Law School Discussion

Social Security Numbers = De Facto National ID Card


Social Security Numbers = De Facto National ID Card
« on: December 26, 2005, 04:03:14 AM »
SSNs should not be used the way they are currently used.

Refuse to provide it whenever you can -- e.g., strange as it may seem, you can be hired without giving your SSN to your employer.

Yet, SSNs are not unique identifiers as they say. After all, you can simply make up Social Security numbers randomly, and create a valid number not assigned to anyone. On the other hand you can make up a SSN that can be valid, while being probably been assigned to another person.

Re: Social Security Numbers = De Facto National ID Card
« Reply #1 on: December 26, 2005, 07:31:24 PM »
In February 2003, the New York Senator and former First Lady Hillary Clinton announced that she would support a national identification card for US citizens claiming that she would support it as part of an overall effort to improve national security.

"Clearly, we have to make some tough decisions as a country," Clinton warned. "And one of them ought to be coming up with a much better entry and exit system so that if we're going to let people in for the work that otherwise would not be done, let's have a system that keeps track of them."

Re: Social Security Numbers = De Facto National ID Card
« Reply #2 on: December 26, 2005, 07:34:12 PM »
Many different national identification schemes (NIDS) have been proposed. A key feature in all of them is that people in a particular country would be required, or at least expected, to present an officially issued ID card in order to obtain particular services or pass security checkpoints. Traditionally, NIDS have been used or proposed for handling routine administrative transactions between government agencies and citizens, with benefits claimed in the areas of convenience, cost savings or fraud reduction. NIDS could combine the functions of a driver's license, social security registration, immigration documents, and other government-issued identification. Until recently, NIDS have not been suggested as a way to protect against terrorist attacks, partly because of inherent difficulties in achieving the required levels of security. Suddenly, in the wake of the terrorist attacks on September 11, 2001, preventing terrorism is being touted as a possible use of NIDS.

NIDS can either be mandatory or voluntary. In a mandatory scheme, everyone is required to carry and present a card when asked; not doing so is an offense. In a voluntary scheme, those who do not have a card will be subjected to additional background checks while those with a card can more easily obtain services or pass security checkpoints. There are at least two distinct processes in a functioning NIDS.

First is a one-time registration process in which everyone is required to present themselves to the authorities along with their existing identification documentation, such as birth certificate or citizenship papers. If the authorities believe the documentation is valid, they create an individually identified entry in a database and issue the person a card which, in most systems, would be linked to this entry. In recently proposed schemes, this would be a "smart" card containing a micro-chip that stores and accesses information and possibly biometric data about the person, such as finger prints or retina scans. The second process is authentication. This occurs whenever the cardholder is required to show the card to verify his or her identity. A first check is made to ensure that the card actually belongs to the person presenting it. This is done by comparing the information on the card with the person, for example by visual comparison of the cardholder with the photograph on the card, or by digital comparison of a live finger scan with the finger print recorded on the card. If there is a satisfactory match, the card is used as a link to a database. A second check then determines whether there is anything on file that raises suspicion about the cardholder. If not, the person can proceed. There can also be a third process, data-matching. This occurs whenever authorities analyze and compare information in the NIDS databases to determine whether information about a person is present in more than one database, in order to augment what is known about that person.

The overwhelming majority of the September 11 hijackers were in the US legally and had no record with the FBI or other security agency. In other words, they could have obtained a legitimate ID card and the authentication checks prior to boarding the plane would have not have revealed anything that would have aroused the suspicions of authorities. A NIDS offers no security against terrorists who have no record of prior misconduct and are not worried about being identified after the attack (possibly because they will be dead).

Using biometric data such as fingerprints and retina scans can help in verifying that the card actually belongs to the cardholder. However, this is not 100% reliable. There is always a margin of variation between the original sample obtained during registration and any subsequent sample used at the point of authentication. To ensure that no one slips through by pretending to be the cardholder, the range of tolerance must be set so narrow that there will be significant numbers of people who will not appear to be legitimate cardholders when in fact they are.

