Comment by conductr
9 months ago
For argument sake, instead of outlawing data brokers wouldn’t it be better to design a better ID system that renders one’s name, dob, and SSN as harmless information?
I don’t know what that would look like but if I had congresses attention I’d like them to fix the problem rather than playing whack-a-mole with banning data sources. I don’t think any actual solutions come from that.
In many countries in Europe, your ID card contains a chip with a cryptographic key, much like chip&pin on a debit or credit card.
Those bits of information are worthless when you need to create a cryptographic signature with your ID card to do almost anything important.
If the card is lost or stolen they can just remove your old one from the keyserver. It's literally just public key crypto.
Identity theft is rampant in the countries that don't have such a system and basically require you give them increasing amounts of private information to prove who you are. In the UK that's every address you've lived in for 5 years, your council tax bill, your energy bill, your bank statement for a month... all because British people think an ID card means you'll get stopped on the street to show your papers.
No, fraud is rampant in the countries that don't have such a system. Calling it identity theft makes it sound like the onus on preventing the practice is on "whoever's identify was stolen", instead of correcting pinning the onus on the bodies issuing accounts and loans without verifying information or identity.
The US has three dumb points pushing back on this.
The first is religious nuts who think it would be a "mark of the beast"
The second is anti-government types who are, well, anti-government anything.
The third is many business owners, because it would become much harder/risky to hire illegal immigrants to work.
The "mark of the beast" types are pretty much fine with cards that have chips in them, but they really hate it when you threaten to implant those chips into people and they want cash to remain an option - same as the anti-government types. I don't share their apocalyptic or anti-government concerns, but I'm actually kind of grateful for their passionate opposition to both of those things anyway. I don't really want an implant and the option of using cash is a very good thing.
The anti-government types do hate the idea of a national ID, but they're already forced to carry a drivers license/state ID, and SS card so they've pretty much lost the battle already.
I'm afraid that it's the business owners who are our biggest hurdle.
8 replies →
Correct. But not insurmountable.
Make the ID card optional, so that it simplifies things if you have it, but still allows operation without it. If 80% of law-abiding population has the card, only the stubborn deniers will remain targets of easy identity theft and fraud based on it. Partly it will stop being worth the effort, partly it will serve as a good control group.
Allow but do not require to use the card for employee identification. Whoever insists on hiring undocumented immigrants, could continue. Most industries don't do that, and would reap the benefits of a more secure identification.
Don't make the card universal. A bank card with a chip does not identify you for governmental agencies, but prevents a lot of PoS fraud. It could prevent credit fraud if banks allowed me to require the card to take a loan in my name, or to make a transfer larger than $10, and provided the card identity check service to each other and to credit unions. Phones with NFC can read bank cards, so it's a good way to say "it's me, I confirm" in a secure way.
Evolutionary, opt-in, piecemeal solutions often have higher chances to succeed than abrupt all-at-once changes.
5 replies →
Governments murdered hundreds of millions of their own people during the 20th century, and the 21st is shaping up to tell the 20th to hold its beer.
Any proposal for modern ID needs to have Constitutional protections, checks, and balances or it will eventually devolve into a digital police state.
7 replies →
There is another group: those of us who think the trend of requiring ID to transact is a dangerous one.
One doesn’t need to be anti-government to fear governmental intrusion on one’s rights without due process. Our current government does that now.
1 reply →
> The third is many business owners, because it would become much harder/risky to hire illegal immigrants to work.
Big one, but even though employing illegal immigrants is a crime, it's almost never prosecuted.
1 reply →
You're forgetting the entire political left, who claim only whites are intelligent enough to get IDs.
> all because British people think an ID card means you'll get stopped on the street to show your papers.
That's probably because all of the anti-immigration and anti-foreigner people who are asking the government to stop people and ask them for their papers... this is not unique the the UK, Canada, or the United States either, and some of the countries plan to do more than just deport people.
Strong identity is increasingly a meaningful technical requirement, but glossing over the human impact of strong identity controls by the government is not going to have good outcomes either.
