My first podcast on ITConversations is with Phil Libin, president of CoreStreet, a company to which I gave an InfoWorld Innovators Award in 2004 for its approach to massively scalable credentials validation. CoreStreet has worked with the U.S. Department of Defense on its Common Access Card program, so Phil has been a ringside observer of what may be the world’s most successful large-scale deployment of smart identity cards.
From that perspective, I invited Phil to comment on the Department of Homeland Security’s recently published guidelines for the more secure state driver’s licenses mandated by the REAL ID act.
Part of the context for our conversation was a letter to the editor I’d written to my local newspaper in response to an editorial that rejected the notion of REAL ID on the grounds that any government initiative toward stronger credentials will necessarily lead to the Orwellian Big Brother. What I’ve always thought, and what Phil Libin thinks too, is that the technologies of digital identity can be tools of empowerment or oppression, depending on how we understand and apply them, and that for that reason we’ve got to understand them properly.
At one point Phil said:
The basics of asymmetric cryptography are fundamental concepts that any member of society who wants to understand how the world works, or could work, needs to understand.
That’s a tall order. And in fact, it’s outside the scope of the current REAL ID proposal which calls for 2D barcodes rather than for smartcard technology. But Phil makes a great argument for why a broad understanding of the basics of cryptography is necessary, and for how as a society we might achieve it. This conversation is one small step toward that goal.
March 31, 2007 at 1:02 pm
You mentioned “the more secure state driver’s licenses mandated by the REAL ID act.” but you do not link to a description of what makes the licenses more ‘secure’. As you know, security is relative and you should point out what is being secured. I believe that these licenses – and other REAL ID inspired technologies – are more /traceable/ but do not really provide security to the holder of the license. It doesn’t seem like cardholder security is the actual goal.
March 31, 2007 at 3:11 pm
FWIW from Bruce Schneier recent blog:
http://www.schneier.com/blog/archives/2007/01/realid_costs_an.html
But even if we could solve all these problems, and within the putative $11 billion budget, we still wouldn’t be getting very much security. A reliance on ID cards is based on a dangerous security myth, that if only we knew who everyone was, we could pick the bad guys out of the crowd.
April 1, 2007 at 12:24 am
[...] A conversation with Phil Libin about REAL ID « Jon Udell “The basics of asymmetric cryptography are fundamental concepts that any member of society who wants to understand how the world works, or could work, needs to understand.” (tags: cryptography RealID) [...]
April 1, 2007 at 11:57 am
“what makes the licenses more ’secure’”
It is, as you say, a relative thing. One relative advantage is that the digital photo will also be encoded in the 2d barcode, which will be signed. So relative to what we have today, it would be more resistant to forgery and tampering.
April 1, 2007 at 12:02 pm
“A reliance on ID cards is based on a dangerous security myth, that if only we knew who everyone was, we could pick the bad guys out of the crowd.”
You’re right. But if we could get to an appropriate balance of accountability and privacy, that would be a good thing. I’ve mentioned the idea of selective disclosure before (http://blog.jonudell.net/2007/03/02/a-letter-to-the-editor-about-real-id/). REAL ID with its 2d barcode can’t enable that kind of scenario. But if we handle its introduction properly, it could be a stepping stone to a world in which we understand identity cards as tools that empower citizens as well as governments.