More fundamentally, however, biometric identification is just one step in the overall NIDS process. The security provided by the overall system is governed by its weakest link. The issuance of a high-security ID card is based on the presentation of low-security documents. Anyone with a convincing passport or birth certificate would be able to obtain an ID card. All biometrics help to do is to make sure that the cardholder is really the person identified by the card and, if they are checked against a central database, then biometrics can ensure that a person does not hold more than one card. However, biometric data cannot ensure that the information the person presents when obtaining the card is correct. This depends widely on the specifics of the system, but no system can ever be 100% secure. While smart cards are among the most secure technologies available, virtually all existing smart card systems have been compromised. Leading security experts point out that as more and more smart cards are put into operation, more and more people know how to break them. If the card is used to check the information against a central database, then the security of this database becomes crucial. It must be accessible nationwide in order to support security checkpoints all over the country. Therefore it will have to be on some network, probably the Internet or telephone system. The security necessary to prevent people from breaking into such a sensitive networked system would be nearly impossible to achieve. For this reason, a NIDS creates security risks that would otherwise not exist. Furthermore, if high-tech security cards can be compromised, it becomes impossible to distinguish a fake card from a legitimate one. A smart card system might be more difficult to forge, but if successful, forgeries would be perfect. Last but not least, a system as complex and comprehensive as a NIDS relies on the cooperation of a thousands of people, hundreds of organizations and dozens technologies. Each of these elements introduces a specific set of vulnerabilities. Securing the entire system against attacks and abuses will be close to impossible.

NIDS would allow individuals to be easily tracked. However, knowing the identity of people will not prevent crime. If the identity of the person who will commit the next crime were known then prevention would be trivial: simply find the person and stop them from acting. However, since crime and acts of terror cannot be predicted, being able to track individuals will not increase security. A NIDS would make everyone vulnerable to the problem of incorrect data in the database. If the data on the card or in the database is incorrect, then innocent people will be victimized through no fault of their own. If other government databases are any indication, a system as large as a NIDS would contain a significant amount of incorrect data. NIDS, then, do not provide additional security against terrorism. With NIDS we compromise civil liberties without increasing security.

Given that the systemic weakness of an NIDS are somewhat hidden, such a highly visible system might well produce a false sense of security. By relying on a security measure that is inadequate, we might end up compromising our security through a NIDS. Two groups have been pushing for NIDS for a long time and are now using the war against terrorism to advance their agenda. The law enforcement community would like a tool to make it easier to identify people on routine checks and to link their databases by using the national ID card as a unique identifier. This has little do with the fight against terrorism but a lot with expansion of police powers. Smart-card identification schemes have also been promoted by large information technology vendors. For them, a multi-billion system would be a great business opportunity. The most prominent promoters of the current wave of NIDS in the US have been Scott McNealy, CEO of Sun Microsystems, and Larry Ellison, CEO of Oracle. Both have been peddling their company's products as the basis for the NIDS. While they offered their products for free, the ensuing service contracts would make their "gifts" highly profitable. Both of these groups stand to benefit from a NIDS even if it does not improve our security against terrorists. So far, failures of proposed smart card NIDS greatly exceed successful implementations.

« Reply #3 on: December 26, 2005, 07:43:37 PM »
Technology is gonna put an end to the world. People are inherently stupid: they think that just because they CAN do something, they HAVE TO actually do it.

Einstein was not stupid when he answered to some peoples' question 'What do you think about the Third World War?,' saying 'I don't know about the Third World War, but I'll tell you about the Fourth.' They asked him, 'What is it? What is it? What is it?' Einstein replied, 'When you go to wage the Fourth World War, it will be with sticks and bows and arrows. We'll be back to primitive man.' What the Third World War is going to bring about is complete devastation.

« Reply #4 on: December 26, 2005, 07:47:15 PM »
They can just do that with the social security card. Every USC has one assigned already, they can just add a status to it. I can't see any problem doing it that way, your SS# is everywhere, in your driver license, your checks, etc -- it's not exactly a sacred, closely guarded information anymore.

Re: Social Security Numbers = De Facto National ID Card
« Reply #5 on: December 26, 2005, 07:50:07 PM »
panda, it's not a matter of a SSN anymore, if you carefully read above on this very thread you'll see the proposed National ID Card involves a micro-chip that stores/accesses information and possibly BIOMETRIC DATA about the person, such as FINGERPRINTS or RETINA SCANS. It's horrible if it is to be implemented -- it would undoubredly create a Nazi state.

