“If He Approve, He Shall Sign It…”
The Patriot Act extension passed by Congress this week did not become the law of the land. It is void and without effect.
So may argue some future defendant whose conviction rests on evidence gotten under Patriot Act powers during the extended period Congress sought to establish in the bill it passed this week.
President Obama is at a meeting in Europe, so he had the bill signed by auto-pen. Representative Tom Graves (R-GA) has written a letter inquiring of the president whether he was presented the bill and truly intended to sign it.
Article I, Section 7 of the Constitution says:
Every Bill which shall have passed the House of Representatives and the Senate, shall, before it become a Law, be presented to the President of the United States; If he approve he shall sign it, but if not he shall return it…
Is presentment and signing a quaint formality? Something to put aside in light of modern technology and time-constraints? Or is it an important step in the law-making process, to be executed quite literally without deviation from past practice?
The answer lies mostly in consideration of what a signature is, and what it does. I looked into signatures, among many other identifiers and security techniques in my book, Identity Crisis.
Wikipedia has a definition of “signature” that’s good enough: “A signature is a handwritten (and sometimes stylized) depiction of someone’s name, nickname, or even a simple ‘X’ that a person writes on documents as a proof of identity and intent.” Key words: identity and intent.
National Research Council Takes Biometrics Down a Notch
Late last month, the National Research Council released a book entitled Biometric Recognition: Challenges and Opportunities that exposes the many difficulties with biometric identification systems. Popular culture has portrayed biometrics as nearly infallible, but it’s just not so, the report emphasizes. Especially at scale, biometrics will encounter a lot of challenges, from engineering problems to social and legal considerations.
“[N]o biometric characteristic, including DNA, is known to be capable of reliably correct individualization over the size of the world’s population,” the report says (page 30). As with analog, in-person identification, biometrics produces a probabilistic identification (or exclusion), but not a certain one. Many biometrics change with time. Due to injury, illness, and other causes, a significant number of people do not have biometric characteristics like fingerprints and irises, requiring special accommodation.
At the scale often imagined for biometric systems, even a small number of false positives or false negatives (referred to in the report as false matches and false nonmatches) will produce considerable difficulties. “[F]alse alarms may consume large amounts of resources in situations where very few impostors exist in the system’s target population.” (page 45)
Consider a system that produces a false negative, excluding someone from access to a building, one time in a thousand. If there aren’t impostors attempting to defeat the biometric system on a regular basis, the managers of the system will quickly come to assume that the system is always mistaken when it produces a “nonmatch” and they will habituate to overruling the biometric system, rendering it impotent.
Context is everything. Biometric systems have to be engineered for particular usages, keeping the interests of the users and operators in mind, then tested and reviewed thoroughly to see if they are serving the purpose for which they’re intended. The report debunks the “magic wand” capability that has been imputed to biometrics: “[S]tating that a system is a biometric system or uses ‘biometrics’ does not provide much information about what the system is for or how difficult it is to successfully implement.” (page 60)
“Biometric Recognition: Challenges and Opportunities” is a follow-on to the 2003 National Research Council report, “Who Goes There?: Authentication Through the Lens of Privacy.” That was one of few resources on identification processes and policy when I was researching my book, Identity Crisis: How Identification is Overused and Misunderstood. (Mine is quite a bit more accessible than this new book, so if you’re interested in the field, you might want to start there.)
There is nothing inherently wrong with biometrics. They will have their place, and they will make their way into use. But the dream of a security silver bullet in biometrics is not to be. Identity-based security—using the knowledge of who people are for protection—is valuable and useful in day-to-day life, but it does not scale. National or world ID systems would not secure, but they would carry large costs denominated in both dollars and privacy.
No-Fly With Me
The ACLU is representing several plaintiffs in a recently filed lawsuit challenging the U.S. government’s ”No Fly” list. The video in this “Blog of Rights” post tells the story of two of the plaintiffs. “I wanna go home!” laughs U.S. Marine veteran Ayman Latif. “I wanna see my mom. I want her to see my babies.”
No-fly listing is a constitutional aberration in which the executive branch unilaterally imposes a disability on persons it selects using unpublished criteria. It often denies these individuals any recourse by obscuring the reasons why they aren’t permitted to fly. Bills in the House and Senate would extend the use of the “no-fly” list to use in gun control.
