The Senate is scheduled to vote on Tuesday on the bill that has the Real ID Act as an amendment. If you want to inform your Senator of your opinion on this issue, you can send a fax from this website:
UnRealID.comFor more information on the Real ID Act and it's likely consequences, you can read the links here:
Can I see your papers?
Technorati Tags: liberty, opinion, privacy
Mog pointed out this section of the Real ID Act today:
(1) IN GENERAL- Notwithstanding any other provision of law, the Secretary of Homeland Security shall have the authority to waive, and shall waive, all laws such Secretary, in such Secretary’s sole discretion, determines necessary to ensure expeditious construction of the barriers and roads under this section.As Mog asked:
(2) NO JUDICIAL REVIEW- Notwithstanding any other provision of law (statutory or nonstatutory), no court, administrative agency, or other entity shall have jurisdiction–(A) to hear any cause or claim arising from any action undertaken, or any decision made, by the Secretary of Homeland Security pursuant to paragraph (1); or
(B) to order compensatory, declaratory, injunctive, equitable, or any other relief for damage alleged to arise from any such action or decision.
Think about that for a minute, when in the history of the U.S. have we given one person, in this case the Secretary of Homeland Security, the authority to waive all laws with no judicial review?This is part of a larger, very troubling trend where Congress (namely, Republicans) are inserting into bills exclusions from judicial review, and where the President has proclaimed he has the power to declare even US citizens "enemy combatants" and hold them incommunicado with no review process and no appeal.
It seems to me that both of these actions are in and of themselves unconstitutional.
Are we starting to run off the rails because the extremists have no respect for our system, and insist upon their way, 100%, no compromises, and those who crave power pander to the extreme?
Remember, folks, these are the people you elected to represent you. Was your mandate to destroy a system that has worked for over 200 years?
Somehow, I don't think it was.
Technorati Tags: commentary, opinion, patterns in the white noise, privacy
...consider this:
May 03, 2005 The Right of MovementThe Washington Post reports that cops are using sobriety checkpoints for purposes that have nothing to do with drunken driving.
Lisa Davis had done nothing wrong. She was wearing a seat belt, was obeying the speed limit and produced a valid driver's license when D.C. police pulled her over one recent night at a traffic safety checkpoint in a crime-plagued neighborhood.Even so, an officer jotted down some basic information before letting her go, including her name, address and the time and location of the stop for a police database used for crime solving.
[...]
The details about Davis and the stop will be fed into the database, which is linked to a computer that includes arrest records and mug shots of criminals. The database allows a detective, for example, to enter into the computer the description of a car that fled a crime scene in hopes of finding a match from a traffic checkpoint.
The city's practice of recording information at traffic safety checkpoints on violators and law-abiding motorists alike -- and sometimes their passengers -- has garnered little attention since police began entering such data into a computer in 2002. Few, if any, of the more than 100 people pulled over almost nightly at the five or six checkpoints in high-crime areas realize that their names and whereabouts will end up in the database.
As Lawrence Taylor points out, in Michigan vs. Sitz, the case that said checkpoints passed constitutional muster, the Supreme Court conceded that such stops constituted a "search" as defined by the Fourth Amendment, but okayed them anyway because of the threat to public safety posed by drunken driving (a threat that was overblown by inflated statistics, BTW).Seems to me that randomly stopping motorists, collecting personal information from them even if they've done nothing wrong, entering that information into a database, then sending them on their way would fail to satisfy Sitz.
But given the way the Supreme Court has ruled on freedom of movement and search issues lately, I'm guessing that should the DC police tactics be challenged, Rhenquist and company would find a way to approve them.
It should be obvious to any thinking citizen that those in power inevitably see things in a different light than those with little power, to the detriment of those who do not hold the upper hand.
Is this truly the road we want to be traveling?
Technorati Tags: commentary, freedoms, opinion, patterns in the white noise, privacy
When I was young, I remember watching movies about World War II and not understanding the meaning in scenes set in Germany when some official said, "Papers, please," in a smug voice.
