A new bill sponsored by Sen. Schatz (D-HI), Sen. Cotton (R-AR), Sen. Murphy (D-CT), and Sen. Britt (R-AL) would combine some of the worst elements of various social media bills aimed at “protecting the children” into a single law.
Message sent. One of the cosponsors of this madness is one of my Senators. We need universal healthcare. Instead, we get a proposed universal tracking system for people to access the internet. Stupid, stupid, stupid!
One of my senators sponsored KOSA, the other sponsored this one, I literally can’t win.
From CT I guess? I always thought Murphy was reasonable, I expect that shit from Blumenthal.
As an Arkansan, I can assure you that anything with Tom Cotton’s name on it is 100% undiluted evil and should be acted against with extreme prejudice.
So maybe someone can fill me in on why the EFF opposes a digital national ID system. I know that Estonia has a cryptographically secure, free, and incredibly useful ID system. Is the fear of political persecution from the opposite party the reason we don’t implement that kind of system?
Governments have misused digital records about people in horrifying ways - IBM and the Holocaust article on Wikipedia
That is quite a twist to use severely out-dated examples for the modern world of today.
The technology for mass data analysis is here and make no mistake all data about you is there in an NSA computer folder.
The question is, why the fuck can’t the government give you a nation-backed digitally-verifiable ID number for you that is useful for you, when they have one of you anyway, because they gave you a passport/driving licence.
Dismissing the holocaust as an “out-dated example” is actually a crime in some places, for good reasons.
In case you’re asking in earnest, I can assure you that the technical risks are much bigger today than they were in the past, in most of the world. Exfiltration by third parties, illegal sales, and one-sided terms-of-use are big issues today.
The government certainly can give me a centralized ID and not cause any problems. But for those who think it’ll automatically be fine - it’s worth reading some history.
Some countries have the necessary culture and laws to make a centralized government tracked ID reasonably safe. Many do not.
We would each be wise to stay aware of which we reside in.
Nowhere am I dismissing the holocaust.
The example given in the wikipedia article is one small part of the holocaust, while helpful for Nazi efforts, if it did not exist, it would have had 0 ideological hindrance, and most likely would have been managed in some other (maybe less efficient) way, not with IBM punch-cards specifically. I would say it is a bad and irrelevant example. Especially since the world has gone quite a bit away from “out-dated” punch-cards.
I am arguing that having a digitally-verifiable ID has 0 impact on the country’s ability for surveilliance of you, since it does that without it, without much hindrance.
A digitally-verifiable ID only impacts your ability to prove your identity online. That’s really all. And lack of it is just one symptom of an anti-progressive (whether slow, or inept, or purposely obtuse) country government.
I think having a digital ID system is very important in the modern age but where it is required needs to be limited. You should not need to use it where it isn’t strictly necessary. We have one in Finland too. You will almost entirely use it to use official services that would need your ID in person as well. In this proposal, the issue is not digital ID but how it would be used. First, where it would be used could compromise revealing too much of your identity when you want privacy and secondly and more importantly, it could compromise revealing your private actions to the government. Latter can move into highly problematic territory when criminalizing actions that should not be criminalized.
Thanks for the well reasoned reply. Hyvää iltaa!
The EFF is notoriously kind of an extremist organization when it comes to privacy and any sort of tracking of people; not in a bad way though I think.
I wouldn’t call it extremist…it’s usually reasonable policy protecting people’s privacy. It’s only extreme because it would severely cut into big tech’s profits and the USs surveillance capacity.
Probably more apt to call them absolutists than extremists.
Within the privacy community, EFF’s viewed as pragmatists – far from absolutists or extremists. So I agree with @chakan2@chakan2@lemmy.world, it only gets regarded as extreme because big tech and the surveillance-industrial complex have normalized not expecting privacy.
That’s one of the concerns. Here’s more, from https://www.eff.org/issues/national-ids
Mandatory national ID cards violate essential civil liberties. They increase the power of authorities to reduce your freedoms to those granted by the card. If a national ID is required for employment, you could be fired and your employer fined if you fail to present your papers. People without ID cards can be denied the right to purchase property, open a bank account or receive government benefits. National identity systems present difficult choices about who can request to see an ID card and for what purpose. Mandatory IDs significantly expand police powers. Police with the authority to demand ID is invariably granted the power to detain people who cannot produce one. Many countries lack legal safeguards to prevent abuse of this power.
