Saturday, August 8, 2009
- Real ID Repeat?
- Schumer's support critical
- A question of how
His newly proposed biometric identification program could be huge, potentially encompassing the entire U.S. workforce of 140 million employees. Naturally the biometrics industry is paying attention. Contractors are excited, but they also are tamping down their expectations while trying to sort through the political and social implications of the potential multibillion-dollar identity plan.
“Obviously, it will be a big boost for the industry,” said David Coleman, senior consultant at International Biometric Group consulting firm.
“This is clearly a big opportunity — one of the biggest in the United States,” said Neville Pattinson, vice president of government affairs and business development at Gemalto North America. ::: 4 Pg Article HERE:::
On the same day that Secretary Napolitano highlighted the Department’s efforts to combat terrorism and keep our country safe during a speech in New York City,This part is true: Secretary Napolitano was in New York speaking about terrorism.
Congress took a major step forward on the PASS ID secure identification legislation.There was a markup of PASS ID in the Homeland Security and Governmental Affairs Committee. It’s a step — not sure how major.
PASS ID is critical national security legislationPeople who have studied identity-based security know that knowing people’s identities doesn’t secure against serious threats, so this is exaggeration.
that will break a long-standing stalemate with state governmentsThirteen states have barred themselves by law from implementing REAL ID, the national ID law. DHS hopes that changing the name and offering them money will change their minds.
that has prevented the implementation of a critical 9/11 recommendation to establish national standards for driver’s licenses.The 9/11 Commission devoted three-quarters of a page to identity security — out of 400+ substantive pages. That’s more of a throwaway recommendation or afterthought. False identification wasn’t a modus operandi in the 9/11 attacks, and the 9/11 Commission didn’t explain how identity would defeat future attacks. (Also, using “critical” twice in the same sentence is a stylistic no-no.)
As the 9/11 Commission report noted, fraudulent identification documents are dangerous weapons for terrorists,No, it said “travel documents are as important as weapons.” It was talking about passports and visas, not drivers’ licenses. Oh — and it was exaggerating.
but progress has stalled towards securing identification documents under the top-down, proscriptive approach of the REAL ID ActTrue, rather than following top-down prescription, states have set their own policies to increase driver’s license security. It’s not necessarily needed, but if they want to they can, and they don’t need federal conscription of their DMVs to do it.
– an approach that has led thirteen states to enact legislation prohibiting compliance with the Act.“. . . which is why we’re trying to get it passed again with a different name!”
Rather than a continuing stalemate with the states,Non-compliant states stared Secretary Chertoff down when he threatened to disrupt their residents’ air travel, and they can do the same to Secretary Napolitano.
PASS ID provides crucial security gains now by establishing common security standards for driver’s licensesWeak security gains, possibly in five years. In computer science — to which identification and credentialing is akin — monoculture is regarded as a source of vulnerability.
and a path forward for ensuring that states can electronically verify source documents, including birth certificates.We’re on the way to that cradle-to-grave biometric tracking system that will give government so much power over every single citizen and resident.
See? That was fun!
FourthAge writes"Federal agents at the Defcon 17 conference were shocked to discover that they had been caught in the sights of an RFID reader connected to a web camera. The reader sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks. The 'security enhancing' RFID chips are now found in passports, official documents and ID cards. 'For $30 to $50, the common, average person can put [a portable RFID-reading kit] together,' said security expert Brian Marcus, one of the people behind the RFID webcam project. 'This is why we're so adamant about making people aware this is very dangerous.'"
Thursday, August 6, 2009
- Feds Say ‘Dragnet’ Surveillance Lawsuit Threatens Security …
- Report: U.S. Surveillance Society Running Rampant
- Top Internet Threats: Censorship to Warrantless Surveillance …
- DoJ Faulted for Failing to Follow Surveillance Reporting …
- City Wants Surveillance Cameras to Record Every License Plate …
- Deep-Packet Inspection in U.S. Scrutinized Following Iran …
- FBI ‘Going Dark’ with New Advanced Surveillance Program
- Obama Administration Supports Telco Spy Immunity
The EFF writes that threats to “locational privacy” include:
* Monthly transit swipe-cards.
* Electronic tolling devices (FastTrak, EZpass, congestion pricing)
* Services telling you when your friends are nearby.
* Searches on your PDA for services and businesses near your current location.
* Free Wi-Fi with ads for businesses near the network access point you’re using
* Electronic swipe cards for doors.
