The Physics Police

The Physics Police

Thursday, August 22, 2013

Enhanced Driver's License

Digital privacy is a hot-button issue right now. While I think it's good for people to be engaged in the issue, but I've also seen some irrational fear, and fear mongering, too. This Mother Jones article by Dana Liebelson is not helping:

The article contains a lot of misinformation about the new Enhanced Driver's License (EDL).

First, the headline. For brevity, I cropped out the parenthetical claim that and "Anyone With $40" can stalk you. This is the price of an Electronic Product Code (EPC) reader. This devices can remotely read EDL numbers (a randomly assigned ID number used only for border crossing, which contains no personal information, whatsoever). The headline claims that, by reading this number, you can stalk people. You can't.

Being able to determine whether or not someone is near by doesn't help you pursue them, approach them stealthily, harass them, or persecute them with unwanted and obsessive attention (those activities being the definition of stalking). What are you going to do, hold out your EPC reader, at arms length, and hope your victim walks close by? I think Liebelson misunderstood the quote by Nicole Ozer, technology and civil liberties policy director at the ACLU of California:
If you carry one of these licenses in your wallet or purse, you can be tracked and stalked without your knowledge or consent.
If the government put up thousands of EPC readers, all over public spaces, they could track a person's movements using their EDL. This isn't going to happen. Video cameras, on the other hand, do pose this risk to privacy. Anyway, Senate Bill 397 clearly limits the use of this card is to border crossing, not track people inside the US.

What if the government changes their mind, and puts up EPC readers everywhere? Or, what if lots of EPC readers get put up by someone else? Well, since the card is optional, you can just destroy it. Don't let Ozar's fear mongering confuse the issue. EDL is a convenience for people who cross the border daily, that's all.

The article also addresses the potential for identity theft, by cloning the EDL:
Unlike with passports, which are encrypted, anyone ... can replicate the number to steal the owner's identity.
But the bill calls for:
... reasonable security measures, including tamper-resistant features to prevent unauthorized duplication or cloning ...
Electronic passports already employ an anti-cloning technology, known as Public Key Infrastructure (PKI). There is no reason to believe that this technology won't be used in California.

Similarly, California EDLs will probably employ Random Unique Identifier (RUID), another technology used today in electronic passports. This technology prevents arbitrary tracking by responding with a different, random identifier each time it's accessed. This would allow the EDL number to be an encrypted "payload" associated only with a random, unique identification number.

In other words, you can't be tracked by your $40 stalker, even if it were practical!

But what about the government tracking me? Well, they already track border crossings... right?

This is just electronic automation.

Weirdly, the article cites a study from 2009 in which Washington State's EDLs were tested to see if they could be read even inside their protective sleeves. The article reports that they can be read from 50 feet away, but as you can see on page 5, it says 57 cm (just under 2 feet). With such a short range, there would be little point to wall, ceiling, or floor mounted scanners.

Not that it matters, because this still-burgeoning technology has advanced a lot in the past few years (PKI, RUID). There will always be Luddites, standing in the way of progress, preaching fear to the credulous.

Don't be fooled by Nicole Ozer or Dana Liebelson.

This technology is nowhere near as dopey as they want you to think.

No comments:

Post a Comment