Historically, national ID systems have been used to discriminate against people on the basis of race, ethnicity, religion and political views. The use of national IDs to enforce immigration laws invites discrimination that targets minorities. There is little evidence to support the argument that national IDs reduce crime. Instead, these systems create incentives for identity theft and widespread use of false identities by criminals. National ID cards allow different types of identifying information stored in different databases to be linked and analyzed, creating extreme risks to data security. Administration of ID programs are often outsourced to unaccountable companies. Private sector security threat models assume that at any one time, one per cent of company employees are willing to sell or trade confidential information for personal gain.
Alright, I’m going to be critical of this entire article, but in particular the paragraph you quoted, “Why You Should Oppose National ID Regimes.” I have a lot of facets I want to tackle and no particular order in which to tackle them. There’s no TL;DR… sorry, not sorry, but still kinda sorry. 1/?
Right up front, my philosophy is this: we sacrifice freedom for security all the time. It’s not even an open question, the answer in reality is we do. Why are we only allowed to drive on one side of the street, ought I to be able to drive on the whole street, or whichever side I please? Well, we all agreed to limit ourselves to one side of the street to ensure we don’t crash into each other. We stop at red lights. Why? A simple color cannot stop me from reaching my intended destination! Well we stop so we can let other people go first, and then we wait our turn. Why do we wait in lines? Why do we have customs, and rules, and laws? Why do we limit and restrict ourselves? Because we want to add some security to our lives, or at the very least remove one worry from our basket of worries. The restrictions we self-impose are all outweighed costs that we pay to derive some benefits. So this is the frame of mind with which I’m approaching this article.
First, most of this article talks about biometrics collection. Now my knee-jerk reaction is yeah, creepy! Why should anyone know my “fingerprints, iris, face and palm prints, gait, voice, and DNA?” But despite the article talking about biometrics for the majority of its length, it’s not really about biometrics is it? It’s about National ID’s, and biometrics are just one method to create a National ID. We use other personal information to identify ourselves all the time. You have a Hinge or Bumble profile? What’s on it? Your name, your gender, your face. When we get our driver’s licenses, what’s on it? Our names. Our height. Our eye color. Our birthdates. When you open a bank account, what do they ask for? Your Social Security Number…
2/? Hey, real quick. You know how on old SSN cards it says “For Social Security and Tax Purposes - Not For Identification.” That was added in 1946 but removed in 1972. And uh… I definitely couldn’t get my current job without providing my SSN, I couldn’t open my bank accounts without it, and I couldn’t receive retirement benefits without it. So…
If a national ID is required for employment, you could be fired and your employer fined if you fail to present your papers. People without ID cards can be denied the right to purchase property, open a bank account or receive government benefits.
…We’re already there. Yes even the purchase property bit, because you get your credit checked for the mortgage loan. "… landlords, cable companies, cell phone providers, or even credit reporting agencies, which all habitually request SSNs simply >> because a number is more precise than a name. << emphasis mine.) And our 9-digit, unencrypted social security number is not even that precise or secure!
Once biometric data is captured, it frequently flows between governmental and private sector users. … Private sector security threat models assume that at any one time, one per cent of company employees are willing to sell or trade confidential information for personal gain.
We’ve already had the Equifax breach with SSN’s. That wasn’t a devious or disgruntled employee looking to make a quick buck, that was the entire organization choosing to skimp on security to save money. And no, I don’t believe the CEO of Equifax when he says this was all to blame on one person. A failure that big is never the result of one individual, but a result of the entire institution full of people who failed to recognize and remedy the problem. So I’m in agreement with @Nowyn, we should be judicious about who can access your ID and set some consequences for them if they abuse or misuse that access. (I think it would help if we had cryptographically secure ID’s, but that’s an extra layer I don’t want to jump into, I’ve ranted enough already.)
We already sacrifice freedom for security all the time. We already sacrifice privacy for identity all the time, from dating profiles to driver’s licenses. We already have a national ID system, it’s called Social Security, and it sucks. We’re already there, so where do we go from here?
3/? So here’s my biggest beef with the EFF article. In school I was taught the most convincing arguments are made with synthesis - you have to both support your thesis and interrogate your antithesis. You may notice I haven’t done that myself… guilty as charged.
I see the EFF has a lot of one-sided arguments for why you should oppose national ID systems… in fact they just tell you outright to oppose them. But I’m not easily convinced by a series of negative arguments with nearly zero analysis of the purported benefits of national ID’s. This is the closest I think the article has:
After 9/11, many governments began collecting, storing and using biometrics identifiers in national IDs. Authorities justified these initiatives by arguing that biometric identification and authentication helps secure borders, verify employment and immigration, prosecute criminals, and combat identity fraud and terrorism.