* Parking meters you can call to add money to, and which send you a text message when your time is running out.
“In the world of today and tomorrow, this information is quietly collected by ubiquitous devices and applications, and available for analysis to many parties who can query, buy or subpoena it or pay a hacker to steal a copy of everyone’s location history,” the report said. “It is this transformation to a regime in which information about your location is collected pervasively, silently, and cheaply that we’re worried about.”
c/o Charlie Sorrel for WIRED - GADGET LAB
As an ex-Brit, I’m well aware of the authorities’ love of surveillance and snooping, but even I, a pessimistic cynic, am amazed by the governments latest plan: to install Orwell’s telescreens in 20,000 homes.
£400 million ($668 million) will be spent on installing and monitoring CCTV cameras in the homes of private citizens. Why? To make sure the kids are doing their homework, going to bed early and eating their vegetables. The scheme has, astonishingly, already been running in 2,000 family homes. The government’s “children’s secretary” Ed Balls is behind the plan, which is aimed at problem, antisocial families. The idea is that, if a child has a more stable home life, he or she will be less likely to stray into crime and drugs.
It gets worse. The government is also maintaining a private army, incredibly not called “Thought Police”, which will “be sent round to carry out home checks,” according to the Sunday Express. And in a scheme which firmly cements the nation’s reputation as a “nanny state”, the kids and their families will be forced to sign “behavior contracts” which will “set out parents’ duties to ensure children behave and do their homework.”
And remember, this is the left-wing government. The Shadow Home Secretary Chris Grayling, batting for the conservatives, thinks these plans are “too little, and too late,” implying that even more obtrusive work needs to be done. Rumors that a new detention center, named Room 101, is being constructed inside the Ministry of Love are unconfirmed.
UPDATE: Further research shows that the Express didn’t quite have all its facts straight. This scheme is active, and the numbers are fairly accurate (if estimated), but the mentions of actual cameras in people’s homes are exaggerated. The truth is that the scheme can take the most troublesome families out of their homes and move them, temporarily, to a neutral, government-run compound. Here they will be under 24-hour supervision. CCTV cameras are not specifically mentioned, not are they denied, but 24-hour “supervision” certainly doesn’t rule this out from the camera-loving Brits.
It remains, though, that this is still excessively intrusive into the private lives of citizens, cameras or not. I have added links to the source and also more reliable reports.
Thanks to everyone who wrote in.
Wednesday, August 5, 2009
The Public Council for the Protection of Privacy today asked Prime Minister Benjamin Netanyahu not to set up a biometric database, because of the risk of information leaks and concern that it will be the death knell for citizens' privacy.
The council was set up to advise the minister of justice, and comprises legal and technology experts. The council expresses opinions on aspects of privacy and information security of bills and government measures and advises the registrar of databases.
In the letter to Netanyahu, the council said that the establishment of a biometric database, its maintenance and security, would likely carry a heavy financial burden. Countries that have considered setting up such databases estimate their cost in the billions of dollars, and the estimates are constantly rising.
The council argues that, because of these costs, the US government recently cancelled its Real ID program. The British government does not mandate citizens to carry biometric ID cards and will probably cancel the entire project because of its huge cost and broad public opposition.
The council adds that it supports the issuing of smart ID cards and travel documents, and does not oppose documents with biometric features. However, it does not believe there is a need for a central biometric database for these purposes, because there are simpler and better alternatives for fraud prevention during the issuing process. For example, Germany issues biometric passports and ID cards without a central database because of concerns about the over-concentration of power that would harm individual rights.
Published by Globes [online], Israel business news - www.globes-online.com - on August 5, 2009
LAS VEGAS — It’s one of the most hostile hacker environments in the country –- the DefCon hacker conference held every summer in Las Vegas.
But despite the fact that attendees know they should take precautions to protect their data, federal agents at the conference got a scare on Friday when they were told they might have been caught in the sights of an RFID reader.
The reader, connected to a web camera, sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks as they passed a table where the equipment was stationed in full view.
It was part of a security-awareness project set up by a group of security researchers and consultants to highlight privacy issues around RFID. When the reader caught an RFID chip in its sights — embedded in a company or government agency access card, for example — it grabbed data from the card, and the camera snapped the card holder’s picture.
