Shostack + Friends Blog Archive


Properties of National ID Systems

In “learning from others,” Jerry Fishenden writes at length about National ID systems and their impact on society. His post includes a list of properties an ID system should have, (originally from Niels Bjergstrom). His theme that these systems don’t only have ‘features,’ but properties is an important one. I’d like to suggest two additions:

  • Use of the system must be designed for audit.

    Too often, we simply don’t know who is using the data, or for what. The new RFID-enabled US passports will provide anyone who comes in contact with them with a new, globally unique number, and it will be impossible to know who is collecting that number, or how they’ll use it. That is a poor design for a system.

  • Uses of the system must be authorized by law, and unauthorized uses should bear penalties.

    In the US, use of the social security is essentially unregulated, because anyone with a new idea simply claims to be outside the existing regulations. (“Oh, no, we’re not a credit bureau, we’re a data broker,” or “We’re not selling credit data, we’re selling credit headers!“) A failure to regulate means that the government provides a subsidy to privacy invasions that otherwise wouldn’t take place.