Home
Archive
Columnists
Video
Blogs
Discuss
About
Search
Donate
Advertise
email Get AlterNet in your mailbox!

 
Advertisement
Advertisement
Advertisement
Advertisement
Register to Vote: Rock the Vote, powered by Working Assets Wireless
Advertisement
  • AlterNetYour turn

Support AlterNet
Do you value the information you're getting from AlterNet? Please show your support with a tax-deductible donation.


Feedback
Tell us how we're doing.

Search:

Rights and Liberties

National Insecurity Cards

By Bruce Schneier, Schneier.com. Posted May 11, 2005.


The biggest problem with a national ID program is that it just doesn't work -- and will likely make us far less safe.
Tools
email EMAIL
print PRINT
32 COMMENTS

Share and save this post:
Digg iconDelicious iconReddit iconFark iconYahoo! iconNewsvine! iconFacebook iconNewsTrust icon

Also in Rights and Liberties

Senate Votes to Reverse FCC Decision Allowing Media Consolidation
Josh Silver

How the Golden State Could Become the New Ground Zero for the Marriage Wars
Christopher Lisotta

After Gitmo: The American Government is Legally and Morally Responsible for Giving Innocent Prisoners a New Life in the U.S.
Aziz Huq

The Case For Tibet
Bill Weinberg

Why the Police Wouldn't Tase Me When I Asked Them to
Danielle Egan

An Independent Prosecutor Should Investigate the Architects of the White House Torture Policy
Marjorie Cohn

More stories by Bruce Schneier

RSS icon Rights and Liberties RSS Feed

RSS icon Main AlterNet RSS Feed

Get AlterNet in
your mailbox!

 
Advertisement

Editor's Note: The REAL ID Act -- a bill that brings the country steps closer to imposing a national ID system -- was sent to the president's desk on Tuesday when the Senate voted to approve the measure, which was attached to the $82 billion war funding bill. As the author explains below, these ID cards are not just a violation of our privacy rights and a covert attack on immigrants. They will also be entirely ineffective in fighting terrorism.

As a security technologist, I regularly encounter people who say the United States should adopt a national ID card. How could such a program not make us more secure, they ask?

The suggestion, when it's made by a thoughtful civic-minded person like Nicholas Kristof in The New York Times, often takes on a tone that is regretful and ambivalent: Yes, indeed, the card would be a minor invasion of our privacy, and undoubtedly it would add to the growing list of interruptions and delays we encounter every day; but we live in dangerous times, we live in a new world ... .

It all sounds so reasonable, but there's a lot to disagree with in such an attitude.

The potential privacy encroachments of an ID card system are far from minor. And the interruptions and delays caused by incessant ID checks could easily proliferate into a persistent traffic jam in office lobbies and airports and hospital waiting rooms and shopping malls.

But my primary objection isn't the totalitarian potential of national IDs, nor the likelihood that they'll create a whole immense new class of social and economic dislocations. Nor is it the opportunities they will create for colossal boondoggles by government contractors. My objection to the national ID card, at least for the purposes of this essay, is much simpler.

It won't work. It won't make us more secure.

In fact, everything I've learned about security over the last 20 years tells me that once it is put in place, a national ID card program will actually make us less secure.

My argument may not be obvious, but it's not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails.

It doesn't really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.

The first problem is the card itself. No matter how unforgeable we make it, it will be forged. And even worse, people will get legitimate cards in fraudulent names.

Two of the 9/11 terrorists had valid Virginia driver's licenses in fake names. And even if we could guarantee that everyone who issued national ID cards couldn't be bribed, initial cardholder identity would be determined by other identity documents ... all of which would be easier to forge.


View as a single page

Digg!

Security expert Bruce Schneier is the founder and CTO of Counterpane Internet Security, Inc. This essay originally appeared in the Minneapolis Star-Tribune.

Liked this story? Get top stories in your inbox each week from Rights and Liberties! Sign up now »

Rights and Liberties » Story Tools: email EMAILprint PRINT 32 COMMENTS

Advertisement

 

Comments Turn comments off sitewide Give us feedback »
Comments closed.
The comments for this story have been closed. Thank you to everyone who participated. 		View:
mazur
[Report this comment]
Posted by: mazur on May 11, 2005 12:45 AM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
Great article. It is an example of a general principle for checking propositions for laws, regulations etc.: to think first about how the law or regulation can be subverted or abused and what will happen when (not if) it will be subverted or abused.

