Misc: May 2010 Archives


May 7, 2010

As I previously mentioned, my friend Terence bought this, uh, artwork, which sells itself on eBay. Well, Terence has hit the big time with an article in the NYT magazine.
Spies, who is the chief technology officer at Voltage Security in Palo Alto, Calif., describes himself as a collector of "baffling contemporary art." (He mentions the almost monochrome panels of Anne Appleby and Molly Springfield's meticulous drawings of photocopies.) He says another collector once advised him to buy art that "people have a reaction to - good or bad." And "A Tool to Deceive and Slaughter" has elicited reactions ranging from "You're really crazy" to "You're slightly crazy." He's O.K. with that. It "sets people off," he continues, "because it's not even clear what you own."


The new opening minimum bid is calculated to cover shipping and other overhead, so the seller won't lose money, but this setup also limits how much the seller can make should the piece appreciate in value over time. And of course it's possible Spies can own the piece indefinitely - if it fails to become more valuable. "It was totally not an investment," he says, cheerfully. That's good, because as of this writing, "A Tool to Deceive and Slaughter," priced at $6,858, has attracted no bidders.

For reference, a full-page ad in the Times Magazine runs $90k.


May 1, 2010

Part of the Democratic immigration plan is to require every American worker to have some kind of biometric identification [*].
The proposal is one of the biggest differences between the newest immigration reform proposal and legislation crafted by late Sen. Edward Kennedy (D-Mass.) and Sen. John McCain (R-Ariz.).

The national ID program would be titled the Believe System, an acronym for Biometric Enrollment, Locally stored Information and Electronic Verification of Employment.

It would require all workers across the nation to carry a card with a digital encryption key that would have to match work authorization databases.

"The cardholder's identity will be verified by matching the biometric identifier stored within the microprocessing chip on the card to the identifier provided by the cardholder that shall be read by the scanner used by the employer," states the Democratic legislative proposal.


"The biometric identification card is a critical element here," Durbin said. "For a long time it was resisted by many groups, but now we live in a world where we take off our shoes at the airport and pull out our identification.

The usual privacy groups are upset about this. I'm not sure how thrilled I am about it either, but that angle seems played out. Right now, I'm more interested in the security issues.

First, the American system of personal identification is far weaker than would be required to really support this strong a system of identification. The only real personal identification most US citizens have is a birth certificate (if they can find it; I don't know where mine is) and a driver's license. This is reflected in the proof of right to work requirements: All that's required to get a US passport (sufficient for proof to work in the US) is a birth certificate and some form of personal identification (e.g., a driver's license). And at least in California all you need to get a driver's license is a birth certificate, so basically all you need is a birth certificate. Similarly, a social security card (trivially forgeable) and a driver's license are sufficient to establish the right to work. Any new identification system like the one proposed here would need to be based on the same shakey foundation. It's not clear that there's a lot of point in requiring this strong a piece of identification (fingerprints, etc.) when we have this weak a notion of people's identity to start with.

Second, the system as described seems incredibly inconvenient, given that it effectively mandates that every employer in the country have some new scanner that can be used to verify the user's fingerprint.1 That seems like it's going to have a huge scalability problem. It's not clear how this is going to work in practice, either: is the scanner going to actually check the user's fingerprint (lots of opportunities for false rejects here), display the fingerprint and require employers to check it (you've gotta be kidding me, right?), or send the fingerprint back to Washington where it can be checked centrally. This last seems like the most practical option.

Regardless, I have two simpler approaches: the first preserves the personal identity check but with much less infrastructure. We replace social security cards and SSNs with a new, longer, identifier (18 digits should be plenty long).2 These numbers are effectively unguessable, but the US government maintains a central database that matches them to pictures (this database can be generated the same way as we were planning to establish the system described above). When you go to hire a new employee, you ask for their card (actually the number is enough) and type their number and your own TIN into https://www.identitycheck.gov/. The site shows their picture and you just compare it against the person in front of you. This creates a record in the database of the check, which establishes that you have done the check and provides a secure mechanism for delivering the (customary) biometric without the need for any new technical infrastructure at the vast majority of employers.

Really, though, we could probably dispense with the biometric entirely. As long as we have an entry in some national database of everyone who is allegedly working [keyed by SSN] and what job they hold (including when they started and stopped and some limited information about what hours they work) it should be possible to data mine the database for multiple SSNs and catch most cases of people not authorized to work, since each will have to present some legitimate number, and most numbers which can be used already are in use by other people working other jobs.

So, I'm not sure why this seems like a good idea to Durbin et al. Rather, it just seems like the more general misplaced faith that people seem to have in positive identification as panacea.

1. And what's with the microchip? All you need here is a digital signature, which doesn't require any kind of chipcard. If Congress wants a system like this, they should probably let professionals design it rather than trying to specify every detail.
2. The idea behind the longer identifier is to make it prohibitive to try random identifiers and get people's actual data. We just need a long enough identifier that most random values are invalid. If we capture the requester's TIN, then any significant number of bogus identifier requests points directly to this kind of fishing expedition. Really 18 digits is probably too long, but since 9 digit SSNs are already too small, we might as well buy ourselves some room.