It is no longer paper, so they now will ask "ID, please," and it is no longer in fascist Germany:
FAQ: How Real ID will affect you
Published: May 6, 2005, 4:00 AM PDT By Declan McCullagh Staff Writer, CNET News.comWhat's all the fuss with the Real ID Act about?
President Bush is expected to sign an $82 billion military spending bill soon that will, in part, create electronically readable federal ID cards for Americans. The House of Representatives overwhelmingly approved the package--which includes the Real ID Act--on Thursday.What does that mean for me?
If you live or work in the United States, you'll need a federally approved ID card to travel on an airplane, open a bank account, collect Social Security payments, or take advantage of nearly any government service starting three years from now. Practically speaking, your driver's license likely will have to be reissued to meet federal standards.The Real ID Act hands the Department of Homeland Security the power to set these standards and determine whether state drivers' licenses and other ID cards pass muster. Only ID cards approved by Homeland Security can be accepted "for any official purpose" by the Feds.
---
Who were the three Republicans who voted against it?
Reps. Howard Coble of North Carolina, John Duncan of Tennessee, and Ron Paul of Texas.Paul has warned that the Real ID Act "establishes a national ID card" and "gives authority to the Secretary of Homeland Security to unilaterally add requirements as he sees fit."
Is this a national ID card?
It depends on whom you ask. Barry Steinhardt, director of the American Civil Liberties Union's technology and liberty program, says: "It's going to result in everyone, from the 7-Eleven store to the bank and airlines, demanding to see the ID card. They're going to scan it in. They're going to have all the data on it from the front of the card...It's going to be not just a national ID card but a national database."At the moment, state driver's licenses aren't easy for bars, banks, airlines and so on to swipe through card readers because they're not uniform; some may have barcodes but no magnetic stripes, for instance, and some may lack both. Steinhardt predicts the federalized IDs will be a gold mine for government agencies and marketers. Also, he notes that the Supreme Court ruled last year that police can demand to see ID from law-abiding U.S. citizens.
"Papers, please."
I'm not really comfortable with 7-Eleven having access to the kind of information about me that will be embedded in the ID, either.
If the ID includes an embedded RFID chip, I'll also be buying a wallet with metal fabric so that it cannot be read remotely without my knowledge and permission.
People, this is serious.
From an earlier article at CNet News.com on the Real ID Act:
National ID cards on the way?
Published: February 14, 2005, 4:00 AM PST By Declan McCullagh Staff Writer, CNET News.comA recent vote in Congress endorsing standardized, electronically readable driver's licenses has raised fears about whether the proposal would usher in what amounts to a national ID card.
In a vote that largely divided along party lines, the U.S. House of Representatives approved a Republican-backed measure that would compel states to design their driver's licenses by 2008 to comply with federal antiterrorist standards. Federal employees would reject licenses or identity cards that don't comply, which could curb Americans' access to everything from airplanes to national parks and some courthouses.
The congressional maneuvering takes place as governments are growing more interested in implanting technology in ID cards to make them smarter and more secure. The U.S. State Department soon will begin issuing passports with radio frequency identification, or RFID, chips embedded in them, and Virginia may become the first state to glue RFID tags into all its driver's licenses.
"Supporters claim it is not a national ID because it is voluntary," Rep. Ron Paul of Texas, one of the eight Republicans to object to the measure, said during the floor debate this week. "However, any state that opts out will automatically make nonpersons out of its citizens. They will not be able to fly or to take a train."
Paul warned that the legislation, called the Real ID Act, gives unfettered authority to the Department of Homeland Security to design state ID cards and driver's licenses. Among the possibilities: biometric information such as retinal scans, fingerprints, DNA data and RFID tracking technology.
---
"In reality, this bill is a Trojan horse," said Paul, the Republican congressman. "It pretends to offer desperately needed border control in order to stampede Americans into sacrificing what is uniquely American: our constitutionally protected liberty."