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

Profiteering
[Report this comment]
Posted by: josephefahy on May 11, 2005 6:05 AM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
Bruce Schneier's security analysis is as usual very articulate and on target. And it would be taken seriously, if the proponents of ID program were actually interested in security.

But the ID program has nothing to do with security, just money. And this will cost a lot of money. It will be interesting to see how closely related the companies awarded this contract are to W or C. As well as how many second string administration players end up in the employ of these companies.



Joe Fahy

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

Beauracratic Boondoggle
[Report this comment]
Posted by: cushniesr on May 11, 2005 6:22 AM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
I agree that this is an entirely unworkable idea. The beauracracy and sub-beauracracies that would be needed to implement it are staggering. And, as has been pointed out, those who want to get around it or exploit it for profit would certainly find a way. And these are just the pragmatic issues. We could talk all day on how the American character would be altered. A very bad idea all around.

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

Typical of the bush think?
[Report this comment]
Posted by: ghoster on May 11, 2005 7:37 AM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
If you pay attention at the success rate of this clown, this is just another failure in the making. How about people that are out of the country, will you deny them entry because they weren't around to get their ID? Or better yet how about the underground industry this will start, fake cards (indeciperable from the originals on sale at E bay?) or the instant ID forger on the corner. The illegal immigrants don't seem to have any problem getting around our current system. How about then? It is like padlocks it only keeps the honest ones honest, the crooks will find a way around the security system no matter what. If a suicide bomber wants to be succesful there is no way to stop them. But give up your liberties for security and you won't have either. Trust me, move along nothing to see here.

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

Mark of the Beast!
[Report this comment]
Posted by: gazevans on May 11, 2005 8:17 AM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
Just wait until the government suggests that we're chipped - like animals - from birth, because it fights terrorism...we're moving towards very scary, 1984-esque times.

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

» RE: Mark of the Beast! Posted by: Jersey Devil
» RE: Mark of the Beast! Posted by: windy
Not So Sure of Mark of the Beast
[Report this comment]
Posted by: nakis on May 11, 2005 8:47 AM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
But you are on the money. Sacrifice freedom for fear.

The author states we live in scary times. He's right. But going down the scary path is stupid. Again and again, those of liberal thought constantly state how to fight terrorism the right way. Not by closing the hand but by opening it up. Remove the reasons why terrorists attack. 90% is about injustice. They attack embassies and financial facilities (except in Iraq where there is an occupation). Make economies fairer. Pay workers livable wages. Stop stealing national treasures. Stop exploiting the peoples resources. Stop unfair trade. And so many other issues. And you'll see the numbers of terrorist drop off dramatically. Billions of people wouldn't hate the US.
The wealthy engendar rage and violence and then invent ways to create more capital based on what they have done.
If the rich and ruthless would stop 'eating other peoples lunches' there would a lot less terrorists. Much better than spending billions more of much needed funds on wasteful efforts created by fear and greed.

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

» RE: Not So Sure of Mark of the Beast Posted by: Iamnotafruittree
Mme
[Report this comment]
Posted by: victoria on May 11, 2005 8:48 AM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
An excellent article on the perils of becoming numbers, but I fear we're already there. What are social security cards if not national i.d's?

Victoria Andrews

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

Security at what cost?
[Report this comment]
Posted by: ash on May 11, 2005 9:30 AM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
There is a great quote that seems to fit here. Can anyone help me with the exact wording and quotee?

"Those who sacrifice freedom for security has neither"

Or something very close to that.
Thanks

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

» RE: Security at what cost? Posted by: rusrus
» RE: Security at what cost? Posted by: American_Patriot
» RE: Security at what cost? Posted by: U.S. underachiever
speed racer
[Report this comment]
Posted by: speedracer01 on May 11, 2005 10:17 AM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
Incredible...the Republicans, of all people, are giving us a "big government" fix that doesn't work!

And presumably some of those Republicans were voted in by Christian fundamentalists, many of whom believe that one day the government will force people to wear something called the "Mark of the Beast" in order to buy food or conduct monetary transactions. If a national ID card doesn't sound like a "Mark of the Beast," I don't know what does.

Guess I might as well tattoo "666" in magnetic barcode on my forehead right now...

