Slashdot Mirror
Schneier on National ID Cards, Key Escrow Locks, E-voting
Schneier's Cryptogram newsletter this month touches on a lot of subjects near and dear to our hearts: national ID cards, TSA-approved luggage locks, a cost-benefit analysis of stealing an election via hacking evoting machines, a nifty credit with audible security, etc.
We already have multipurpose-use government-issued ID cards in our wallets in the form of drivers licenses or non-driver photo ID cards issued by our states.
The biggest problem with all of these is that there are 51 different issing bodies, one in every state plus one for Washington, D.C. Within each state, there are at least two formats to make non-drivers distinct from drivers, most states also have special "funny formats" for those under 21 so that they're more easily rejected when they try to purchase alcohol.
But, with more than a hundred formats for the best ID system we have, it's impossible for anybody to be an expert on what security measures to look for and be able to notice when they're absent.
No, this isn't an issue that'd protect us from suicide bombers or airplane hijackers... but being able to properly identify people is essential to financial transactions, and telling illegal immigrants that they don't belong here. It's not exactly a constitutional right to be able present a false ID as your own. The various issuers of drivers licenses should at least be able to agree on a common standard so those cards all look alike from jurisdiction to jurisdiction.
My passport and drivers' license! OMFG d00d they are after us!!!!111
I wish he had touched a bit on how Linux and Open Source in general are going to be used with relation to national ID cards and e-voting machines.
Surely it's not going to be an all-proprietary system(s)?
Background: 28/M/Bi-Sexual; Owner of a Linux company; MBA Harvard 2003; B.S. Comp Sci MIT 2000
I don't thing that it is really necessary to have standardized national ID cards.. the money required to implement such a massive project would be substantial.. and the gain is not clear. Why would having national ID cards help TSA identify people any better than state ID cards such as drivers licenses, and government issued IDs such as military identification cards?
Nicholas Weaver has an interesting letter printed in the article where he makes the case for a need to assume that Microsoft's crown jewel, the Windows Source Code, has already fallen into the hands of black-hats, since both the Chinese and Russians have legit access, and the ease of which a determined group could steal it.
It's an intresting question. However, wouldn't we have seen more zero-day hacks in circulation from the black-hats who hold the code? Or maybe these exploits are being used, but with such infrequency that it's slipping under radars...
michaels posting stories again...
I think michael hit it right on the head in his post (oh to be both an author and submitter at slashdot!). Most of the topics in this Cryptogram (and the past few) we *have* seen before, here and in many other security news and blog sites. The only thing I hadn't heard before is the audio-credit-card-thing and I really doubt you'll be seeing consumers hold their cards up to their microphones. Heck, most non-techie folks I deal with don't even realize they *have* a microphone and the rest of them still have theirs in the original plastic shipping material it came in.
So, as Cryptogram becomes yet-another-blog, will it cause Schneier to lose relevancy? I hope not, since a large number of "security managers" hang on his every word and, in the past, this has been a positive thing for getting funding so we can get real work done.
Here's hoping for an influx of creative and incisive Cryptograms the rest of the year, otherwise I'll be on the lookout for Schneier with his WiFi laptop @ Starbucks or the next blog convention.
Mind the gap...
The "escrow key" model of lock that now being distributed in the form of lugage lock leaves interesting options for a traveler...
- Leave your suitcase unlocked. The TSA can get access, and so can anybody else who wants to try to open it.
- Lock your suitcase the old fashioned way. If the TSA wishes to check your bag, they'll bust your lock. Bad guys can also bust the lock. At least, if the contents are tampered with, you'll see a defeated lock when you recover your bag.
- Lock your suitcase with the TSA-compliant locks. Most people can't open your bag, but TSA key holders (both good guys and bad guys) can get into your bag without having to break anything.
Hmm.. which option to chose?
I don't see it that way. They have the right to cut the lock off already. The difference is that you can still have locked luggage... an extra level of tamper protection against the other people handling the baggage.
I have personal experience with the TSA baggage screening functions and the chances of something being stolen from bags is pretty darned slim unless there was a conspiracy of players involved which is also highly unlikely. It is rare if basically impossible for a single TSA screener to open a bag unsupervised. Further, it requires a supervisor or higher ranking person to handle the TSA keys to the TSA locks. Cutting these locks are forbidden. If it was cut, you can be 99% certain it was by someone else.
So when it comes to auditing the access to baggage, there's a higher probability of determining the point of failure.
I think more can be done but speed and efficiency must be balanced against accountability. No one wants to be required to be present 3 hous before the flight do they? Didn't think so.
The TSA lock merely gives people the option of having a lock that will not be cut by TSA.
Michael 'I'm Going To Have A Tantrum And Destroy The Censorware Project' Sims pontificating on issues of privacy and security!
/. crew made sure they had their domain name locked-down real tight before hiring him...
I bet the
It just goes to show that there are a lot of nice sounding reasons for us to give up some freedom and have it nickled and dimed to death, but there is one main reason to keep freedom and that is freedom. Unlike these other things, liberty is an end in itself - it derives from the fact that people are creatures of choice and not like the animals. There is no such thing as too much liberty ... it would be like saying that science is too rational.
