Educated Guesswork: Why people don't like national ID cards

« Cooling for performance | Main | When associating is outlawed... »

July 9, 2005

Why people don't like national ID cards

If you wonder why people are opposed to national ID cards, you might want to read Perry Metzger's message from the cryptography mailing list here:

Perhaps I can explain why I am.
I do not trust governments. I've inherited this perspective. My grandfather sent his children abroad from Speyer in Germany just after the ascension of Adolf Hitler in the early 1930s -- his neighbors thought he was crazy, but few of them survived the coming events. My father was sent to Alsace, but he stayed too long in France and ended up being stuck there after the occupation. If it were not for forged papers, he would have died. (He had a most amusing story of working as an electrician rewiring a hotel used as office space by the Gestapo in Strasbourg -- his forged papers were apparently good enough that no one noticed.) Ultimately, he and other members of the family escaped France by "illegally" crossing the border into Switzerland. (I put "illegally" in quotes because I don't believe one has any moral obligation to obey a "law" like that, especially since it would leave you dead if you obeyed.)
Anyway, if the governments of the time had actually had access to modern anti-forgery techniques, I might never have been born.
To you, ID cards are a nice way to keep things orderly. To me, they are a potential death sentence.

There's almost no need in your ordinary life to be positively physically identified. Yes, I know you end up showing your ID several times a week to register for video accounts or cash checks, but that's because all of our mechanisms for ensuring trustworthiness are tied up in physical identity. The people looking at your ID mostly don't care who you are. They just want to know that they're going to get paid. It's easy to construct systems with that property that aren't actually ID cards. In fact, you've probably noticed that you can regularly use your credit card without showing ID--that's because the merchant doesn't absorb the cost of credit card fraud, and the credit card company wants your credit card to be easy to use.

Posted by ekr at July 9, 2005 6:58 AM | Filed under:

Comments

Just how doesn't that story demonstrate that people want weak or no ID to skirt laws? The supposed object lesson of this story is that IDs are bad. No, what is bad are the laws with which those IDs were tools to enforce. In many countries, policemen are used to enforce bad laws (as in the story Perry gave). Does that mean policemen are bad and we should do away with them?

Posted by: Grumpy at July 9, 2005 11:09 AM

Grumpy, the object lesson isn't that "IDs are bad", but that identity can be used in ways that don't fit our views of right and wrong. Perry's grandfather's *identity* was criminalized. He committed the crime of being himself, full stop. There was no behavioral change he could make to come into compliance and no choice for survival other than being someone else. If that road was closed as well, he would have been killed.

I believe EKR's larger point is that whenever we substitute identity for someother property (like the likelihood someone will pay), we not only are generally doing so for no reason, but also are doing so in ways that heighten the risk to the individual. At the moment, for example, it increases the loss if someone sets out to steal that other property. "Identity thieves" don't care about being ekr, grumpy, or skippy; they want to steal our ability to pay. That in so doing they might force us to recreate many other aspects of our lives (ability to receive medical treatment in the U.S., eligibility for U.S. Social Security, even the relationship to our academic credentials) is a testament to our overloading the same identity.

I won't touch your policeman analogy, but I hope you'll rethink it.

Posted by: skippy at July 10, 2005 7:33 AM

I think you'll find that merchants do pay the cost of fraud. It's just that if they don't accept credit cards, then they cut themselves off from such a large amount of business that they deal with this cost.

FYI.

Posted by: chris at July 10, 2005 10:03 AM

I should have been clearer: in card present transactions (i.e., the customer gives the merchant the piece of plastic and signs the receipt) the merchant still gets paid even if the card turns out to be stolen. On the other hand, in card not present transactions (e.g., over the Internet) then the merchant has to absorb the cost of fraud. The relevant case for presentation of ID is card present.

Posted by: EKR at July 10, 2005 10:59 AM

We already have ID cards in the U.S., it's just that they are issued by states and not by the federal government. So the story about Perry Metzger's ancestors, important as it is, does not go to the issue at hand. It's not a question of having ID's or not; we have them already. It's whether the IDs should be issued by the states or by the national government. I don't see that his story sheds much light on the issue.

Posted by: Cyphrpunk at July 10, 2005 9:03 PM

Cyphrpunk: I agree that Perry's story doesn't tell you anything useful about states vs. federal. I took his point to be that we have too many IDs already.

Posted by: EKR at July 10, 2005 10:17 PM

As the amounts involved in the transaction increase, the vendor really does care about identity. Just because a person presents highly fungible funds does not mean that a vendor can accept them. An example is a person involved in a divorce with an order to not spend money on luxury items. In this case, the merchant may end up with a huge hassle and out of pocket expense to recover property and return the funds.

A simple tangible example is selling a car. You don't want to sell a car to someone involved in bankruptcy, with an outstanding order to pay from the court, etc.

Posted by: Steve Purpura at July 10, 2005 10:27 PM

Steve,

How does this pertain to requiring ID? The cases you mention are all ones where the person trying to pay is indeed the real owner of the card. Any ID check would complete successfully...

Posted by: EKR at July 10, 2005 11:06 PM

Please also checkout:
http://realIDSucks.blogspot.com .
What's special about RealID is the amazing number of ways it's awful. I share Perry Metzger's concerns, but also, think about:
+ People hacking into the realID data base
+ Motor Vehicle Bureau employees selling the info on the side
+ Taking five hours to renew your license if you actually managed to bring all the necessary ID with you. (Most states allow people to mail in renewals; now we'll ALL have to appear in person and give a great account of ourelves.)

And don't forget the unmandated $700 million the states will spend to comply with all this.
- The Precision Blogger
http://precision-blogging.blogspot.com

Posted by: Precision Blogger at July 13, 2005 6:58 AM

Eric,

In answer to your question: one of the key points from your post is your claim that there is almost no need in your ordinary life to be positively physically identified. This isn't true. Some vendors have a responsibility to identify you in significant transactions. And it's not just to guarentee payment, although, in the end, it is related to money/insurance.

Posted by: Steve Purpura at July 13, 2005 9:02 PM