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

» RE: speed racer Posted by: Jordon
» RE: speed racer Posted by: emeraldjeans
Neeeeext!
[Report this comment]
Posted by: monkeywrench on May 11, 2005 11:15 AM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
Oh, I can hardly wait to experience the "happy carnival" at my local DMV once the "Real ID" rules hit! Just imagine all of those overworked, underpaid government drones having to shuffle reams of additional paperwork – and having to verify every piece: the already-long lines will stretch into the next zip code.

Manwhile, your friendly local terrorist will still be able to visit your friendly downtown (especially here in LA), flash the "high-sign" (finger and thumb holding a phantom driver's license), and in an hour or so and for a couple of hundred bucks get a full dossier of forged documents – license, birth certificate, S.S. card, the works.

Our "geniuses" in Congress are combating terror with more meaningless words on paper that are never obeyed. Yep––I sure feel safer. . .

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

So When Are We Going To Get Rid Of These Cowards And Traitors.
[Report this comment]
Posted by: Joe on May 11, 2005 12:03 PM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
I'm getting fed up with people who refuse to hold Democrats accountable for this mess. I'm tired of the excuse "If they didn't support the bill they would have been called unpatriotic". Have the Democrats ever heard of Doing The Right Thing even if it is unpopular, and the thing is if they had the balls to explain to the American people why they didn't support the bill most Americans probably would agree with them, they may even pick up libertarian conservatives. Republicans make unpopular stances all the time and don't care, even when they are dead wrong: Terry Schiavo, Social Security, etc. Here it is we are on the right side of the issue and the cowardly democrat representatives don't even have the balls to vote against this real ID junk.

Green Party or some other party here I come. Like a battered wife that keeps getting popped in the mouth its time for some of you get the hint and move on. The energy for change should be refocused towards a party that is for change and not a party that continues to whisper sweet-nothings in our ear refusing to stand by our side when it really matters.

Republicans = Rich & Status Quo
Democrats = 1)We want change but were afraid what they will call us. 2)Wait till its time. All Excuses Equal Status Quo & Benefit The Rich.

At least with Republicans you have a clear enemy. The Democrat Party smiles in your face then in order to look "tough" stabs you in the back. The two most dangerous people on the planet are sheep and people trying to prove something. Since Democrats have a desire to show they are "tough" we, the American people, are continously ignored. There was a poll I was looking at about a month ago that shows most american support liberal policies but these Coward Democrats are afraid to speak up. Some make the excuse that it is the media, well do like Bush and go around the "filter". We liberals need to orgainze and see about creating our own TV network independent of the Republcian-Lite party. 50% of the country didn't vote for this joke in the WH, right there is the financial backing.

It doesn't matter if you have a 'D' or and 'R' behind your name, if you're screwing me you're screwing me.

I expect junk like the Real ID from Republicans but Democrats are supposed to be the guards standing at the gate. Once again they have let me down.

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

And your picture ID will be???
[Report this comment]
Posted by: Kajamian on May 11, 2005 2:19 PM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
One of the provisions was having to show a valid picture ID to get a driver's license.

Most people don't have a passport (and if they do, chances are they used their current driver's license to get it).

Most people don't have jobs where they need a picture ID hanging around their necks to get into work (and if they do, chances are HR took a picture of their current driver's license when they were hired).

Many people don't drive for one reason or another. Most are forced to get a state issued ID card in lieu of a driver's license to be able to conduct business in this day and age. Why? Probably because they don't have any other picture ID to use. Look youthful and try buying alcohol without some kind of picture ID.

Others like my neighbor are mentally challenged. He can't make change, manage a bank account, hold a job or drive a car. But they ask him for picture ID when he goes to use his food stamp card, get his "honored citizen" bus pass, or use his Medicaid card.

So ask yourselves what portion of Americans will be challenged when they go to get a driver's license? Our elected representatives probably don't have to deal with any of the above. And if we don't remind them often, they tend to lose what little touch they have with reality.

And one last happy thought: another of these "must pass" bills will be coming up in September. I wonder what they'll try and sneak thru then.

