamper-resistant driver's licenses that would include machine-readable, encoded data. States theoretically could choose not to comply with the standards, but residents of those states would not be able to use their license as identification to obtain federal benefits -- such as veteran's benefits or Social Security -- or to travel on airplanes.

The legislation doesn't specify what data states must encode in the driver's license. The secretary of transportation and Department of Homeland Security secretary have authority to designate the data.

The National Governors Association, the Council of State Governments, and the American Association of Motor Vehicle Administrators are among those who say the law creates unnecessary bureaucracy for drivers and imposes hardship and undue cost on state offices.

The legislation would require all drivers, including current license holders, to provide multiple documents to verify their identity before they could obtain a license or renew one. Drivers would have to provide four types of documentation, such as a photo ID, a birth certificate, proof that their Social Security number is legitimate, and something that verifies the applicant's full home address, such as a utility bill. The law would then compel Department of Motor Vehicle employees to verify the documents against federal databases and store the documents and a digital photo of the card holder in a database...

Civil liberties groups are concerned about the privacy implications of the bill. Although the bill states that licenses must be machine-readable, it does not state the kind of technology to be used.

Steinhardt said that officials would likely require states to embed a contactless RFID chip in licenses at some point, even if they didn't require this in the initial rollout of licenses. RFID chips can hold more data than magnetic stripes, but they can also allow someone with an RFID reader to collect information stored on a license from a distance without the license holder's knowledge.

The machine-readable part of the license will contain most of the information printed on the license front -- such as the holder's name, birth date, gender and digital photograph. But the Department of Homeland Security could add more data, such as digital fingerprints.

Proponents of the bill such as the nonprofit group NumbersUSA, could not be reached for comment. But the group's members have said in the past that the bill successfully balances security and privacy interests.

Among other things, the group argues that the bill does not create a national ID card because it allows individual states to issue the documents and does not force states to comply unless they want the documents to be accepted by federal agencies as proof of identity. In fact, they argue that the Real ID bill will make it unnecessary for the federal government to issue a national ID card.

Steinhardt disagrees.

"This is a national ID, there's no question about that," Steinhardt said. "It may be issued by the 50 states, but it's going to be the same documents, which will be backed up by a huge database."
Steinhardt says a standardized license would allow the government and businesses to track people and would essentially create a single national database, since states would be required to open their driver's license databases to other states. He expressed concern that businesses would also want to read and collect the data on driver's licenses.
"Everyone from 7-Eleven to the owner of your apartment building to a retailer and a bank are going to demand to see this document," Steinhardt said. "And they're going to be able to read all of the private data off of the machine-readable strip."
Currently, some business such as bars and restaurants scan the magnetic strip on driver's licenses to collect data on patrons for marketing purposes. But the practice is not widespread.

Steinhardt said that making the content and format of the data uniform would encourage retailers and others to harvest the information and create their own parallel database and sell the information to data brokers like ChoicePoint.

Talk about a standardized driver's license arose last year after the 9/11 Commission Report revealed the ease with which the World Trade Center terrorists obtained legitimate driver's licenses and moved around the country unthwarted.

This year Sensenbrenner introduced the legislation as a stand-alone bill, which passed in the House in February. In March lawmakers, anticipating trouble passing it through the Senate, slipped the act into the larger, must-pass spending bill. It's this bill that the Senate is expected to pass on Tuesday.
"The deal's been cut," Steinhardt said. "I would be stunned beyond belief if it didn't pass at this point."

Move to National ID Cards Delayed

December 14, 2009

Wired - The United States’ quest for a national identification database associated with driver’s licenses won’t be finished by year’s end.

The deadline was Dec. 31 for the states to create what would be the largest identification database of its kind under the auspices of the Real ID program. The law also mandates uniform anti-counterfeiting standards for state driver’s licenses.

picture-9

Map: ACLU

None of the states are in full compliance with the law, first adopted in 2005, requiring state motor vehicle bureaus to obtain and internally scan and store personal information like Social Security cards and birth certificates for a national database, according to the American Civil Liberties Union. About half the states oppose the mandate, or have said they would never comply.

Beginning Jan.1, the law was supposed to have blocked anybody from boarding a plane using their driver’s license as ID if their resident state did not comport with the Real ID program. But the Department of Homeland Security is set to extend, for at least a year, the deadline of the Real ID program that has raised the ire of privacy advocates.

Homeland Security officials point to the 9/11 hijackers’ ability to get driver’s licenses in Virginia using false information as justification for the proposed $24 billion program.

The American Civil Liberties Union and the Electronic Frontier Foundation suggest the plan is misguided, and might pave the way for requiring such IDs to vote or purchase prescription drugs.

