Monday, December 1, 2008

Is it safe?

After much debate, Israel's new smart ID Cards are going forward. This has been debated for the past 10 years, and seems that it's finally going to happen...but are we happy about it?

Israel is one of a handful of countries where every citizen is issued an ID card, and is required by law to carry it with him at all times. This immediately brings concerns about big-brother and that sort of thing, but I'm worried about some other stuff too. The "ID number" serves as the Israeli equivalent of the American SSN. Most official forms require it to be filled out, but despite the sensitivity of these numbers, the security level is astounding. A few years ago, the entire population registry database has been leaked to the internet, and now, everybody who knows how to use a browser or a P2P program can download it and search for anything. The software is called "Rishumon" or "Hipuson", and sometimes just "Mirsham" (registry in Hebrew), and it's about a 2 GB download. With this kind of data one can find anybody's ID number, as well as who are his parents, siblings and even neighbors. Are you scared yet? You should be, because Israel's ID cards are notoriously easy to forge. Sure, they use special paper and some anti-counterfeiting measures, but when you show it to a bank teller through the 1" glass, he won't notice if it's original, printed on some laser printer, or hand painted by a 4 year old. This has been tried and tested. What's even worse is the fact that there is so much demand for fake IDs - not only criminals and Identity thieves, but also illegal residents, which are flowing from the occupied territories on a daily basis, hoping to score some work in Israel.

So now you know why a smart ID is important. With something like that, it will be harder to steal someone's identity, but if the ID database has been leaked repeatedly (there were at least 4 "updates" to it since the year 2000), what happens if the smart-ID database gets leaked too? It's true that the hardware is more complicated, but it's still digital data, and if you can't trust the people who operate the entire thing, it could lead to a lot of problems. One of the aims of this program is to allow citizens to work with various government offices remotely, which takes the human factor out of the game. A crook with the right tools and inside-information can do pretty much everything with a slim chance of being detected. What then? Will they just replace all the IDs? Will they even notice it? I'm not so sure.

What I am sure of is that so much money is involved with this idea that it's definitely not the end of the mess. The process has been trusted in the hands of HP, who won the auction, but have earned a lot of scrutiny about their customer service in Israel. It's not a bad company, but if the past has taught us anything is that better hardware can't rid us of basic flaws in the system. In this case...the human factor.

No comments: