[iwar] [fc:Privacy.advocates.warn.of.security.implications]

From: Fred Cohen (fc@all.net)
Date: 2001-10-23 19:39:08


Return-Path: <sentto-279987-3348-1003891128-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 23 Oct 2001 19:40:14 -0700 (PDT)
Received: (qmail 16836 invoked by uid 510); 24 Oct 2001 02:38:16 -0000
Received: from n1.groups.yahoo.com (216.115.96.51) by 204.181.12.215 with SMTP; 24 Oct 2001 02:38:16 -0000
X-eGroups-Return: sentto-279987-3348-1003891128-fc=all.net@returns.onelist.com
Received: from [10.1.4.56] by n1.groups.yahoo.com with NNFMP; 24 Oct 2001 02:38:48 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_0_1); 24 Oct 2001 02:38:48 -0000
Received: (qmail 37022 invoked from network); 24 Oct 2001 02:38:47 -0000
Received: from unknown (10.1.10.27) by l10.egroups.com with QMQP; 24 Oct 2001 02:38:47 -0000
Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2 with SMTP; 24 Oct 2001 02:38:47 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9O2d8c31387 for iwar@onelist.com; Tue, 23 Oct 2001 19:39:08 -0700
Message-Id: <200110240239.f9O2d8c31387@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 23 Oct 2001 19:39:08 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Privacy.advocates.warn.of.security.implications]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Privacy advocates warn of security implications

Cara Garretson,  IDG Net, 10/23/2001
<a href="http://www.idg.net/ic_717469_1794_9-10000.html">http://www.idg.net/ic_717469_1794_9-10000.html> 

WASHINGTON, D.C.  - As it is likely that the U.S.  government will take
legislative steps to heighten national security following the hijackings
of Sept.  11, the Electronic Privacy Information Center (EPIC) held a
press conference here Monday in an attempt to raise awareness of the
privacy implications that such action will bring. 

For the past month or so, Congress has been mulling over various methods
of bringing greater security to the country, particularly to its
physical borders and airports.  Proposals ranging from face recognition
systems to national identification cards to a central government
database have been discussed in hearings, gaining various levels of
support from lawmakers eager to enlist technology to help fight the
battle against terrorism. 

EPIC's press conference was designed to begin a public debate about the
privacy ramifications of these technologies, and in some cases to
question their efficacy and applicability. 

"We're here today to explore the long term implications of the new calls
for security and identification," said Marc Rotenburg, executive
director of EPIC. 

Of the different security approaches being considered, installing face
recognition systems in airports is among the most likely to happen, said
Richard Smith, EPIC's chief technology officer (CTO).  A handful of
airports already employ the technology, but currently the goal is to
catch local criminals by matching the face of an airport visitor to a
database of mug shots, not to catch terrorists, he said. 

Beyond the issue of whether scanning faces in a public place violates
individuals' privacy, Smith said that there are accuracy problems with
face recognition technology.  He offered the example of Visionics
Corp.'s FaceIt software, which he had installed on his notebook
computer.  "This is not a perfect technology in any way," he said,
explaining that differences in lighting, head positions, and background
objects can hinder the program's ability to match a scanned facial image
with one stored in a database. 

There is also the practical issue that in order to effectively use face
recognition software, there must be an established database of faces to
match the scans to.  In the case of fighting terrorism, it's unlikely
that a comprehensive database of faces exists, he said. 

However, Smith did concede that as a public relations move to help
people feel like the government is doing something to catch terrorists,
face recognition systems are a likely choice. 

Another option under Congress' consideration is to institute a national
identification card program.  This proposal has gained the support of
Oracle Corp.  Chairman Larry Ellison, who said after the hijackings that
he would donate the necessary database software for building such a
system.  EPIC's Rotenburg said that Ellison was invited to speak at
Monday's press conference, but declined. 

ID cards only work if they have a single purpose that is clearly
identified and protected, said Robert Ellis Smith, editor of Privacy
Journal, who referred to such cards as domestic passports.  If the cards
carry multiple pieces of information -- name, address, workplace, and
Social Security number, for example -- then an official who checks an
individual's identification to, say, allow entrance to the workplace,
will have access to more information than is needed for admittance. 

A balance between security and privacy must be found, he said. 

"The assumption (following the events of Sept.  11 is that) civil
liberties will have to be re-examined.  I refuse to accept that
assumption,"said Robert Ellis Smith.  "We punish ourselves.  Why pose
restrictions on ourselves and not on those from where (threats) come?"

In the case that such an identification system is adopted, panel members
at the press conference agreed that it must be accompanied by laws that
regulate its use.  For example, there could be an "ask ID, show ID"
policy that says any law enforcement official requesting to see
someone's national ID must have their own identification prominently
displayed, suggested Whitfield Diffie, a distinguished engineer at Sun
Microsystems Inc.  Laboratories.  Another policy could be to strictly
define the conditions in which an official can ask to see a national ID,
and for what reasons, he said. 

Sounding a somewhat different view, one panel member said he thinks
there are ways to use biometric technology to help catch terrorists that
don't necessarily violate privacy. 

"It has the potential for benefit and for evil," said John Woodward,
senior policy analyst at RAND, a nonprofit research institution focused
on policy.  "I don't want to make face recognition a technological
heroin -- you get in trouble just for having it."

EPIC can be found on the Web at <a
href="http://www.epic.org/">http://www.epic.org/>. 

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST