How much is this connected to not having a real id card?
For me is always weird when you see things like "no flight lists" and it is just a list of names. In Spain or Sweden your ID will be listed and the rest of people named like you spared of being harassed.
Another concept that I don't understand is that USA's social security number has to be kept secret or otherwise your identity can be stolen. How that is even possible? Doesn't your employer needs it?
An ID card is not perfect. 40 years ago Spain issued some duplicated numbers, before computers were so prevalent, causing problems. But it solves a lot of problems.
It always seems that private and public bureaucracy in the States is worst that it needs to be.
> Another concept that I don't understand is that USA's social security number has to be kept secret or otherwise your identity can be stolen. How that is even possible? Doesn't your employer needs it?
I think adopting this framing is what makes it really bad. Your identity cannot be stolen. The whole concept of "identity theft" is bullshit intented to shift blame. It only so happens that some entities are incompetent at verifying people's identity. That shouldn't even be your problem, as you have no influence whatsoever on how others check the identity of people, so you should not in any way be responsible for dealing with the consequences if someone thinks that you owe them something just because they believed someone else's claim that they were you.
> some entities are incompetent at verifying people's identity
Some entities are incompetent at verifying identity because some people are very loud about making sure a a modern ID verification system doesn't get built, because the ability to commit fraud is a civil right or something.
We need .gov smartcards. Or at least a .gov OAuth provider. Instead we are in the dark ages of shared-secret numbers (SSN, credit card, etc) and scans/faxes of easily photoshopped printed cards.
There is an argument this should be a private responsibility. For interactions on an existing account, this makes some sense - banks should be shipping hardware tokens, for example.
The big issue with identity theft is criminals opening new accounts under other people's identities, and this is a serious problem because the government will enforce that debt against people who didn't actually incur it. IMO it is government's responsibility to demand better proof of authenticity before signing up to enforce it.
> We need .gov smartcards. Or at least a .gov OAuth provider.
That's not really a good solution either, though, because that requires trust in an essentially unverifiable system and the entity producing it.
> banks should be shipping hardware tokens, for example.
No, they absolutely should not. That's like saying banks should send out staff to take care of signing stuff for their customers, and then insisting that the government should enforce whatever their staff signed against the customer. That's a completely broken security model.
I'm not sure I really propose anything, it's a hard problem. Maybe a more decentralized web-of-trust like identity system would be a good long-term goal?
As for authenticating orders to your bank: You should be able to use any compatible product/software you like to sign orders to your bank with your private key. The bank should not have the ability to fake orders to themselves (see also the Wells-Fargo fiasco).
The most important thing about a government-level identity system is extreme difficulty of obtaining any identity other than the one you were born with. It seems inevitable in a web of trust that fraud rings would emerge to manufacture identities for those looking to escape debts, criminal convictions, etc by some combination of tricking and bribing people to sign authentications.
>You should be able to use any compatible product/software you like to sign orders to your bank with your private key
I'm not sure you should be able to use, say, a poorly written IE extension on your unpatched Windows XP machine. Something federated would be great, where any manufacturer can technically make something compatible, but it has to meet a FIPS standard or something.
Keys could be generated onboard, and then you upload your public key or something.
We're getting way ahead of ourselves - banks are extremely hesitant to use anything better than secret numbers. I'd rather a shitty 2FA implementation than that.
> It seems inevitable in a web of trust that fraud rings would emerge to manufacture identities for those looking to escape debts, criminal convictions, etc by some combination of tricking and bribing people to sign authentications.
Which could possibly be counteracted by attaching a certain amount of liability to a signature? Also, you potentially can detect fraud rings. But, as I said: I am not really proposing anything.
> I'm not sure you should be able to use, say, a poorly written IE extension on your unpatched Windows XP machine.
Yes, you should, absolutely. Not only is it impossible to enforce anything else, but that's just your own responsibility, just as locking your own home or car or whatever is your own responsibility.
> Something federated would be great, where any manufacturer can technically make something compatible, but it has to meet a FIPS standard or something.
Federated? You mean an open standard? Yes, that would be the idea. But none of the FIPS crap, that never works. Certification only prevents improvements, security fixes and the like, and usually only guarantees a minimum level of security that's worse than what would happen without it.
> Keys could be generated onboard, and then you upload your public key or something.
No, keys are generated however the customer wants to generate them. The customer supplies a public key to the bank, and it's the customer's responsibility to keep the private key secure. If they think a smartcard from a specific vendor is the solution they trust, that's fine, more power to them. If someone else trusts more their own software on an airgapped raspberry pi, they should be able to do that.
