In its report, released in July, the panel said: "Fraud in identification is no longer just a problem of theft...sources of identification are the last opportunity to ensure that people are who they say they are and to check whether they are terrorists."
Identity authentication is the single most important measure to deny criminals or terrorists access to property, bank accounts, the commercial transportation infrastructure and similar crucial institutions of a modern state. This applies to both foreign visitors and U.S. citizens.Identity authentication is becoming a widespread tool to prevent identity theft, which can facilitate criminal and terrorist activities. For example, terrorists have taken advantage of diminished scrutiny of low-balance bank accounts to move funds for support of terrorist operations. As a result, Congress has approved legislation requiring that financial institutions verify the identities of all new customers.
Nearly three years after Sept. 11, 2001, we have failed to close the most conspicuous gap in identity authentication, in the area of our greatest vulnerability: commercial air travel. The existing system, which depends on crude and easily foiled passenger profiling strategies, has failed catastrophically, as the commission's detailed report on the Sept. 11 hijackings confirms.
Setting up a modern information-based process to confirm individual identities is indispensable for any security system. This includes using advanced technologies that rely on unique physical (biometric) identifiers such as fingerprints, retinal patterns, facial images and other characteristics. Biometric identifiers are reliable only if these unique data are securely tied to a specific individual with a positively established identity. Biometric checks are just part of a broad strategy that should include information-based and token identity validation.
Biometric identification systems will increase our security significantly. However, identification systems based on unique biometric characteristics will probably be costly and require many years to complete.
Identity authentication techniques can be implemented now and can mitigate the air transport system vulnerabilities identified by the 9/11 Commission report. By compiling basic information from individuals in an information-based identity authentication system, the airport screener can ask the passenger for information to compare with personal data already available to the screener, such as date of birth, first residence and mother's maiden name.
The strength of the system is that a terrorist or criminal trying to steal another's identity probably cannot know every bit of information about the person whose identity is in question.
Moreover, statistical modeling and scoring techniques developed for the financial services industry to prevent credit card fraud can be applied to identify authentication. Doing so can provide high confidence about identity authentication in near-real time, reducing airport screening delays. Because commercial modeling and scoring techniques are applied via software, overall costs to both passengers and the government can be reduced.
Alas, plans for the Transportation Security Administration to set up a modern information-based identity authentication system for air travel have been delayed by disputes based on misunderstandings about such a system's nature. Some critics fear that authenticating individual identities will compromise privacy. In fact, the reverse is true.
Authenticating an individual's identity is one of the most important ways to assure privacy at a time when technologies to compromise that privacy are growing rapidly. Only by authenticating individual identities can we effectively protect the constitutional privacy rights of U.S. citizens, and the ability of visitors to travel freely.
Biography
Dennis Szerszen, formerly an industry analyst, is vice president of business development at SecureWave, a maker of end-point security software.
1) Data of the kind needed for identity authentication is already widely available in private databases
2) Government use of such data should be more constrained than public use given the greater dangers to citizen rights
3) Guidelines and policies for the access to and retention of this data must be a high priority prior to implementing systems that can access such information
4) Standards for so-called breeder documents that can be used to attain identity documents and for identity documents must be a high priority.
The case is quite the reverse of the public perception of the attempt to create a Big Brother system. However, the data collected can be abused by any administration that does not correctly set and follow policy for its use. Given such authority and scope, it will be insufficient to trust without verification. For this reason a major part of the design and implementation requires audit trails for all access to, use of, and retention of this information.
Len Bullard
Intergraph Public Safety
article are flawed in the most fundamental ways.
It has expectations that the integrity of those
who manage the information is non-corruptable,
that the technologies involved will stand the
test of mass deployment and that the assurances
of people who directly benefit from the
implementation of those technologies are the
most reputable to listen to.
