As far as the national ID goes I really believe is that everyone should have an ID that follows the idea behind the old passport. You carry it around and the fact that you have it proves you are a citizen.

The one change is that instead of 19th century identification technology (aka photo) you use a state of the art biometric method. Encode IN THE CARD your finger prints, retinal scan and/or DNA with a photo and you’re good to go!! No SUN mega systems (or IBM, Dell, Hitachi, etc.) No consolidation of all personal information in one easily found spot. You want to see if I’m a citizen come ask and check my ID. Shouldn’t be too hard to whip up a card reader and there’s no need to check back at headquarters.

ON A TOTALLY DIFFERENT TOPIC…….

ROGER!!!!!!! PLEASE (and yes I am begging) I NEED MORE MOSES!!!!!!!!! I thank you & my wife thanks you. And if you happen to know Aaron and Charlotte Elkins please give them a kick in the butt too!

Right. So they try to hire consultants to fill the gap. That doesn’t work, either, because the government agency isn’t any better at evaluating the consultant than they are the software developer. At best, it puts another party into the mix. So it’s down to did they manage to hire competent consultants and software developers, or did they not? They award and pray.

Huge, multi-year, fixed cost contracts for software don’t even work well in private companies that do have qualified IT management. Even if you do a good job, the oversight alone will easily double to quadruple the costs. That’s because custom software for an organization (that is, not shrink wrapped) is primarily a service, not a product.

It would be far better to hire a few competing firms to do the the software work for related agencies, put things that are needed in the pipeline, and pay for them by the small project. When they run out of dollars, stop buying stuff. If a contractor isn’t providing much bang for the buck, replace him. Yes, there will be room for (relatively minor) waste here, but it’s nothing compared to Alan’s example of users padding with every feature they can. (A lot of them do that because they have been trained that if they don’t get every bell and whistle today, they can ask for it in the next system 7 years from now.)

Generally, I agree though. Give Sun a huge contract to do a National ID, it will have immense cost overruns, will be late, and it won’t work as expected. Then it will be abused. This will be true even if all the people involved try their best to do a good job, because the structures they will be forced to work under will make it impossible to do anything else. If you get a few bad apples, it will cost even more and be later and maybe never even launch.

The ONE BIG difference is that in government there is virtually no accountability or fear of under performance to budget or schedule.

Absolutely. I have considerable insight into this. But quite often I have also observed that the talent and the qualifications of the people on the contractor side are significantly better than on the government side. Add a lack of accountability to the mix and you get a recipe for poor performance.

Somehow we must correct this, or circumvent this, in our search for a secure ID solution.

I am a software project management consultant and have done work for the government as an independent reviewer / auditor. Their problems are not significantly different than any other large organization where I have worked.

The ONE BIG difference is that in government there is virtually no accountability or fear of under performance to budget or schedule.

In the gov’t everyone just keeps on keepin’ on with no pressure from anywhere to make things work. And this includes the “users” who can never be brought to heel with the “who’s going to pay for it?” question that stops so much scope creep (gallop) in the real world.

In the private world someone at sometime breaks out the big stick.

Recruiting qualified people to manage large software projects in government agencies is a major challenge. The work environment and the money aren’t conducive to attracting and retaining people like that. Too many projects go on autopilot as a result.

As someone on the other end of many government contracts let me say that this will continue until such times as bid laws written primarily to handle the installation and delivery of hardware are rewritten to handle the reality of modern software. (And by “modern software”, I mean anything after about 1985. The bid laws were workable but trouble for COBOL on mainframes in the 70s.)

It’s a major hassle that I gnash my teeth over weekly. I hate being in a situation where the customer (government agency) and the contractor all want to do the right thing, but we are not allowed to do so because of intractable bid laws. At some point, you have to leave some flexibility to management, then spend the money on oversight and audits by knowledgable people–not pass a law and expect it to work without real oversight.

Multiple, segmented IDs are easier to compromise individually, because you can’t spend the money to make each one as close to foolproof as you could a single card. However, collectively they are much more robust, because it’s harder to compromise the complete person’s identification. This is true even if the government farms out the ID system to a private or quasi-private entity.

That was my point.

From the lovely Federal Government we got the FBI who spent a decade and nearly $5 billion to integrate a few databases. Two projects, at least three major re-thinks and lots of money later? Nope.

The IRS works long and hard to get its computers up to snuff and the code working well…their modernization program went awry a few years back and upgrading meant a major overhaul of outlook and specifications. Yes, they got them wrong.

