Skip to comments.Analysis: Metcalfe's Law + Real ID = more crime, less safety
Posted on 01/19/2008 11:28:44 PM PST by SubGeniusX
"We have a saying in this business: 'Privacy and security are a zero-sum game.'" Thus spake security consultant Ed Giorgio in a widely-quoted New Yorker article on the US intelligence community's plans to vacuum up and sift through everything that flies across the wires. But Giorgio is wrong—catastrophically wrong. The story of Fidencio Estrada, a drug runner who bribed Florida Customs agent Rafael Pacheco to (among other things) access multiple federal law enforcement databases on his behalf, suggests that when it comes to the government collecting data on innocent civilians for law enforcement purposes, privacy and security are essentially the same thing.
The factual background in the 11th Circuit Court of Appeals' recent decision to uphold a lower court's conviction of Estrada details how in early 2000, Pacheco accessed DHS's billion-record Treasury Enforcement Communications System (TECS) database looking for any information that the feds had on Estrada. (Hat tip to CNET's Declan McCullough, whose blog post brought this story to my attention.) Pacheco also went into the FBI's National Crime Information Center (NCIC) database in order to dig up information on the warrants that were out for Estrada's arrest. Pacheco then fed the info back to Estrada, who was better able to elude law enforcement in as he plied his narcotics trade.
Estrada and Pacheco were eventually busted, sentenced, and are currently doing time for their crimes, but their story shows exactly why the United States' headlong rush to build government databases full of data on noncriminals (i.e., mere suspects, like OneDOJ, and the completely innocent, like Real ID) are such a spectacularly awful idea. All it takes is one bad apple with the right level of access, and the entire database is compromised. With great (network) power comes great responsibility vulnerability
Here's an ugly prediction that you can take to the bank: as the amount of data that the feds collect on innocent civilians grows, so will the number of people who are victims of crimes that were made possible by unauthorized access to a government database. I'm not just talking about identity theft, though that is a huge danger with Real ID, but violent crimes as well. As I explained in the OneDOJ post linked above, this prediction is just Metcalfe's Law at work:
This is, of course, a fundamental problem inherent in the very nature of any massive, centralized government data-sharing plan that spans multiple agencies and connects untold numbers of state and federal law enforcement officers: the usefulness of such a system to any one individual (a white hat or a black hat) grows roughly with the square of the number of participants who are using it to share data (Metcalfe's law). So the more white hats that any of these programs manage to connect to each other, the more useful the network as a whole will be to the small handful of black hats who gain access to it at any point.
That such databases will be "useful" to black hats means any number of things—useful for identity thieves, and useful for terrorists who seek to impersonate lawful citizens.
While I'm citing laws and trends from the world of computing that shortly will have a direct impact on all of our ability to carry out our lives in relative safety, let me bring up two more trends worth factoring into our deteriorating privacy/security equation: the rapidly diving cost-per-bit of mass storage and the increasing amount of bandwidth available on networks both public and private.
So the government wants to collect tons of detailed data on citizens in these large databases; meanwhile, the speed at which an attacker could siphon off that data is increasing, as is the frightening but real possibility that ever-larger swaths of that database can fit onto a single lost or purloined hard drive.
But perhaps all this talk of government databases squeezed onto hard drives that then fall into the wrong hands is just fear-mongering, and that's probably best left to professionals.
Libertarian ping! To be added or removed from my ping list freepmail me or post a message here.
Well, duh. The issuing of propiskas to US citizens is not about the safety of US citizens.
The Real ID is the mark of the devil and that alone convinces me. NO real ID
ID cards, databases, dossiers and surveillance are much like gun control laws. Filled with endless promises of all the good things they will do, and how easy they will make things for the police and bureaucrats.
The reality never quite works out that way.
Oh, baloney. We have to show ID for everything we do. Might as well standardize. I find that MOST (obviously not everyone here) people who object to this are democRATS who want to commit voter fraud every chance they get.
Just because that is "the way things are" does not make it right or proper, nor does it make it a good thing
Might as well standardize.
Some a centralized database in bureaucrats hands is the way to go?? Maybe the Government should centralize other things also such as health care.
I find that MOST (obviously not everyone here) people who object to this are democRATS who want to commit voter fraud every chance they get.
Ummm sure ... I have found that most who are against Real ID are actually folks with Federalist leanings, as this is an unfunded mandate handed down to the states.
Then you haven’t been listening to talking head shows lately. The ‘Rats are foaming at the mouth over this, especially since it now seems it might be ok to ask for an id for voting.
Big databases make big, extremely valuable targets, valuable enough that big criminals with big bribes or the resources to hire a big team of hackers will want it.
That was one of the reasons Al Gore’s Key Escrow was a bad idea.