National ID Card PresentationThe following is a presentation covering some of the background and dangers surrounding the National ID Card initiatives that are appearing with more frequency in these days of increased immigration concerns. Below is the presentation on national ID card initiatives presented by Mitch Ratcliffe, editor in chief of Digital Media, at the Computers, Freedom and Privacy Conference on March 28, 1995. This document is copyrighted by Mitch Ratcliffe and may redistributed via electronic mail and net postings, but may not be printed or sold for a profit. Identifiers Everywhere: National ID Card Initiatives Mitch Ratcliffe Editor-in-Chief Digital Media Authentication = Identification - Any artifact which is linked to our identity serves as a form of identification - The campaign for government efficiency will result in a unified view of individual actions, through a single identifier or many - Smart card technology is the enabler - Pragmatism is like gravity: carrying and using one card is easier than managing 10 Best intentions are fingernails on the blackboard of Washington. Congress 1995 - H.R.560: Immigration Reform Act - H.R.1018: Illegal Immigration Control Act - H.R. 4: Personal Responsibility Act - H.R. 1095: Check Cashing Act - S.269: Immigrant Control and Financial Responsibility Act - And.... Congress 1995 - Food Stamp Simplification and Reform Act of 1995 SEC. 210. ENCOURAGE ELECTRONIC BENEFITTRANSFER SYSTEMS. (A) State agencies are encouraged to implement an on-line electronic benefit transfer system in which household benefits determined under section 8(a) or section 24 are issued from and stored in a central data bank and electronically accessed by household members at the point-of-sale. SEC .25. ENCOURAGEMENT OF ELECTRONIC BENEFIT TRANSFER SYSTEMS. Congress 1995 - Immigration Reform Act of 1995 SEC. 203. NO NATIONAL IDENTITY CARD The new card described in section 201-- (1) shall not be considered a national identity card; (2) shall not be issued to any citizen or national of the United States; and (3) shall-- (A) not be required to be carried on one's person, and (B) not be required to be presented other than -- (i) upon request by a prospective employer for any purpose other than under this section or under sections 1001, 1023, 1566, and 1621 of title 18, United States Code, or to satisfy the requirements of section 274A of the Immigration and Nationality Act, (ii) for purposes of carrying out section 1137(d) of the Social Security Act or section 214(d) of the Housing and Community Development Act of 1980. Congress 1995 - Immigration Reform Act of 1995 SEC. 206. EMPLOYMENT ELIGIBILITY VERIFICATION DEMONSTRATION PROJECT The Attorney General shall continue to conduct the demonstration projects under section 274A of the Immigration and Nationality Act in order to establish if it is feasible to determine the employment eligibility of aliens authorized to work in the United States through the use of a telephone and computation capability that is available on the date of enactment of this Act. The Attorney General shall submit a report to Congress on such projects by not later than October 1, 1995. Congress 1995 - Welfare to Work Act of 1995 SEC. 504. FRAUD AND ADMINISTRATIVE EFFICIENCY. (a) Demonstration Projects: (1) In general: The Secretary of Health and Human Services may conduct demonstration projects in several States to determine whether providing benefits based on need through the use of electronic cards and automatic teller machines would reduce administrative costs and fraud. (2)Report to the congress: Within 5 years after the date of the enactment of this Act, the Secretary shall submit to the Congress a report that-- (A) summarizes the results of the projects;and (B) makes recommendations with respect to whether and how more States might be required or encouraged to use electronic funds transfer in providing benefits based on need. Congress 1995 - Check Cashing Act of 1995 SEC. 6. STUDY OF DEBIT CARD SYSTEMS OF BENEFIT PAYMENTS AND BENEFIT CHECK DELIVERY. Not later than 9 months after the date of the enactment of this Act, the Comptroller General of the United States shall conduct a study and submit a report to the Congress on -- (1) the effects of requiring the use of a debit card system for making all benefit payments by the Federal Government; and (2) other innovative ways to enhance and upgrade the current methods by which the Federal Government delivers benefit payment checks. Tax Systems Modernization at the Internal Revenue Service - Will automate tax returns and collection - Integrate federal, state and local tax filing Government Response to Digital Media FOIA requests - Postal Service: "General Purpose U.S. Services Smart Card (U.S. Card)" - EOP: "Governmentwide Electronic Mail for the Federal Government" Postal Service Letter, dated Feb. 3, 1995: "...