Unlike last year's measure, the Real ID Act "doesn't even mention the word 'privacy,'" said Marv Johnson, a lobbyist for the American Civil Liberties Union.
"What I think the House is planning on doing is attaching this bill to tsunami relief or money to the troops," Johnson says. "When they send it to the Senate, the Senate will have to either fish or cut bait. They can approve it or ask for a conference committee, at which point the House can say 'they're playing games with national security.'"
I can still recall how during the height of the Cold War the right-wing decried the control that the government of the Soviet Union had over its citizens.
Many will say, "What's the problem? If it helps stop terrorism and illegal immigration, I'm all for it!"
The best response is one that was made two centuries ago, and is quoted in the sidebar of this site:
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.Consider the nature of liberty for a moment.
-Benjamin Franklin, Historical Review of Pennsylvania, 1759
Then, consider how much we are already tracked and how little privacy we have now.
Finally, consider how easy it will become with a government mandated ID system to track us all.
Do we want government to have yet another tool to easily track us (not even discussing how corporations track us, another ChoicePoint fiasco, anyone?).
Government has enough power over us all as it is.
The IRS still has the power to seize all assets if they claim we are behind on our taxes.
We can be arrested and held as "material witnesses" for indefinite times, and if we are declared an "enemy combatant" (which only requires an executive order, no hearing or other process), then we can be held completely incommunicado with no habeas corpus allowed.
Is that liberty?
Technorati Tags: commentary, opinion, patterns in the white noise, privacy
...apparently children are being targeted as well.
Read the entire article.
Then, write your Senator and Representative to tell them to do something about this problem instead of focusing on the broadcasting of nipples on television.
From a Wired News article on a lawsuit filed against ChoicePoint because of the recent data theft:
In a previous case in South Carolina, an identity theft victim tried to sue Citibank and two credit agencies for negligence for not properly authenticating the identity of someone who applied for credit cards under his name. The case was thrown out of court by judges who concluded that since the victim was not a customer of the bank and credit agencies and they had no business relationship with him, they had no responsibility to protect his personal data or identity.I am not a lawyer, but I do understand the legal theory behind the dismissal of the case.
It is time to rethink our legal theory.
When a victim of identity theft has no recourse in the law against companies who are profiting from his personal information when they mishandle that information or do not properly verify identities and therefore facilitate the crime of identity theft, our legal theory is broken.
Our legal system has become this complex, abstract ethereal construct of philosophical absolutes guarded by a highly educated and exclusive priesthood of lawyers that often results in rulings that while consistent with the legal philosophy fly in the face of common sense and what the common man would regard as right.
Should the law be so complex that one has to attend graduate school for years just to know the exact meaning of the terminology used? Should the law be so rigid that someone who was obviously harmed by corporations has no legal recourse because he had no direct relationship with those corporations?
One would think the position of "judge" is called judge because they are supposed to help provide the balance depicted in the statues of blind justice, not be so beholden to abstract philosophy that obvious harm is not rectified because it conflicts with the theory.
In law, as in science, in theory, there is no difference between theory and practice, but in practice, there is a huge difference.
...who watches the watchmen?
The choice of members for the Homeland Security Department Privacy Advisory Panel speaks for itself, and it speaks volumes.
Let's start with the press release from the company that is exposing the problem:
Think Finds Flaw Revealing Up To 100,000 Social Security Numbers
BOSTON, MA -- February 23, 2005 -- Think Computer Corporation has released another security-related White Paper detailing how anywhere from 25,000 to 100,000 Social Security numbers may have been accessible to the public for several years. The discovery of the flaw is particularly timely given the recent controversy surrounding similar problems at ChoicePoint, Inc., as well as changes in California state law that require companies to notify California residents whose Social Security numbers may have been compromised.
