Personal ID infrastructure - a proposal

[Winstonm]

I guess we take our lead from the Justice Dept next time we declarer war.

 

I am not holding my breath until Congress does its Constitutional duty and actually declares war. That vote is so final and terribly difficult to spin. It's so much easier to "approve military action" and turn it over to the commander-in-chief to either win it and look good or screw it up and drop to 28% in the polls.

 

Naw, we can't turn it over to the DOJ and the FBI - they are still trying to figure out who sent the anthrax letters to Sen. Leahy and Sen. Dachsle. I guess the "follow us home' concept was reversed by invading Iraq and we must have "sent them home" since there has been no follow up anthrax attack.

 

Concerning "follow us home", I do think it awfully "sporting" of al-Qaeda to wait until they can "follow us home" instead of attacking on mulitiple fronts at once - must be that British-influence carrying over, fair play all that, good man.

 

This is the same Justice Dept that you say day after day is lead by incompetents?

 

If you wish to paraphrase me, please try to be more accurate. I never said the DOJ leadership was incompetent - disinginuous, politically motivated, underhanded, any of these would be a more apt description of my implications.

 

What did the NSA, Defense or CIA say and how many Generals does the Justice Dept have?

 

 

Your faith in the honesty, integrity, and total righteousness of the executive branch is counterintuitive with someone who lived through two Kennedy assasinations, LBJ, Martin Luther King, Nixon, Vietnan and Watergate.

 

The NSA, DoD, and CIA are subject to checks and balances so what they say is not the end all of debate. Do you really think it mattered in Germany what the SS or Generals had to say? There is a word for placing all of the state's power into the hands of a single person or a single group: totalitarianism.

The DoJ may have one general counsel, but I'm not sure about that. :o

 

Let me take one wild guess here - you were a student of Strauss? :)

[paulg]

Anyone who has been involved in the engineering of information systems in a country with widespread use of CPR numbers (Denmark, in my case) and also in a country without such use (Netherlands in my case) knows how an enormous difference it makes.

I thought the Dutch sofi number had much the same meaning.

 

Similarly, in England everyone has an NI number (although it's got letters in it), but the only people who actually use it are the NHS and HM revenue & customs.

I think "use" is a little strong for HMRC as that implies efficiency. Abuse would be more appropriate given that this single government department maintains multiple systems that are inconsistent despite a unique identifier.

 

p

[helene_t]

Helene the problems I have with your proposal is not what computers do with the data they have, but what people do with the data they get or can access.

 

Having nothing to hide is not the same as a live broadcast from your bedroom.

 

You would be much more transparent, that the state.

 

And just imagine that someone who knows your CPR, can almost do anything with it, that you can.

I've probably been very unclear. Maybe I should not have included that I personaly have no problems with Big Brother. My whole point is that I want to protect those who do have problems with Big Brother, even if I personally question the rationality of such sentiments.

 

Also, maybe my use the word "transparent" may be unfortunate. I certainly don't want every citizens psychiatric record, consumption pa tern and sex life to be transparent: what I want to be transparent is the extent of government (and private) access to personal data. How far that access should go is a very important issue, but it's not the issue I raise. What I don't want is

- The letter of the law says that certain information is private while in fact it's not

- Everybody thinks their data are private while in fact they're not.

- People refuse to share their data with responsible and legitimate users because they have a fuzzy feeling (sometimes correctly, sometimes not) that it's impossible to prevent the data from leaking.

- The spirit of the law says that certain data should be private while the letter of the law says they are not because an inflexible infrastructure makes privacy infeasible

- People cannot control access to their own data, not so much because the government wants to control it, but because a clumsy infrastructure dictates one-size-fit-all solutions.

 

My first point is that use of CPR numbers instead of names etc. is not only more convenient but also makes privacy protection more effective and make the government's access to private data more transparent.

 

My second point is that I would like to go further by replacing CPR numbers by surrogate keys.

[Winstonm]

My first point is that use of CPR numbers instead of names etc. is not only more convenient but also makes privacy protection more effective and make the government's access to private data more transparent.