But the device, which had a read range of 2 to 3 feet, caught only five people carrying RFID cards before Feds attending the conference got wind of the project and were concerned they might have been scanned.::MORE HERE:::
- In the other chamber of Congress, the PASS ID Act (S. 1261) introduced in the Senate on June 15th contains a provision in Section 242 (a) (1) (B) that “no person shall be denied boarding a commercial aircraft solely on the basis of failure to present a driver’s license or identification card issued pursuant to this subtitle.” This is part of a terrible bill, which we strongly oppose. We agree completely with Jim Harper’s take that this is merely a “lite” version of a national ID law, and that there is no good reason to “replace” the REAL ID Act rather than simply repeal it. The PASS ID Act would still leave loopholes for the TSA to deny “permisison” to travel on other grounds, such as failure to “cooperate with screening”. But we welcome the initiative — again, the first such in the Senate since the creation of the TSA — to anticipate and preclude a TSA assertion of new authority. (The PASS ID Act would also make it a “unlawful for any person, knowingly and without lawful authority– (1) to scan the information contained in the machine readable component of a driver’s license or identification card; or (2)(A) to resell, share or trade that information with any other third parties; (B) track the use of a driver’s license or identification card; or (C) store the information collected.” This provision is apparently intended to include a prohibition on reading of the data on RFID chips in Enhanced Drivers Licenses.)
We’re please to report that this is finally beginning to change, in small ways but on numerous fronts. ::: MORE HERE:::
EFF today released an Interim Report on the Automated Targeting System (ATS) through which the Department of Homeland Security monitors and assigns risk assessment scores to Americans and others who cross into or out of the United States. The data reviewed under the ATS system includes seven large government databases, plus the Passenger Name Record data from the airlines (which includes data like whether you've ordered a Muslim or Hindu or Jewish special meal). Effectively, if you travel internationally, ATS creates an instant, personal and detailed dossier on you that CBP officers use to decide whether you get to enter the country, or will be subject to an enhanced (and potentially invasive) search. EFF's report details what we've learned about the ATS program from the over 2,000 pages released by the government so far. We note that because of government's very heavy redacting and refusal to release key information Americans remain in dark about how this powerful system is used on travelers. EFF's Interim report was written by Shana Dines.
DHS has continued to release documents to EFF so we'll update the report as additional useful information comes out.
- Think TSA should only screen people wearing keffiyas and burkas? Or maybe they should be strip-searching everyone?
- Or maybe you think hardening the cockpit doors was sufficient and we can forget about all that other so-called security stuff as "Security theater."
- Believe we should open the gates wide and let in anyone who wants to come?
- Or maybe you think ICE should shoot all illegal aliens on sight?
- Should Alcohol, Tobacco, and Firearms be the name of a convenience store, or the government agency that is going to save us all from The Evil Guns?
- FEMA: Federal disaster response/relief coordinating agency, or manager of secret concentration camps?
- REAL ID: Reasonable effort at standardization, or Mark of Cain?
- Veterans: Heroic patriots, or right-wing extremist wing nuts?
For example, Kentucky’s Lexington Police Department contracted Blackwater Security International to provide what’s described as homeland security training. Meanwhile that city’s Mayor Jim Newberry and its chief of police Anthony Beatty refused free training provided by the US Immigration and Customs Enforcement federal program that prepares police officers to enforce immigration and border security as part of their duties.
Lexington is on the nation’s list of so-called Sanctuary Cities in which police officers are prohibited from working with ICE or Border Patrol agents in the United States. Critics are angry over the use of local tax dollars to hire Blackwater personnel to train the police.
But Lexington isn’t the only city using hired guns to help local police officers. In New Orleans, heavily armed operatives from the Blackwater private security firm, infamous for their work in Iraq, are openly patrolling the streets of that beleaguered city.
Some of the mercenaries were reportedly “deputized” by the Louisiana governor and were issued gold Louisiana State law enforcement badges to wear on their chests and Blackwater photo identification cards to be worn on their arms.
While they are working in Louisiana, Blackwater officials say they are on contract with the Department of Homeland Security and have been given the authority to use lethal force if necessary. Some of the mercenaries assigned to patrol the streets of New Orleans recently returned from Iraq, where they provided personal security details for the former head of the US occupation, L. Paul Bremer, and the former US ambassador to Iraq, John Negroponte.
Blackwater, which is based in North Carolina, is one of the leading private security companies providing security personnel in Iraq and Afghanistan. Along with other companies such as Wackenhut Security, Inc., it has several lucrative US government contracts and provides security services — including bodyguard work — for many senior US diplomats, foreign dignitaries and corporations.