Though PayMaxx, Inc., the company responsible for the problem, was contacted repeatedly and urged to remedy the problem, a representative responded by saying, "we already cooperate with a significantly experienced testing agency and have been tested several times for security issues." (NOTE: Emphasis added)
Since PayMaxx, Inc. provides payroll services to its clients, salary data and home addresses were also exposed.
The paper is available at:
http://www.thinkcomputer.com/corporate/news/identitycrisis.pdf
About Think Computer Corporation
Think was founded in 1998 with the long-term goal of developing simple, useful computer software. From its inception through 2001, the company offered IT consulting services to over 150 clients. Today, it writes software programs that make businesses and organizations worldwide more productive. Think is on the web at http://www.thinkcomputer.com.
Payroll site closes on security worries
Published: February 23, 2005, 3:54 PM PST
By Robert Lemos
Staff Writer, CNET News.comOnline payroll service provider PayMaxx shuttered its automated W-2 site on Wednesday after a researcher claimed that two security holes had exposed data on more than 25,000 people.
A description of the problem posted on Think Computer's Web site by Aaron Greenspan, president of the software start-up, said the security issues could allow anyone to view the W-2 forms generated for employees of PayMaxx's clients for the last five years.
PayMaxx did not acknowledge or deny the problems, saying that a third-party security company was investigating the allegations.
"No system in the world is 100 percent secure from a sophisticated and determined hacker," the Tennessee-based payroll company said in a statement sent to CNET News.com. "PayMaxx has made and continues to make every effort to secure its system against any breach."
Greenspan, a former PayMaxx customer, said he discovered the alleged problems in the company's system more than two weeks ago, after he received notification from the company that his W-2 tax form was available online for download and printing. The link to access the W-2 included an ID number, and he wondered whether the company had protected against an obvious security problem: adding one to the ID number to get the next form.Instead of being denied access, Greenspan found that another person's W-2 was downloaded and readable. Sequential, rather than randomized, ID numbers made it easy to call up numerous customers' data.
The hole could have allowed employees at PayMaxx's clients to access more than 25,000 W-2 forms for last year and the W-2 forms for years back to 2000, he said.
He said his investigation revealed that PayMaxx's database contained a record for testing purposes that contained a Social Security number of 000-00-0000 and a password of all zeros. That could allow anyone to log into the site and then use the lack of authentication to sequentially download all the W-2 forms, Greenspan said.
"Anyone could have been exploiting these security issues for years, and no one would have known about it," he said.
This is beyond incompetent.
This isn't the only newly revealed problem, however. From the weblog Become the Media:
Thank You Bank of AmericaFirst it was ChoicePoint. Then it was PayMaxx. Now, 1.2 million federal workers may be at risk of identity theft because Bank of America lost computer tapes which contained sensitive information such as Social Security numbers.
When are these companies that collect and hold our personal information going to be held responsible for their actions? As it is, we don't even own the data that these companies keep on us. We have no control over what they can do with it. If they want to sell it to the highest bidder, they can. As a matter of fact, they already do. The only solution it seems is to hit them where it hurts - in the wallet. One woman in California is already suing ChoicePoint for fraud and negligence.
I have questioned if we can effectively say we have any privacy. That question has been answered, and the answer is "No."
Even discounting the economic impact and negative effects on lives due to identity theft, we should be concerned about this from the standpoint of terrorism, which is said by everyone to be a priority.
It's easy to get a LOT of things with a valid Social Security number, especially if you have access to other data directly related to that number.
Do the math...
After the "No" response to questioning if we have any privacy at all, I have another question: Is this really the way we want it?
Essentially no privacy, companies are free to collect and sell our personal information without our permission.
Millions of dollars stolen by identity thieves and millions of hours of lives wasted in dealing with the problem.
Providing terrorists and other criminals easy means of hiding their identities.
Instead we focus on huge fines for broadcast swear words or nipples, fines higher than for willful death or human testing of pesticides.
Again, do the math...
What are our priorities?
