Getting Carded

Sun and Oracle: America's doormen?

by Neil McAllister, Special to SFGate
(Originally published Tuesday, October 16, 2001. Editor: Amy Moon)

If Scott McNealy and Larry Ellison get their way, you'll need to be extra careful not to leave home without your wallet soon. In light of the Sept. 11 terrorist attacks, each has independently lent his endorsement to a high-tech twist on an old idea: a national ID card. And, of course, each offers his respective company's technical know-how to make it happen.

"We've been so busy protecting ourselves against our government, we've made it impossible for our government to protect us," says Ellison. He's calling for government agencies to begin by unifying and cross-checking existing identification databases — surely a worthwhile pursuit for the chair and CEO of Oracle, the world's largest database vendor.

Sun Microsystems CEO McNealy, on the other hand, isn't interested in a gradual transition. "We need a thumbprint Java card in the hand of everybody in the country," he told an audience at the Gartner Symposium in Florida last week. Nor is McNealy much interested in the objections of privacy advocates. "I'm tired of the outrage," he fumed. "If you get on a plane, I want to know who you are. If you rent a crop duster, I want to know who you are."

Eternal Vigilance

For many of us, these sentiments sound reactionary, even outrageous. Rather than ideas for the 21st century, they have the ring of something out of Orwell's 1984 — or an even earlier time and place, one where black-coated checkpoint guards demand, "Your papers, please."

Still, Ellison and McNealy might have a point. It's no secret that, technically speaking, today's government data systems are fairly shabby. A modernized information network could help immeasurably in tracking the criminal records of airline passengers, gun owners and purchasers of explosives, just to give a few examples.

The problem is that, if ever there were a slippery slope down which our civil liberties could plummet, this is it. The prospect of the government and commercial entities alike being able to track our movements through a single identifying system is a chilling one.

Would it even be possible to create a high-tech national ID system that benefits us more than it threatens our personal freedoms? The answer is, maybe. Many of the tools and technologies to make it work exist already. The question is whether the whole system could be implemented in such a way that the public would be willing to lay aside fears of the concept's draconian implications.

Recipe for a National ID

The first ingredient would have to be a unified means of identifying an individual electronically. Both Microsoft and Sun have already begun engineering such "single sign-on" systems for use on the Web. But making Microsoft's Passport or Sun's Liberty Alliance Project suitable for use in the real world would be a considerable undertaking. For one, there are still barriers between the virtual world and the physical one, where you might want to run down to the corner store to buy a beer; second, these systems lack a way for consumers to control the information flow — who's allowed to know what about them, and to whom the keepers of the database are allowed to pass on that information.

One McNealy idea could partly overcome the problem of real-world portability. By making the national ID a smart card with an onboard chip, complex digital-authentication schemes could be carried out without cumbersome computer terminals.

Still, the real technical hurdles would involve security. It would be up to legislative policymakers to govern what data the system could gather about an individual. The issue facing the system's architects would then be how to keep that data from falling into the wrong hands. It seems likely that a new network, physically separate from the Internet, would be necessary to discourage attacks.

Even more important would be to define and enforce restrictions on what data could be requested from the database, and by whom. Should your health-insurance company have access to the type of car you like to rent, or your employer, to your medical records?

Managing Your Rights

Here again, the industry has already come up with a possible solution, though no one's yet suggested applying it to this problem. Digital rights management software was invented for precisely the purpose of controlling access to online information. DRM systems encrypt all data they transmit and don't grant a license to decrypt it until strict predefined criteria are met.

Licenses can be granted once or repeatedly, forever or for a limited period of time. With sophisticated systems, even a partial license to some of the data can be granted, without giving access to all of it. And licenses are a one-to-one contract between two entities; just because the data is transferred somewhere else doesn't mean the license goes with it.

What this means is that you could, for example, allow your insurance company access to your address, phone number and Social Security number from the DRM-enabled identification database, while only allowing access to your address when you subscribe to magazines. The magazine publisher couldn't fill in the blanks from the insurance company's data either, since its own license carries no authority to decrypt that information, whether the insurance company sends it to the publisher or not.

To make this work, use of the ID card would have to be voluntary and would require explicit consent before information was given out — or else there would have to be a way for each individual to define ahead of time the specific conditions under which information could be shared automatically. Citizens would further need to be able to define not just what information is given, but with whom it could be shared going forward.

Do You Buy It?

It's a long laundry list, and a complex problem. Is such a system likely to appear in the near future? Probably not. The technology may be almost there; but despite the apparent enthusiasm of the likes of Ellison and McNealy, the will simply isn't.

None of the technologies I've just mentioned were invented to benefit private citizens. DRM wasn't created to manage individual rights. It's meant to protect the intellectual property of media conglomerates by thwarting MP3, DivX and file-sharing networks like Napster and Gnutella. Smart cards were invented to allow easier financial transactions; single sign-on systems, to facilitate consumer-preference tracking and one-to-one marketing.

Rather than protecting liberties, these technologies are about protecting the bottom line. To turn them to any other purpose would be difficult and costly. Indeed, the Oracles and Suns of the world are long out of practice when it comes to creating products that serve any purpose higher than commerce. They're no more likely to design an ID system that protects individual liberties than the government — perhaps even less so.

Meet the New Boss

In a speech before Oracle employees in early October, Ellison pooh-poohed the popular idea, dating back to Thomas Jefferson and Benjamin Franklin, that we should be cautious of giving our government too much power. "Jefferson and Franklin lived in an age of monarchs and aristocrats," he said. "They didn't have a 200-year history of democracy."

The irony, of course, is that the elitist detachment of billionaire technocrats like McNealy and Ellison seems indistinguishable from that of an 18th-century aristocrat. McNealy was already notorious before he jumped onto the national-ID bandwagon, having told us, "Privacy is dead. Get over it."

Ellison isn't much bothered by privacy issues, either. He made reference to credit-card companies in a recent editorial promoting an Oracle-sponsored national ID. "It turns out that most of us have voluntarily bartered away our essential liberties and personal privacy to make shopping more convenient," he glibly observed.

Each man's smug contempt for the average American's right to live with respect and decency would be shocking if it weren't so blackly comical; one can almost imagine the two CEOs waxing their curled mustaches. It's difficult, therefore, to see any proposal for a national ID system from these men as being even remotely altruistic. Though Ellison has promised to donate the software to power it, the marketing value for Oracle would be immeasurable. His proposal, on the other hand, seems half-baked at best.

So is a Sun- or Oracle-powered national ID card likely to happen? Anything's possible. Will it help fight terrorism? Doubtful; at least, not by itself. No, for most of us, the chief distinction of living under a national ID system will be a few less civil rights. Otherwise, it will be business as usual. So, like I said earlier, be sure to bring your wallet.



2001 Article IndexArticles HomeNeil's Homepage

Valid XHTML 1.1!