The company received international exposure when several of its security officers were captured, tortured and killed in Fallujah; two of their charred bodies were hung from a bridge in March 2004.
Although many politicos are saying Blackwater is not performing police functions, their own statement seems to imply that they will provide whatever services a government — federal, state and local — desires.
“Man-made and natural disasters require an immediate robust response. Blackwater Worldwide’s extensive training facility and staff of former military and law enforcement professionals can provide the needed training and operational expertise to prepare security teams to effectively support state and federal emergency response units,” according to Blackwater’s mission statement.
“I’m troubled by the use of military personnel — whether they be US soldiers or private mercenaries — performing a police or law enforcement function. While they may be experts in fighting wars, they are not constrained by the US Constitution as to how they operate as cops,” said former NYPD detective and owner of FLT Security Services, Sid Frances.
“Soldiers are soldiers and cops are cops. What’s next? Using smart bombs to crash into drug dens?” he asked.
Since its inception in 2003, the US Department of Homeland Security has faced significant challenges related to recruiting, retaining, and managing its workforce of over 170,000 employees.
Recently, the US Congress requested the Government Accountability Office to analyze DHS’s attrition, efforts to recruit and retain staff, use of external employees such as officers from private companies, and compliance with certain provisions of the Vacancies Reform Act, which requires agencies to report to Congress and the Comptroller General vacancies in certain presidentially-appointed positions requiring Senate confirmation.
While DHS’s overall attrition rate for permanent employees (excluding those in the Senior Executive Service and presidential appointments) declined from 8.4 percent in 2005 to 7.1 percent in 2006.
These rates, which were still above the roughly 4 percent average rate for all cabinet-level agencies, were affected by high levels of attrition (about 14-17 percent) among transportation security officers at DHS’s Transportation Security Administration. With the security officers excluded, DHS’s attrition rate was 3.3 percent.
DHS implemented agreements under the Intergovernmental Personnel Act, allowing nonfederal employees — private contractors — to be temporarily assigned to a federal agency to meet mission needs.
Tuesday, August 4, 2009
The run on global identity continues"The Western Hemisphere Travel Initiative was just about proving you were a citizen, not that you had to do it by any specific kind of technology. We are close to the point now that if you don't want RFID in any of your documents that you can't leave the country or get back into it." -Michigan State Representative Paul Opsommer
Enhanced driver's licenses have built-in radio chips providing an identifying number or information that can be accessed by a remote reading unit while the license is inside a wallet or purse. The technology already had been implemented in Washington State, where it is promoted as an alternative to a passport for traveling to Canada . So far, the program is optional. But there are other agreements already approved with Michigan, Vermont, New York and Arizona, and plans are under way in other states, including Texas [who passed state transportation code for both RFID & biometrics in 2007].
Many countries besides the Security and Prosperity Partnership [United States, Mexico, Canada] members have jumped on the RFID bandwagon, which has become a multibillion dollar global enterprise.
[On June 1st, 2009, the first day of the Western Hemisphere Travel Initiative (WHTI) full implementation, Border Trade Alliance (BTA), is asking U.S. and Canadian citizens to use Twitter to post their cross-border travel experiences with WHTI to collect feedback on the program at land ports throughout North America.]
On July 15, 2009, the Indian government announced that India is going to issue biometric ID cards to its 1.2 billion citizens. The Government in Delhi recently created the Unique Identification Authority, a new state department charged with the task of assigning every living Indian an exclusive number. It will also be responsible for gathering and electronically storing their personal details, at a predicted cost of at least £3 billion.
On July 28, 2009, President Felipe Calderon proclaimed that Mexico will start issuing nationwide identity cards for its citizens starting this year and by 2012 everyone will have one.
Compulsory national identity cards are used in about 100 countries including Germany, France, Belgium, Greece, Luxembourg, Portugal and Spain.
German police can detain people who are not carrying their ID card for up to 24 hours.
South Korean, Brazilian, Italian and Malaysian ID cards contain fingerprints. Cards in some countries contain information on any distinguishing marks of the holder. In the European Union some cards can be used instead of a passport for European travel. ID cards are not used yet in the US , Canada , New Zealand , Australia , the Irish Republic , and the Nordic countries. :::MORE HERE:::
President Felipe Calderon says Mexico will start issuing nationwide identity cards for its citizens starting this year, and by 2012 everyone will have one.
The cards will carry the bearer's photograph. It will also include information on fingerprints and biometric data, including facial and iris scans, on a magnetic strip.