> We're getting way ahead of ourselves - banks are extremely hesitant to use anything better than secret numbers. I'd rather a shitty 2FA implementation than that.
I don't. The more technically complicated the authentication system is, the harder it is to make people, and especially courts, understand what the failure modes are, and thus, who should be liable when something goes wrong. Lists of random numbers are relatively easy to understand (especially the fact that a bank obviously knows the "secret" numbers and thus cannot really prove that they got it from you).
First of all, I wrote above you in this thread, regarding smart cards for government ID:
> That's not really a good solution either, though, because that requires trust in an essentially unverifiable system and the entity producing it.
So, maybe you want to address that instead of just pointing out that people are in fact using a system that obviously has this problem that I already mentioned.
As for why electronic voting or electronic counting of votes is a terrible idea (I would have thought everyone on here knows that by now): It's impossible to audit. Elections are the failsafe of a democracy that has to be able to remove a government from power that tries to prevent being removed, and they are about the control of huge amounts of recources. Therefore, you cannot have trust in a small minority as the basis for its reliability, you have to have a system that is very hard to corrupt even by the government. A government server counting votes is the exact opposite of that.
The fact that, so far, noone has seen any problems is completely missing the point. First of all, the whole system is set up such that it's really difficult to find out if something went wrong/was manipulated (that's just the nature of electronic voting). Secondly, most elections aren't all that problematic. In times of peace and prosperity, there usually isn't much contention over the results of an election. What makes a voting system good is when it's able to stay reliable and trusted in times of political unrest.
Thank you. I appreciate you taking the time to explain your view.
Further, I concede that you are correct as far as voting goes. That doesn't mean the card is useless. It serves other purposes quite well, even if imperfectly.
Voting obviously is the biggest problem, but other uses have similar problems. Especially in terms of how you could ever figure out if it's actually not working well. You say that it serves other purposes quite well--how do you actually know that? Is it just because noone has demonstrated yet that, I dunno, the smartcards have a backdoor that is actively being used to sign stuff in other people's names? How would you know if that were the case? How would you convince a judge that you didn't sign some document when they ask you to explain how it comes that their computer tells them that you signed it?
> How would you convince a judge that you didn't sign some document when they ask you to explain how it comes that their computer tells them that you signed it?
How would you convince a judge that someone was holding a gun to your head as you signed a document?
How would you convince a judge that you didn't sign something when they ask you to explain how it comes that the signature on the document matches yours exactly?
The thing is that both of those scenarios are things judges can be expected to understand perfectly well, and have some clue how to approach evaluating the claim, and also, in both cases, there generally is a reasonable risk that any such attempts leave some form of evidence, deterring people from even trying it.
With a smartcard, there is nothing of that sort. It's just a bunch of electronic numbers and "the blackbox says you signed it!", there isn't really anything there to investigate, plus judges can in general be expected to not have even the slightest clue how to evaluate claims about IT security, so more than likely you'll end up with a situation where judges simply accept the government-mandated assumption that what the blackbox says is to be trusted.
It's the same fundamental problem as with electronic elections: The actual process is necessarily completely removed from human perception/observation, and therefore ultimately must be trusted blindly if it's not to be rejected outright.
Another concept that I don't understand is that USA's social security number has to be kept secret or otherwise your identity can be stolen. How that is even possible? Doesn't your employer needs it?
Yes, as well as utilities, banks, insurers, hospitals, etc, etc. Treating the SSN as a password is idiotic, to the point where I almost wish Anonymous or someone would publish every American's number so that we'd be forced to stop doing it.
> If you were born before 1989, your SSN can be guessed with 44% accuracy by an algorithm.
The actual situation is quite a bit less dire than your quote.
What that linked article says is that for people born AFTER 1989, the first five digits could be guessed with 44% accuracy. (There's a very real sense that the "last 4 of your social" are less guessable than the first five, so it's no surprise that the last 4 is what is often used/misused.)
I've seen multiple databases that have the results of asking the user to enter the "last 4 of your SSN"
If you have those last 4 digits, and you can guess the first 5 digits with nearly 50% accuracy, then you have a very good chance on getting legitimate SSN's for mass numbers of people with a DB dump.