Not really in Britain. Labour tried to introduce some national id in early 2000s, the right wingers were the ones who objected the most. The same right wingers who are most anti-immigration
17 replies →
Yeah, id cards aren't mandatory in France either because the precedent when they were comes from literal Nazis. (At least theoretically, in practice you will face a lot of pressure...)
> Those bits of information are worthless when you need to create a cryptographic signature with your ID card to do almost anything important.
That depends on the type of attack you're protecting against. It might prevent an attacker from filing your taxes for you, but many companies are still going to use this kind of information as primary key. But it's not going to stop an attacker from pretending to be a bank employee, calling a genuine bank employee via a secret internal-only number, and claiming they've got Mr. Doe in their branch trying to do a critical transaction but their phone broke so they can't use the bank app. Yeah, the Mr. Doe living at 987 Main Street, that one. See, you even verified their ID, and it has a SSN of 123456 printed on it - just compare that to our customer database to make sure it's legit!
It also opens up a whole new type of attack. The problem with those smart cards is that there isn't really a way for the user to know what operation is actually happening. You're using a regular PC or smartphone to interface between the smart card and whatever entity you're trying to communicate with. But that could just as well be a phishing website pretending to be that entity, or malware doing a MitM. Or even just a random website pretending to need a signature for "age verification" when it's actually applying for a loan behind the scenes.
There's no "Do you really want to sign over your house to XYZ?" message on the card itself. And suddenly the government/bank/whatever is getting a request with a cryptographic signature which can obviously only be made by you - why would they have to double-check it if it cannot possible be fraudulent?
I agree that we should be moving to more secure systems, but those ID smart cards aren't a one-size-fits-all solution.
> There's no "Do you really want to sign over your house to XYZ?" message on the card itself. And suddenly the government/bank/whatever is getting a request with a cryptographic signature which can obviously only be made by you - why would they have to double-check it if it cannot possible be fraudulent?
My country's version uses separate mechanisms with separate passwords for "identify me, revealing my name/DoB/number" and "sign something". Obviously not impossible to pretend that you're signing an innocuous document and have you sign something else, but it at least removes some of the low-hanging fruit.
As a potential Mr. Doe, I'd love to have an ability to opt in to a stricter mode of banking. I would voluntarily ask my bank to refuse certain types of transactions in my name unless my identity can be confirmed by secure machine-readable means at my presence; internal phone calls should not qualify. It could be a bank card, or a passport — yes, both can be physically stolen, but it's much harder to pull off, and I would immediately warn my bank when I notice.
That seems entirely like an implementation detail that doesn't have anything to do with the smart card interface itself.
It's not like it's rocket science to have the reader application detail what the request is used for, and encoding it in the request/response, verified when used, so that it can't be used for anything but the approved purpose.
7 replies →
The US has infrastructure, but it's only issued to military and federal employees.
https://en.m.wikipedia.org/wiki/Common_Access_Card https://en.m.wikipedia.org/wiki/FIPS_201
How is key revocation authenticated?
Funny you should say that. Australia is trying to launch TEx -designed on open-source models to do this kind of thing. It's hitting the usual roadblocks of public acceptance of government mandated ID, in an economy which trashed the "australia card" idea back in the 80s. We're wiser now, we've been frogs boiled slowly: the downsides of central safe ID/auth are outweighed by the risks of loss of info giving everyone 100 points information.
The government now knows what we do most of the time anyway: layer-2 logs on our phones are constant. We lost any privacy some time ago. So now, getting security back might be a net win.
https://www.abc.net.au/news/2024-08-13/trust-exchange-digita...
Except it's being implemented by the people who brought you robodebt.
So i imagine the "Number of people driven to suicide" KPI is going to be pretty high. They're not going to want to ship something that performs worse.
Yes. There is that. But it's only true to the extent all government things are brought to you by the government. If the underlying IMS system used for datamatching by ATO and Centerlink is the product of the same s/w development group I'd be a bit surprised. It's different code.
