From: “E. Allen Smith” <EALLENSMITH@ocelot.Rutgers.EDU>
To: cypherpunks@toad.com
Message Hash: 732261f3fa9f8e1e29ec9f58d1ad18eddb887b6686851a0aff6217fa26408f60
Message ID: <01I960QKGRV49JDL62@mbcl.rutgers.edu>
Reply To: N/A
UTC Datetime: 1996-09-07 02:13:48 UTC
Raw Date: Sat, 7 Sep 1996 10:13:48 +0800
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 7 Sep 1996 10:13:48 +0800
To: cypherpunks@toad.com
Subject: More identification laws
Message-ID: <01I960QKGRV49JDL62@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain
From: IN%"rre@weber.ucsd.edu" 2-SEP-1996 22:33:17.31
[The new welfare bill in the US has profound privacy implications and
will require major new identification systems and databases. See the
article on the front page of today's (9/2/96) New York Times for some
details. (There's a bunch of useful Internet stuff in the business
section too.) This issue of the Privacy Forum, which I've abridged
and rearranged, includes three items on Social Security Numbers and
another on fingerscanning. This is really it: pressures for universal
identifiers are growing exponentially from a hundred directions as we
speak. I wish I knew how to communicate the magnitude of it. If half
the stuff currently being launched in this area really happens then
the world is going to be completely different a year from now -- give
it two if the system development projects choke as per usual on their
overambition. I hope you're not sick of this topic, because you'll
be hearing lots more about it this autumn. Educate, agitate, organize.
Please. Speaking of which, I've also enclosed a note about a Privacy
International web page on national identification cards.]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command. For information on RRE, including instructions
for (un)subscribing, send an empty message to rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Date: Sun, 1 Sep 96 18:14 PDT
From: privacy@vortex.com (PRIVACY Forum)
Subject: PRIVACY Forum Digest V05 #16
PRIVACY Forum Digest Sunday, 1 September 1996 Volume 05 : Issue 16
----------------------------------------------------------------------
Date: Fri, 30 Aug 1996 10:51:45 -0700 (PDT)
From: jd@scn.org (Janeane Dubuar)
Subject: NCSL ALERT: Driver's Licenses and Birth Certificates
This alert came by mail from the National Conference of State Legislatures
in Washington, D.C. I added an update which includes the names of
House-Senate conferees. The federal immigration bill (H.R. 2202) is
expected to emerge from conference committee some time during the first
week of September. Now is the time to act.
TOWARD A NATIONAL IDENTIFICATION CARD AND MORE RED TAPE:
CONGRESS MANDATES CHANGES TO DRIVER'S LICENSES AND BIRTH CERTIFICATES
On May 2, 1996, the U.S. Senate passed S. 1664 (now called H.R. 2202 -
Senate version), a bill to reform illegal immigration, that proposes
monumental changes to all driver's licenses and birth certificates
(section 118). These changes will force most U.S. citizens to obtain and
pay for new driver's licenses and birth certificates; compromise each
citizen's right to privacy; violate state and local control over driver's
licenses and birth certificates; and invite discrimination against
minorities. The Congressional Budget Office estimates that the federal
driver's license mandate alone will shift up to $20 million in costs to
states and localities. The House also passed an immigration bill, H.R.
2202. The House bill does not contain the driver's license and birth
certificate mandates. Both House and Senate immigration staff are
currently reconciling the two bills in an informal conference committee.
Phone calls to House and Senate Leadership are urgently needed to demand
that the driver's license and birth certificate mandates be deleted from
the final bill.
What Does the Senate Version of H.R. 2202 Require?
1. Driver's Licenses - State driver's licenses and identification cards
MUST CONTAIN THE APPLICANT'S SOCIAL SECURITY NUMBER. The federal
government will also create new federal standards for the application
process and design of all driver's licenses and ID cards. States that
currently retain and verify an applicant's social security number but do
not place the number on the cards are initially exempt from the social
security number mandate. According to the American Association of Motor
Vehicle Administrators, of the 38 states that do not require the social
security number to be on their driver's licenses, only Massachusetts would
qualify for this exemption; all other states would be required to place
social security numbers on driver's licenses and ID cards. All states are
required to conform to the other federal standards. States with cycles of
renewal longer than six years must start October 1, 2006. After October
1, 2006, NO ONE may use a driver's license or ID card for identification
purposes that does not meet these federal standards.
2. Birth Certificates - All birth certificates must be printed on
federally-approved safety paper and be certified by the issuing agency.