So here's a shocker. The federal government sets or negotiates a common anti-counterfeit system to use on driver's licenses. Like a 2-D barcode with cryptographically signed info and a special hologram.
Ever notice how we're getting closer and closer to east germany? I mean hell, the local cops already sit at the town border running license plates(yay in-car cruiser terminals!) and checking for DWB.
Please help metamoderate.
How long is it until somebody buys up some of these TSA-unlockable locks and reverse engineers their way into a duplicate of the TSA key?
I just wish that these ID systems were more secure. Instead of using easily stolen and duplicated plaintext identifiers (like an SSN and mother's maiden name), I'd like to see a secure encoded number that is unique to each application. This unique number (different each time it is asked for) would be resolvable to a single identity inside secure back-office applications or through access to a central secure server.
A smart ID card would hand-out unique numbers and log who got which ID. That way any theft of identity is traceable to the source. The card owner could then use the card to trace who was using their data.
I'm sure there are a million potential vulnerabilites with the idea, but the current approach seems much more insecure than this proposal.
Two wrongs don't make a right, but three lefts do.
I lock my luggage more for the guarantee that it won't come open when being handled than the security.
There is simply no reason the TSA couldn't get the keys for the main styles of suitcase locks currently in use. Four or five keys would open probably 95% of luggage.
This is just a way for a company to make money solving something that shouldn't be a problem to begin with.
LordBodak's journal.
This was exactly his point.
I hereby place the above post in the public domain.
Yup, and there are a number of companies that are happy to provide them to bartenders for nearly free. Look closely and you'll find most have a modem port and a label with instructions on how to let it "phone home".
That kind of use needs to be made illegal reaaaal fast. I'm required by law to present my ID, but it'll get scanned and some company gets a number of pieces of personal information.
Please help metamoderate.
The guest essay says that one must assume that someone attacking the integrity of an election has at least a $100 million budget. While it is true that a lot of money is raised in elections, not all of that could be invested in a project to steal an election without anyone noticing. Therefore, the above estimate seems to be much too high.
Lenz Blog
Option 4: lock your bag with both the TSA lock and an ordinary lock. Then you can detect all forms of intrusion (assuming that your bag is suitably well-built).
DROS - Open-Source Robot Software
Why must everything be on a national scale?
People in different parts of the country have different ideas about the balance between security, freedom, and privacy.
I don't see why there couldn't be "zones" where local people decide just what that balance should be. Maybe it would work best at the city or town level.
The people of LA, SF, and New Orleans, for instance would probably be willing to take more risk than the people of Nashville or Lakeland, FL. Why can't they have different standards?
Now I realize it might be impractical for things like air-travel. A plane can fly coast to coast, so everyone under it's path has an interest in the standards used to admit passengers, but there are plenty of other things that can still be a local decision.
If the people of LA don't want ID cards, then let them take the risks associated with not having those cards. If the people of Nashville want cards to feel safer, then let them.
So long as people are allowed to choose what set of rules they want to live under, I don't see a problem.
But, with more than a hundred formats for the best ID system we have, it's impossible for anybody to be an expert on what security measures to look for and be able to notice when they're absent.
That's why these exist. When in doubt, check the book.
Then again, someone could use these guide to ensure their fakes are up to snuff-- I used one of them many moons ago when I was under 21, to perfect the counterfeit NJ driver's licenses that I used to make for fun and profit. I was turning out passable fakes (mine were MUCH better than the one shown at that link) as a broke college student with 1992 technology consisting mainly of a Mac LC, a StyleWriter, a Polaroid camera, and a can of gold spray paint for the hologram. Hell, back then I even forged verifying documentation-- for female customers I did a completely fabricated student ID from a ficticious college, complete with official-looking dignified logo and a magstrip made from a piece of old VHS videotape. For my male customers I did phony Selective Service cards that were meticulously duplicated with Aldus Pagemaker, and printed out on an inkjet using an ink cart that I flushed out and filled with green ink that matched what was used on the real thing.
Those days are over, but sometimes I do find myself wondering what kind of marvelous forgeries I could turn out with the kind of high-tech toys available to me now.
They're just musicians folks.
Here's the link, supreme court to hear the case on producing identity on demand.
We are to the point with most software, including Windows, that exploits aren't just obvious anymore. You have to go looking and testing for that, no matter if you have the source or not. As the many OSS programs (wu-ftpd being my favourite example) just because you have the source, doesn't mean that exploits are instantly apparant.
I think from an exploit finding point of view, it's roughly a wash open or closed source, at least when the closed source is from a company that has the resources to review it. You rarely see obvious exploit causing mistakes anymore. It happens, but pretty rarely. Exploits are harder to find, and having the code doesn't help a whole lot since if you are scanning it for obvious mistakes, you're only doing what many others have done.
Easier to just screw with the actual available service and see if you can figure out how to break it. Not to say it doesn't help to have the code, I just don't think it's as big a deal as people make it out to be.
Because several states now allow illegal immigrants to obtain drivers licenses using two very insecure forms of Identification: A consular identification card issued by foreign consulate offices, or the ITIN Number supplied by the IRS to people who can't qualify for a social security number.