But I am by tendency an optimist, and the open-source part (if they do that) means we can have eyes on their crypto assumptions behind the protocol and whats on the device.
MyGovID, which I think they're baking into it has been pretty solid. thats distinct from your mygov account, many of which have been hacked, in part because so few people used MyGovID.
(if you've got better info always happy to see it)
1 reply →
> layer-2 logs on our phones are constant.
Huh?
Every phone provider has a log of the IMEI binding to cell tower and triangulation over multiple towers. Call logs are one thing, carrier cell connect and disconnect is another.
If your phone is on, your position in time and space to some circular error is also known, continuously.
To say nothing of Bluetooth that's with the advertising hoardings and inside the store mainly.
Basically, any privacy nut with a phone and simcard is in denial.
1 reply →
We should be doing both, for different reasons. Ban data brokers because they allow anyone with a credit card to stalk people, more or less legally. Fix the SSN identity system because even if you ban data broker businesses, dark web brokers don't abide by the laws anyways.
I’d replace “instead of” with “in addition to”.
Going after data brokers seems like low hanging fruit, and necessary even if the ID system needs to be replaced. This is a top level issue that need to be addressed regardless.
While I think it’d be great to design a system where the information you mention is harmless (I’m curious how this would work without just shifting the problem to whatever new identifier is established), the reality is that this information is not harmless, and will continue to be dangerous to leak for the foreseeable future due to the myriad of systems that use this data in its current form. Any theoretical project to replace this would likely be a long and drawn out undertaking. Addressing the information environment in the meantime seems like a good idea.
> I’d like them to fix the problem rather than playing whack-a-mole with banning data sources
We should fix the problem and ban the data-sources. Whack-a-mole makes it sound like we're talking about a ban on one company, but what clearly needs to be done is a categorical ban on super sketchy business practices, and that seems simple enough. Data-brokers, if they are going to exist at all, need to accept the burden of proof to establish that every single row involves consent, and they need to acquire new consent for every single resale of the information. If that makes the whole industry unprofitable, too fucking bad. And if this looks bad for business, it gets even worse: good luck getting consent for reselling what is mine without offering me a cut.
Since the above kind of common sense looks crazy these days, let's throw in something even more radical. For anyone looking to fund UBI, ^ here's a start. The trouble with the often-mentioned idea of "tax the data" as a solution for privacy concerns is that these taxes are just redistributing wealth from corporations to governments, while all of profit is made with our information. Who wants the monetized details of their personal life to pay for the next unjust war, or even the roads in some place they don't live. If we are so valuable, put some of that money back in our hands, and if the price doesn't sound fair to us, then let us opt out of the sale.
The uneven availability of information means that no, it's not better to just design a better ID system. Data brokers give corporations far more advantages than a normal person could ever protect themselves against, because even if the data broke doesn't have your government issued credentials they can still easily designate who you are buy collating all the data from other means such as purchasing habits, cellular, and service guest lists.
It's politically a non-starter in the US. US states have a lot of power that is derived from their ability to maintain their own ID systems. The states have fought for almost 20 years on requirements as simple as REAL ID.
Plenty of countries have smart cards with chips and RSA keys that can be used to verify ID with much higher level of certainty, but then they usually don't use it.
Even just name, DOD and last 4 of the SS number and you are done.
It's ridiculous.
https://news.ycombinator.com/item?id=40961834
TLDR Login.gov, and publishing a circular to allow businesses to use it to identity proof. Push all liability onto the business for losses if this method is not used to identity proof. ID card as ljm mentions, such as a passport card. Very similar to credit card EMV chips and the liability shift from magstripe.
> I don’t know what that would look like but if I had congresses attention I’d like them to fix the problem rather than playing whack-a-mole with banning data sources. I don’t think any actual solutions come from that.
Aggregating data means it can be lost. You must therefore make aggregating and storing data toxic, and impossible to be leaked through eventual mismanagement.