Most Mexicans currently use their voter ID cards for identification. They contain a photo, signature and one fingerprint. They will continue to be issued.
Interior Secretary Fernando Gomez Mont said Tuesday the new cards will help in the fight against organized crime, and ensure transparency in government aid programs.
Drug traffickers frequently use false identification documents to evade law enforcement.
Let’s take a look at some of the changes:
• Exceptions to the anti-skimming provision:
A key privacy protection we support in PASS ID restricts the collection and use of information scanned from the machine-readable zone on your driver’s license or ID card. However, in response to the concerns of retailers and other third party users of driver’s license information, the committee introduced an amendment that directs the Federal Trade Commission (FTC) to issue regulations establishing exceptions to this anti-skimming provision.
While CDT recognizes that there are legitimate uses for data scanned from licenses, we are concerned by how broadly some of the proposed exceptions are described. The FTC can and should protect the privacy and security of cardholders even under these acceptable uses; otherwise, we risk gutting the anti-skimming provision entirely. As a general matter, the privacy protections the FTC could build in to protect this information will only be more effective if Congress provides specific statutory guidance now for addressing the types of secondary uses of specific information we are most concerned about.
In particular, allowing third parties to store information to “prevent consumer fraud” without building in limits on how long information can be stored and how it could be further shared, aggregated, and used would create a massive loophole in this otherwise much needed protection. We have seen how bars and sellers of tobacco products have collected information from licenses and ID cards ostensibly to verify age, but then go on to use and share that information for marketing and other purposes—often with no notice to the cardholder.
Just as worrisome is the very real possibility that states will begin to store much more information in the machine-readable portion of driver’s licenses than what is already visible on the face of the card, including data elements like race or ethnicity. Given the potential for abuse and misuse of such sensitive information if stored and aggregated, CDT strongly urges further limiting any exemptions to only information that is also visible on the face of the card.
• Boarding a plane without a PASS ID-compliant driver’s license or ID card:
The committee struck language from the bill that would have prevented individuals from being turned away at the airport solely on the basis of failure to present a PASS ID-compliant driver’s license or ID card. While the stated justification behind this change is to preserve the status quo—that is, maintaining the Transportation Security Administration’s (TSA’s) discretion to deny access to airplanes for good reason—the status quo isn’t so great from a civil liberties standpoint to begin with. There is scant transparency around how TSA officials exercise this discretion, leading to potential abuse or discrimination in its application while offering no redress for those whose rights may be violated. Keeping such policies secret also doesn’t inspire much confidence in the flying public that we are any safer for them since there is little ability to assess their effectiveness or relevance.
• Funding the digitization of “breeder documents” and birth record verification:
The amended bill also now requires birth records to be verified with the issuing agency no later than six years after the final regulations are issued, so long as the electronic system enabling such verification (i.e., the Electronic Verification of Vital Events (EVVE)) is up and running by that deadline. The bill also provides funds to states to digitize remaining birth records and connect state records to the electronic verification system.
This change takes us one step back towards REAL ID, which required birth certificate verification through the EVVE system. While the bill gives the DHS Secretary room to make sure any such system includes adequate privacy protections, EVVE still centralizes highly valuable personal information and would become a magnet for internal fraud and identity thieves.
• Abbreviated rulemaking timeline:
Finally, the amended bill authorizes DHS to issue an interim final rule to implement PASS ID, bypassing the full Notice of Proposed Rulemaking (NPRM) process. While there is considerable pressure from many corners to not delay implementation of PASS ID, this change is curious considering the contentiousness of the REAL ID debate of the past four years. Taking into account the concerns of affected stakeholders from the outset of the program seems imperative to help avoid the same kind of impasse that REAL ID has engendered.
CDT is concerned about these changes and will work with members to address them as this issue moves to the floor. Stay tuned for more updates as the bill moves forward.
Monday, August 3, 2009
AUDIO:::> The ACLU on a Real ID Repeal
The ACLU's Chris Calabrese, veteran legal counsel assigned to the anti-Real ID effort in Washington updates listeners on a newly filed legislation. The new bill filed by Rep. Cohen in the House of Representatives, would repeal Real ID entirely and replace it with language allowing for a negotiated rulemaking process. The rule making process, part of a 9-11 Commissions reform bill, was itself repealed by the Real ID Act of 2005. We observe the modern marvel of when the ACLU can finally agree with the Secretary of DHS on something - that Real ID is dead. More is also included on the PASS Act.