There has yet to be a form of identification or
verification that has been able to stand up once
put into practical use. Some examples include,
but are not limited to, counterfeit currency,
the CSS encryption on DVDs, digital driver
licenses (susceptible to fraud through weak
processes on other [breeder] documents required
to obtain them).
All of these also suffer from the
actual/potential abuse from "insiders" with
access to the internals/materials of each
system. As the level of reward for breaking a
system increases the potential for finding
people with access or people willing to obtain
access illegally (break-ins, hacking, etc.)
increases as well since the investment of a
bribe/payoff becomes more profitable. Since
there are plenty of examples of "trusted"
government employees who turned against this
nation in the past
http://www.cnn.com/2001/US/02/20/fbi.spy.03/ why
should we now assume that can't happen again.
Additionally, some biometric technologies have
already shown significant operational flaws. For
example this article
http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/
shows how using simple techniques and almost no
money many fingerprint systems can be defeated
with amazing consistency. There is also the
failure of facial recognition systems in Florida
http://archive.aclu.org/issues/privacy/drawing_blank.pdf .
And the undeniable fact that once a technology
is widespread enough, there will be attempts and
eventual success in compromising that
technology. Imagine what could be done with
finacial backing from organized crime or
malicious nation states. If someone wants
something badly enough, they will do whatever it
takes to get it. Once implemented on a large
scale, it is also nearly impossible to fix a
systemic flaw in the system. When the CSS was
broken in the DVD standard just a few months
after widespread deployment, the movie industry
had no choice but to leave the problem out
there, since it would have been non-trivial to
replace every DVD player (physical or software)
that had been distributed. A similar thing could
occur if there was a systemic issue with any
identification system that was
national/international. The logistics of
redeployment would be greater than the initial
one.
Add in the additional problem with human error
in the maintenance and operation of these
systems and we have created nothing to actually
secure ourselves from physical or financial harm
through the author's proposals. This type of
system will more likely simply be another pork
barrel sponsored with our tax dollars with no
real benefit. It's potential for abuse will be
the only thing that can be assured. We have
already shown the human error side with examples
such as our senators and representatives being
on the no-fly list
http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2004/08/20/MNGQ28BM1O1.DTL .
If we can't properly maintain a simple list, how
can a system, of an order of magnitude greater
complexity, be expected to work in a way that
will protect citizen's safety and rights.
There comes a point when these lobbyists need to
have their microphones turned off and their pens
taken away from them before they do real harm to
everyone. This narrow vision of a system that
will exist in a world, where only the threats
that they can see now exist, does no one any
good.
One of the authentication technologies, iris recognition (NOT retinal scanning, as cited in the article), has been demonstrated in the U.K. to be many times more accurate than other biometrics. Furthermore, it has been deployed for a couple of years now in a successful methodology to keep the bad guys out and let the decent folks enter with a minimum of fuss. See http://www.CL.cam.ac.uk/users/jgd1000/deployments.html
Isn't it ironic that the successful deployment is in an Arab country?
As for retinal id's, where are the original prints coming from? My fingerprints are already on file because I was less than an angel in my youth; I will never submit to retinal printing. Bye the bye, what sort of monstrous international databasing system will it take to store the retinal prints of everyone in the world and make them available everywhere for id purposes?
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Dr. Schneider's warrantless system of database searches clearly violates the 4th Amendment. People like Dr. Schneider are confusing liberty with convenience. The freedom to avoid airport screening delays is not the same as political freedom. Their dream is to create an America where it is impossible to engage in any kind of unsupervised, voluntary cooperation with anyone. Going to school, getting a job, buying a house; all of these events will require a governmental security check. Woe unto to those that criticize government policy in that tax-subsidized brave new world. My advice to Dr. Schneider and his followers is the same that Samuel Adams gave to those that turned away from freedom over 200 years ago:
"If ye love wealth greater than liberty, the tranquility of servitude greater than the animating contest for freedom, go home from us in peace. We seek not your counsel, nor your arms. Crouch down and lick the hand that feeds you; May your chains set lightly upon you, and may posterity forget that ye were our countrymen."