The federal government will also issue additional provisions requiring
other security features in the future. Starting in 1999 (three years
after the bill's enactment), birth certificates that do not meet these
federal standards cannot be accepted by any federal agency or by any state
or local agency that issues driver's licenses or ID cards.
Who Needs a New Driver's License?
Anyone who wants to use their driver's license as a valid form of
identification after October 1, 2006. If you need to use a driver's
license to vote, to apply for a passport, to qualify for a federal school
loan, license, contract or public assistance program or to meet any other
federal, state or local requirement you will need a new driver's license.
Will I Have to Put My Social Security Number on My Driver's License?
Yes. While most states currently give applicants the option of not using
this number on their driver's license or prohibit its use outright, the
new federal requirements will force almost every American to put their
social security number on their license or ID card. Many citizens are
concerned by laws that increase the circulation of their social security
number. The social security number is a key which provides access to
vital personal information, which could be misused if it fell into the
wrong hands. Others believe that proposals making driver's licenses
uniform, including social security numbers, are a significant step toward
a national ID card. Finally, many minorities contend that they will be
disproportionately affected by the new requirements because they will be
asked to show their documents more often than other Americans.
Who Needs a New Birth Certificate?
Anyone who wants to use their birth certificate as a valid form of
identification after October 1, 1999. If you need to use your birth
certificate to establish citizenship, apply for or renew a driver's
license, passport or other identification documents, obtain a marriage
license, register to vote, change your name, or many other purposes you
will need a new certificate. No matter how old you are, if you need to
use your birth certificate it must conform to the new federal standards,
otherwise it is invalid. Fees will almost certainly be charged for new
birth certificates to pay for the new federal requirements. This will
impose a significant hardship on elderly and low-income Americans.
THE DRIVER'S LICENSE AND BIRTH CERTIFICATE MANDATES IN ILLEGAL
IMMIGRATION BILL H.R. 2202 (Senate) WILL...
...INCREASE SOCIAL SECURTY NUMBER FRAUD. H.R. 2202 (Senate version)
will require the vast majority of automobile drivers in the U.S. to put
their social security numbers on their driver's licenses. In the future,
whenever someone shows their driver's license they will also be exposing
their social security number. With the social security number accessible
to so many people, it will be relatively easy for someone to fraudulently
use your social security number to assume your identity and gain access
to your bank account, credit services, utility billing information,
driving history, and other sources of personal information. This new
federal law will compound and exacerbate a disturbing trend reported by
banks and credit card companies that social security number-related fraud
is already on the rise.
...INVADE PRIVACY AND THREATEN CIVIL LIBERTIES. According to the
Privacy Rights Clearinghouse, when social security numbers were first
issued in 1936, the federal government assured the public that use of the
numbers would be limited to social security programs. The driver's
license and ID card provisions in H.R. 2202 (Senate version) violate this
promise, and will dramatically increase the circulation of the social
security number and its use as a national identifier. Now more
corporations, creditors, insurance companies, government officials and
others will be able to get easier access to vast amounts of personal
information that can be used to support marketing schemes, determine
insurance and loan eligibility, gain an advantage in a lawsuit, etc.
...PREEMPT STATE LAWS AND SHIFT COSTS TO STATES AND LOCALITIES. According
to the Automobile Association of America, 38 states do not require drivers
to put their social security numbers on their driver's licenses.
Legislation has been introduced in a number of states (including
Mississippi and Hawaii) that require social security numbers on their
driver's licenses to take the numbers off the card because of fraud and
privacy problems. The new federal law would require all but Massachusetts
to change their laws, taking this option away from the majority of the
nation's drivers and limiting state authority to decide whether this
policy is appropriate for their residents. The bill also gives the
federal government wide latitude to develop new and more costly
requirements for state driver's licenses, ID cards and birth certificates
in the future. According to the Congressional Budget Office, the new
unfunded federal mandates in the law will shift up to $20 million in costs
to states and force states and localities to increase fees for birth
certificates to pay for new federal requirements.
...LEAD TO A NATIONAL ID CARD THAT DISCRIMINATES AGAINST MINORITIES. By
requiring states to tie the social security number to state-issued
identification documents, the proposal marks a dramatic shift toward using
the number as an identifier. Today's mandate that the states follow
federal requirements in their identification documents will lead to
tomorrow's mandate: that the federal government issue the identification
documents itself to ensure uniformity and reliability. Make no mistake:
this provision is a key building block for national identification
documents, and the national ID card. If such an ID card is mandated,
Latinos, Asians, and other Americans who "look foreign" or speak with an
accent will be expected to produce this document far more often than other
Americans, especially if they live in border areas. Increasing
discrimination against our own citizens is no way to deal with the problem
of illegal immigration.