There is no way to clear up the “no-fly” status of innocent travelers once and for all. The DHS’ Traveler Redress Inquiry Program may be good for unraveling mistaken name matching, but evidently it hasn’t cured the problem for these travelers.
No-fly listing is also a weak security measure. It’s CYA—”See? We did something!”—but it creates a class of people too dangerous to let fly but not so dangerous that they are sought for arrest.
There is some merit to watch- and no-fly-listing in the international context, where the U.S. is often unable to pursue threatening individuals. But generally, as I wrote in my book, Identity Crisis, “this procedure is like posting a most-wanted list at a post office and then waiting for criminals to come to the post office. It is a singularly lazy way to ‘pursue’ terrorists.”
Another security demerit: No-fly listing gives away the store. It tells any terrorist on a list that he or she is a suspect.
Since 9/11, airports and air travel have been something of a constitution-free zone. Exigency in the first year after that stunning attack may have justified some of the practices begun then, but we are secure and confident enough today to adhere to the Constitution. This lawsuit may vindicate due process values and the important liberty interest in freedom of movement.
Senator Graham’s Inexplicable National ID Support
Compromise is catnip in Washington, D.C. That’s my best guess at why Senator Lindsey Graham (R-SC) would endorse New York Senator Chuck Schumer’s (D) widely reviled plan to create a mandatory biometric national ID system.
Schumer’s national ID plans have no more definition today than when he wrote about them in his 2007 campaign manifesto Postitively American. Among the thin gruel of that book is a two-page lump displaying more ignorance than understanding of how identity systems work and fail. Schumer doesn’t know the difference between an identifier—a characteristic used to distinguish or group people—and an identification card or system, which does the entire task of proving a person’s previously fixed identity. (My thin gruel on the topic is the book Identity Crisis: How Identification is Overused and Misunderstood.)
“All the national employment ID card will do is make forgery harder,” says Schumer.
No, that’s not all it would do: It would also subject every employment decision to the federal government’s approval. It would make surveillance of law-abiding citizens easier. It would allow the government to control access to health care. It would facilitate gun control. It would cost $100 billion dollars or more. It would draw bribery and corruption into the Social Security Administration. It would promote the development of sophisticated biometric identity fraud. How long should I go on?
Senator Graham’s take is equally simple: “We’ve all got Social Security cards,” he said to the Wall Street Journal. “They’re just easily tampered with. Make them tamper-proof. That’s all I’m saying.”
No, Senator, that’s not all you’re saying. You’re saying that native-born American citizens should be herded into Social Security Administration offices by the millions so they can have their biometrics collected in federal government databases. You’re saying that you’d like a system where working, traveling, going to the doctor, and using a credit card all depend on whether you can show your national ID. You’re saying that bigger government is the solution, not smaller government.
The point for these senators, of course, is not the substance. It’s the thrill they experience as nominal ideological opponents finding that they can agree on something, securing a potential breakthrough on the difficult immigration issue.
They’re only ”nominal” ideological opponents, though. Chuck Schumer has always been a big government guy—and long a supporter of having a national ID, despite the lessons of history. Lindsey Graham is not really his ideological opponent. Typical of politicians with years in Washington D.C., Graham is steadily migrating toward the big-government ideology that unites federal politicians and bureaucrats against the people.
The Future of DNA as an Identifier . . .
. . . is not in doubt. But as technology advances, it will not be as strong an identifier as it has been up to now. Scientists have demonstrated that they can fabricate it.
I wrote about the qualities of identifiers – fixity, distinctiveness, and permanence – in my book Identity Crisis. The ability to fabricate DNA renders it slightly less distinctive.
Evo Morales’ Biometric Identity System
It was with interest and concern that I read about the new election law recently signed by Bolivian President Evo Morales. The AP reports that it “sets stricter standards for voter authentication, introducing a $30 million system of biometric identification, based on voters’ fingerprints.”
It is important to secure voting systems against fraud, but be careful how you do it. Identity systems are powerful administrative tools which historically haven’t mixed well with authoritarian governments.
A biometric voter identification system was apparently a demand of Morales’ right-wing opposition. Don’t be surprised if he uses it to consolidate power or do far worse than that to his political rivals.
Some advocates have dabbled in supporting a national ID in the United States for election administration, but that would be error. I wrote about the many risks of uniform identity systems in my book Identity Crisis: How Identification is Overused and Misunderstood.
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
