From the Radio Free Michigan archives ftp://141.209.3.26/pub/patriot If you have any other files you'd like to contribute, e-mail them to bj496@Cleveland.Freenet.Edu. ------------------------------------------------ ========================================================================= EFFector Online Volume 07 No. 08 May 6, 1994 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In This Issue: USPS & IRS Mull National Identity Cards, Clinton to Sign Orders ---------------------------------------------------------------------- Subject: USPS & IRS Mull National Identity Cards, Clinton to Sign Orders ------------------------------------------------------------------------ From: Mitch Ratcliffe Date: Thu, 5 May 1994 07:43:22 -0700 (PDT) Ever Feel Like You're Being Watched? You Will... Digital Media has learned that the Clinton administration is debating not if, but how, to create a card that every American will need in order to interact with any federal government agency. Combined with two potential executive orders and the Postal Service's designs on putting its stamp on personal and business electronic transactions, the card could open a window on every nuance of American personal and business life. The wrangling among the administration, the U.S. Postal Service, the Internal Revenue Service and Department of Defense, emerged into the public eye at this April's CardTech/SecureTech Conference. The gathering of security experts was convened to discuss applications for smart card and PCMCIA memory card technologies in business and government. The Postal Service, at the conference presented a proposal for a "general purpose U.S. services smartcard," which individuals and companies would use to authenticate their identities when sending and receiving electronic mail, transferring funds and interacting with government agencies, such as the I.R.S., Veterans Administration and the Department of Health and Human Services. President Clinton is also considering signing two executive orders that would greatly expand the government's access to personal records, including an order that would allow the I.R.S. to monitor individual bank accounts and automatically collect taxes based on the results, said sources close to the White House. The collection service will be presented as a convenient way to avoid filling out a tax return. The White House did not respond to requests for comments about this report. The Post Office: We deliver for you. The Postal Service's U.S. Card would be designed to use either smart cards (plastic cards with an embedded microprocessor carrying a unique number that can be read by a electromagnetic scanner and linked to computerized records stored on a network) or PCMCIA cards, which can contain megabytes of personal information. (You've probably seen this type card in AT&T's "You Will" ad campaign, which shows a doctor inserting a woman's card in a reader in order to access a recording of a sonogram). The Postal Service said it is considering AT&T and other companies' smart card technologies. In a slide presentation at the conference, Postal representative Chuck Chamberlain outlined how an individual's U.S. Card would be automatically connected with the Department of Health and Human Services, the U.S. Treasury, the I.R.S., the banking system, and a central database of digital signatures for use in authenticating electronic mail and transactions. The U.S. Card is only a proposal, Chamberlain insists. Yet the Postal Service is prepared to put more than a hundred million of the cards in citizens' pockets within months of administration approval, he said. "We've been trying to convince people [in the different agencies] to do just one card, otherwise, we're going to end up with two or three cards," said Chamberlain. He said in addition to the healthcare card proposed by President Clinton last year, various government agencies are forwarding plans for a personal records card and a transactions (or "e-purse") card. Chamberlain said the I.R.S in particular is pursuing plans for an identity card for taxpayers. Don't leave home without it. Though he did not name the U.S. Card at the time, Postmaster General Marvin Runyon suggested that the Postal Service offer electronic mail certification services during testimony before the Senate Governmental Affairs Subcommittee in March. The proposal is clearly intended as a way to sustain the Postal Service's national role in the information age, since it would give the agency a role in virtually every legally-binding electronic transaction made by U.S. citizens. For instance: * When sending or receiving electronic mail, U.S. Card users would be able to check the authenticity of a digital signature to screen out impostors. * Banking transactions (notably credit card purchases) that depend on authentication of the participants identities and an audit trail, would be registered in Postal Service systems. * Veterans, or for that matter college students and welfare recipients, could check their federal benefits using the identification data on their U.S. Cards. * Visitors to an emergency room would have instant access to medical records at other hospitals, as well as their health insurance information. These examples may seem benign separately, but collectively they paint a picture of a citizen's or business's existence that could be meddlesome at best and downright totalitarian at worst. Will buying a book at a gay bookstore with a credit card that authenticates the transaction through the Postal Service open a Naval officer up to court marshal? If you have lunch with a business associate on a Saturday at a family restaurant, will the IRS rule the expense non-deductible before you can even claim it? "There won't be anything you do in business that won't be collected and analyzed by the government," said William Murray, an information system security consultant to Deloitte and Touche who saw Chamberlain's presentation. "This [National Information Infrastructure] is a better surveillance mechanism than Orwell or the government could have imagined. This goddamned thing is so pervasive and the propensity to connect to it is so great that it's unstoppable." Deep Roots; Deep Pockets; Long History. Chamberlain said the Postal Service has been working for "a couple years" on the information system to back up the U.S. Card. He said the project was initiated by the Department of Defense, which wanted a civilian agency to create a national electronic communications certification authority that could be connected to its Defense Messaging System. Chamberlain said the Postal Service has also consulted with the National Security Agency, proponents of the Clipper encryption chip which hides the contents of messages from all but government agencies, like law enforcement. The National Aeronautics and Space Administration's Ames Research Laboratories in Mountain View, Calif. carried out the research and development work for Clipper. "We're designing a national framework for supporting business-quality authentication," said John Yin, the engineer heading up the U.S. Card- related research for NASA Ames' advanced networking applications group. "This is not specifically with just the Postal Service. We'll be offering services to other agencies and to third-party commercial companies that want to build other services on the card." For example, VISA or American Express could link their credit services to the U.S. Card. Yin, who works on Defense Messaging Systems applications, said his group has collaborated with "elements of Department of Defense" for the past year, but would not confirm the participation of the National Security Agency, a Department of Defense agency. The NSA is specifically prohibited from creating public encryption systems by the Computer Security Act of 1987. Yin also would not comment on the budget for the project, which other sources said was quite large and has spanned more than two years. A false sense of security? According to Yin, the cards would allow individuals or businesses to choose any encryption technology. "It's not our approach to say, 'Here's the standard, take it our leave it,'" he said. "We're no lity on which a whole variety of services can be built." Yet, -- "Thoughtcrime was not a thing that could be concealed forever. You might dodge sucessfully for a while, even for years, but sooner or later they were bound to get you." -- George Orwell, Nineteen Eighty-Four ------------------------------------------------ (This file was found elsewhere on the Internet and uploaded to the Radio Free Michigan site by the archive maintainer. All files are ZIP archives for fast download. E-mail bj496@Cleveland.Freenet.Edu)