Government Identity Skeptic02 Feb 2006
My friend Kozo recently pointed out the fact that any smart dude can read biometrics from Dutch passports. Kozo called me a "skeptic" regarding government identity-based technologies. And I think that he is right, I really am skeptic about that. And I want to explain why.
The first time that I've touched something that was at least remotely related to governemt ID technology was in 1999. We were starting a feasibility project that should demonstrate the capabilities of PKI in the Internet. I've build a small web-based certificate authority on top of OpenSSL to show what the X.509 PKI can do. The project conclusion was simple: The technology works, but it is not clear how to use it.
A lot of time passed since, but nothing seems to really change. We have a digital signature law, based on EU directive 1999/93/EC. We know how to create a signature. But we do not know what to sign or how to use it. Well, you may sign non-structured RTF document, but what would that be good for? You cannot process that automatically, as it is not structured. Yes, you may send it using e-mail instead of standard snail mail. But is this single feature worth the pain of such a complex system?
While signing presentation-oriented documents (like RTF or HTML), there is another problem. Imagine that you are signing contract, and there is a paragraph written in small light gray letters on white background. Is the paragraph binding for you, if you cannot see it on your monitor? And is it binding for the other party, if they has set the monitor that they can see it?
And another problem. You receive a signed document, verify that the signature is correct and deliver the services according to it. But the other party will claim, that the document is not valid, because they did not used certified device for siganture creation (and thus the keys might be stolen, etc). You have no way how to detect that, given only the signed document. Oh yeah, the "bad" party may be eligible to pay for your losses, but you have to prove them first and that may take months and may not be even effective.
Now to the core of the problem. It is quite clear, once you adopt the Persona Model: the signature is not created by the physical person, but by a device that is only a "proxy" (persona) of the physical person. How can you be sure, that the person controls the proxy? The root crtificate authority certificate will only claim, that the physical person provided some identification document while requesting the certificate. It does not claim that it was specific person requesting it, only that the identification document belonged to that person. The certificate also claims that the person presenting the identification document controlled the private key to the certificate only at the time of issuing the certificate. It does not claim that the person is still controlling it. And the certificate of the certificate authority does absolutely no claim about the method of digital signature creation. You might compute the signature manually on счёты if you want (and have hell a lot of time, patience and really big abacus).
As you can see, the technology still works, but we are not sure how to use
it. Nothing really changed.
And I've not been talking about privacy implications of PKI, yet. Maybe later.
But back to my skepticims. Some years ago I've talked to someone from Estonia. It looks like they use the digital signature quite a lot. And they make the signature on common PCs. I wonder, how they cope with viruses and other malware. Maybe they are just lucky that nobody made a virus to misuse the digital signture (yet)? And recently I've learned (also via Kozo) that they've conducted a communal elections using the Internet. Maybe I've missed something important, but electronic elections used to be one of the most difficult (and not completely solved) cryptographic problem. I've had a brief look at the description of their "secure" election system, and it looks to me that all the system's claimed security features may not be absolutely correct.
It looks that this little country's progressed a little bit too fast. I wonder how will this all end. I'm really skeptic about it ...