% fortune -ae paul murphy

National ID - tokens and processes

A national id system that met legitimate law enforcement and defence objectives without compromising human rights would have to have three parts:

  1. a "good guy" indicator or token together with a reader technology.

  2. a separately verifiable authentication mechanism for the token itself - is it, not the information it conveys, legitimate and is the person holding it the person to whom it was issued?

  3. a trustable backend, including issuance and updating processes, for the information conveyed by the token.

Ethical issues aside, making this happen is mostly about process and perception - and only a little bit about technology.

Such a token would have to be small -initially perhaps configured as a card, later possibly as a jewelry or watch component, and finally perhaps as a subcutaneous implant.

The token would have to respond to queries with a simple "Yes/No" response conveying no information beyond contextual legitimacy. Is this person a licensed driver? prohibited within 100 feet of playgrounds? known to be a non criminal citizen of Canada? Authorized to charge some amount to a particular Visa account?

I'm not aware that good candidate token technologies exist yet, but the foundations are certainly there. Nearly eight years ago "Safetyjet" needed iron-clad identification for crew members -and got that by combining a process based on having crew members vouch for each other with one based on a java card that only worked when held by the person it was issued to. That card used a fingerprint and the supplier failed to deliver the body temperture sensor they promised with it, but the basic card is now commercially available and one based on DNA matching isn't that far off.

A card that responds differently to different queries using either infrared or one of the near field methods doesn't exist yet either, but only because no-one's asked for it. The basic Unix ports technology is a natural fit for this kindof multi-layer with access for people with publically mandated information needs - whether bartenders or police officers they would get the information they need, and nothing more.

YOu'd expect multi-port query gear to appear, of course, but official use can be controlled through well understood legal and organizational processes and there will be little or no value to unofficial use.

Token authentication is needed, but can be managed via something like RSA digital signatures - not impossible to forge, but so difficult as to be fundamentally out of reach for the bad guys, even if they are governments.

Basically the token has to answer three questions: is the token itself real? is the person offering it the person to whom it applies? and, is the person a good guy or a possible bad guy in the present context?

The technologies needed for the first two don't really exist yet, but obvious predecessors do, so how about the backend?

Envision updates to the token happening as "endorsements" and you don't need significant change in existing organizational structures for data management. The passport office, for example, would issue passport equivelency endorsements, motor vehicle departments and courts would handle endorsements for driving related purposes, and so on.

Compared to the national ID schemes being proposed, that's minor change with the only new organizational elements needed those involved in issuing and controlling the tokens themselves and a big potential payoff in cost reduction eleswhere in government as identification cards are made obsolete.


Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.