ID Numbers in India

The Economist has an interesting piece on India's attempt to give each person a biometric ID.  I've always liked the idea, because I'm a bureaucrat and it's a bureaucrat's dream.  India, with its British civil service heritage, has a much better chance of carrying the project through than we have in this country, even though it's also a federal republic and its central government seems to be weaker than the UK's.

Limiting the Use of SSN's

Nextgov had a post a while back reporting the Navy was limiting the use of Social Security numbers. It ends:

The eventual goal is to have a unique Defense Department ID replace Social Security numbers across all the services. Defense expects to begin removing Social Security numbers from bar codes on service member ID cards by 2012.

 There's a gain to using organization-specific (DOD) IDs instead of nation-specific IDs (SSN's), I suppose. My personal prejudice is for using applications which don't require an ID number at all. After all, if you need to distinguish among the multiple Bill Harshaws who live in the world, a combination  of data works.  Just use the Whitepages application and do a search for a last name and a town.  They'll respond with a list of people with the last name and provide the first names, often the ages, and often the other people in the household.  Usually that's good enough for what you want.

Granted there may be some instances in which the organization needs greater certainty.  For example, consider an ID card.  My VA drivers license used to have the SSN on it, but now it's got a customer ID number.  That's what store clerks write down, or they used to, when they ask for ID for a check or a purchase. Such requests are infrequent now; I'm not sure whether it's because businesses have figured the info is not worth the hassle or what.  The better solution would be a picture of me and my card, which they may be getting.

I'd hasten to add that there needs to be an ID card number, which identifies the ID card itself, but which doesn't identify the person. If I lose my license, VDOT needs to reissue one, and know which actual card was lost and which I should have.  That way, if the lost card pops up in someone's possession they can tell the difference. I don't know VDOT's business processes, but it looks as if they do have such a card number on the license.

Finally, if needed, any organization these days should be able to rely on an email address, which is what they do online. Unfortunately not everyone has one, which is a subject for another day.

On Naming

Hat tip to Tyler Cowen--having tried to deal with a few of the issues with names in my prior live, only to discover after 9/11 my efforts were quite inadequate, I really liked this list of Falsehoods Programmers Believe About Names.

I wonder how long it will be before we all get email addresses at birth?  Of course, the younger generation no longer uses email, just Twitter and Facebook.

Identity and Surveillance

The Post has an article today on the adoption of mobile fingerprint readers, equipment originally designed for the military.Local police departments are using them to good effect in various scenarios. Meanwhile the NYTimes reports on the use and possible misuse of CCTV in Britain. Anyone who follows PBS Mystery will know how automatic it is for Brit detectives to check the closed circuit TV tapes.  But apparently, as with many innovations, once it's built it's used.  The Brits have a case where the school authorities used the tapes to try to determine whether a family actually lived in the district they claimed to.  Result: some upset

While some, like the ACLU, see such things as violating our right to privacy.  I'm reminded, however, in the small towns we used to live in there was no such privacy--everyone knew everyone without the need  of a fingerprint reader and everyone watched everyone, without use of CCTV.

Identity and Passwords

Interesting piece on passwords in this week's Newsweek.  The latest and greatest is not biometrics, but a one-time password you receive on your cell phone.  If that gets going, I'll really have to get into the modern world (I make very limited use of a cell). But our true security lies in the herd instinct--the predators get the weak and the unlucky while the rest of us run off thinking ourselves immortal just because we escaped.

Why NAIS Might Seem Sensible

Today DC and MD students went back to school. Prince George's county has a trial going on--students have cards to be swiped when they board the school bus, which enables the system to track them. The broadcast reports don't say whether they also swipe the cards during the day, but I'd assume they do.

When we track our children and our pets, why not track our food?

Government ID's

This piece at Government Executive outlines a proposal to replace the "Real ID" law. I'm particularly amused by this:

"The bill would eliminate a mandate for states to create a national information-technology system for sharing data. Instead, state departments of motor vehicles would have to "take appropriate steps" to determine a person does not have a license from another state."

Meanwhile this Federal Computer Weekly piece covers attempts to improve the ID's of first responders.

