National ID CardsTo get a copy of this report emailed to you, send a note to idcard@digmedia.com. To see the notes of Mitch Ratcliff's presentation at CFP-95 on National ID Cards, touch here. Eratta
It has been pointed out that there is a factual error in the US Card
story: During the editorial process, the statement that NASA Ames
carried out the Clipper R&D was inadvertently added to the story.
NASA Ames did provide R&D for the US Card project, but played no
known role in the Clipper development. Digital Media is sorry if
this mistake caused any confusion.
Mitch Ratcliffe
Editor in Chief
Digital Media: A Seybold Report
EVER FEEL LIKE YOU'RE BEING WATCHED? YOU WILL....
Postal Service and IRS mull national identity cards,
Clinton to sign orders
Digital Media has learned that the Clinton administration is debating
not if, but how, to create a card that every American will need in
order to interact with any federal government agency. Combined with
two potential executive orders and the Postal Service's designs on
putting its stamp on personal and business electronic transactions,
the card could open a window on every nuance of American personal and
business life.
The wrangling among the administration, the U.S. Postal Service, the
Internal Revenue Service and Department of Defense, emerged into the
public eye at this April's CardTech/SecureTech Conference. The
gathering of security experts was convened to discuss applications
for smart card and PCMCIA memory card technologies in business and
government. The Postal Service, at the conference presented a
proposal for a "general purpose U.S. services smartcard," which
individuals and companies would use to authenticate their identities
when sending and receiving electronic mail, transferring funds and
interacting with government agencies, such as the I.R.S., Veterans
Administration and the Department of Health and Human Services.
President Clinton is also considering signing two executive orders
that would greatly expand the government's access to personal
records, including an order that would allow the I.R.S. to monitor
individual bank accounts and automatically collect taxes based on the
results, said sources close to the White House. The collection
service will be presented as a convenient way to avoid filling out a
tax return. The White House did not respond to requests for comments
about this report.
The Post Office: We deliver for you. The Postal Service's U.S. Card
would be designed to use either smart cards (plastic cards with an
embedded microprocessor carrying a unique number that can be read by
a electromagnetic scanner and linked to computerized records stored
on a network) or PCMCIA cards, which can contain megabytes of
personal information. (You've probably seen this type card in AT&T's
"You Will" ad campaign, which shows a doctor inserting a woman's card
in a reader in order to access a recording of a sonogram). The Postal
Service said it is considering AT&T and other companies' smart card
technologies.
In a slide presentation at the conference, Postal representative
Chuck Chamberlain outlined how an individual's U.S. Card would be
automatically connected with the Department of Health and Human
Services, the U.S. Treasury, the I.R.S., the banking system, and a
central database of digital signatures for use in authenticating
electronic mail and transactions. The U.S. Card is only a proposal,
Chamberlain insists. Yet the Postal Service is prepared to put more
than a hundred million of the cards in citizens' pockets within
months of administration approval, he said.
"We've been trying to convince people [in the different agencies] to
do just one card, otherwise, we're going to end up with two or three
cards," said Chamberlain. He said in addition to the healthcare card
proposed by President Clinton last year, various government agencies
are forwarding plans for a personal records card and a transactions
(or "e-purse") card. Chamberlain said the I.R.S in particular is
pursuing plans for an identity card for taxpayers.
Don't leave home without it. Though he did not name the U.S. Card at
the time, Postmaster General Marvin Runyon suggested that the Postal
Service offer electronic mail certification services during testimony
before the Senate Governmental Affairs Subcommittee in March. The
proposal is clearly intended as a way to sustain the Postal Service's
national role in the information age, since it would give the agency
a role in virtually every legally-binding electronic transaction made
by U.S. citizens. For instance:
* When sending or receiving electronic mail, U.S. Card users would be
able to check the authenticity of a digital signature to screen out
impostors.
* Banking transactions (notably credit card purchases) that depend on
authentication of the participants identities and an audit trail,
would be registered in Postal Service systems.
* Veterans, or for that matter college students and welfare
recipients, could check their federal benefits using the
identification data on their U.S. Cards.
* Visitors to an emergency room would have instant access to medical
records at other hospitals, as well as their health insurance
information.
These examples may seem benign separately, but collectively they
paint a picture of a citizen's or business's existence that could be
meddlesome at best and downright totalitarian at worst. Will buying a
book at a gay bookstore with a credit card that authenticates the
transaction through the Postal Service open a Naval officer up to
court marshal? If you have lunch with a business associate on a
Saturday at a family restaurant, will the IRS rule the expense
non-deductible before you can even claim it?
"There won't be anything you do in business that won't be collected
and analyzed by the government," said William Murray, an information
system security consultant to Deloitte and Touche who saw
Chamberlain's presentation. "This [National Information
Infrastructure] is a better surveillance mechanism than Orwell or the
government could have imagined. This goddamned thing is so pervasive
and the propensity to connect to it is so great that it's
unstoppable."