 

My second point is that I would like to go further by replacing CPR numbers by surrogate keys.

 

I have no real issues with this idea except in the practical sense. If one were born into such a system there would be no problem; however, to convert from a different system would create, IMO, a clash over what information the government feels it has rightful need to know versus what the populace believes is adequate, with the resolution being made by the elected representatives (hence, the government as sole judge as to what information is vital.)

 

Then there is the problem of the creation and storage of these surrrogate keys, meaing it seems to me that someone, somewhere would have access to what is in essence a "master" key that unlocks everything.

 

While the U.S. dispersion of information storage and retrieval into non-centralized areas is clumsy and slows productivity, it is much like the concept of the government itself, being a slow and clumsy organization created purposefully that way in order to diminish its power while increasing public freedoms.

 

However, I'm just talking from the top of my head because I really don't know much of anything about this type of sophistication of information storage and retrieval - I'm lucky if I can log onto BBonline the first time I try. :blink:

[helene_t]

Then there is the problem of the creation and storage of these surrrogate keys, meaing it seems to me that someone, somewhere would have access to what is in essence a "master" key that unlocks everything.

That is a real risk. Basically, I'd like to let everybody decide on this issue for themselves:

Of course it will be my personal choice to rely so heavily on my trust in cpr.dk. Others may use their church, or their trade union, or their employer, or their own garage-shop Linux server shared with some friends, as administrator of their main identity. Or they may have no main identity at all but just granting multiple links, for example a direct link from bbo to the phone company and another direct link to the bank.

It could be that I suddenly realize that my trusted cpr.dk has been leaking confidential information to all kind of evil forces within and outside the government. I could move my master ID from cpr.dk to some other institution, but it may be too late. For example, I could prevent the talent scouts that I rely on for career development from obtaining updates of my psychiatric record, but they already have all information about me for the first 40 years of my life, and they have linked it to all kind of difficult-to-change keys like my earlier employers, my photo, my fingerprint, my DNA profile, my BBO nickname etc.

 

A story from real life: A few years ago I had some personal reasons to get a new identity. After obtaining the permission from the ministry of justice, I went to the church where I was baptized and let them change my name, place of birth, and mother's surname. The church forwarded the request to cpr.dk, who changed my cpr number on the church's request. It is the decision of the Danish government to let the churches serve as interfaces between citizens and cpr.dk. For right or wrong, they have more confidence in clerical servants than in the security of direct phone, snail-mail or email communication between citizens and cpr.dk.

 

In theory, this means that no information about me from the first 32 years of my life can be linked to information from the latter 9 years of my life:

- My university diplomas did not belong to me anymore because the cpr number printed on them was not mine anymore. But I recreated the link by showing the certificate of cpr number change to the university clerk, asking her to change my cpr number in the university IS. Now the university clerk could in theory post the old and the new cpr number on her blog so that everybody can re-establish the link. AFAIK that has not happened. A more serious question is if I could have stolen the diplomas from someone else by showing a fake certificate.

- My money, however, still belonged to me. cpr.dk told my bank to transfer all my money (including stocks, retirement funds etc) to my new cpr number. Unlike the university, the bank handles this fully electronically and (supposedly) destroys my old cpr number afterwards so no bank employee could leak the link. Of course, there could be a spyware infection in the bank IS.

 

Sounds cool, doesn't it? Considering how exotic the case is (I think each year a handful of Danes get a new cpr number) I was amazed by the smoothness of the procedure.

 

Then I went back to the Netherlands. They had a lot of information about me linked to my old data. This name etc. change had to be dealed with seperatly at different offices. Generally, the clerks had no clue about how to deal with it. For example, one anoying clerk at the municipality insisted on keeping my old data unless the ministry of foreign afairs told him otherwise. Since it would cost me a lot of work and legal expences to let the procedure go through Foreign Affairs, I decided to let the case rest until he was on holyday. The clerk on duty during his holidays was more flexible and just changed everything herself.