A new bill sponsored by Sen. Schatz (D-HI), Sen. Cotton (R-AR), Sen. Murphy (D-CT), and Sen. Britt (R-AL) would combine some of the worst elements of various social media bills aimed at “protecting the children” into a single law.
So maybe someone can fill me in on why the EFF opposes a digital national ID system. I know that Estonia has a cryptographically secure, free, and incredibly useful ID system. Is the fear of political persecution from the opposite party the reason we don’t implement that kind of system?
Governments have misused digital records about people in horrifying ways - IBM and the Holocaust article on Wikipedia
That is quite a twist to use severely out-dated examples for the modern world of today.
The technology for mass data analysis is here and make no mistake all data about you is there in an NSA computer folder.
The question is, why the fuck can’t the government give you a nation-backed digitally-verifiable ID number for you that is useful for you, when they have one of you anyway, because they gave you a passport/driving licence.
Dismissing the holocaust as an “out-dated example” is actually a crime in some places, for good reasons.
In case you’re asking in earnest, I can assure you that the technical risks are much bigger today than they were in the past, in most of the world. Exfiltration by third parties, illegal sales, and one-sided terms-of-use are big issues today.
The government certainly can give me a centralized ID and not cause any problems. But for those who think it’ll automatically be fine - it’s worth reading some history.
Some countries have the necessary culture and laws to make a centralized government tracked ID reasonably safe. Many do not.
We would each be wise to stay aware of which we reside in.
I think having a digital ID system is very important in the modern age but where it is required needs to be limited. You should not need to use it where it isn’t strictly necessary. We have one in Finland too. You will almost entirely use it to use official services that would need your ID in person as well. In this proposal, the issue is not digital ID but how it would be used. First, where it would be used could compromise revealing too much of your identity when you want privacy and secondly and more importantly, it could compromise revealing your private actions to the government. Latter can move into highly problematic territory when criminalizing actions that should not be criminalized.
The EFF is notoriously kind of an extremist organization when it comes to privacy and any sort of tracking of people; not in a bad way though I think.
I wouldn’t call it extremist…it’s usually reasonable policy protecting people’s privacy. It’s only extreme because it would severely cut into big tech’s profits and the USs surveillance capacity.
That’s one of the concerns. Here’s more, from https://www.eff.org/issues/national-ids
Mandatory national ID cards violate essential civil liberties. They increase the power of authorities to reduce your freedoms to those granted by the card. If a national ID is required for employment, you could be fired and your employer fined if you fail to present your papers. People without ID cards can be denied the right to purchase property, open a bank account or receive government benefits. National identity systems present difficult choices about who can request to see an ID card and for what purpose. Mandatory IDs significantly expand police powers. Police with the authority to demand ID is invariably granted the power to detain people who cannot produce one. Many countries lack legal safeguards to prevent abuse of this power.
Historically, national ID systems have been used to discriminate against people on the basis of race, ethnicity, religion and political views. The use of national IDs to enforce immigration laws invites discrimination that targets minorities. There is little evidence to support the argument that national IDs reduce crime. Instead, these systems create incentives for identity theft and widespread use of false identities by criminals. National ID cards allow different types of identifying information stored in different databases to be linked and analyzed, creating extreme risks to data security. Administration of ID programs are often outsourced to unaccountable companies. Private sector security threat models assume that at any one time, one per cent of company employees are willing to sell or trade confidential information for personal gain.
Alright, I’m going to be critical of this entire article, but in particular the paragraph you quoted, “Why You Should Oppose National ID Regimes.” I have a lot of facets I want to tackle and no particular order in which to tackle them. There’s no TL;DR… sorry, not sorry, but still kinda sorry. 1/?
Right up front, my philosophy is this: we sacrifice freedom for security all the time. It’s not even an open question, the answer in reality is we do. Why are we only allowed to drive on one side of the street, ought I to be able to drive on the whole street, or whichever side I please? Well, we all agreed to limit ourselves to one side of the street to ensure we don’t crash into each other. We stop at red lights. Why? A simple color cannot stop me from reaching my intended destination! Well we stop so we can let other people go first, and then we wait our turn. Why do we wait in lines? Why do we have customs, and rules, and laws? Why do we limit and restrict ourselves? Because we want to add some security to our lives, or at the very least remove one worry from our basket of worries. The restrictions we self-impose are all outweighed costs that we pay to derive some benefits. So this is the frame of mind with which I’m approaching this article.
First, most of this article talks about biometrics collection. Now my knee-jerk reaction is yeah, creepy! Why should anyone know my “fingerprints, iris, face and palm prints, gait, voice, and DNA?” But despite the article talking about biometrics for the majority of its length, it’s not really about biometrics is it? It’s about National ID’s, and biometrics are just one method to create a National ID. We use other personal information to identify ourselves all the time. You have a Hinge or Bumble profile? What’s on it? Your name, your gender, your face. When we get our driver’s licenses, what’s on it? Our names. Our height. Our eye color. Our birthdates. When you open a bank account, what do they ask for? Your Social Security Number…
2/? Hey, real quick. You know how on old SSN cards it says “For Social Security and Tax Purposes - Not For Identification.” That was added in 1946 but removed in 1972. And uh… I definitely couldn’t get my current job without providing my SSN, I couldn’t open my bank accounts without it, and I couldn’t receive retirement benefits without it. So…
If a national ID is required for employment, you could be fired and your employer fined if you fail to present your papers. People without ID cards can be denied the right to purchase property, open a bank account or receive government benefits.
…We’re already there. Yes even the purchase property bit, because you get your credit checked for the mortgage loan. "… landlords, cable companies, cell phone providers, or even credit reporting agencies, which all habitually request SSNs simply >> because a number is more precise than a name. << emphasis mine.) And our 9-digit, unencrypted social security number is not even that precise or secure!
Once biometric data is captured, it frequently flows between governmental and private sector users. … Private sector security threat models assume that at any one time, one per cent of company employees are willing to sell or trade confidential information for personal gain.
We’ve already had the Equifax breach with SSN’s. That wasn’t a devious or disgruntled employee looking to make a quick buck, that was the entire organization choosing to skimp on security to save money. And no, I don’t believe the CEO of Equifax when he says this was all to blame on one person. A failure that big is never the result of one individual, but a result of the entire institution full of people who failed to recognize and remedy the problem. So I’m in agreement with @Nowyn, we should be judicious about who can access your ID and set some consequences for them if they abuse or misuse that access. (I think it would help if we had cryptographically secure ID’s, but that’s an extra layer I don’t want to jump into, I’ve ranted enough already.)
We already sacrifice freedom for security all the time. We already sacrifice privacy for identity all the time, from dating profiles to driver’s licenses. We already have a national ID system, it’s called Social Security, and it sucks. We’re already there, so where do we go from here?