The consular card is recognized by the FBI as an insecure document. The only reason they are needed is because the recipient entered the U.S. illegaly and does not possess a valid visa, passport or other identification provided through legal channels. There have been cases where people have been arrested carrying multiple copies of this ID, with the same picture and differing names.
The ITIN number can be obtained by calling a 1-800 number and providing a name and address. The IRS does nothing to verify the information given and has stated multiple times that this tax number should ONLY be used for paying taxes. This is not meant to be an Identification number, especially for obtaining a drivers licenses. They sent out a letter this past December to all governors and heads of the driver license division in each state to ask them to stop this practice. Despite this request, states like Utah refused to modify their laws to fix this security problem. This combined with the "motor voter" laws can lead to other problems such as voter fraud.
Because the drivers license is used for many other purposes other than proof that an individual knows the basic driving rules, we either need to go back to only issuing it for people with verified documentation, or creating a national ID that is only given out to citizens. The national ID would be used instead of a drivers license for employment, boarding planes, voting, etc....
It's already the case when flying to the US from Europe.
That's ofcourse logic in the light that all these 9/11 hijackers were Europeans.
(Oops, that's demographic profiling the Bush-light way...)
If/when security is realy implemented at airports no locks are needed anyway.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
and if they are convinced they have ACCURATE code, are probably waiting for such a time as a massive coordinated attack is launched, cyber attack just being one of the facets. Small exploits for training and practice, sure, anything really spiffy they might find they will hold in check until needed-if they trust the sploit that is.
China has even created an entire new military wing of the PLA devoted entirely to cyber warfare, and they are giving it a long range importance equal to air force, land forces, navy, etc.
Now, to be fair, we don't know that MS gave them accurate code, they could have well given them some NSA (whoever, don't matter) doctored stuff that has a lot of nifty backdoors in it as well, we just don't know. I would guess that the state intel agencies in those two countries would be suspicious of it and audit heck out of it anyway before assuming it's completely legit. In fact, even if they hacked in and stole it they would still need to be suspicious of it, as letting it get "stolen" could be a variation on the false flag dodge as well, it's a great way to instill credibility in something if you can be persuaded you have aquired the real deal, so it's equally credible to think of offering the false deal as bait-sort of a honeypot kinda- and letting it get "stolen".
You ought to be able to call your luggage on your cell phone and get its location. Wherify has announced a product for this, but isn't yet shipping.
Takes too long anyway.
sulli
RTFJ.
It seems to me that a national ID would be an additional form, not a replacement for a state ID. Don't qualifications for a driver's license differ between states (in such things as vision testing, vehicle classifications, and so on)? In fact, it seems likely that a state ID would be one of the accepted identifiers when you apply for your NID.
Schneier's article hints that he expects such an ID system to be mandatory if implemented. That brings to mind the interesting case of Dudley Hiibel, currently before the U.S. Supreme Court. Is one obligated to identify oneself at all, if one chooses not to?
The database for such a system would necessarily provide online access to state and local law enforcement, rendering it a prime target for hackers and other criminals. And can we really be certain that the Sheriff's Office or the Department of Finance of Bugtussel County can't be bribed for direct access?
A side note: The little item about license plate shields questions whether these would be legal. The last I knew, even most of the little plastic frames that carry a car dealer's name are illegal in my state, although there are millions of them - they obscure a small part of the lettering on the plate.
I figure by 2030 or so my 6-digit UID will be something to brag about.
Yes, the police are allowed to randomly ask you for your ID card. Most of the checks seem to be for immigration violations by mainlanders. On the other hand the HK government is putting in place fast immigration checkpoints, where you run your ID card through a scanner and provide your thumbprint and you're on your way without ever being questioned by immigration officials.
I saw a nice plate cover over a plate in the parking lot at work yesterday. When you look at it dead on, you can read the plate just fine. But from more than about 10 degrees off normal, you can't see the plate number at all. Would be quite useful if you lived in an area with traffic light cameras. BTW, love your nick--but it should really be "FORTRAN IV."
Another proud carrier of the $rtbl flag
It is reasonable to oppose this as a "camel's nose under the tent"; the officer could just as easily have asked about a man hitting a woman, and he might even have received useful information from the plaintiff in this case.
Of course, this case is still pending before the US Supreme Court. The story previously posted covers the case so far. The law was upheld by the Nevada Supreme Court.
It's called a Social Security card.
But if you lock your luggage, how would you use the "some baggage handler must've put it there" excuse when they find the bag of weed in you suitcase??
After the NSA released SE Linux, I think we can be pretty sure about the color of their hat. What we can also be sure of is the color of Microsoft's: green, because if their priorities leaned more toward delivering a secure and reliable system rather than screwing the users for more money, Windows (and especially LookOut) would behave great deal differently than it does.
Make sure that the guards won't confiscate the small diagonal cutters from your carry-on before you do this,
Whenever I think of ID cards, the solution that pops to my mind is to have something with flash-like memory with three blocks of data:
1) A section with my pertinent identification data (picture, description, date of birth, name), in plaintext but cryptographically signed by the government. Anyone that wants to verify my identity can read this area, check the signature, and match the data there against the person standing before them.
2) A for-gov't-eyes-only section, signed and encrypted by the government. This could contain information that should only be revealed to other parts of the government, potentially with different sections and keys for different levels of access, for things like your SIN, passport information, etc. Maybe you're a secret agent and want a way to prove you are, but only to other branches of the government...
