Living without a photo ID, especially a driver's license, is a harrowing experience. I discovered that my driver's license was gone when I was asked for identification at the Intel office in Santa Clara on Thursday of last week. I had credit cards, an Oakland Public Library card and a swipe card for the eWEEK office in San Francisco. But no DL. Where my DL is now is anyone's guess. All I can say is that my car looks like it was torn apart at the Tijuana border crossing, my closets have been turned out, and every pocket in every pair of pants and every coat and backpack have been examined at least four times. I was allowed through Intel security without much trouble. I was expected at the office. I was met by someone who I've known for years. I was with another Ziff Davis employee who did have identification. The security guard followed procedure and called his supervisor for clearance to give me a visitor badge. It was embarrassing to be admonished by a very young security guard to "remember my ID next time," but he was very pleasant through the 5 minutes it took to process me in. Next up after my Intel appointment was a visit to Palo Alto to meet with representatives from OpenDNS. I was expecting this to be a little more tricky. We were meeting to talk about OpenDNS' no-cost DNS service and to look at the remarkably modest amount of equipment needed for OpenDNS to provide this service. My problem was that we were meeting at one of the oldest hosting sites in the U.S.; an Internet peering site where, according to my OpenDNS hosts, AT&T peer with Level 3. Getting into this facility was significantly more difficult than getting into Intel. But, again, I was surrounded by enough context, if you will, to get in to see the 10-U rack of equipment that together formed an OpenDNS service point. For the record, I think the security staff at both locations did the right thing. When they couldn't check my credentials, they checked the credentials of those around me, put this information in context with my visit--the fact that it occurred during regular business hours and that I was expected based on a previously made appointment--and let me go about my business. I would hate to see security guards turned into mere extensions of a sensor network, unable to enable business even when one form of authentication (having a photo ID) failed. One reason why I say this is that my photo ID itself was a faulty form of authenticating my identity. The picture on my ID was taken when I moved to California 14 years ago. I have a lot more gray hair and a few more pounds today. Also, the address printed on the card was wrong. I'd moved and updated my address online with the DMV, but that doesn't get you a new license in California. The other reason I wouldn't want to see the human security guard procedure changed is that they actually enabled business to proceed in a way that machines can't. I'm assuming that the briefing center where I met Intel and LANDesk representatives for a technology demonstration is securely separated from the engineering and administrative areas in the same Intel facility. It just doesn't make sense to have the same level of highly restricted security at all levels of an organization. Even at the Internet data center, where I was quite frankly surprised that I was allowed to enter the facility, I think it makes a lot of sense to provide access, especially when that access is provided in the form of an escort. There were weaknesses in all of the security procedures at the facilities I visited, but the weaknesses didn't result in a breach of security. Even a determined and proficient social hacker would still have to do a significant amount of work to create the social context needed to gain access to the sites I visited. Even after I was across the security line I was under surveillance at all times and in all places that I visited. It's hard to see how a facility could have taken more steps and still conducted business in a cost-effective manner. But, getting back to my experience at the San Francisco DMV office. I was steeled to endure an excruciating ordeal. Instead, from the time I left the eWEEK office, got to the Fell Street DMV office (4 miles away through city traffic), processed my request and returned to my desk I was gone exactly 2 hours. I think I still look enough like the picture that was taken 14 years ago for the DMV clerk to recognize me. And I was able to provide information (including my SSN) that was known to the DMV but not displayed on my license. I had enough security context for the clerk to process my request for a replacement (not a new) DL. Even though I feel a little disembodied without a photo ID, I still know that I'm Cameron Sturdevant. Proving that to other people is going to be a challenge over the coming week. On Tuesday, I have to fly to Las Vegas. Tune in to my blog to see if I make it to my destination. If you have a story to tell about living without a photo ID, or comments on my take on security context, I hope you'll take a second to comment here.
No Photo ID, Day 1-Applying for a New License
Living without a photo ID, especially a driver's license, is a harrowing experience. I discovered that my driver's license was gone when I was asked for identification at the Intel office in Santa Clara on Thursday of last week. I had credit cards, an Oakland Public Library card and a
Modernizing Authentication — What It Takes to Transform Secure Access