No your utilities do not need it. I never give my SSN to companies. Not the phone company, not the utility company, nobody I don't actually need to if I can help it. They will often waive such a requirement if you pay a small fee (usually around $5-50), which usually gets paid towards a bill after something like 6 months of paying everything in full on time.
Every State in the US has ID cards, but citizens aren't required to obtain one at any point. (Although a heck of a lot of basic things-- driving a car on a public road, boarding an airplane, buying alcohol-- are gated by them.) What we don't have is a Federal ID card.
The TSA tried to impose one, but a lot of States are pushing back against it. (Washington State called the TSA's bluff and obtained a 2-year "extension" of our horrible awful non-TSA-approved satancards.) Even if the Feds succeed at requiring all State cards to feed into the same database, they have no power to require that every citizen obtain one.
The SSN was never intended to be ID, it's an account number. Anybody using it for ID is doing it wrong, but unfortunately, that's a heck of a lot of people.
It was supposed to a unique ID for Social Security and nothing more, but then the IRS and the Army (among others) started using it, and lots of others suddenly thought it was a good idea.
While this makes perfect sense and works great in the rest of the world, ID numbers in the US have been talked about, but have faced resistance from two groups.. those that think that this is somehow an invasion of privacy, and those that think that this somehow correlates with the 'mark of the beast' and signals the end of humanity according to the bible. (not joking)
Individual states already issue identification cards, and people use that all the time for this purpose.
In a system like the US, I think it's better for the states to handle identification cards, not the federal government. There's a lot of details that go into identifying someone, and your local state is best equipped to handle that.
To give a few examples:
What's the procedure for changing your name? A lot of people change their name after marriage or divorce. Those are usually handled by the states, so adding a federal government in there raises the net complexity.
Should people in Alabama be able to force the residents of California to put their original sex on a federal id card? I don't care, but other people do. It could be one of those pointless political distractions that's better left unanswered.
If the federal government runs it, now they have to own or rent a bunch of land in every major city in every state so they can service id card requests. So it gives them a larger presence. I guess they could reuse social security offices, but they couldn't reuse state DMV offices which are the more natural choice.
> What's the procedure for changing your name? A lot of people change their name after marriage or divorce. Those are usually handled by the states, so adding a federal government in there raises the net complexity.
To be clear, the federal government is already involved with name changes-- in fact, though my name change was issued by a state court, I had to get it changed with Social Security before I could get a new driver's license.
Similarly, passports do have a sex listed, so that's already something with federal jurisdiction. The passport system is also handled through post offices, solving the problem of needing more offices.
> If the federal government runs it, now they have to own or rent a bunch of land in every major city in every state so they can service id card requests.
Don't we already have that with the post offices and the passport system?
Couldn't they expand passports into a Federal ID system?
Sure. You could require every American to get at least a passport card. Maybe even waive fees for those below a certain income level.
I'm not qualified to comment on constitutional issues so I won't.
I will say that, even if it's mostly an emotional issue (people already need at least some sort of state government-issued ID to do lots of things), there's a huge resistance in the US to anything that smells like "papers, please" or universal ID that people are required to carry and present upon request.
Which is how a lot of people view the idea of a Federal ID system. That may seem silly to a lot of people outside the US but it's how things are.
> there's a huge resistance in the US to anything that smells like "papers, please" or universal ID that people are required to carry and present upon request.
And yet, you are, under certain circumstances, already required to ID yourself to a police officer upon request.[0] The most common form of ID? Your driver's license.
Shared-secret numbers and physical cards are not enough. We need a cryptographic API that lets citizens sign requests to authenticate themselves, such that the signature they emit is only useful for one relying party at one time (not useful if stolen).
Fifty cryptographic APIs, on the other hand, would be a nightmare. We'd at least need the federal government to force states to implement one conforming to some open standard so that the integrations aren't intractable.
> How much is this connected to not having a real id card?
Social security number is sort of that. But various businesses keep accepting it blindly from fraudsters ("identity thieves"). So for now it remains semi-private because it is overused for authentication.
> Another concept that I don't understand is that USA's social security number has to be kept secret or otherwise your identity can be stolen. How that is even possible? Doesn't your employer needs it?
The trouble is really that it is accepted as a an authentication credential in many places, even though it is just a not-very-random unique number.
> How much is this connected to not having a real id card?
None. The credit reporting agency should be verifying any facts they intent to include in a report. If the are including unverified hearsay, the their report may be libel[1].
Also, your own ID card wouldn't fix someone else with either no ID or fraudulent ID doing something in your name. If the bank gave a loan to someone else, that's their problem, not yours.
