National Insecurity Cards

By Bruce Schneier, Schneier.com. Posted May 11, 2005.

Editor's Note: The REAL ID Act -- a bill that brings the country steps closer to imposing a national ID system -- was sent to the president's desk on Tuesday when the Senate voted to approve the measure, which was attached to the $82 billion war funding bill. As the author explains below, these ID cards are not just a violation of our privacy rights and a covert attack on immigrants. They will also be entirely ineffective in fighting terrorism.

As a security technologist, I regularly encounter people who say the United States should adopt a national ID card. How could such a program not make us more secure, they ask?

The suggestion, when it's made by a thoughtful civic-minded person like Nicholas Kristof in The New York Times, often takes on a tone that is regretful and ambivalent: Yes, indeed, the card would be a minor invasion of our privacy, and undoubtedly it would add to the growing list of interruptions and delays we encounter every day; but we live in dangerous times, we live in a new world ... .

It all sounds so reasonable, but there's a lot to disagree with in such an attitude.

The potential privacy encroachments of an ID card system are far from minor. And the interruptions and delays caused by incessant ID checks could easily proliferate into a persistent traffic jam in office lobbies and airports and hospital waiting rooms and shopping malls.

But my primary objection isn't the totalitarian potential of national IDs, nor the likelihood that they'll create a whole immense new class of social and economic dislocations. Nor is it the opportunities they will create for colossal boondoggles by government contractors. My objection to the national ID card, at least for the purposes of this essay, is much simpler.

It won't work. It won't make us more secure.

In fact, everything I've learned about security over the last 20 years tells me that once it is put in place, a national ID card program will actually make us less secure.

My argument may not be obvious, but it's not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails.

It doesn't really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.

The first problem is the card itself. No matter how unforgeable we make it, it will be forged. And even worse, people will get legitimate cards in fraudulent names.

Two of the 9/11 terrorists had valid Virginia driver's licenses in fake names. And even if we could guarantee that everyone who issued national ID cards couldn't be bribed, initial cardholder identity would be determined by other identity documents ... all of which would be easier to forge.

Security expert Bruce Schneier is the founder and CTO of Counterpane Internet Security, Inc. This essay originally appeared in the Minneapolis Star-Tribune.

Liked this story? Get top stories in your inbox each week from AlterNet! Sign up now »