Shostack + Friends Blog Archive


It's Not About Not Feeling Pain

On Monday, I had the opportunity to see Ed Tufte teach. Much of his analysis revolves around failures to think clearly. Things like poor presentation of data, or selection of data to not include enough context. He said he was in Houston last week, giving a class to the people who were responsible for the decision making failures that led to not examining the Columbia wing. This decision led to no action being considered to prevent the loss of 7 lives. He was in Houston, and apparently the people who created this slide were in the room. Several Boeing executives came to him and asked him to be gentle: He wouldn’t want to hurt their feelings, would he?

Apparently, he would. Their poor reasoning led to seven deaths. And so, in that spirit, Balrog, thanks for your comments. I like your “So you want to be a security consulant” post. But in “To ID Card or Not to ID Card,* you comment:

Germany has a long standing record of Identification Systems. I don’t believe this is either a bad or a good thing. It just is – what we as a society make of it is what makes it good or bad. Granted, it offers potential for abuse. Yet in the almost 60 years we’re having it, it has not been abused, partially because people are vigilant to this.

Why exactly, are people in Germany vigilant to abuse of their ID cards? Maybe something about how the previous government used information about their citizens? In IBM and the Holocaust, Edwin Black traces the history. Jews were rounded up based on census data, cross-tabulated with mandatory address registration. In other countries, it was easier: ID cards contained religious affiliation.

Regardless, I’m not asking for examples of I did this, and it didn’t hurt. That’s not science. What I’m asking for is a well thought out argument that ID cards won’t enable catastrophic failures.

* I can’t help but ask: “To be or not to be” is the opening of Hamlet’s famous soliloquy considering suicide. Was the irony intentional?

6 comments on "It's Not About Not Feeling Pain"

  • Cypherpunk says:

    In my state we already have a state ID card. It’s either a driver’s license, or for those who don’t drive, an identity card. Every state in the country has cards like these and everyone has one. What’s the difference between this and a national ID card? What exactly are the bad consequences which follow from renaming the collection of these state ID cards as a national ID card?

  • adam says:

    1) the cards are not required now.
    2) I think the current system of de facto, but not de jure requirements sucks. So I ask the opposite question: given that even terrorists on watch lists could get IDs in their real names, what are the consequences of giving up on the ID card mirage?

  • Axel says:

    You ask: “Why exactly, are people in Germany vigilant to abuse of their ID cards?”
    Let me ask in return: “Why exactly, are people in the US of A so anal about Freedom of Speech?”
    Apart from my expletive up there and the hard feelings it may evoke, the answer is pretty much the same: it’s the culture that you and I both grew up in. For me it’s absolutely normal to have an ID card and not use it much. For you it’s absolutely unthinkable to have censorship in any way. Okay, I don’t really know that but I have experienced this with a lot of US folks I know. Part of our vigilance is, indeed, grounded in the cruel horrors the Nazis did – generally, Germans will not allow this to happen again (let’s not discuss the apparent rise of Neonazism in Germany. That’s a whole different matter and it does not affect Germany alone). But by now, about three or four generations down the road from the end of WWII, it’s pretty much just ingrained into our mindsets. It’s what we’re used to.
    I’m actually not interested in this sort of discussion. I don’t want to make you or the US buy into ID cards – I’m convinced it is not possible to get the concept across to a society that is inherently wary of their government. It’s just that what you consider right for your society is not necessarily the same for others.
    I’m much more wary about the obsession of the current US government to collect data and infer whatever it is they want to infer. It’s new and thus there is no restrictive mindset to set limits to what is being done and what is not. We now have the means to do all sorts of things automagically with data collected.
    Besides, I’d really like to get down to the reasons why ID theft is not possible over here and rampant in the States and the UK.
    [As to Hamlet: I’m familiar with the play and while the title of my post was partly a reference to his monologue, it was partly just a well-sounding title :-)]

  • adam says:

    I’m happy to not have that discussion, and focus on your final question.
    I think ID theft is a result of a combination of things:
    American business laxity in following process, (oh, that doesn’t match? Who cares?); the lack of a generalized data protection law, which leads to credit agencies who, like choicepoint, are irresponsible; and the mis-assignment of liability after a case of impersonation which the first two points enable.
    Thus, if I open a bank account as you, and draw out lots of money (which I’ll presume happens everywhere), then in the US, that fraud gets attached to database entries about me. In Germany (I’m guessing) those databases are more controlled, and the fraud entry ends up closely tied to the original report. Here in the US, what happens is victims of the impersonation have to spend energy convincing firms they’ve never talked to that there was a fraud.
    I’m also not sure that ID theft doesn’t happen in Germany. It may well happen under another label, or not be reported on. Early victims of the crimes in the US had to move mountains to get anyone to believe their stories.

  • I’ll comment on your post about national IDs to spare this post the debate.
    But I’d like to offer an alternate reason that ID theft is prevalent in the US and not in Germany.
    In the US we simply do not have an identity system so theft is easy and rampant.
    Social security numbers are not identity cards (it even says that on them) but they are often used in lieu of them (my ‘secret’ number).
    Birth certificates are typically used to obtain most government issued ‘identity’ documents. Since the birth certificate offers little evidence of the holder’s identity (possession assumes validity). A common scam in one of the states was to request an official copy of the birth certificate of a deceased person of similar age/sex in order to assume that person’s identity.
    Passports are not widely held but probably the closest thing we have to an identity card but based on (the weaknesses of) the possession of a birth certificate.
    Driver’s licenses are typically used for identity but also based on possession of a birth certificate and easier to obtain. For people who don’t have a need for a driver’s license states offer an alternative ‘identification card’. A person can hold multiple states’ drivers licenses (policy varies from state to state) and thus as people move from state to state makes it a difficult identifier for commercial or federal use.
    @Axel – Tell me if this could happen in Germany:
    [Presuming I can glean the following information about Adam Shostock: birthplace, birthdate, age, father’s name and mother’s maiden name, and social security number]
    1) I request a copy of Adam’s birth certificate from the county clerk of his birthplace
    2) I ‘move’ to Montana and apply for a driver’s license in Adam’s name with my ‘new’ birth certificate (and SSN if needed).
    3) I get a job in Montana using my new license and Adam’s SSN.
    4) I also get utility bills now in Adam’s name
    5) Optional – I obtain a PO Box using Adam’s name and run my illegal business through it for a while (perhaps disappearing before I get caught)
    The real Adam is left with a huge mess on his hands.
    I could repeat this in a number of states if I don’t get into too much trouble.

  • adam says:

    I believe that how you get to point (6) is where things differ. By not relying on a single identifier, but a mass of evidence, it becomes clear that this isn’t the real Adam. Because German data protection laws make databases about people rare and expensive, the real Adam never gets impacted by the problem.
    So, shutting down the credit agencies might also stop ID fraud. (It would also make credit more expensive and difficult to obtain, which has a host of bad knock-on effects.)

Comments are closed.