Deep Roots; Deep Pockets; Long History. Chamberlain said the Postal
Service has been working for "a couple years" on the information
system to back up the U.S. Card. He said the project was initiated by
the Department of Defense, which wanted a civilian agency to create a
national electronic communications certification authority that could
be connected to its Defense Messaging System. Chamberlain said the
Postal Service has also consulted with the National Security Agency,
proponents of the Clipper encryption chip which hides the contents of
messages from all but government agencies, like law enforcement. The
National Aeronautics and Space Administration's Ames Research
Laboratories in Mountain View, Calif. carried out the research and
development work for Clipper.
"We're designing a national framework for supporting business-quality
authentication," said John Yin, the engineer heading up the U.S.
Card- related research for NASA Ames' advanced networking
applications group. "This is not specifically with just the Postal
Service. We'll be offering services to other agencies and to
third-party commercial companies that want to build other services on
the card." For example, VISA or American Express could link their
credit services to the U.S. Card.
Yin, who works on Defense Messaging Systems applications, said his
group has collaborated with "elements of Department of Defense" for
the past year, but would not confirm the participation of the
National Security Agency, a Department of Defense agency. The NSA is
specifically prohibited from creating public encryption systems by
the Computer Security Act of 1987. Yin also would not comment on the
budget for the project, which other sources said was quite large and
has spanned more than two years.
A false sense of security? According to Yin, the cards would allow
individuals or businesses to choose any encryption technology. "It's
not our approach to say, 'Here's the standard, take it our leave
it,'" he said. "We're not trying to create a monopoly, rather it's an
infrastructure for interoperability on which a whole variety of
services can be built." Yet, NASA, which is a participant in the
CommerceNet electric marketplace consortium will "suggest" to its
partners that they adopt the U.S. Card certification infrastructure,
he said.
The reality is that government agencies' buying power usually drives
the market to adopt a particular technology Q not unlike the way the
Texas Board of Education, the largest single purchaser of textbooks
in the U.S., sets the standard for the content of American classroom
curricula. Since, the administration has already mandated use of
Clipper and its data-oriented sibling, the Tesserae chip, in federal
systems it's fairly certain that the law enforcement-endorsed chips
will find their way into most, if not all, U.S. Cards. Even in the
unlikely event that one government agency should weather the pressure
and pass on the Clipper chip, it's still possible to trace the
source, destination, duration and time of transactions conducted
between Clippered and non-Clippered devices.
"Most of this shift [in privacy policy] is apparently being done by
executive order at the initiative of bureaucracy, and without any
Congressional oversight or Congressional concurrence, " Murray said.
"They are not likely to fail. You know, Orwell said that bureaucrats,
simply doing what bureaucrats do, without motivation or intent, will
use technology to enslave the people."
EDITOR'S NOTE: Digital Media has filed a Freedom of Information Act
request for Clinton and Bush Administration, Postal Service, NSA,
Department of Defense, NASA, I.R.S. and other documents related to
the creation of the U.S. Card proposal.
Digital Media: A Seybold Report is available monthly for $395 a year;
individual issues are $40. Call 800.325.3830/610.565.6864 (voice),
610.565.1858 (fax), or send email to info@digmedia.com for
information on how to subscribe.
________________________________________
Who We Are, Where to Reach Us
Publisher Jonathan Seybold
Editor in Chief Mitch Ratcliffe (godsdog@netcom.com)
Editor Neil McManus (neilm@netcom.com)
Managing Editor Margie Wylie (zeke@digmedia.com)
Senior Editor Stephan Somogyi (somogyi@digmedia.com)
Editorial Assistant Anthony Lazarus (lazarus@digmedia.com)
Editorial Offices 444 De Haro Street, Suite 126
San Francisco, CA 94107
415.575.3775 vox
415.575.3780 fax
info@digmedia.com
________________________________________
How To Subscribe to
Digital Media Perspective
and Get Back Issues
If you'd like to receive our free electronic newsletter regularly,
send us email at perspective-request@digmedia.com and we will put you
on the list. The subject line of your messages should read "subscribe
perspective". Please put your full name in the message's body; we
would appreciate it if you would also include your title and
organization in the message.
You can get back issues of Digital Media Perspective by sending email
(subject and contents unimportant) to our back issues server at
perspective-backissues@digmedia.com -- it will respond with
instructions on how to retrieve individual issues.
Copyright (c) 1994-1995 Digital Media: A Seybold Report. This document
may be freely duplicated, reproduced or retransmitted, but only in
its entirety. Excerpts used for the purposes of quotation must be
attributed explicitly to Digital Media: A Seybold Report.
|