Border Patrol and ICE depend upon a couple of systems for ID’ing potential terrorists and, a few years back, one of the Nations handing us data, Canada, got it wrong – and the US was put to blame for the problem of deporting someone identified to us by an ally as a terrorist and they wouldn’t even take him!

Excuse me while I definitely have to look askance at the idea that the Federal Government actually does a good job on these things. Homeland Security is already bogged down checking documents for visas and their estimated number of false documents runs into the millions… each requiring a separate confirmation and double-check. There *are* good systems brought up… but upgrading, maintaining and ‘enhancing’ them over time is something that the US Government has never been too keen about.

I was in an agency that had specified a soup-to-nuts computer system back in the early 1980’s and it used the standard procedures for procurement. First delivery was a decade later. The computers delivered were top-of-the-line capable… for 1985… delivered in 1992…. And they didn’t even have the ability to roll over at Y2K, so the entire thing had to be scrapped within a few years of delivery. That for a system that was supposed to operate for *decades*. Estimates on that system range from $3 billion to $25 billion depending on which budget numbers you look at, but most of it was hidden from view and that latter looks closer to me than the former, which was a pipe dream.

And heaven forbid, as others point out, that something gets put into the system *wrong*. You don’t have to go as high up as identity theft for hassles! My State DMV got the wrong drivetrain for my vehicle and insisted that the vehicle be inspected for certain emissions even though the tests could not be *run* on that vehicle. Showing up at a DMV office with the vehicle was not enough. No, simply having the vehicle and having someone in the bureaucracy inspect it to identify that it was, indeed, the vehicle with said drivetrain couldn’t do it. So back to the dealer… who did not keep records that the State would like on that. Thus a nice inquiry to Japan to get duplicates sent was entailed…. all the time with nasty threats on what would happen if I did not get my vehicle inspected.

I am worried about the abusive leaders of this Nation, although their current outlooks put the entire Nation State concept at risk which includes the rights of everyone in the Nation. But that is only mass negation of rights to government.

I am deeply worried about becoming a supplicant to a bureaucracy for *everything* in life. I did not elect such bureaucrats nor want them. That is the way Big Government of Left and Right stripes is heading, so that everything individuals do will need to be signed off upon by a government bureaucrat. I have enough of that with a tax code that I cannot understand, thank you very much. When an individual Citizen needs to hire a professional to fill out paperwork because it is incomprehensible to the ordinary Citizen, that is disenfranchising in and of itself. And an incorrectly implemented, poorly designed system with the encumberance that the elected Representatives Upon the Hill will place on such a thing will ensure that it will become a mighty bureaucracy eating up yet more money, more time and having ME stand in more lines in my life. At the end of that I am not convinced that any additional security can be had.

I’m glad Alan added that. I forget to mention that a big problem with single ID is that it is a classic case of “all the eggs in one basket”. The academics try to tell you that they’ll get around that by making it biometric, “foolproof”. Well, use some common sense. Nothing done by humans is foolproof, and while government is capable of doing some things, they are not the first people you turn to for “foolproof” even when you know you are settling for “almost foolproof”.

In any case, security is only as strong as the weakest link in the chain. No matter how good the technical solution (and it won’t be foolproof), you still must allow for people writing down IDs, mistyping, etc. Therefore, there will be compromised ID. Multiple, segmented IDs are easier to compromise individually, because you can’t spend the money to make each one as close to foolproof as you could a single card. However, collectively they are much more robust, because it’s harder to compromise the complete person’s identification. This is true even if the government farms out the ID system to a private or quasi-private entity.

The key to driving the fear, not paranoia, of a national ID is that it will be used to Xref everything. More security of personal information will be attained by segmenting the data with non-related keys which are uniquely used for the purpose at hand. Can’t data mine, can’t cross correlate info, etc.

Actually there’s no reason to have a database at all. If you have a biometric identifier built into the card the data about citizenship is built in. All you need is a reader that says, yep this card belongs to this person. The card itself announces your citizenship and proves that you are you, end of question.

It is oh so easy to just stamp everyone with a number and then have everything in the world tied to that one number. Easy for potential tyrants, marketers, scam artists etc.

One other thing I would add is that any information tied to an ID should be provided, gratis, to every person at least once a year.

The biggest problem for many people now is correcting a mistaken entry. Have you ever tried to fix a screwed up credit report? Heck it can take years before you realize that the hassles you’ve been having are the result of some jerks bad typing. Now imagine everything being centralized and subject to all the fubars of the government.