EFFector Vol. 15, No. 2 Jan. 17, 2002 editors@eff.org
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
For more information on EFF activities & alerts: http://www.eff.org/
To join EFF or make an additional donation:
http://www.eff.org/support/
EFF is a member-supported nonprofit. Please sign up as a member today!
The American Association of Motor Vehicle Administrators (AAMVA) Special Task Force on Identification Security has recommended that the driver's license become the functional equivalent of a national ID card and has requested that Congress adopt and fund the Driver Record Information Verification System (DRIVers), so that "state agencies and federal agencies such as the Immigration and Naturalization Service, the Social Security Administration, the Bureau of Vital Statistics, and, if necessary, the Federal Bureau of Investigation, can share information."
Dear Ms. Lewis:
I oppose the AAMVA proposal to adopt the driver's license as a national ID card. I also oppose the AAMVA's efforts to get Congress adopt and fund the Driver Record Information Verification System.
Most Americans oppose efforts to create a national government database of personally-identifiable information because of the potential abuses and malfunctions any such system would necessarily create. Even the Bush administration has stated that it does not support national ID cards.
National ID cards are simply not worth the risks to privacy and civil liberties posed by increased and increasing ability to track people.
Sincerely,[sign name here,
include full address for maximum effect]
Linda Lewis, President and CEO
American Association of Motor Vehicle Administrators
4301 Wilson Blvd., Suite 400, Arlington, VA 22203
+1 703-522-4200
llewis@aamva.org
Please remember to be polite but firm. Ranting, swearing, or lack of clear focus and resolve will not make a good impression. Try to make it brief (1-3 paragraphs written, or a few sentences spoken) and clear, without getting into nitpicky details. Re-casting the letter in your own words will be more effective than copy-pasting our sample.
This alert is primarily for U.S. residents. However, national ID schemes and other surveillance measures are on the rise globally, so keep an eye out in your own jurisdiction for similar issues you can act on.
Among the most questionable responses to the Sept. 11 tragedy is the call for a national ID card or system. Although the Bush Administration has so far rejected the idea, many others -- including commercial vendors -- are clamoring for some kind of national ID system. Oracle chairman Larry Ellison has been in the forefront of these calls, but he's not alone.
The most recent proposal is by the American Association of Motor Vehicle Administrators. The AAMVA's Special Task Force on Identification Security has recommended that the driver's license become the functional equivalent of a national ID card. The AAMVA wants to "produce a uniform, secure, and interoperable driver's license/ID card to uniquely identify an individual." In a 90-page document, the AAMVA has already issued a "National Standard for the Driver License/Identification Card."
The AAMVA also wants Congress to adopt and fund the Driver Record Information Verification System (DRIVers), so that "state agencies and federal agencies such as the Immigration and Naturalization Service, the Social Security Administration, the Bureau of Vital Statistics, and, if necessary, the Federal Bureau of Investigation, can share information."
There's no question that ID systems can be useful for many purposes -- we use them every day -- or that the driver's license is the de facto ID card in modern America.
But it's quite unclear how a new national ID system shared between governmental agencies would help prevent terrorism -- and dubious whether it is worth the risks to privacy posed by increased and increasing ability to track individuals.
Computer security expert Bruce Schneier explains that a national ID system has four basic components: a card that contains information about the person; a database (or set of databases) of information linked to the card; a system for checking the card data against the database; and some sort of registration procedure that verifies the information.
He goes on to say: "The way to think about the security of this system is no different from any other security countermeasure. One, what problem are IDs trying to solve? Two, how can IDs fail in practice? Three, given the failure modes, how well do IDs solve the problem? Four, what are the costs associated with IDs? And five, given the effectiveness and costs, are IDs worth it?"
ID system proponents seem to think that the problem is being unable to verify identity. But it's not at all clear how that helps against terrorism. For instance, most of the hijackers were in the United States legally and had no "bad" record with the FBI. Simply knowing who someone is doesn't mean you know that person should or shouldn't be allowed to board an airplane. As Schneier puts it, "much of the utility of the national ID card assumes a pre-existing database of bad guys. We have no such database."
Schneier notes that IDs can fail in practice many different ways. Each component of the system can fail: cards can be counterfeited, databases can be wrong or compromised; those who check IDs can be careless, make mistakes or, even worse, be compromised. Schneier concludes that IDs are "prone to errors and misuse, and are likely to be blindly trusted even when wrong."
Even state DMV officials appear aware of the weaknesses in their systems. At a recent hearing on ID cards before the California State Assembly Judiciary Committee attended by an EFF representative, an official of the California DMV anticipated questions about card fraud and admitted that counterfeiters can make "very passable forged driver's licenses, including the magstripe." He also explained that while California has around 30 million thumbprints on file, their data isn't good enough to be used for computer matching -- so they would probably need to collect thumbprints again for use on driver's licenses.
Perhaps none of these problems is insoluble. But what's clear is that it would take an enormous commitment of resources to "harden" the system, and an enormous commitment to pay attention to maintain it. Schneier's rough calculation: "tough" cards might cost a dollar each; creating and maintaining the database will cost a few times that per person, registration will cost many times that per person (assume 250 million Americans); then factor in the costs associated with hardware, software, and person-hours of checking IDs.
Even worse, a national ID card or system carries tremendous risks to civil liberties. Fundamentally, of course, an ID system aims to uniquely identify people and permits them to be tracked across their transactions and to be linked to all the informational traces thereby created. History tells us that ID systems have a strong momentum toward a checkpoint mentality. Those who push for ID systems are well aware of this and try to start small. During the attempt to introduce the Australia Card, one planning document stated: "It will be important to minimize any adverse public reaction to implementation of the system. One possibility would be to use a staged approach for implementation, whereby only less sensitive data are held in the system initially with the facility to input additional data at a later stage when public acceptance may be forthcoming more readily." Police who are given powers to demand ID invariably have powers to detain people who do not have the card, or who cannot prove their identity. Great Britain, for instance, began issuing wartime ID cards in 1939 in order to administer rations. In 1952, the system was discontinued because police had too much discretion to stop people for ID checks.
Do we really trust our DMVs, or any other ID bureaucracy, to run this system? EFF fears that we'll end up with the worst of both worlds: a system that isn't good enough to protect against terrorism, but is good enough to create an internal passport system for ordinary, law-abiding Americans.
Amazingly -- or perhaps not so amazingly -- the AAMVA's recommendations and press releases don't even mention personal privacy. Indeed, AAMVA will soon be holding a conference to talk about its plans, and it is inviting commercial vendors to display their wares.
EFF urges its members and readers to contact the AAMVA to express opposition to this ill-considered proposal.
AAMVA Website:
Bruce Schneier's Crypto-Gramm newsletter article on national IDs:
EFF Privacy Archive:
EFF's "Privacy Now!" Campaign:
The Electronic Frontier Foundation is the leading civil liberties
organization working to protect rights in the digital world. Founded in
1990, EFF actively encourages and challenges industry and government to
support free expression, privacy, and openness in the information
society. EFF is a member-supported organization and maintains one of the
most linked-to Web sites in the world:
http://www.eff.org/
Will Doherty, EFF Online Activist / Media Relations
wild@eff.org
+1 415 436 9333 x111
Katina Bishop, EFF Offline Activist / Education Dir.
katina@eff.org
+1 415 436 9333 x101
- end -
San Francisco - Texas resident Matthew Pavlovich yesterday for a second time asked the California Supreme Court to reverse a lower court decision requiring him to defend a trade secret case in a California court. Pavlovich, who did not reside in or have any contact with California, has resisted being forced to defend the case in that state.
"Courts have uniformly held that simply publishing something on the Internet is not sufficient to hold jurisdiction worldwide," noted EFF Intellectual Property Attorney Robin Gross. "Without the proper application of constitutional safeguards, the Internet will become a liability minefield for users."
In December 1999, a movie industry association called the DVD Copy Control Association (DVD CCA) sued hundreds of individuals, including Indiana college student Pavlovich, for allegedly publishing DVD decoding software called DeCSS on websites that hosted various Linux-based open-source projects. The DVD CCA claims that Internet republishing of DeCSS on their websites constitutes a trade secret violation.
Pavlovich's appeal is similar to the major case on the trade secret issue, DVD CCA v. Bunner, where an appeals court has stayed the trade secret misappropriation issue pending the outcome of Pavlovich's jurisdictional motion.
The U.S. Constitution's due process clause limits a state court's ability to assert power over out-of-state defendants who have no connection with that state. The Pavlovich case has already gone to the California Supreme Court once before; the Court sent the matter back to the Appellate Court to explain why it believed Pavlovich could be required to come to California. The Appellate Court again held that Pavlovich is required to defend himself in California.
"The lower court's ruling means that a person would be subject to jurisdiction everywhere the Internet reaches," said Allonn Levy, who represents Pavlovich. "It means that movie industry moguls can drag web publishers from anywhere in the world to defend themselves here in California."
DeCSS is free software that allows people to play DVDs without technological restrictions, such as region codes, preferred by movie studios.
Norwegian teenager Jon Johansen originally published DeCSS on the Internet in October 1999. Norwegian prosecutors recently indicted Johansen more than two years after the DVD CCA urged them to do so.
Information and legal documents related to Pavlovich case:
Information and legal documents related to Johansen case:
Allonn Levy, Attorney, HS Law Group
ael@hsapc.com
+1 408 790-5320 x5330
Robin Gross, EFF Intellectual Property Attorney
robin@eff.org
+1 415-436-9333 x112
- end -
New York - 2600 Magazine today requested that a U.S. court reverse an earlier ruling prohibiting publication of the software code called DeCSS which permits DVD owners to view DVDs on players that are not approved by the entertainment industry.
