the main reason I carry a wallet is not because of convenience per se but because it previously represented the way by which I would be identified. Possession was my credo. Having cash identified that I had done something legitimate to acquire that cash and a right to acquire more goods and services with them. Having a card allowed my bank to verify that I had those rights. Now, I could do the same with just a phone. Moreover, the retailer wouldn’t need to do anything other that see an acknowledgment that the ‘black box’ had accepted my credentials.
Imagine a world in which you use biometric ID to authenticate yourself to your phone or watch. In principle, then, you do not need any other forms of identification to enter your work building, purchase something, confirm your identity to authorities, and so on.
Note that I would like the Multi-purpose Savings Accounts (my current name for my negative income tax proposal) to incorporate this sort of technology to the extent possible.
Some questions:
1. What would this do to illegal immigration? Would there be a way to give someone a phony social security number or other ID?
2. Would the potential to use technology to prevent voter fraud be permitted to be used?
3. How dystopian is it for people not to be able to hide their identities?
4. As commenters here have pointed out, your “biometric ID” ultimately is represented as a string of bits. What sort of security system would you need to address this?
5. Do you think people would be able to get along without digital ID, or even be permitted to do without?
Feel free to ask your own question.
What about analog security issues? We’ve already figured out how to circumvent face recognition on phones: with a picture. How hard is it to fake a fingerprint? What about the “Judge Dredd” problem—bad guys just taking physical control of targets, or bits of them? This seems like an arena where we techies will over-emphasize digital attacks and under-emphasize the physical world and social engineering.
“This seems like an arena where we techies will over-emphasize digital attacks and under-emphasize the physical world and social engineering.”
This.
How hard is it to fake a fingerprint?
With a 3d printer.
“Multi-purpose Savings Accounts (my current name for my negative income tax proposal) ”
What is this?
I think the trend is correct, but I would tweak two implications of your discussion.
First, biometrics are not a reliable way to fully authenticate a user. Cell phone security, in practice, is going to rely on being able to quickly disable a lost cell phone before any harm can come from it. The biometrics are for more casual attacking efforts.
Second, the use of a cell phone actually *helps* make anonymous purchase. With a credit card, you have to give out the credit card number to make the purchase. With a digital wallet, you just have to exchange enough crypto information to actually exchange the money. The extent to which these transfers are anonymous will depend on the protocols.
And what about the multiple different overlapping identities each of us, and the multiple payment mechanisms that are used to overcome various crises.
Somebody steals your phone, there is no cash, how do you get taxi fare home?
The bank balks at your credit or debit transaction in error (made the news in Florida) and you spend a night in jail (as in Florida) even though you have the money to pay the bill.
You work for multiple companies. Will you have to carry multiple phones?
Some licenses and purchased rights are attached to vehicles, computers, or other objects. YOUR identity isn’t what matters, it’s does THIS car have a wildlife area parking pass.
What if the “remote wipe out” feature now required on phones is applied to YOUR phone and then you get stopped for some reason, what do you show the police? Do you cease to exist?
After your phone is stolen, what do you do to get another one?
What happens when your battery runs out? How do you panhandle for subway fare to get home?
Cash is king.
You might be joking, but that is an excellent point.
Perhaps the new pan handler won’t shake a cup but hold out a smartphone and ask “hey buddy, can you spare some bitcoin?”
Here’s an idea: We take your fingerprints at birth, if you’re born in the USA or the child of Americans born in a foreign land. We take fingerprints for immigrants who’ve earned citizenship. We add a modicum of digital data: date of birth, maybe an address, maybe party affiliation if you wish it to be recorded.
And then you’re a voter. Period. No poll taxes, no literacy tests. We keep some kind of national registry, and on election days we update this extremely quickly. Try to vote when you’re underage and you’ll be instantly caught. Try to vote in multiple precincts and you’ll be caught. Try to vote pretending to be someone else and you’ll be caught. Try to vote in the wrong precinct and you’ll be caught.
Maybe you’re in prison and the law says convicts don’t vote, so on election day you can’t reach a voting machine. Maybe you’re disabled and have to vote by mail, or opt to vote early in some fashion. You put your fingerprints on the ballot or the mailing envelope and that’s verification. Maybe you’re convicted of treason, maybe you’ve chosen to drop your citizenship. There are procedures, with lots of safeguards, for removing your data from the registry.
No more worries about vote fraud. The system is simple and straightforward for voters, it’s foolproof, it’s reasonably cheap. Just a guess, but this is probably not something the people who constantly profess fears about voter fraud would really like to see implemented.
And how do they issue you a new biometric when yours is compromised? It isn’t that hard to fake fingerprint. And I suspect they are close on faking an iris scan. So once someone duplicates your biometric in rubber or via injection digitally behind the scanner, how do you live?
Why not a small sample of blood when you are born. Extract DNA and encode it on a small chip that would could be placed on a Social Security card? There’s no getting around DNA. Progress in this area will eventually make DNA testing so cheap and easy in the future, and probably no more complicated then a glucose reading for a diabetic.
Actually, it is quite easy to fake DNA. Get a hair from whomever you wish to impersonate, do some PCR and voila: identity stolen.
Bryan, many phones nowadays accomodate multiple identities. You just pick which one you want to do any particular activity with.