Here it is a little bit more on the issue
« Reply #6 on: December 26, 2005, 07:58:48 PM »
People have always used individual traits for identification. In ancient times, the presence of scars, birthmarks and other unusual features helped minimise mistaken identify. Even today, we use techniques that have been around for centuries, such as passwords and signatures. But passwords are notoriously insecure, and signatures can be forged or ignored. Shop assistants, for example, often don't bother to compare the signature on the back of a credit card with the sample provided by the purchaser. The search is on for better ways of proving identity. As computer power has grown, so too has the idea that the automated capture, measurement and identification of distinctive physiological or behavioural characteristics could safeguard our identities and therefore our property and privacy, and could also be used to fight crime. The technologies now being developed for these purposes have come to be labelled 'biometrics', because they apply statistical methods to biological observations and phenomena. However, the discipline of biometrics is much broader than just identity verification. Biometrics plays a crucial role in agriculture, environmental and life science.

Fingering the issue

The most well-known biometric technology of all is the fingerprint – we all know that the biggest mistake a criminal can make is to leave a fingerprint at the scene of the crime. If you look closely at the underside of your fingertips you'll see dozens of swirling lines. These are made by minute, raised 'friction ridges' on the skin; their purpose is to give your fingers better grip in the way that car or bike tyres have 'tread' to keep them from skidding on the road. You can see similar friction ridges on the palms of your hands and the soles of your feet. The friction ridges form several macro-patterns, the three most common of which are the arch, loop and whorl. Individual ridges also have distinctive variations, known as minutiae. These include:

- 'ridge endings', where the ridge ends abruptly;
- 'bifurcations', where a single ridge divides into two or more ridges;
- 'enclosures', where a ridge bifurcates and then rejoins, leaving a little island in the middle;
- dots, which are short fragments of ridges of approximately the same width and length; and
- spurs, which are short offshoots from a main ridge.




The arrangement of the ridges and their minutiae on the finger is random: probability theory suggests that the chance of two fingers having exactly the same arrangement is more than a billion to one. Indeed, in a hundred years of the systematic fingerprinting of criminal suspects and more than 100 million fingerprints later, no two have ever been found to be identical. Fingerprints are fully formed in the womb and remain unchanged throughout life. In Australia, the use of fingerprinting in fighting crime was recently updated under the CrimTrac system. But it is not only the police who are excited about fingerprint biometric technologies: ideas for applying them commercially (e.g., to control access to personal computers) are coming almost as fast as you can push a button.

The difference between identification and verification

The use of biometric technologies against crime mostly involves identification; whereas verification is more common in commercial uses. The difference between the two can be shown in the following examples. Imagine an automatic teller machine (ATM) that uses a fingerprint instead of a number as a password. The machine confirms your identity by comparing your fingerprint with the 'reference' fingerprint originally encoded into the card. That’s verification. If a thief breaks into a house, he might leave behind a fingerprint. The question the police want to answer is: who does this fingerprint belong to? It can be checked against a database of criminal fingerprints; finding a match is identification. In terms of computing power, the difference between verification and identification is important: comparing the fingerprint entered by the user with the reference fingerprint (verification) is a simple task. Matching a fingerprint with all those contained in a database of thousands or even millions (identification) requires considerable computer grunt. In most commercial applications of biometrics, the aim is to verify the identity of the user.

Finger scanning

The potential applications of using fingerprints are being made possible by the development of automated finger scanning. Up until a few years ago, fingerprints were collected in the way we see in police movies: put the finger on an inkpad, then place it carefully on a sheet of paper. In the last decade or so, electronic scanners have been used to digitise the old, paper-based prints to form an electronic database. Now, technologies to scan the finger directly are developing rapidly. Optical finger-scanners, which work in a similar way to a photo scanner, have been in use for a decade or so and are starting to be replaced by other methods. One of these is called capacitive scanning: it measures the electrical charge produced by the contact of the fingertip with an array of tiny capacitors mounted onto a silicon microchip. Since the ridges will make better contact with the capacitors than the valleys, this technique generates an image of the fingerprint that can be processed in the same way as an image produced by optical scanning. Ultrasound finger-scanners are also being developed.

Once the fingerprint image has been obtained it needs to be measured. In one approach, a computer algorithm – a program designed to turn raw data into code that can be used more easily by the identification/verification software – identifies minutiae points on the scanned print and 'locates' them relative to other points on the print. It then establishes a mathematical 'template' to serve as a reference. When the same finger is scanned at a later time – perhaps when its owner wants to use an ATM – the computer software compares the template, which could conceivably be stored on a microchip in the user's card, with the newly scanned print.