Federal Emergency Management Agency officials hope a pilot program demonstrated today to make first responders' credentials interoperable across jurisdictions will expand nationwide.

Run by FEMA’s Office of National Capital Region Coordination (NCRC), the program encourages state and local officials and the companies that run critical infrastructures to ensure that their credentials comply with Federal Information Processing Standard 201.

And Equifax has its own proposal:

Equifax, the big credit agency that already knows more about your flea count than you do, wants to help.

It is developing a service that will let you create an online identity that can assert various “claims” that it will back up. To an online wine merchant, it might back you up when you say you are of legal age. If you are applying to open a bank account, the company might vouch for your entire profile, including name, address, birthday and Social Security number.

Personally, as a confirmed bureaucrat, I'd like one Federal ID card. But that's not possible in our society; we're too paranoid.

One Cell to Rule Them All

The NYTimes has an article on the cellphone (i.e., Iphone) as a universal remote.

On its blog, there's a suggestion to convert cellphones into the SecurID device. As it says: "For those of you who don’t work for security-conscious corporations, a SecurID is a little LED display that goes in your wallet or on your keychain, that flashes a different six digit number every minute or so. You need to enter that number, along with a user name and password, to get into some computer systems."

Our British Cousins Have Their Own Problems of Identity

This is a post from Musings of a Stonehead, a "crofter" in Scotland dealing with his problems with credit rating agencies. I found it fascinating. Reading between the lines, in the UK the social security number (or its British equivalent, if any) is not used to coordinate financial data between the different credit raters (apparently the UK has the same ones we do). That puts the burden on matching names and addresses. As in the U.S., rural addresses are likely more free form than urban ones, which is the problem the Stonehead ran into. It's not clear whether the UK has the equivalent of 911 addresses. (For city readers, most, perhaps all, rural counties in the US have now assigned numeric street addresses to their rural residences so that responders to911 emergency calls can be given a specific destination.)

Identifying Voters, Taxpayers, and Patients

There's a sudden spurt of interest in going to a national voter-registration system. See Kevin Drum, Matt Yglesias, and Reihan Salam.

So it's time for me to renew my plea to do away with Social Security numbers. Implement a system that identifies eligible voters, potential patients (based on the recent RAND study) and taxpayers but at the same time phases out the use of SSN's. I'm convinced we could come up with a system that increases the safeguards for each person's privacy, gives people much more control over how their data is used and to whom it is available, and improves efficiency.

The key model is the virtual credit card number, not the one you're used to using but the one VISA offers which few people use. Most people give merchants their credit card number, which can be risky. But you can choose to have VISA provide a number that works only for the transaction, or the vendor. See this. Adapt the same principle and you can have a government-validated identification number for each employer-employee relationship, each patient-healthcare provider relationship, and each voter-voting district relationship; each different, each safeguarded, and none requiring an SSN.

Seems to me if you point out to reasonable people that they already have a unique identifier (their email address) and we get rid of the SSN it's a reasonable deal.

Illegality of Immigrants

Story in the Times says that the illegal immigrants who worked at the kosher meatpacking plant in Iowa and who were arrested in a recent raid are spilling the beans on their employers--claiming extensive abuses. The bottom line is illegal immigrants aren't in a good position to protest ill treatment.

One of the insights of the Founders, as explained in the Federalist, and as expounded upon by the great Scotch-Irish Canadian, John Kenneth Galbraith, is the need to checks and balances, for countervailing power. That's absent with illegal immigrants.

As a knee-jerk bleeding heart liberal my heart is wrung by stories of the hardships of immigrants. And as someone who sometimes is swayed by the blandishments of free-market economists, I like to believe immigration is good for the nation and doesn't really exaggerate inequalities or hurt low-income workers. So I'm tempted to react--let them all in.

But, there's two lines of argument against an open-door policy which seem weighty: the danger of abuse of illegals, as exemplified in the Times story, and the unfairness to those who wait in line for legal entry.

That's why I'd prefer a policy of universal identification--everyone physically within the U.S. needs to be IDed and legalization by history. Once we have identification, then people who wish to work must agree for their history to be tracked: keep your nose clean and you can move up the ladder to citizenship; screw up and be sent back.