[1] I'm aware that regulatory capture has granted the agencies immunity from slander/libel laws. Just because unethical behavior has been legalized doesn't make it the victim's responsibility to work around libelous claims.
One problem is that when the bank fails to adequately bet whoever they gave a loan to, it becomes your problem until you can convince them that they made a mistake (hope you can afford a lawyer). A standard ID card with a photograph would help if it meant that nobody would accept anything else (utility bills, etc. are much easier to steal or forge) and it would transform online banking if we had something like OpenID/U2F which would work online.
The other problem is that without a reliable primary key, it's much easier for correct information about different people to be incorrectly mixed. While this is not as bad as, say, when it hits a sex offender database or terrorist watch list but it does happen and would go down dramatically if everyone could just use something like a SSN as the link instead of trying various fuzzy heuristics and hoping for the best.
If a bank in America gives a loan in your name that essentially is your problem until a sequence of things happen that require a fair amount of education to research and do yourself or the advice of a low end but real lawyer (which is dangerous to seek out among the ones that screw over the poor).
If you live in the US you should consider filing every block available to you so for the banks you don't use, you can start the discussions with asking why they were illegally pulling your credit record or giving credit without it.
In Europe, it looks like banks are petitioning to be allowed to verify identity over camera phones using an independent third party. That is still better than the US, since you can probably force them to retrieve that record of "you and your id" fairly early in a dispute.
> Another concept that I don't understand is that USA's social security number has to be kept secret or otherwise your identity can be stolen. How that is even possible? Doesn't your employer needs it?
It doesn't make sense, but basically knowing name, date of birth, and social security number is enough to open a credit account (sometimes you have to answer some questions which would be on a credit report, or provide an ID card if you're doing it in person). This is why it's important to try to keep it secret; on the other hand, employers are required to have it for taxation purposes, as well as any creditors (including utilities) want it too; most health insurance is driven by SSN too, and so are many health records; so the number is all over the place.
Court records (the issue in this article) wouldn't normally include a social security number, so the credit agency is 'helpfully' associating those by name, maybe date of birth, and city of residence with other records in their files.
Love the fact that I can't use the automated global entry when I visit the states as there exists someone else in the world with my name and a different D.O.B..
I do still try it each time though as it's still quicker to fail and then get a wistful comment from the guy checking my passport about the issue with the system.
Err, Global Entry is a members-only program. Unless you're actually a member (or a member of a similar program in a country with a reciprocal agreement), of course you can't use those kiosks.
GE doesn't match by name and birthdate, it uses your known-traveler number.
>> How much is this connected to not having a real id card?
Each state has it's own Drivers License and usually a very similar card that is simply for ID. Many places such as banks or cell phone companies will request your drivers license or ID # in addition to your Social Security # to open an account.
I suppose this depends on the state. California driver's license numbers don't change, even if you move away, get a different one, then come back years later and get one back in California.
Yeah but while you're in a different state your "current driver's license" is the one from that state. Effectively it changes when you move, and changes again when you go back.
The Congress could use its constitutional authority over weights & measures to prescribe a national system of ID numbers, administered by the states, with assignment at birth.
I have not had a physical social security card in many decades. I think it was in a wallet that got stolen in the 1970s and I've never gotten a new one and never needed one (or even been asked for one that I can remember).
There are different systems for different things. The Id card is typically verified by looking it up in a database and by a person comparing your picture.
For online usage you need digital identity cards and they have two factor or are hardware tokens.
USA has prison-weapon-drug-industrial complex coupled with insane amount of money. Any power given to the government is going to screw citizens lot more than small countries like Spain.
See how British cops deal with a mentally unstable person v/s how American cops gladly shoot down an erratic teenager. That is the difference.
If USA has a real ID card and government decides to screw you up the only choice you have is to either sneak into Mexico or just kill yourself. You wont be able to find a job, drive, fly, purchase anything, have a bank account etc.
For me is always weird when you see things like "no flight lists" and it is just a list of names. In Spain or Sweden your ID will be listed and the rest of people named like you spared of being harassed.
Another concept that I don't understand is that USA's social security number has to be kept secret or otherwise your identity can be stolen. How that is even possible? Doesn't your employer needs it?
An ID card is not perfect. 40 years ago Spain issued some duplicated numbers, before computers were so prevalent, causing problems. But it solves a lot of problems.
It always seems that private and public bureaucracy in the States is worst that it needs to be.