link to briefings documents at magnacartaplus.org
 

Magna Carta Plus News

back to magnacartaplus.org index page
orientation to the news at MagnaCartaPlus.org

short briefing dcuments at MagnaCartaPlus.org

This page provides occasional items, linked to the original articles, as we attempt to keep up with the rapidly changing situation on civil liberties.
Archive of old news service:
2002 - 2004

1st Jan to 9th Sept 2005

Google
 
Web magnacartaplus.org

Bruce Schneier on ID cards

Posted by James Hammerton @ 9:10 pm on 26 February, 2007.
Categories privacy and surveillance, the database state.
Edit This Permalink to this article

Bruce Schneier, a cryptography and security expert, recently wrote a critique of America’s “Real-ID Act”. Many of the points apply equally well to the ID scheme Britain is in the process of implementing, for example:

But even if we could solve all these problems, and within the putative $11 billion budget, we still wouldn’t be getting very much security. A reliance on ID cards is based on a dangerous security myth, that if only we knew who everyone was, we could pick the bad guys out of the crowd.

In an ideal world, what we would want is some kind of ID that denoted intention. We’d want all terrorists to carry a card that said “evildoer” and everyone else to carry a card that said “honest person who won’t try to hijack or blow up anything.” Then security would be easy. We could just look at people’s IDs, and, if they were evildoers, we wouldn’t let them on the airplane or into the building.

This is, of course, ridiculous; so we rely on identity as a substitute. In theory, if we know who you are, and if we have enough information about you, we can somehow predict whether you’re likely to be an evildoer. But that’s almost as ridiculous.

Even worse, as soon as you divide people into two categories — ­more trusted and less trusted people — ­you create a third, and very dangerous, category: untrustworthy people whom we have no reason to mistrust. Oklahoma City bomber Timothy McVeigh; the Washington, DC, snipers; the London subway bombers; and many of the 9/11 terrorists had no previous links to terrorism. Evildoers can also steal the identity — ­and profile — ­of an honest person. Profiling can result in less security by giving certain people an easy way to skirt security.

There’s another, even more dangerous, failure mode for these systems: honest people who fit the evildoer profile. Because evildoers are so rare, almost everyone who fits the profile will turn out to be a false alarm. Think of all the problems with the government’s no-fly list. That list, which is what Real IDs will be checked against, not only wastes investigative resources that might be better spent elsewhere, but it also causes grave harm to those innocents who fit the profile.

Enough of terrorism; what about more mundane concerns like identity theft? Perversely, a hard-to-forge ID card can actually increase the risk of identity theft. A single ubiquitous ID card will be trusted more and used in more applications. Therefore, someone who does manage to forge one — ­or get one issued in someone else’s name — ­can commit much more fraud with it. A centralized ID system is a far greater security risk than a decentralized one with various organizations issuing ID cards according to their own rules for their own purposes.

I recommend reading the whole thing.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

email feedback@magnacartaplus.org

© magnacartaplus.org2008, 2007, 2006 [1 December]

variable words
prints as variable A4 pages (on my printer and set-up)

abstracts of documents on magnacartaplus.org UK Acts of Parliament click for news from magnacartaplus.org orientation to magnacartaplus.org orientation button links to other relevant sites links

Powered by WordPress