Applications of finger scanning

Fingerprint verification is already being used – on a limited basis so far – to control access to personal computers, cell phones and ATMs. A quick search of the internet reveals a host of companies selling finger scanning devices and citing very low 'false rejection' rates and even lower 'false acceptance' rates. Techno-visionaries predict applications for finger scanning far wider than merely access to the laptop or ATM. They foresee a time when the right finger in the right place will unlock car doors, open briefcases, verify identity over the internet, facilitate travel across international borders and prevent voter fraud. But sceptics point to potential shortcomings. For example, fingerprinting has criminal connotations that will turn many law-abiding people away and some consumer resistance seems inevitable. Others worry that it could even provoke a wave of violent 'finger snatching', because possessing someone else’s fingerprint could be extremely lucrative.

Re: Social Security Numbers = De Facto National ID Card
« Reply #7 on: December 26, 2005, 08:02:48 PM »
The eyes have it

Meanwhile, technology companies continue to invest research dollars in other biometric options. Iris and retina scanning seem to have considerable potential: the patterns in both these parts of the eye are unique to the individual. The retina is the innermost layer of the eyeball 'wall' and is criss-crossed by tiny blood vessels. As these vessels develop in the womb, they form a unique pattern that does not change over the individual's lifetime; retina scanning can map, code and compare these blood vessel patterns. The iris, the coloured part of the eye, contains about 260 unchangeable characteristics – compared to less than 40 in fingerprints – that can be scanned by video camera, coded by algorithms and, later, compared. The chance of an identical match with a different eye is said to be about 1 in 1078, which is a very small chance indeed. Of the two eye-scanning technologies, iris-scanning is the more likely to gain in popularity. It can be done at a distance of a metre or so – in contrast to retina-scanning, which must be done quite close-up – and is therefore likely to be more acceptable to the public.

Other biometric tools

We all have other unique characteristics that can be measured. Examples of these other biometric options include hand geometry, typing patterns and voice recognition

Hand geometry

Since the exact shape of the hand and the relative lengths of the fingers and thumb vary between individuals, hand geometry is touted as a potentially useful biometric. The advantage of hand scanning over fingerprinting is that it is less invasive, very user-friendly and requires little computer firepower. The drawback is that hand shapes are not unique, so hand geometry biometric technology is likely to be limited to low-security applications.

Typing patterns

Another kind of biometric technology looks at behavioural characteristics. Most of us possess certain patterns of behaviour that are unique to us. Keyboard recognition technology assesses the typing style of the user. It determines dwell time (the time that each key is depressed), flight time (the time taken to move between keys), and a host of other characteristics, such as typical typing errors. An algorithm codes these patterns. When the computer is used at a later time, the software compares the user's typing pattern against the template. If the variation is above a threshold, thereby indicating that an imposter is using the computer, the software denies access to restricted material.

Other technologies are under development

Many other biometric technologies for identity verification are under development, including voice recognition, face recognition (systems are now being developed to assist police and security agencies to identify suspects in crowds), vein measurement, chemical odour analysis, signature identification and facial thermography (the measurement of the radiant heat from a person's face). Some could be combined in multi-biometric systems, so that the limitations of any single system can be compensated by the presence of a second or third system.

Face Recognition

Throughout the nation and the world, the debate on the privacy implications of face recognition and other surveillance technologies is heating up. In January 2001, the city of Tampa, Florida used the technology to scan the faces of people in crowds at the Super Bowl, comparing them with images in a database of digital mug shots. Privacy International subsequently gave the 2001 Big Brother Award for "Worst Public Official" to the City of Tampa for spying on Super Bowl attendees. Tampa then installed cameras equipped with face recognition technology in their Ybor City nightlife district, where they have encountered opposition from people wearing masks and making obscene gestures at the cameras. In late August 2001, a member of the Jacksonville, Florida City Council proposed legislation to keep the technology out of Jacksonville.

The Virginia Department of Criminal Justice Services gave a $150,000 grant to the city of Virginia Beach in July 2001, to help the city obtain face recognition cameras to look for criminal suspects and missing children. Although officials had initially expressed mixed feelings about the technology, the city council voted on November 13 to install the software at the oceanfront. To fully fund the system, the city must pay an additional $50,000.