The 'spooky' part here would be that if random people can't read the data, then the person holding the card can't read it either so he doesn't even know what's in it other than what the government has told him. I don't think it's really that big a deal though since it's not like they couldn't put anything they want to hide from you in their own hidden databases anyway.
3) And finally, a user block, where a person with an appropriate I/O device can put whatever data they feel is important to keep on them. Medical conditions, organ donation status, favourite type of flowers for the funeral, pictures of your cat, whatever!
Heck, standardize the interface, commoditize it, and let people make their own ID cards and read and write the card themselves. If you don't like that creepy gov't-only block, don't write it to the card. As long as that first, signed block is there, it'll serve its primary purpose.
I like the idea of a smart ID which consolidates all this burden of memory into one token (which would have to be difficult to replace if it was to have any value), but you're working against a lot of history here - the cost and convenience pressures to settle on a universal ID number are not going to be reversed quickly or easily.
This has been one of the more interesting threads I've seen in a while. I mean, this is something I actually know about: I do security in a bar.
I've seen cards from pretty much every state in the Union as well as quite a number of ones from many European nations. Recognizing what is and what is not a valid I.D. card is a hard task that I've found a lot of people who do what I do simply don't know enough to deal with.
The great number of state I.D.s, their variations in the quality of their anti-counterfeiting features. The scanner, the color copier, the laminating machine and the simple willingness of people to lie to your face make it hard to be sure that what you're looking at is real.
The current series of California Driver's license/I.D. card is, IMHO the most secure driver's license in the U.S. in terms of anti-counterfeiting features; the series immediately preceding it is a piece of crap.
The new current series of New Jersey Licenses that I've seen, maybe, five of in the last two months is *very* secure if the person looking at it has an ultraviolet light on him and is actually aware that there is a new series to look at while the preceding series is the most easily and most convincingly counterfeited I.D. I've ever seen, and I see it over, and over and over.
A national I.D. card would certainly eliminate the problem of having to have real expertise to spot fakes and anyone who says otherwise is engaging in wishful thinking.
The most current version of the the United State's green card has anticounterfeiting features that I don't even know the names of, but I know their absence would be easy to spot.
Couple this with mag-strip technology to store information and you could standardize one or more pieces of equipment that any bar or other place that had to determine age or identity would have present that would instantly and permanently remove the guesswork. Put biometric data on the card and give me a thumbprint scanner and underage drinking is pretty much over until counterfeiting technology gets better.
That's how good the current green card, or some variant of it would be as a national I.D card. It would make my job ridiculously easy.
Now here's why I hate it.
First off, the article makes one really interesting point: for a really determined person, someone who wanted to hijack planes or steal a million or what have you, no card will be completely secure everywhere up the line to the point where you get one.
Someone with enough cash, or enough juice with the right people, or willing to put in enough work will be able to get either a valid I.D. in a false name, a borrowed/stolen card or a relatively convincing forgery if it is important enough to them.
Viewed this way, a national I.D. card can be said not to provide greater national security but greater control for people with access to the information that a national I.D. card would provide. In terms of anything important, really important--a real, immediate threat like the 9/11 attack--a national I.D. card would be useless.
In terms of centralized information processing, a national I.D. card would be an enormous Christmas present to big brother, providing governments with a key to interweaving databases, giving anyone in authority all the power they need to pressure anyone who isn't into being a more perfect citizen.
Under the current system, a kid with a really, really good fake I.D. can get past me and that's fine. It's a game. I win most rounds. I'm sure the kids win a few and that's the way things should be.
Getting stopped by the cops for taking a desperation leak on a wall at five A.M. and having them know everything about you from whether or not you did your last round of jury-duty to your cholesterol is not something I'm looking forward to.
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
Although (last I heard) TSA recommended leaving checked bags unlocked, you are sometimes required by federal law to lock your checked baggage. For instance, if you have a firearm in the suitcase, you are required to have the firearm in a locked case, and you must be the only person who has a key to that case. That case must then be put into a suitcase, and that suitcase, in turn, must also be locked. (Besides which, even if all of this weren't required by law, putting your firearm in an unlocked suitcase would be a really bad idea.)
If these new "TSA locks" become a reality, I wonder what will happen to those of us who fly with firearms. Will we be required to use a TSA lock not only on our suitcases, but on our firearm cases as well? I hope not -- the risk of theft is already high enough to make me pretty nervous as it is.
Point 1/ That implies that your luggage goes on the flight with its cell phone turned on....
Point 2/ That is one little hack away from luggage that explodes when you phone it up. How long do you think luggage containing an active phone will be allowed?
I really don't see the point of his cost benefit analysis of stealing an election. There is no correlation between the campaign budgets and the value of, or resources available to steal an election. If you are to look back at the last couple of years its pretty obvious that controlling the U.S. government is worth trillions of dollars to the party that wins. There is usually at least a thousand to one payoff from the largesse of the U.S. treasury for large campaign contributors when your candidate wins. Just a few examples, in the case of the Bush administration they've given:
- hundreds of billions in tax cuts to their wealthy benefactors
- $55 billion a year in the so called Medicare reform plan much of which is going in to the pockets of insurance and drug companies, key Republican benefactors. The drug companies have been given a bonanza in that the U.S. government will be buying billions in drugs for seniors, but are precluded by law from negotiating fair prices, so drug companies can charge as much as they dare. This is the antithesis of a free market, purchasing without negotiation.