The answer is simple: choosing to win the war by actually engaging in war and defeating the countries responsible for terrorism. This means rejecting this self-sacrifical "Just War" nonsense, and returning to the idea that American's self-interest is paramount, that the terrorist nations (Iran, Syria, Yemen, Sudan, etc.) are unacceptable criminals, and doing WHATEVER it takes to defeat them, without regard to the collateral costs.
If America stopped acting like the pathetic punching bag its become, and started actually hammering into submission the enemy countries, then the terrorist problem would go away.
If we had followed today's ideology of war during WWII, we would all be speaking German (or Japanese). And if we'd followed today's ideas about winning war and occupying countries, Japan would not be a prosperous civilized nation, but would have reverted again to collectivist feudalism. We should have imposed a Western-style secular constitution of republican limited government in Iraq, not sacrificed our soldier's lives and our citizen's money to simply let the Iraqi's vote themselves into an Iranian-style Islamist theocracy.
9/11 was not caused by bad intelligence or bureaucratic bungling -- it was caused by a bankrupt American foreign policy -- one that enables terrorist organizations and the evil countries that sponsor them to prosper and continue to threaten the US.
Brad Aisa
baisa@brad-aisa.com
Schneider says, ?Authenticating an individual's identity is one of the most important ways to assure privacy at a time when technologies to compromise that privacy are growing rapidly. Only by authenticating individual identities can we effectively protect the constitutional privacy rights of U.S. citizens?.?
What is so ?privacy assuring? about ?clerk-screeners? involuntary conducting government mandated taking of my fingerprints, retinal scans, face video profiling, body scans, frisking, and random cavity searches in tandem with ?no probable cause? cross-database searches of my bank records, tax records, property records, residence history, credit records, parentage, marital records, driving record, shopping purchases, vacation travel, private affiliations and clubs, etc.
It is ?Government Bureaucrats Gone Wild.? My favorite bank teller, whom I?ve been pleasantly chatting with about the weather, kids, the Holidays, vacations, etc for over 25 years now, has been turned into a pseudo-government bureaucrat enforcement clerk-screener by Patriot Act I & II. She?s been through the bank?s ?Terrorist Rooting out Training? and learned how to ?catch terrorists? who might be lurking around our sleepy little bank branch here in North Margaritaville.
Since her ?Terrorist Catching? training certification, she ?authenticates? every transaction I do with her at the bank. She no longer is ?customer-centric,? but is now ?government-centric.? She used to ?work for me,? but now she ?works for Uncle Sam.?
A recent example: My wife?s birthday is about six weeks away. So the other day I deposited a large quantity of the ?mad money? cash I had squirreled away in my desk safe, and deposited it into my bank checking account to be used to buy my bride a suitable birthday gift. Previously, my cash deposits would have been accepted by the Suzy Bank Teller without comment, except for the ?weather, kids, the Holidays, vacations, etc,? but not now. Now she asks me ?authenticating? questions such as, ?That?s a lot of cash?are you planning a trip?yadda?yadda?? as she scrutinizes and occasionally ?magic pencils? the 20, 50 and 100 dollar denominations.
But Teller Suzy, it?s the same Joe Yankee Doodle you've done business with for ~25 years, not Yusef al Yhankee-go-hohm.
As TV?s Judge Judy would tell Dr. Schneider, ?Don?t urinate down my leg and tell me it?s raining.?
- Use of our latest technology
- by October 5, 2004 1:56 PM PDT
- The lack of our utilization of our latest technology on this war against i.d. theft and validation of one's true i.d is un-acceptable.
- Like this Reply to this comment
-
(9 Comments)It is incredible stupid for us as a nation to waste our time and resources to stand on line at airports etc...As a nation, the US can do much better than what we are experiencing today.