...TANGLE CITIZENS IN GOVERNMENT RED TAPE. The federal bill requires any
citizen that needs to use their birth certificate for official
identification to get a reissued birth certificate from their place of
birth by October 1999. Senior citizens that intend to apply for Medicare
will need to obtain a new birth certificate. Couples engaged to be
married will need new birth certificates for a marriage license and to
change their names. Professionals traveling internationally for business
or families going on vacation overseas will need new birth certificates to
obtain passports. With millions of citizens requesting new birth
certificates, lines and waits for federally-approved birth certificates
will be long. All recipients will be charged a fee for their new birth
certificates.
-------------------------------
UPDATE: To study the full text of the Senate's version of H.R. 2202, go
to http://thomas.loc.gov and look up S.1664, section 118. Write or call
conferees and your own member of the House. As of Thursday, 8/29/96, 4:30
pm EDT, Senate conferees on the immigration bill were:
Feinstein, Dianne - California
Grassley, Chuck - Iowa
Hatch, Orrin - Utah
Kennedy, Edward - Massachusetts
Kohl, Herb - Wisconsin
Kyl, Jon - Arizona
Leahy, Patrick - Vermont
Simon, Paul - Illinois
Simpson, Alan - Wyoming
Specter, Arlen - Pennsylvania
Thurmond, Strom - South Carolina
Likely House conferees include:
Becerra, Xavier - California (30)
Berman, Howard - California (26)
Bono, Sonny - California (44)
Bryant, Ed - Tennessee (7)
Bryant, John - Texas (5)
Conyers, John, Jr. - Michigan (14)
Frank, Barney - Massachusetts (4)
Gallegly, Elton - California (23)
Goodlatte, Bob - Virginia (6)
Hyde, Henry - Illinois (6)
McCollum, Bill - Florida (8)
Smith, Lamar - Texas (21)
Please do not wait to contact House conferees. The conference report
could be issued within as little as 24 hours of their final selection.
To be most effective, letters should be postmarked by Saturday, August
31st, or faxed early the following week. Members' offices also may be
reached by phone through the Capitol Switchboard (202) 224-3121.
Thanks for your help.
------------------------------
Date: Fri, 16 Aug 96 15:24 EST
From: Robert Ellis Smith <0005101719@mcimail.com>
Subject: Alternatives to Social Security Numbers
[ From Risks-Forum Digest; Volume 18 : Issue 35 -- MODERATOR ]
Last spring, I asked readers of RISKS for suggestions on alternatives to
Social Security numbers in organizations with large data bases of
information about individuals. Many such organizations find they do not
need to use SSNs, and avoid privacy problems associated with using them.
For a copy of all of the responses, send a request to us and specify whether
you want hard copy or electronic edition of our August issue, and provide
postal address or e-mail address.
Robert Ellis Smith, Publisher, Privacy Journal newsletter,
Providence, RI, 401/274-7861, e-mail 5101719@mcimail.com.
Excerpts from the suggestions follow:
* FROM WASHINGTON, D.C.: Maryland uses Soundex (of name and birth date
concatenated [linked in a chain]) both for driver and vehicle registrations.
* FROM CAMBRIDGE, MASS.: "Against Universal Health-Care Identifiers" in the
JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION 1:316-319, 1994, by
Dr. Peter Szolovits of MIT and Dr. Isaac Kohane of Children's Hospital in
Boston, discusses a number of ways in which cryptography- based health care
identifiers can be used to preserve privacy while remaining manageable for
typical medical purposes. This is publication #49 (in Postscript format) at
http://medg.lcs.mit.edu/people/psz/publications.html.
* FROM YARDLEY, PA.: One way is to use a simple scheme like three letters
from last name, the first initial, and some digits; another is just to use
sequential numbers. Another is an MD5 hash of the full-name string [a
one-way mathematical function as a stand-in for the name that makes
translation back to the original name impossible]. This is always unique
for a unique string, so you might need to add some numbers.
* FROM MADISON, WISC.: When I was working on the development of the
Wisconsin Student Data Handbook - we tried to develop
what we called an "SSN surrogate," also of nine bytes per
individual. It involved an algorithm which combined year,
month, and date of birth with sex and two consonants each
extracted from the first and middle names.