Here's more on the ChoicePoint ID theft problem that I first posted about a few days ago. From the Associated Press via MSNBC.com:
ChoicePoint: ID theft could be extensiveWell, that is comforting, isn't it? It does not answer the question as to why they didn't screen them properly in the first place, though.
Residents in 50 states, D.C., territories may be affected
The Associated Press
Updated: 4:36 p.m. ET Feb. 21, 2005
ATLANTA - ChoicePoint Inc., under fire for being duped into allowing criminals to access its massive database of personal information, said Monday that consumers in all 50 states, the District of Columbia and three U.S. territories may have been affected by the breach of the company's credentialing process. The data warehouser also announced plans to rescreen 17,000 business customers to make sure they are legitimate.
ChoicePoint said it is almost done notifying by mail all of the potential victims. California authorities have said as many as 500,000 people may have been affected, but ChoicePoint disputes that number."All I can tell you is our number is roughly 145,000, and we know that we're over-notifying," ChoicePoint marketing director James Lee said. "There will be duplications in there."
Last week, attorneys general in 38 states demanded ChoicePoint inform all affected consumers that they might vulnerable to identity theft amid concerns the company was foot-dragging. Politicians have also become involved, with two U.S. senators calling for hearings and stepped-up regulations to protect consumers.As for the rescreening, ChoicePoint said any business that is not publicly traded or not a government agency will have to be recredentialed to use its services.
"It will involve the revalidation of any information they previously provided as well as requests for additional information," Lee said. "Certain customers will receive site visits, but I can't be more specific than that because we don't want to reveal too much."
He said it could take up to 60 days to recredential the affected customers.
Once recredentialed, those customers will no longer receive access to consumers' Social Security numbers, dates of birth and driver's license numbers unless they are sponsored by a public company or government agency, Lee said.
The company said in a statement that it is seeking to "remove information in those segments where organized crime fraud is likely to occur."
I want to know why Social Security numbers were included in the information that was being distributed in the first place.
The most discomforting part is next, though:
The customers affected represent less than 5 percent of the company's $900 million in annual revenue.This company, ChoicePoint, makes $900 million per year in revenue by selling the personal, private information of people without the need to get the permission of the people involved.
Formed in 1997 as a spinoff of credit reporting agency Equifax Inc., ChoicePoint has 19 billion public records in its database at its suburban Atlanta headquarters, including everything from motor vehicle registrations, license and deed transfers, military records, names, addresses and Social Security numbers.A company is making money by selling information about people, private information such as Social Security numbers and military records.
Am I the only one who sees a problem here?
If you see a problem with this, too, then please write your Senator and Representative to tell them that this situation is unacceptable.
...those folks who have been making money selling your information without even asking you are now selling it without even checking on the legitimacy of the buyer:
ChoicePoint: More ID theft warnings
ID company says criminals able to obtain almost 140,000 names, addresses and other information.
February 17, 2005: 1:10 PM ESTNEW YORK (CNN/Money) - ChoicePoint Inc., a national provider of identification and credential verification services, says it will send an additional 110,000 statements to people informing them of possible identity theft after a group of well-organized criminals was able to obtain personal information on almost 140,000 consumers through the company.
According to a statement on the ChoicePoint (Research) Web site, the incident was not the result of its systems being hacked but rather caused by criminals posing as legitimate businesses seeking to gain access to personal information.
ChoicePoint said the criminals may have gained access to people's names, addresses, Social Security numbers and credit reports.
I have a fundamental problem with someone making money by selling my personal, private information without my consent.
I have a BIGGER problem with someone making money by selling my personal, private information without my consent and not being careful about who they sell that information to, especially when they don't pay me to recompense the enormous amount of time required to correct the resulting identity theft problem.
I guess the people who say there is no "right to privacy" are correct, at least in how our private information is currently bought and sold without any consent. I just wonder what they will say when they have to spend hours on the phone and writing letters to cope with the theft of their identity.
