The Assignment of a Mandatory Identifier
So two stories came out recently, and they’re connected by a thread, which is the assignment of identifiers. The first was in Government Computer News, “IG: U.S. Visit RFID needs better security controls,” which opens:
The RFID on the Form I-94s was designed with privacy protections, the inspector general said. Specifically, the RFID tag, which is a small computer chip, contains only a number. This number must be viewed within US Visit’s secure database to obtain personal information on the visitor.
Overall, the inspector general judged these privacy protections to be effective, and to present no “high or medium” information security vulnerabilities.
No, sir, that’s incorrect. That the card itself contains only a number means that that number will, eventually, be captured by a variety of actors, who will use it as yet another link in the chains which bind their databases. Worse, (as I understand it) the i-94 needs to be kept with the holder at all times, meaning that that number can be silently captured at the whim of anyone with the $50 to buy a radio receiver. Which brings us to the second story, “License Plate Tracking for All.”
The assignment of a mandatory and public identifier means that identifier will be captured and used by a variety of people, from police to lawyers to stalkers and murderers:
“I know it sounds really Big Brother,” Bucholz says. “But it’s going to happen. It’s going to get cheaper and cheaper until they slap them up on every taxicab and delivery truck and track where people live.” And work. And sleep. And move.
It all starts with the assignment of numbers. Then everything else, as Mr. Bucholz says, is going to happen.
PS: I must offer an appreciation for the clever fellows at AOL, who have offered us, if only briefly, AnonID.
“Surveillance is Security” image from Oilempire.us.