Good Bureaucracy in the DC Government

I don't know who might be responsible, but I like the effort, as described in today's Post, to have one ID card that works for all functions of DC government. Apparently the ACLU doesn't have big problems with it.

Online ID and ID Cards

NYTimes has an article on an effort to simplify passwords online:

"The idea is to bring the concept of an identity card, like a driver’s license, to the online world. Rather than logging on to sites with user IDs and passwords, people will gain access to sites using a secure digital identity that is overseen by a third party. The user controls the information in a secure place and transmits only the data that is necessary to access a Web site."

Having recently scorned Medicare's refusal to take the SSN off their ID card, I think the government should join this effort.

Medicare and SSN

The NY Times reports that Medicare is resisting changing the Medicare card to remove the SSN.

Ms. Frizzera, the Medicare official, said that issuing new Medicare cards would be “a huge undertaking.” The agency would need three years to plan such a move and eight more years to carry it out, she said.

Medicare officials estimate that it would cost $500 million to change their computer systems if they issued new ID numbers to beneficiaries. Doctors, hospitals and other health care providers use those numbers in filing claims with Medicare, which pays a billion claims a year.

I regard this with the disdain it deserves. The state of Virginia has phased out SSN's as the drivers license number. I recognize that Medicare is not used to issuing new cards every 5 years or so, but I assume they have procedures for replacing lost or stolen cards. And they have procedures for handling erroneous numbers (i.e., if they give out a card with the wrong number they're able to reissue a new card with the right number). Those two capabilities can be the basis for the changeover because they supply the business logic for the change. The third and missing element is a process to generate a unique 9-digit number for Medicare recipients. All they need is a cross-reference file matching their number to the SSN. Match all bills against the file so the provider can bill using either the SSN, if already in the provider's database, or the Medicare number.

The bottom line is, they're going to have to do it someday, might as well do it now.

A Faceless Iraqi Bureaucrat

The Post has a fascinating (to me) article on an Iraqi bureaucrat:

The looped and dotted script of Abdul Ghani's signature is etched in rubber and slicked with ink. His signature is the final stamp of approval for many foreign matters involving Iraqi citizens.

"Every embassy in the world has a record of my signature," says Abdul, 28, leaning forward on his thick arms.

Apparently, he and other "authorizers" have to sign documents, like high school diplomas being used to apply to college abroad.

What's fascinating? Well, he is a faceless bureaucrat, but as he says, his signature is known. And before bureaucrats had signatures, they had seals, authenticating a document (i.e., like the Great Seal of the U.S. or the "signet" ring which was a more personal seal). Some movies make a big deal of the application of seals--like the warrant for execution of someone in British politics (Queen Mary, Cromwell, whoever). So on the one hand you have the anonymity of the bureaucrat, the document stating a bureaucratic rule without a hint of the author, but on the other hand you have the authentication, tracing the document back to some process with legitimacy.

Clearance Process

This article says OMB is going to rely on automated matching of data to speed clearance process.
Here's a followup article

I have some doubts--the TSA watch list shows some of the problems of putting together databases. And genealogists run into the problem regularly--does record A refer to the same person as record B? I think a learning, evolutionary process could work. By which I mean, assign something like a credit rating to a person based on available data, track the person's history and adjust the rating accordingly. Unfortunately, that sort of thinking doesn't fit with the black and white, binary choice world of security clearances.

Identity Checks and Government Blogging

Here's an article on changes being made by DHS in handling their no-fly list and here's the DHS blog's post on it . (If I understand, Ted Kennedy gets stopped all the time, because there's a suspected terrorist (or at least someone on the no-fly list) with a similar name, so they have to establish Ted isn't the same person. Now, under the proposal, if Ted allows his date of birth to be added to the airlines data, he can go right through.)


The proposal makes sense to me, but not to the first four comments on the blog. Maybe they aren't into genealogy, where you have to distinguish among multiple John Rippeys or even worse, William Smiths. Much less try to reconcile the data between ASCS and SCS to determine whether each agency was dealing with the same people. But then, I'm just a retired bureaucrat who tends to trust bureaucracies, at least in some instances.