- $18 billion dollars of no bid cost plus contracts have gone to Halliburton for Iraq
- the list goes on
- Koch oil was facing a $500 million in pollution fines under the Clinton adminstration, when their man Bush won over Gore the fines were reduced to $20 million.
The fact is the Republican's have an enormous financial incentive to do whatever it takes to retain the presidency and the house, and to achieve the holy grail, a fillibuster proof majority in the Senate. Gaining a fillibuster proof majority will be hard but it is the holy grail to the Republicans because they could then pass any legislation, no matter how extreme, as long as they can keep their party's legislators in line through deceit, intimidation and bribery (like they did to pass the Medicare reform bill).
Its also an unfortunate fact that the Republican's have two key resources at their disposal that are priceless:
First, they control the resources of the Federal government, especially in the shadowy world of Defense, Intelligence and law enforcement. For example the DOD's recent efforts to gain electronic control of the vote of soldiers and oversees American's would allow whomever control that system, which is by definition the President and the Secretary of Defense to control millions of votes for next to nothing.
The Republicans, as has been pointed numerous times, disproportionately control the companies that control electronic voting machines. This inside track gives the Republican's a huge advantage should they decide to try and rig the upcoming election.
You might think this far fetched but having watched Bob Woodward on 60 minute tonight I'm thinking anything is possible from the people who currently occupy the White House. Dick Cheney in particular appears to be pulling the strings of a President who is in over his head intellectually and FREQUENTLY setting policy based on prayer, divine guidance and the manipulations of people like Cheney, Rumsfeld, Rove and Wolfowitz, because he is simply not up to the job that faces him intellectually.
One of many disturbing things Woodward listed was that Tommie Franks at one point spent $700 million dollars on Iraq war preparations before Congress was consulted on a war with Iraq or had approved any money. They apparently took this money from an Afghanistan authorization, without telling Congress, which is both unconstitutional and an impeachable offense. Only Congress can allocate money.
At this weeks press conference the President was repeatedly asked if he'd made a mistake. He either couldn't think of anything, or denied any mistakes had been made, which is pretty implausible. The many failures in failing to stop 9/11 and in the mess that is no Iraq have led to no one in the administration being held accountable. Its as if they make no mistakes. Infallibility is a leading indicator of a a couple kinds of leadership, a dictator
@de_machina
You got it, it's called conditioning or brainwashing. they do it to the cops and military until they are conditioned them selves, then they pass it on to "civvies".
The special forces are all getting chipped soon, then the nations police forces, so when it comes your turn, they will say "WE got chipped, it's legal and you must do it!!" Might take a few years, but it's coming.
Right up above, in another post the oft repeated by thoroughly wrong "driving is a privelege and not a right". That's BS, but the entire nation got conditioned into it, now it's accepted that you DON'T have a freedom to travel without their permit or "permission". Ridiculous? Nope, just the one step at a time deal. Would you apply for your "speech" permit? Ridiculous? Most states you need a "permit" for your second amendment "right". Well, if you need the state's permission, it sure ceased to be a "right", yet it's "the law" almost everywhere in some form or another, only one state, vermont, has followed the "born-with right" concept there. What's the difference? The numbering in the constitution? 1-2-3-4, the order in which they strip them doesn't matter as much as they HAVE been doing it and once gone, it stays gone. The goons will just take the easier ones first, that's all. That's what they have been doing. A "permit" to travel, to drive your property on a public road, a road you partially own by being the "public" and pay for via fuel taxes anyway, yet you need a "permit" for your "born-with right to travel" and everyone eats it up, because that right got stripped gradually and turned into needing "their permission".
One at a time freedoms get stripped, people excuse it, they get wishy washy on it, society wimps out, eventually like in all other despotic regimes down through history, you wake up one day and you have no more rights, you are their chattel, and you wonder why it happened, how it snuck up on you. "You" being a generic of course. It's because people just REFUSE to follow through with a normal extrapolation of causalities, events, and provocations. They will not put 2+2 together, they fall into the now cliched "cognizant dissonance" state. It's not that they can't see it, they don't WANT to see it, they pull a turbo ostrich head in the sand, if it's pointed out to them they will vehemently deny the obvious, all the way into absurdity.
Just since I've been a kid we've have lost a TON of rights, now we even put up with "random checkpoints" stuff I was taught in school was only done in places like soviet union or east germany. It was something to revile against,. to thank ourselves and congratulate ourselves we didn't live under such a regime and culture of brutality and exploitation. but now we put up with it, every excuse in the book, but the fact remains, it's now "the LAW" and the US public meekly submits. We wimp out.. Now it's "normal" and the dudes in blue (or black) willingly just "follow ze orders" and "swear an oath to the constitution", yet hardly any of them know it, understand it, or see how they are being used to force the people into obedience to the state.
And this "the people"? More concerned with entertainments mostly, and way too scared to do much about it, they will even put up with obvious vote hijacking and fraud, and with having a controlled parroting media mostly. They put up with hijacked money, stolen labor, rigged elections, wars created by a single tin pot dictator, "executive orders" and never ending and overlapping "national state of emergency" decrees, confiscation of property on a whim, the denial of even a right to property in a lot of cases, obvious and overt bribery being how the nations political business is done, and on and on and on.
It all happened one step at a time, though, not all at once, never enough to get the people alarmed and disgusted enough to "just say no" back at them.
It's sorta sad, but really, you can sort of understand it when you see they will make an example of anyone who dares actually say "no" to illegalities being
I was going to correct you by saying that it's really a "back door" lock rather than an escrow lock. But I just looked at the CryptoGram story myself and found that Bruce even used the term "key escrow lock". I thought key escrow (escrowing?) is where you give a copy of your (otherwise private) key to an authority for safe keeping. The purpose being that your data can still be decrypted by the authorities with a suitable court order or somesuch. Do I have this wrong?
Here is another story at findlaw. another more in depth look, citing previous cases and courts findings. This writers take is that it IS a "broad sense" case, and he cites his reasons for that opinion. Me, I think a better test case could have been found, but, in modern soviet USA, "best test cases" find YOU!
If we were ants living on a Rubik's cube, differential geometry would be a little more confusing.
Remember: this stuff isn't implemented yet. You CAN stop it.
He who gives up his freedom for security is a fool, because, without freedom, you cannot properly protect yourself.
Join the Free State Project and let your freedom ring!
this is a state-by-state and city-by-city. i live in kentucky and there are state laws that cover this. and the state allows the local muni's to have some say with their laws. for several years in the town that i live in the bars were able to admit people under 21 (the legal age in ky) but they couldn't order alcohol. that was changed so that they can not enter a bar unless the bar makes more than 50% of it's revenue from food.
eric
I understand the worry some people have about hacked systems, but what I don't understand is the response to it.
Instead of being so worried about it, why not simply close the loop with the voter to make fraud detection easy?
What I mean is, suppose after I vote, I enter a password/PIN which is used to encrypt a random number used to identify my vote. The machine records both my random number and my votes, but not my pin. This encrypted information is then printed for me before I leave. When I get home, and after the votes have been counted, I hop online and download a JAVA applet which lets me decode my random identifying number in private. I can then punch this number into the net (which let's me see any vote I want since the information isn't tied to anyone) -- and tells me who I voted for. If the information doesn't match, I call 1-800-voter-fraud and turn the matter over to the FBI.
Ok, I haven't exactly fleshed out the whole thing here, because you need some way of making sure people don't claim they've been a victom of fraud when they haven't been, but I suspect given a few bright people, some public encryption algorithsm, and some time, we could probably solve that problem.
The point is, if 10% (or some other threshold) of a voting district says their vote doesn't match up correctly while the rate in the rest of the nation is 1%... you know theres a problem and can call for a revote in that district.
As a slightly off topic aside, I really wish I could vote for MULTIPLE people in the order I wanted them elected. Thus, when I vote for some third party person who is obviously not going to get elected, I can still throw my weight behind my #2 candidate who might otherwise be hindered by my real vote -- and at the same time, I get my voice heard with reguard to my true desires.
-Chiem
BTW, love your nick--
I know, but I don't like to shout...
I figure by 2030 or so my 6-digit UID will be something to brag about.
"The law does NOT say it is illegal to walk around in public without ID"
Triple negative warning: This statment = "The law does say it is legal to walk around in public without ID." Except of course in the state you live in, where it is illegal to be without some form of ID.
Are your papers in order?
Schneier's arguments are weak justifications that serve his purpose -- he does not want national ID cards. While I agree with that goal, poorly reasoned arguments based on false premises forms a weak case at best.
- Can ID cards be made unforgable? Yes. Imagine Secure-ID cards whose secret algorithms are based on secret combinations of your biometric data.
- Can ID cards be kept out of the hands of others? Yes. Imagine a biometric-based passport.
- Can a national ID database be administered accurately and reliably? Yes. It will take work, but with even 1990 technology, it's eminently possible.
The focus of any sound argument against national ID cards cannot be the impossibility of adequate technology, which will eventually improve and "suffice". It must question either 1) whether such a system will prevent the entry of terrorists into the US and/or onto vulnerable targets, or 2) whether we want to live under the consequences of having our movements so closely monitored.
I doubt the former, since the usefulness of IDs must depend on our trusting foreign databases, which *will* be more readily compromised and more poorly maintained than ours. And I oppose the latter, since that sort of existence has already been documented nicely in Orwell's books, especially 1984.
Just because Schneier is best known for his technological prowess doesn't mean that his arguments cannot employ nontechnological arguments in opposition to national IDs -- the probably inevitable loss of too many of our personal liberties -- the very definition of freedom.
THAT is the argument that Schneier needs to make.
No other can take its place.
Anon
because the terrorists would never figure out how to have a phone turn on after one hour (My old Nokia has an alarm that wakes it out of "off" mode
Snowden and Manning are heroes.
