Comment by ljm
9 months ago
In many countries in Europe, your ID card contains a chip with a cryptographic key, much like chip&pin on a debit or credit card.
Those bits of information are worthless when you need to create a cryptographic signature with your ID card to do almost anything important.
If the card is lost or stolen they can just remove your old one from the keyserver. It's literally just public key crypto.
Identity theft is rampant in the countries that don't have such a system and basically require you give them increasing amounts of private information to prove who you are. In the UK that's every address you've lived in for 5 years, your council tax bill, your energy bill, your bank statement for a month... all because British people think an ID card means you'll get stopped on the street to show your papers.
No, fraud is rampant in the countries that don't have such a system. Calling it identity theft makes it sound like the onus on preventing the practice is on "whoever's identify was stolen", instead of correcting pinning the onus on the bodies issuing accounts and loans without verifying information or identity.
The US has three dumb points pushing back on this.
The first is religious nuts who think it would be a "mark of the beast"
The second is anti-government types who are, well, anti-government anything.
The third is many business owners, because it would become much harder/risky to hire illegal immigrants to work.
The "mark of the beast" types are pretty much fine with cards that have chips in them, but they really hate it when you threaten to implant those chips into people and they want cash to remain an option - same as the anti-government types. I don't share their apocalyptic or anti-government concerns, but I'm actually kind of grateful for their passionate opposition to both of those things anyway. I don't really want an implant and the option of using cash is a very good thing.
The anti-government types do hate the idea of a national ID, but they're already forced to carry a drivers license/state ID, and SS card so they've pretty much lost the battle already.
I'm afraid that it's the business owners who are our biggest hurdle.
It doesn't need to be a national ID, it could just operate on a state-level like drivers licenses currently do.
Eh, depending on the flavor, the mark of the beast types don’t even really like barcodes. Allegedly Hobby Lobby does not use a barcode inventory system for this reason.
6 replies →
Correct. But not insurmountable.
Make the ID card optional, so that it simplifies things if you have it, but still allows operation without it. If 80% of law-abiding population has the card, only the stubborn deniers will remain targets of easy identity theft and fraud based on it. Partly it will stop being worth the effort, partly it will serve as a good control group.
Allow but do not require to use the card for employee identification. Whoever insists on hiring undocumented immigrants, could continue. Most industries don't do that, and would reap the benefits of a more secure identification.
Don't make the card universal. A bank card with a chip does not identify you for governmental agencies, but prevents a lot of PoS fraud. It could prevent credit fraud if banks allowed me to require the card to take a loan in my name, or to make a transfer larger than $10, and provided the card identity check service to each other and to credit unions. Phones with NFC can read bank cards, so it's a good way to say "it's me, I confirm" in a secure way.
Evolutionary, opt-in, piecemeal solutions often have higher chances to succeed than abrupt all-at-once changes.
>Most industries don't do that
They absolutely do, but most of the immigrants have a form of ID that gives the companies some measure of deniability. As long as the I-9 goes through, not my problem. If it doesn't, well that's where contractors come in. Official numbers say around 14 million illegal immigrants. Reasonable estimates are closer to 22 and some non-hyperbolic estimates go as high as 40 million.
>Make the ID card optional, so that it simplifies things if you have it, but still allows operation without it. If 80% of law-abiding population has the card, only the stubborn deniers will remain targets of easy identity theft and fraud based on it. Partly it will stop being worth the effort, partly it will serve as a good control group.
Kind of like RealID[0]? It exists right now in the US.
[0] https://en.wikipedia.org/wiki/Real_ID_Act
1 reply →
If it's optional, then one would need to be able to have a central database of people who have IDs and want providers to require them.
Otherwise there's no protection against impersonation if IDs aren't mandatory.
1 reply →
Governments murdered hundreds of millions of their own people during the 20th century, and the 21st is shaping up to tell the 20th to hold its beer.
Any proposal for modern ID needs to have Constitutional protections, checks, and balances or it will eventually devolve into a digital police state.
A lack of national ID cards would not have hindered the Nazis in carrying out mass murder one bit.
3 replies →
How?
Everyone's like "a government went on and extermination campaign" and for some reason what would've stopped them is the difficulty in identifying who to exterminate?
As though genocides much care about accuracy.
The big secret of Nazi Germany that isn't a secret at all I is that they put a lot more then just Jews in those camps.
2 replies →
There is another group: those of us who think the trend of requiring ID to transact is a dangerous one.
One doesn’t need to be anti-government to fear governmental intrusion on one’s rights without due process. Our current government does that now.
> those of us who think the trend of requiring ID to transact is a dangerous one.
agree and second -- history shows that this sort of thing goes badly due to "humans"
> The third is many business owners, because it would become much harder/risky to hire illegal immigrants to work.