“Our biggest concern is that it is a national ID card. It changes the relationship between the citizen and the state,” Chris Calabrese, the ACLU’s legislative counsel, said in a telephone interview. “We see it as a potential mission creep, and an individual’s rights can be curtailed because of this.”
Richard Esguerra, the EFF’s residence activist, said in a telephone interview Monday and in a recent blog post that the giant database, if it ever comes to fruition, “threatens citizens’ personal privacy without actually justifying its impact or improving security.”

VeriChip’s Merger with Credit Monitoring Firm Worries Privacy Activists

December 9, 2009

Wired - Remember VeriChip, the Florida company that once dreamed of injecting its human-implantable RFID microchips in everyone from immigrant guest workers to prison inmates?

We haven’t heard much from the company since a dipping stock price nearly got it delisted from the NASDAQ in March. But it’s still alive, and in November it pulled off a seemingly incongruous acquisition. Now called PositiveID, the new company is a merger between VeriChip and Steel Vault, the people behind NationalCreditReport.com.

With a human-implantable microchip maker now running a credit-scoring and identity-theft-protection website, privacy activists are worried again.
“The attraction to investors is the potential for synergies,” says Mark Rotenberg, executive director of the Electronic Privacy Information Center in Washington. “You have to anticipate over time there will be an attempt to integrate the services.”

“Sci-fi wise, you could have a chip read by a scanner that determines your credit-worthiness,” says Evan Hendricks, editor of Privacy Times. “Or you could have a credit card implant.”
VeriChip and its former owner Applied Digital have been drawing fire since 2004, when the FDA approved the rice-sized injectable RFID for human use. While the company primarily pushed the chip as part of a system to index medical records — a kind of subcutaneous MedAlert bracelet — Richard Sullivan, then-CEO of Applied Digital, had a penchant for wantonly confirming every nightmare of cybernetic social control.

After 9/11, it was Sullivan who announced the VeriChip would be perfect as a universal ID to distinguish safe people from the dangerous ones. He dreamed of GPS-equipped chips being injected into foreigners entering the United States, prisoners, children, the elderly. He thought the VeriChip would be used as a built-in credit or ATM card.

Indeed, in 2004, one of VeriChip’s earliest deployments was at a Barcelona nightclub, where VIP patrons could pay 125 euro to get the chip installed in their arms as a debit card for drinks.

But today, Sullivan’s replacement says the company has no plans to market the VeriChip as a path to instant credit, despite the recent acquisition.

With his white-buttondown shirt open at the chest, PositiveID CEO Scott Silverman spoke about the merger in an interview at the company’s office suite in Delray Beach, Florida.
“Using the chip to relate to the credit-reporting services of NationalCreditReport.com, or even using it for financial transactions … has not been a part of our business model for five years or more, since Sullivan’s been gone, and is not part of our business model moving forward,” he says.
Silverman also backed away from some of the Orwellian ideas floated by his cyberpunk predecessor.
“I can tell you that … putting [the chips] into children and immigrants for identification purposes, or putting them into people, especially unwillingly, for financial transactions, has [not] been and never will be the intent of this company as long I’m the chairman and CEO,” he says.
Yet in 2004, Silverman told the Broward-Palm Beach New Times that the VeriChip could be used as a credit card in coming years. And in 2006, he went on Fox & Friends to promote the chipping of immigrant guest workers to track them and monitor their tax records.

And ahead of the recent merger, VeriChip gave a presentation to investors hinting there would be some cross-pollination between the two sides of the business. It plans to “cross-sell its NationalCreditReport.com customer base” (.pdf) the Health Link service and vice-versa. So, Americans with implanted VeriChips will be encouraged to divulge their finances to PositiveID, while credit-monitoring customers will be marketed the health-record microchip.

Critics of chipping are moved by a variety of concerns, ranging from the pragmatic to the religious — anti-RFID crusader Katherine Albrecht believes the technology is the Mark of the Beast predicted in the Book of Revelation, but also doubts its efficacy as a medical tag: VeriChip’s instruction manual warns that the chip may not function in ambulances and areas where there are MRI and X-ray scanners.

Security is another issue. RFIDs can generally be scanned from distances much greater than the official specs suggest. Nicole Ozer at the ACLU of Northern California notes that after Wired magazine writer Annalee Newitz experimentally cloned her VeriChip in 2006, the company continued calling it secure.

But human chipping has high-profile fans as well, including former Secretary of Health and Human Services Tommy Thompson, who left his job as overseer of the FDA in 2005 — a year after VeriChip’s approval — to join the company’s board of directors. Thompson announced he would personally join the 700 to 900 Americans who have the chip installed in their bodies. (He later reportedly reneged.)

Whatever its plans for the future, PositiveID is focused on its original mission for now: implants tied to medical records. On December 1, the new company announced it’s collaborating with Avocare, a Florida health care business, in the hopes of bringing its “health care identification products” to 1 million patients.

No comments:

Post a Comment