As an experiment, whenever I fly I try to use a non-standard ID card. It was issued by the federal government (not a state government), so technically it should be legal. It is accepted about 80% of the time. The disturbing part, though, is that I can guarantee that they're accepting it in order to cover their own shame at not recognizing it. In fact, usually the conversation is something like:
Sorry, an automobile is a piece of machinery which, when misused, for any reason, through ignorance, through inability or incapacity, can bring injury or death to the operator and or others.
Your having passed a test to get a driver's license proves that at one point in time, you could demonstrate a minimal, baseline, competence in operating a motor vehicle in places where you could lose control and tear through a line of schoolchildren.
Driving is a privilege because the state has to make it one: it would be very strange to see a drunk, maddened, blind, one-legged, epileptic with a car collection tooling around town behind the wheel and you may not like it, but licensing and the things around it helps to prevent it.
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
stfu please and stop replying to yourself
"If you don't have a license, you can still take a plane, call a cab, take a bus, ride a bicycle, or worst case, walk."
I don't think that's necessarily true. If you ever notice that little sign that they have posted as you get on the highway (at least in Illinois), it basically says no bicycles and no pedestrians.
That means there is no way for me to walk from here to California without the risk of incarceration. I would say that you'd be OK walking along non-interstate roads, but some hick sheriff would probably pick you up for vagrancy.
Additionally, do you know of any cops that WOULDN'T pick up some "suspicious" looking Black or "Arabian" guy walking along the highway? Some people could never make it even if they had the "right" to.
I bet you feel like a complete dipshit for flushing your mommy's money down the toilet getting a Microsoft certifcate that's utterly worthless in real life. Or haven't you discovered yet that you wasted the whole month you spent "studying" so you could go scratch-n-sniffin' those multichoice MCSE exams (Q. Who is sexier? 1. Bill Gates 2. Steve Ballmer 3. Bill Gates...)?
Oh, and no matter what the instructor and your classmates might say, you are NOT an engineer.
I just heard some sad news on talk radio -- TV host Sean Hannity was found dead in his hotel room tonight after a book signing. The coroner has not yet officially ruled it a suicide, but apparently that's what it's going to be ruled.
I'm sure everyone in the Slashdot community will mourn his passing -- even if you didn't agree with him, there's no denying his contributions to popular culture. Truly an American icon.
It's stupid to pay for "TSA-compliant locks" when a simpler alternative is available
I always close my bags with tie-wraps through the zippers or whatever thingy they have for locks. It's easy to detect messing with them (and I've always got spares on me) and if the "law-enforcement" wants to open them they can. If the "bad guys" want to open them they can as well, but then again that's true for most locks (and checking in a two-ton safe is bound to cause some overweight charges from the airline)
-John
It's called the "Documento Nacional de Identidad". You go to a government office when you reach the age of 14, are fingerprinted and issued with the card. It must be renewed every five years and it has to be used all over the place.
The problem is that it made absolutely no difference to the effectiveness of the bombers who killed 200 people when they blew up that train in March. It hasn't even been particularly effective in the long running fight against the domestic ETA terrorist organisation and the other argument about immigration, well Spain is the gateway to Europe for Moroccan imigrants.
So, there's no particular evidence that identity cards make any difference at all to the security of a country.
Government of the people, by corporate executives, for corporate profits.
It has been demonstrated that ID cards are completely ineffective.
ID cards didn't make a blind bit of difference to the terrorists who took out that train last month. They don't make any difference to Al-Qaeda or to ETA for that matter.
ID cards are just a kneejerk reaction by politicians who have to be *seen* to be doing something. ID cards must make us more secure... Right?
Government of the people, by corporate executives, for corporate profits.
Yes, but it's effectively pointless, since drivers aren't stopped at the state border and checked to see if they comply with that state's regulations... It's federally mandated that one state's drivers license and registration has to be applicable in any other state for months, so there's no effective difference between state driver's licenses.
I believe, once the federal government has a national ID, it won't be long before they decide they want to take control of moter vehicle licensing as well. It's all about the centralization of power, and I don't mean that in a tin-foil hat way, just in a corrupt politicians way.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
1. Give everyone an electronic ID card with two crucial features (disregarding privacy issues):
a. Able to receive notifications from the ID backbone system
b. GPS positioning
2. When using the ID card, the system sends a notification to the card (there's a unique ID consisting of a hash of the card holders security number, etc)
3. If someone is using a forged version, the REAL owner will get notified. But he is not using the card, so he knows he's been forged.
4. He contacts the authority which will disable the card and send a notification to the police station closest to the forged card.
Great, right?
What good would it have been to know the names of Timothy McVeigh, the Unabomber, or the DC snipers before they were arrested? Palestinian suicide bombers generally have no history of terrorism. The goal is here is to know someone's intentions, and their identity has very little to do with that.
If identity is so unimportant, than why are we checking IDs? Why does it matter if they are forged?
ID cards in Spain did not stop the bombings.
Governments must think all the public are intellectually challenged morons.
ID Cards are a Red Herring - something that draws attention away from the central issue.
FACT: it will be very simple to identify you absolutely anywhere with a portable eye/finger scanner - without your ID Card.
Once data is transmitted to base they can have your identity within seconds.
The ID Card itself is totally irrelevant - it is a means to an end.
You could be stopped anywhere and authorities would know everything about you - they would not need your ID card.