…Maybe I’m just a certain kind of jaded or I’m just part of the wrong demographic, but whenever I see 9/11 being invoked, it’s like a magic spell. It’s such a universally terrible event that we can put it next to anything and taint it by association. “After 9/11, many video games began to feature 3D photo-realistic graphics.” It’s correlative, not causative. What else happened around 2000, 2001? Home computers became widely accessible? Google redefined the search engine? Yes, 9/11 is contextually important to the United States because it catapulted the PATRIOT Act through the legal process like a hot knife through butter. But was it also the catapult for “many other governments?” Or was computing power and data collection becoming more accessible, facilitating the collection of more information to increase the accuracy or security of preexisting national ID systems?
In fact the entire article reads as if it was written only for an American audience, and specifically a FUD-driven American audience. In the sidebar are short paragraphs talking (again, only negatively) about national ID systems in Argentina, France, India, and Kenya. Why is there no mention of Estonia, or Malaysia?
I’ll admit this is personal, but I am not easily convinced by arguments that only focus on stopping something from happening, especially after it has already happened. And EFF’s American-centric arguments ignore the fact that de-facto ID’s are a problem elsewhere in the world. “Ireland’s Public Services Card is not considered a national identity card by the Department of Employment Affairs and Social Protection (DEASP), but many say it is in fact becoming that, and without public debate or even a legislative foundation.” It’s a form of American exceptionalism, as if we have nothing to learn and nothing to gain from seeing how other countries operate and determining if/how we could apply their systems, or improve on their systems, at home.
Yes, the article presents a lot of problems with a National ID system. So… let’s solve some of them? “Administration of ID programs are often outsourced to unaccountable companies.” Social Security isn’t, so maybe we can create a public bureau to issue and administrate a freely available national ID. “Historically, national ID systems have been used to discriminate against people on the basis of race, ethnicity, religion and political views.” Alright, let’s write and enforce laws that prohibit discrimination based on protected classes.
If we abdicate our ability to investigate and analyze complex problems, we don’t make the problem go away. We just invite less scrupulous actors to attempt to solve that problem and exploit a lot of people along the way. We don’t have a national ID system? The credit bureaus will co-opt the SSN. We don’t have a virtual public square? Elon Musk will take Twitter and twist it into his image. Every problem we ignore, the ones where we eschew imperfect solutions in pursuit of ideological purity, is an opportunity to a grifter. If you don’t trust the government to make a national ID… do you trust the free market more?
What’s the cost of a national ID system? Privacy. Some freedoms. The government gets to collect more data about you. Build models of where you’ve been, what you bought, who you associate with.
What’s the cost of not having a national ID system? A private interest can do all those same things, For profit.
4/4 As God as my witness, I promise this is the last one. I just want to provide the links I used to formulate this… if we want to be generous we can all it a screed. I don’t mind.
https://fxb.harvard.edu/2015/11/12/a-brief-history-of-national-id-cards/
https://www.rappler.com/newsbreak/iq/204657-national-id-functions-worldwide/
https://en.wikipedia.org/wiki/List_of_national_identity_card_policies_by_country
https://www.theverge.com/2012/9/26/3384416/social-security-numbers-national-ID-identity-theft-nstic
https://www.theatlantic.com/politics/archive/2021/08/voting-rights-national-id-card/619772/
https://www.splcenter.org/fighting-hate/extremist-files/ideology/sovereign-citizens-movement
Oh god… I didn’t even get to talk about how I got sovereign citizen vibes from the EFF article, but I don’t have the energy left to elaborate or edit it in… it just reads like libertarian concern mongering, that’s all.
https://en.wikipedia.org/wiki/Identity_document
EDIT: aaaand there it is: https://www.theverge.com/2023/8/31/23853618/x-privacy-policy-update-biometrics-job-history
This thread is talking about a US-based law, so I shared EFF’s perspectives on national IDs in the US. For a more international view, check out Why ID https://www.accessnow.org/campaign/whyid/ – which they’ve signed along with dozens of other civil society organizations.
It’s true that there are potential upsides of national ID systems as well as downsides. But as that Why ID letter says, “the scalability of digital identity programmes also makes their harms scalable. It is far from being proven that most digital identity programmes have brought additional benefits to users, without placing them at risk.” You’re right that private implementations have similar issues – data brokers and tech companies are as careless with data as government agencies are, and just as eager to abuse people’s privacy. But there are also some big differences: a national ID is mandatory, and the government has much more of an ability to put you in jail or deny you your rights.
While I don’t support bills like this from the gvmt, I wouldn’t mind if more social media companies had the mindset of The Well’s “you own your own words” where everyones real identity is used.