Stating that "free speech principles should turn not upon newly minted distinctions between pen-and-ink and point-and-click," the Electronic Frontier Foundation (EFF) and lead counsel Kathleen M. Sullivan today asked the full Second Circuit Court of Appeals to hear Universal v. Corley.
"By permitting publication of code in an online magazine, the Second Circuit would recognize that Internet speech is fully protected by the First Amendment as established by the U.S. Supreme Court in ACLU v. Reno," noted EFF Legal Director Cindy Cohn. "The most egregious part of the previous decision prevented even linking, the lifeblood of the Internet."
In November, a three-judge panel held that the magazine could be banned from publishing or linking to DeCSS. That panel rejected pleas from 46 intellectual property professors, 17 top computer scientists, 8 top computer security experts, the Association for Computing Machinery, the American Library Association, the ACLU, and the Reporters Committee for Freedom of the Press, among many others.
A court decision on the request is expected later this spring.
More information and legal filings in the 2600 case:
2600 Magazine:
http://www.2600.com/
Cindy Cohn, EFF Legal Director
cindy@eff.org
+1 415-436-9333 x108
Lee Tien, EFF Senior First Amendment Attorney
tien@eff.org
+1 415-436-9333 x102
- end -
WHO:
Cindy Cohn - EFF Legal Director
Lee Tien - EFF Sr. Staff Attorney
Fred von Lohmann - EFF Sr. IP Attorney
Robin Gross - EFF Staff Attorney for Intellectual Property/CAFE Director
Moderated by Shari Steele - EFF Executive Director
WHAT:
"Will Free Expression Survive the Digital Media Revolution?"
Sponsored by The Electronic Frontier Foundation and the Berkeley Center for Law and Technology
Movies. Music. Books. You buy it; you own it. That's how it used to be. Now the DMCA and expanded copyright laws are helping Hollywood change all that. Come and hear the EFF attorneys talk about the state of the battlegrounds that affect your rights.
EFF attorneys will tackle thorny issues during this interactive discussion, such as the impact on science and research from the DMCA's broad ban on technical information, its effect on encryption and computer security, Constitutional challenges in court and possible legislative actions, international concerns, and the role of fair use in the digital age.
WHEN:
February 12th, 2002
WHERE:
Berkeley Center for Law & Technology
University of California
School of Law (Boalt Hall)
Goldburg Room, Second Floor
Berkeley, California 94720-7200
Tel: +1 (510) 642-8073
For directions, see:
For more information contact Katina: +1 (415) 436-9333 x101, katina@eff.org
This event is free and open to the general public. Food and beverages will be served.
The Electronic Frontier Foundation is the leading civil liberties
organization working to protect rights in the digital world. Founded
in 1990, EFF actively encourages and challenges industry and
government to support free expression, privacy, and openness in the
information society. EFF is a member-supported organization and
maintains one of the most linked-to Web sites in the world:
The Berkeley Center for Law & Technology was founded in 1995 to foster beneficial and ethical advancement of technology by promoting the understanding and guiding the development of intellectual property and related fields of law and policy. Housed in Boalt Hall, the Center serves as a resource for academia, the judiciary, law students, practitioners, policy makers and others with an interest in the intersection between technological development and the public interest.
- end -
Come visit the EFF booth at the Linuxworld Conference and Expo in New York, January 30th thru February 1st. We will be passing out a passel of up-to-the-moment information and distributing the usual EFF-related goodies. Immediately following the opening keynote address, the EFF will be receiving an award for our work on behalf of the Linux community from the good people at IDG. Exhibits-only passes are available to the first 50 people who write in - contact Kevin McLaughlin (kevin@eff.org) for your pass!
Jacob K. Javits Convention Center
655 West 34th Street
New York, NY 10001
For more information:
- end -
EFFector is published by:
The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
http://www.eff.org/
Editors:
Katina Bishop, EFF Education & Offline Activism Director
Stanton McCandlish, EFF Technical Director/Webmaster
editors@eff.org
To Join EFF online, or make an additional donation, go to:
http://www.eff.org/support/
Membership & donation queries: membership@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org
Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements & articles may be reproduced individually at will.
To subscribe to or unsubscribe from EFFector via the Web, go to:
To subscribe to EFFector via e-mail, send to majordomo@eff.org a message BODY (not
subject) of:
subscribe effector
The list server will send you a confirmation code and then add you to a
subscription list for EFFector (after you return the confirmation code;
instructions will be in the confirmation e-mail).
To unsubscribe, send a similar message body to the same address, like
so:
unsubscribe effector
(Please ask listmaster@eff.org to manually remove you from the list if this does not work for you for some reason.)
To change your address, send both commands at once, one per line (i.e., unsubscribe your old address, and subscribe your new address).
Back issues are available at:
http://www.eff.org/effector
To get the latest issue, send any message to effector-reflector@eff.org
(or er@eff.org),
and it will be mailed to you automatically. You can also get, via the Web:
Return to EFFector Newsletters Index
Please send any questions or comments to webmaster@eff.org