* FROM CYBERSPACE: I worked with a banking software company that set up
employee records simply by exact hire date and time. Since they never hired
anyone at exactly the same time, it gave each person a unique number. You
could do the same for any data base in which records are added gradually one
at a time - just number them based on exact date and time added.
* FROM PALO ALTO, CAL.: At Stanford University we made a decision long ago
not to use SSN for identification except where required by law (payroll
taxes, for example). We use a unique Stanford University ID (SUID), which
is a lifetime number and applies to all students, alumni, faculty, staff,
and patients. It serves all the same purposes that the SSN would do if it
were used.
------------------------------
Date: Sat, 24 Aug 1996 00:25:15 -0400
From: Monty Solomon <monty@roscom.COM>
Subject: SSN and Welfare Legislation
Excerpt from EPIC Alert 3.15
=======================================================================
[3] Welfare Legislation Signed by Clinton
=======================================================================
On August 22, President Clinton signed the Personal Responsibility and
Work Opportunity Reconciliation Act of 1996. The bill includes a
number of sections that expand the use of the Social Security Number
and create new databases of personal information.
The bill requires that states obtain individuals' Social Security
Numbers for many state documents. It provides that on "any
application for a professional license, commercial driver's license,
occupational license, or marriage license [the SSN] be recorded on the
application."
The new bill also creates a national database of every employee in the
United States. States are also required to create databases of "new
hires." The state databases would be uploaded to a federal registry
and the Social Security Administration would verify the SSNs. The
Commissioner of Social Security is required to develop "a prototype of
a counterfeit-resistant social security card" made of tamper proof
materials for proving citizenship, and to issue a report on the cost
of issuing a new card to all citizens over a three, five or ten year
period.
More information on the welfare bill, the Social Security Number, and
efforts to expand its use is available at:
http://www.epic.org/privacy/ssn/
------------------------------
Date: Fri, 30 Aug 1996 10:34:03 -0700 (PDT)
From: jd@scn.org (Janeane Dubuar)
Subject: fingerprinting by banks
SEATTLE WEEKLY
Copyright 1996 - used with permission
July 24,1996 - "Quick and Dirty"
column by Eric Scigliano
Thumbprint, retinal or body-odor scan, sir?
If you think those "Go to Jail" charity slumber parties are a scream, you
may get a kick out of cashing checks after September 11. That's when US
Bank will start requiring that non-customers cashing its checks consent
to be finger--or, rather, thumb--printed. Other local banks are expected
to join US Bank on the new security frontier in September, and at least
one, Seafirst, plans to start taking thumbprints next year in step with
its California parent, Bank America. The thumbprinting scheme is being
pushed by the Washington Bankers Association, which wants all its members
to take the plunge together. As Dan Doyle, regional manager over US
Bank's Western Washington branches, notes, "I'm not sure any one bank
wants to be the one to step out and do it--it probably sounds cold, hard,
and not very customer-friendly." Indeed. "But it's really to protect
customers."
That protection is supposed to come from deterrence. Very few, if any,
check forgers actually get caught via thumbprints in those states (most
notably Texas, Nevada, and Arizona) whose banks already take them.
Tellers can't (yet, anyway) check the prints for known forgers; the
prints will merely be saved (on the checks themselves) for investigation
in the event of a bounce. But Bruce Koppe, the Bankers Association's
executive director, reports that bogus-check losses have declined by 40
percent in those states. Doyle says US Bank has charted 45 percent
reductions in states where it's tried the system, and fewer than 1
percent of those asked decline to give prints. Some retailers, and
reportedly at least one local credit union, are already taking prints on
checks.
Customers can at least be reassured that they won't have to bear the
telltale black stains of traditional fingerprinting; the new "inkless"
printing leaves no visible mark on the skin. Still, fingerprinting is,
in the words of American Civil Liberties Union lobbyist Jerry Sheehan,
"the archetypal metaphor of criminality, along with the mug shot and
lineup." Some tellers are already grumbling at the prospect of having to
do it. The banks take heart that they won't be demanding prints of their
current customers. But the ill will may still come around to bite them;
those are all potential customers they stand to infuriate, and
account-holders may not like the idea of their checks being valid only
when backed by thumbprints.
