National Insecurity Cards

Posted on May 12, 2005 by bfialindathieman

National Insecurity Cards

By Bruce Schneier, AlterNet.org



The biggest problem with a national ID program is that it just doesn't work – and will likely make us far less safe.



Note:
The REAL ID Act – a bill that brings the country steps closer to
imposing a national ID system – was sent to [Bush]'s desk on Tuesday
when the Senate voted to approve the measure, which was attached to the
$82 billion war funding bill. As the author explains below, these ID
cards are not just a violation of our privacy rights and a covert
attack on immigrants. They will also be entirely ineffective in
fighting terrorism.



As a
security technologist, I regularly encounter people who say the United
States should adopt a national ID card. How could such a program not
make us more secure, they ask?



…In
fact, everything I've learned about security over the last 20 years
tells me that once it is put in place, a national ID card program will
actually make us less secure.



My
argument may not be obvious, but it's not hard to follow, either. It
centers around the notion that security must be evaluated not based on
how it works, but on how it fails.



It
doesn't really matter how well an ID card works when used by the
hundreds of millions of honest people that would carry it. What matters
is how the system might fail when used by someone intent on subverting
that system: how it fails naturally, how it can be made to fail, and
how failures might be exploited.



…[T]he
main problem with any ID system is that it requires the existence of a
database. In this case it would have to be an immense database of
private and sensitive information on every American – one widely and
instantaneously accessible from airline check-in stations, police cars,
schools, and so on.



The
security risks are enormous. Such a database would be a kludge of
existing databases; databases that are incompatible, full of erroneous
data, and unreliable. As computer scientists, we do not know how to
keep a database of this magnitude secure, whether from outside hackers
or the thousands of insiders authorized to access it.



And when
the inevitable worms, viruses, or random failures happen and the
database goes down, what then? Is America supposed to shut down until
it's restored?



(Click here to read the complete article.)





This entry was posted in Big Government, Civil Liberties, Main Page, National News. Bookmark the permalink.