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

Real ID?
[Report this comment]
Posted by: dlf on May 11, 2005 3:59 PM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
I recall going to get a driver's license in New York. I could use a greencard or passport and receive up to 3 points towards the necessary 6 needed for identification. But my US birth certificate was worth 0. So what I'm wondering is under the real ID program can states still give more weight to documents more likely to be used by foreign born residents than citizens? Let's face it all the states have to do is enhance the security features on driver's licenses and have a machine that can verify ss, greencard, and resident alien card #'s at the DMV. That would make our current picture ID more secure. This is another way to generate revenue without raising taxes, cause we all know they aren't replacing our current ID for free.

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

Biometrics
[Report this comment]
Posted by: jwg on May 11, 2005 4:27 PM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
I am a computer data base programmer and realize if properly done the the computers can handle the load by limiting the data to just identification, not your entire life history. The entire life history can be done on other computers tied to numbers on the first however. We can do that given time and money. But all that does is validate the card. Then I thought what about some biometrics tied to the card that matches the human. A eye retina works for most people except the blind, a thumb print works if you have thumbs, some people don't. DNA might work for everyone except the test takes two weeks, and even if we could make the test much faster, remember Gattica.

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

itstarted
[Report this comment]
Posted by: itstarted on May 12, 2005 11:40 AM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
$50,000 fine, or a jail term for misuse of the ID, would narrow down the list of people who would be willing to take a chance at counterfeiting...

Does someone have a better answer?

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

But wait, there's more
[Report this comment]
Posted by: PeterH on May 12, 2005 1:34 PM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
Very well articulated! Though not in the same class, I am also a computer security professional and have the following very dangerous element to add.

A false sense of security.

When you remove the nuts and bolts and technological craft, you're left with the basic question of "who/what do you trust?". And an ID card system which is thought to be secure, but really isn't can be worse than none at all. The titanic was thought to be unsinkable - the persistence of that myth directly led to the crew making decisions that relied more on the myth itself than on an objective reading of the situation at hand. Similarly, a placing trust in a national ID card would de-emphasize the role of observation and vigilance.

During the WTC attacks, the attackers relied on exploiting our systems of trust - by traveling first class, by establishing cover identities, by exploiting the assumption that hijackers would want to land and issue demands, by gaming our assumptions about what terrorists look and act like, and by convincing the crew and passengers that a box taped with red duct tape and a blinking light was actually a bomb. In addition our reliance on high-tech "signals analysis" at the expense of human intelligence gathering and translators created an additional gap in our warning systems. Some problems are better solved without technology.

We trusted labels and myths and missed the physical reality at hand. And as I learned while a volunteer firefighter, that's easy enough to do in day-to-day living; in a crisis it becomes almost second nature.

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. - BENJAMIN FRANKLIN, Pennsylvania Assembly: Reply to the Governor, November 11, 1755

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

national ID cards
[Report this comment]
Posted by: JackB on May 12, 2005 6:22 PM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
why isn't the government hearing from people like schneier before taking such hasty action? it would seem that public hearings including experts such as he should be mandatory prior to approving legislation concerning national ID cards. I fear that congress may be listening only to those voices with which it agrees.

Jack Bowers
Albuquerque, NM

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

Where's the Problem ?
[Report this comment]
Posted by: AdamSelene40 on May 13, 2005 12:01 PM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
Personally, I'm willing to risk having the occasional 747 fall out of the sky and keep the old 2-party system government under a written Consititution.

But if "Safety" is the the prime consideration ... if '9/11' really is the defining moment of the American Century ... then the neoconservative vision is the way to go. That's a 1-Party Security State, with all power vested in the Commander in Chief.

It appears that a majority of Americans are perfectly happy to accept a 1-Party rule of a full blown Security State "to make us safe.'

As long as 51% of Americans believe that that 'Fighting Terrorism' is the alpha and omega of both foreign and domestic policy -- a point which both Clinton and Kerry have already conceded -- 'Liberty' is nothing more than a quaint and outdated 19th century notion which we can no longer afford..

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]

rather not say
[Report this comment]
Posted by: jinfante3 on May 23, 2005 2:16 PM   
Current rating: Not yet rated    [1 = poor; 5 = excellent]
Excellent article and very enlightening. But how do we stop such attacks on our rights to privacy and other civil liberties? This administration and the gov't is becoming scarier and scarier by the day. (HELP!!!???)

[« Reply to this comment] [Post a new comment »] [Rate this comment: 1 - 2 - 3 - 4 - 5]