And thumbprinting may be just the nose under the tent. That mixed bodily
metaphor suits the brave new world of "biometric" identification in which
we will, very soon, find ourselves. Down in Olympia, a working group of
the joint Legislative Transportation Committee is considering what kind
of biometric and/or computer technology to adopt in upcoming "smart"
driver's licenses; its findings are due in December, preparatory to the
next legislative session. Possibilities include a bar code or magnetic
strip; a store scrutinizing your check or a cop writing a ticket could
scan your full digitalized profile. All the drivers' license data that
now fills a state warehouse could be consolidated in a single data base.
And all those sci-fi and privacy-protectionist warnings about personal bar
codes and instant snooping will come true.
Transportation Committee staffer Jennifer Joly says that fingerprinting
is still the most common form of biometric ID. But more exotic
techniques are coming in: hand geometry scans, retinal scans, iris scans,
computerized facial recognition, and (I am not making this up) body odor
measurement. It seems unlikely that those who take IDs will stop at
thumbprinting checks. Joly reports that bankers, retailers, and
law-enforcement groups have joined in a coalition to weigh in on the new
drivers' licenses.
"We'll be pushing for legislation imposing severe restrictions" on
fingerprinting, the ACLU's Sheehan vows. And they'll "continue to resist
these pressures to create uniform identification papers from a document
intended for driver's certification." [...]
July 31, 1996 - "Quick and Dirty"
column by Eric Scigliano
[...]
They want to know it all
If you feel queasy about being fingerprinted by a bank, imagine how
tellers feel about all the information they're supposed to disclose. US
Bank asks employees to fill out an "extortion readiness card" listing all
their cars (by number and "markings") and neighbors, the names, schools,
and daily routes and schedules of their children, and any meetings they
themselves regularly attend. US Bancorp spokeswoman Mary Ruble says
taking such data is a longtime standard banking practice done for the
employees' "own safety," to protect them in "hostage situations" and to
help authorities "follow up if a claim of kidnapping is made." She adds
that US Bank has never encountered such a situation, but believes other
banks have. The cards are kept confidential in a central office, and
filling them out is "voluntary for employees." But one bank worker who
objected recalls being told to fill out the card anyway, and got the
feeling, despite the explanation, that the intent was really to guard
against crimes by, rather than against, employees. "The extortion
readiness card has nothing to do with embezzlement," says Ruble.
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com".
All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.
All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
------------------------------
End of PRIVACY Forum Digest 05.16
************************
Date: 2 Sep 1996 13:52:18 -0500
From: "Dave Banisar" <banisar@epic.org>
To: "Interested People" <interest@epic.org>
Subject: National ID Card Web Pages
EXTENSIVE NATIONAL ID CARD WEB SITE IS NOW ON LINE
The London-based human rights watchdog Privacy International (PI)
has just opened an extensive web page on National ID cards. The
initiative comes in the wake of pending efforts in the United
States, Canada and United Kingdom to implement national ID card
systems.
The page contains a 7,000 word FAQ (Frequently Asked Questions) on
all aspects of ID cards and their implications. Also included in the
PI documents is a paper describing successful campaigns opposing to
ID cards in Australia and other countries. The page also has links
to numerous other sites and documents.
PI Director Simon Davies said he hoped the page would help promote
debate about the cards, "ID cards are often introduced without
serious discussion or consultation. The implications are profound,
and countries planning to introduce them should proceed with
caution."
"The existence of a card challenges important precepts of individual
rights and privacy. At a symbolic and a functional level, ID cards
are often an unnecessary and potentially dangerous white elephant.
They are promoted by way of fear-mongering and false patriotism, and
are implemented with scant regard for serious investigation of the
consequences." he said.
The URL is :
http://www.privacy.org/pi/activities/idcard/
PI has also set up an auto response function for the FAQ document.
Its address is: idcardfaq@mail.privacy.org
Privacy International is an international human rights group
concerned with privacy and surveillance issues. It is based in
London, UK. For further information contact the Privacy
International Washington Office at +1.202.544.9240 or email
pi@privacy.org. PI's web page is available at:
http://www.privacy.org/pi/
_________________________________________________________________________
Subject: National ID Card Web Pages
_________________________________________________________________________
David Banisar (Banisar@privacy.org) * 202-544-9240 (tel)
Privacy International Washington Office * 202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.privacy.org/pi/
Washington, DC 20003
Return to September 1996
Return to ““E. Allen Smith” <EALLENSMITH@ocelot.Rutgers.EDU>”
1996-09-07 (Sat, 7 Sep 1996 10:13:48 +0800) - More identification laws - “E. Allen Smith” <EALLENSMITH@ocelot.Rutgers.EDU>