[t]he Postal Service had not had meetings with other agencies on the issue of a national identification card." "It is our belief that the Postal Service holds a large number of records on public key certification and government kiosks." Executive Office of the President - Defense Messaging System is the model for government wide email (and it's based on Clipper/Tessera). - Federal Records Act and documentation of government transactions - "The purpose to which email records are put, rather than solely their contents, may determine whether they are records under the Privacy Act." Department of Defense Uniformed Services ID Card - Provided documents on card support, management, and technology. Also included an economic analysis of the Uniformed Services card program. - Withheld: - Workstation software, "Release...would compromise...more secure identification card." - Contracting documents relating to system development, acquisition, installation and maintenance, "sensitive and proprietary info." Department of Defense Uniformed Services ID Card - Advocates PDF417 "two-dimensional" bar codes hold between 2,000 K and 3,000 K data, including photos (see "DoD docs"). - Shies away from smart cards (with integrated circuits) because of cost and anticipated loss of data during combat. NIST: National Institute of Standards and Technology - NIST/Mitre Public Key Infrastructure study "also addresses national and global issues in order to facilitate the interoperation of protected electronic commerce among the various levels of government in the U.S., private citizens, commercial organizations, and international organizations." NIST: National Institute of Standards and Technology "The following agencies in the U.S. federal government wish to explore the role of digital signatures in electronic commerce within the U.S. government: ARPA, FBI, GSA, IRS, NASA, NSA, USPS" NIST: National Institute of Standards and Technology Sec. 4.5: Towards Global Interoperability "inevitable", must be based on hardware, data and communications standards. "One global root" administered by the U.N. or Swiss-based Bank for International Settlements. NIST: What would it cost? - A system which put all federal employees online with an authenticated email/EDI system would cost $10.8 billion a year. - Cost per message of $.15. - Cost per user from $156 to $5,043 per year. - Confidentiality options: RSA and El Gamal/DES and public key combinations. NIST's SCAPI - Developed by DARPA, NIST, DataKey and Trusted Information Systems Inc. - Hardware independent API for smartcards - Implemented in software only, or hw/sw - ISO reader/writer - Tested with Hitachi IC card - 256 bytes of RAM - 10 KROM - 8 K EEPROM(public key stored here) NIST: Next steps "already experimenting" - IRS for tax filing (Currency Transaction Reports, TAXLINK withholding, Direct Electronic Access) - Patent and Trademark office for patent applications - FAA for airmen medical certifications - Defense Logistics Agency, electronic bids - NASA for financial transactions - "USPS is considering the offering of certification services to the general public" (Electronic Postmark [EPM] and EPM-Plus, sig + time stamp) Health and Human Services - Health Identification Card - "The National Health Board is responsible for assuring unique identifiers cannot connect individual health information with other individually identifiable information from other sources." - Data on card includes name, subscriber number, payor name, payor number, plan/contract number, claim submission address and phone number. - All communications use number not name, so identification should be possible only through access to a subscriber database. Health and Human Services Social Security Administration - Contracted (for $35,000) with Los Alamos National Labs to explore "Personal Access Kiosks", an ATM-like terminal for accessing Social Security records. - A pragmatic and dreamy approach. Folks to know.... - Jim Flyzik, director, Office of Telecommunications Management, Department of the Treasury and chair of the Government Information Technology Services Working Group. - jim.flyzik@treas.sprint.com Folks to know.... - Henry Philcox, chief information officer, IRS - Robert Woods, assoc. administrator, GSA (governmentwide kiosks) - Joseph Leo, deputy administrator for management, Agriculture Food and Nutrition Service For electronic copies: Digital Media ID Card articles: idcard@digmedia.com This presentation: idcardpres@digmedia.com Mitch: godsdog@netcom.com |