In the wake of the September 2001 terrorist attacks on the U.S., privacy advocates, citizen groups, political leaders, and the manufacturers of the technology itself are debating whether these technologies should be more widely used, and if so, how they should be regulated to protect the privacy of the public. Some airports are considering installing face recognition cameras as a security measure. However, T.F. Green International Airport in Providence, Rhode Island, one of the first airports to consider it, decided in January 2002 that they would not install it after all, citing the possibility of false matches and other technological shortcomings of facial recognition systems. Read more here,

Privacy issues

Biometrics-based identification and verification systems must deal with a host of privacy issues if they are to gain widespread acceptance. For some, the prospect of submitting body parts for detailed examination is enough to make them break out in a sweat, while amputees or the blind may not find certain biometric systems to be particularly user-friendly. Meanwhile, some people worry that biometric data given for an innocent purpose, such as opening a bank account, will be used for other, more sinister purposes by governments or corporations. Another concern is the potential 'hijacking' of biometric data – if transmitted over the internet, for example – by criminals who would then use it to defraud individuals and institutions. Such arguments must be weighed against the fact that the aim of most biometric systems is to increase privacy by requiring a more rigorous proof of identity than has been necessary in the past. If the system is robust enough, criminals will find that beating it is a difficult task. Nevertheless, the technologies present civil libertarians with many issues that must eventually be addressed.

Re: Social Security Numbers = De Facto National ID Card
« Reply #8 on: December 26, 2005, 11:12:48 PM »
Would you godd**mned dimented weirdos stop posting diagrams on this website?  That would be great, thanks.

Biometrics Overview
« Reply #9 on: December 27, 2005, 01:10:10 AM »
Imagine you're James Bond, and you have to get into a secret laboratory to disarm a deadly biological weapon and save the world. But first, you have to get past the security system. It requires more than just a key or a password -- you need to have the villain's irises, his voice and the shape of his hand to get inside.
You might also encounter this scenario, minus the deadly biological weapon, during an average day on the job. Airports, hospitals, hotels, grocery stores and even Disney theme parks increasingly use biometrics -- technology that identifies you based on your physical or behavioral traits -- for added security.

In this article, you'll learn about biometric systems that use handwriting, hand geometry, voiceprints, iris structure and vein structure. You'll also learn why more businesses and governments use the technology and whether Q's fake contact lenses, recorded voice and silicone hand could really get James Bond into the lab (and let him save the world).

Biometrics Overview

You take basic security precautions every day -- you use a key to get into your house and log on to your computer with a username and password. You've probably also experienced the panic that comes with misplaced keys and forgotten passwords. It isn't just that you can't get what you need -- if you lose your keys or jot your password on a piece of paper, someone else can find them and use them as though they were you.

Instead of using something you have (like a key) or something you know (like a password), biometrics uses who you are to identify you. Biometrics can use physical characteristics, like your face, fingerprints, irises or veins, or behavioral characteristics like your voice, handwriting or typing rhythm. Unlike keys and passwords, your personal traits are extremely difficult to lose or forget. They can also be very difficult to copy. For this reason, many people consider them to be safer and more secure than keys or passwords.

Biometrics uses unique features, like the iris of your eye, to identify you.

Biometric systems can seem complicated, but they all use the same three steps:

- Enrollment: The first time you use a biometric system, it records basic information about you, like your name or an identification number. It then captures an image or recording of your specific trait.
- Storage: Contrary to what you may see in movies, most systems don't store the complete image or recording. They instead analyze your trait and translate it into a code or graph. Some systems also record this data onto a smart card that you carry with you.
- Comparison: The next time you use the system, it compares the trait you present to the information on file. Then, it either accepts or rejects that you are who you claim to be.

Systems also use the same three components:
- A sensor that detects the characteristic being used for identification
- A computer that reads and stores the information
- Software that analyzes the characteristic, translates it into a graph or code and performs the actual comparisons


At first glance, using handwriting to identify people might not seem like a good idea. After all, many people can learn to copy other people's handwriting with a little time and practice. It seems like it would be easy to get a copy of someone's signature or the required password and learn to forge it.

But biometric systems don't just look at how you shape each letter; they analyze the act of writing. They examine the pressure you use and the speed and rhythm with which you write. They also record the sequence in which you form letters, like whether you add dots and crosses as you go or after you finish the word.

This Tablet PC has a signature verification system.

Unlike the simple shapes of the letters, these traits are very difficult to forge. Even if someone else got a copy of your signature and traced it, the system probably wouldn't accept their forgery.

A handwriting recognition system's sensors can include a touch-sensitive writing surface or a pen that contains sensors that detect angle, pressure and direction. The software translates the handwriting into a graph and recognizes the small changes in a person's handwriting from day to day and over time.