Big one, but even though employing illegal immigrants is a crime, it's almost never prosecuted.
It's trivial as an immigrant to get a (stolen) SSN. Business owners are not responsible for checking if the SSN is stolen or not.
You're forgetting the entire political left, who claim only whites are intelligent enough to get IDs.
> all because British people think an ID card means you'll get stopped on the street to show your papers.
That's probably because all of the anti-immigration and anti-foreigner people who are asking the government to stop people and ask them for their papers... this is not unique the the UK, Canada, or the United States either, and some of the countries plan to do more than just deport people.
Strong identity is increasingly a meaningful technical requirement, but glossing over the human impact of strong identity controls by the government is not going to have good outcomes either.
Not really in Britain. Labour tried to introduce some national id in early 2000s, the right wingers were the ones who objected the most. The same right wingers who are most anti-immigration
I think most of those right wingers are against illegal immigration. There's a big distinction here.
I think very few of those so-called right-wingers are -say- against doctors immigrating to one's country if there's a doctor shortage. As long as immigration is all done using legal means. And with proper checks and balances.
I'm a right winger (but not born and raised in the UK). And I am very much against illegal immigration. I also don't want to be required to wear an identity card / passport with me at all times.
Actually, with proper immigration policies in place, the state can be sure that most people inside the state are legal, law-abiding citizens. I don't think in such cases it does make sense to require people to wear an id card with them at all times.
16 replies →
Yeah, id cards aren't mandatory in France either because the precedent when they were comes from literal Nazis. (At least theoretically, in practice you will face a lot of pressure...)
> Those bits of information are worthless when you need to create a cryptographic signature with your ID card to do almost anything important.
That depends on the type of attack you're protecting against. It might prevent an attacker from filing your taxes for you, but many companies are still going to use this kind of information as primary key. But it's not going to stop an attacker from pretending to be a bank employee, calling a genuine bank employee via a secret internal-only number, and claiming they've got Mr. Doe in their branch trying to do a critical transaction but their phone broke so they can't use the bank app. Yeah, the Mr. Doe living at 987 Main Street, that one. See, you even verified their ID, and it has a SSN of 123456 printed on it - just compare that to our customer database to make sure it's legit!
It also opens up a whole new type of attack. The problem with those smart cards is that there isn't really a way for the user to know what operation is actually happening. You're using a regular PC or smartphone to interface between the smart card and whatever entity you're trying to communicate with. But that could just as well be a phishing website pretending to be that entity, or malware doing a MitM. Or even just a random website pretending to need a signature for "age verification" when it's actually applying for a loan behind the scenes.
There's no "Do you really want to sign over your house to XYZ?" message on the card itself. And suddenly the government/bank/whatever is getting a request with a cryptographic signature which can obviously only be made by you - why would they have to double-check it if it cannot possible be fraudulent?
I agree that we should be moving to more secure systems, but those ID smart cards aren't a one-size-fits-all solution.
> There's no "Do you really want to sign over your house to XYZ?" message on the card itself. And suddenly the government/bank/whatever is getting a request with a cryptographic signature which can obviously only be made by you - why would they have to double-check it if it cannot possible be fraudulent?
My country's version uses separate mechanisms with separate passwords for "identify me, revealing my name/DoB/number" and "sign something". Obviously not impossible to pretend that you're signing an innocuous document and have you sign something else, but it at least removes some of the low-hanging fruit.
As a potential Mr. Doe, I'd love to have an ability to opt in to a stricter mode of banking. I would voluntarily ask my bank to refuse certain types of transactions in my name unless my identity can be confirmed by secure machine-readable means at my presence; internal phone calls should not qualify. It could be a bank card, or a passport — yes, both can be physically stolen, but it's much harder to pull off, and I would immediately warn my bank when I notice.
That seems entirely like an implementation detail that doesn't have anything to do with the smart card interface itself.
It's not like it's rocket science to have the reader application detail what the request is used for, and encoding it in the request/response, verified when used, so that it can't be used for anything but the approved purpose.
> It's not like it's rocket science to have the reader application detail what the request is used for, and encoding it in the request/response
The reader application can, sure, but what ensures that that "reader application" is genuine and can't be subverted? The card's own processor is supposedly tamperproof, but all the display etc. is in the reader which is probably owned and controlled by whatever third-party you're identifying yourself to, or at best it's a random application running on your PC/phone with whatever malware you have.
1 reply →
Why do you trust the reader though? It could display one thing and send another. Although I guess this also happens with payment card terminals. Who's to say the €3 displayed is not charged as €300...
4 replies →
The US has infrastructure, but it's only issued to military and federal employees.
https://en.m.wikipedia.org/wiki/Common_Access_Card https://en.m.wikipedia.org/wiki/FIPS_201
How is key revocation authenticated?