They will have effectively branded a number on every person.
Just like in 1942, when Nazi's began tattooing numbers on the left forearm of all prisoners.
Find ANYBODY in Government to deny that you can be read like a barcode on a bag of peas at the supermarket till.
They are treating us all like criminals - putting everybody's fingerprints and eye scans on file.
The ID Card propaganda is for several reasons, including: a) making you feel safer b) to say the government are doing something and c) the more malicious motive of privacy invasion.
It is clear that Governments want a surveillance society.
For about 5 years after we were married my wife kept her orignal password in her maiden name, and we carried the marriage certificate as "proof of name change". Only once in all the times that we travelled did anybody notice that the airline tickets were not in the same name as her passport. The single time that it was noticed we just produced the marriage certificate (which is a single sheet of paper) and everything was alright. This was the third time that the passport had been asked for that flight (check-in, and departure hall being the first two - this was at the gate).
So I have a severe doubts about how well the checkers actually check.
The people advocating your point of view seem to be forgetting something:
If the bad guys have to come up with fakes of decently-designed ID cards, they have to make a lot more contacts and take a lot more actions. Every one of these is another opportunity for counterintelligence forces to detect their activity.
They do improve security, just not the way the average person thinks.
do you happen to come from Kentucky? ;-)
If the bad guys have to come up with fakes of decently-designed ID cards, they have to make a lot more contacts and take a lot more actions. Every one of these is another opportunity for counterintelligence forces to detect their activity.
The problem is that most of the bad guys involved would have been able to get real ID cards through legitimate channels anyway. After all, if we knew for a fact that they were bad guys, we would have gone after them in the first place.
I mean let's face it, when it comes to suicide bombings there aren't many repeat offenders.
What makes you think they have ID cards at all?
What makes you think they don't have a stolen card?
What makes you think they don't have legitimate cards?
Spain is full of illegal Moroccan immigrants who don't have ID cards at all, who have counterfeit cards, who have stolen cards. 99.999% of them are economic migrants, not terrorists. That means there's a flourishing black market. So while honest spanish citizens go about their business presenting their cards all over the place, the illegals simply bypass the whole palaver.
Spain demonstrates the uselessness of ID cards as security devices.
Government of the people, by corporate executives, for corporate profits.
We definetley did NOT want to trade-off security-or a false sense of security-for loss of individual freedoms, which was the basic governmental model in the other governments of the time, those they had to look at and compare to. That is quite clear from the earlier writings, documents and discussions of the period. We decided to freely accept the potential risks in order to guarantee the reqwards that freedom to the individual offered.The common usage slang term of those sorts of governments they were comparing against were either feudal with an "aristocratic" class that had most of the rights, even to power of life and death over their "subjects", or a blend of feudalism with "some" rights being metered out to the population. the latter form in our modern (slang) terminology would include "the nanny state". They set up, designed, created and implemented the NON-nanny, NON-feudal, NON-aristocratic, NON-autocratic state on purpose,fully knowing of any potential risks, judged the benefits would outweigh those risks, and wrote the words in some decent detail to outline that philosophy.
This is why we had "free speech" because they concluded the potential "risks" of free speech outweighed the loss of benefit to the free man, the individual, once any state imposed restrictions, because they saw that restrictions WOULD be imposed and gradually expanded upon until there were little to no "free" speech allowed.
This is why they insisted in the very next carefully worded delineation of a "born with" right that the population as a whole, of all the individuals, could, should and always should be of equal armed capacity as any "official" grouping under the header of "government", as they saw that the risks of everyone being armed were worth the risk as compared to the obvious results and risks of when only the state has arms, it leads always to despotism,always,the only variable being a time factor.
and so and and so forth, right down the list.
Travel as an inherent born-right is not supposed to be a default denial-which it is now, until you get the states permission. That is backwards from the original intent and is extremely obvious if one employs honest candor. Are there risks? Why es, no one would deny that. And also, there are GREATER risks to start dissolving/ignoring/taking away born with rights, and do they out weigh the previous risks we agreed upon on our founding, of the original design? I will assert yes, and we are seeing them now. this discussion, the "license" or the states permission to travel, you may not be "allowed" to drive, you may not be "allowed" to enter an airplane if you are on a "secret government li
If you want to do your lady friend the almost cop a BIG favor, and do society a favor, turn her on to Officer Jack Mclamb's "aid and abet" organization and newsletter. Organization by cops and military, for cops and military, dedicated to insuring that they get constitutional training and information, to help insure that they don't become unwitting pawns of the autocrats, something they do NOT get at POST or military academies for the most part.
hmm, guess it would be prudent of me to provide some links.
Generic google search,conincidentally several hits on the right to travel on the first page.
His website with the info for his newsletter, a bio, and linkages and info to hear his various radio shows and scheduling information
... and the new class of technofuedalists have been working with this concept for quite a long time now, and are hugely successful with it.
Main reason I spend so much time writing on it and working against it all my life, it's too dang important to ignore it. And it IS possible to win back some freedoms and to win against the state, it just takes a little dedication, courage, some righteous indignation, and building support via networking and promoting self education to people by providing them with enough information so that they can go forward and getmore information and work on their pet causes. It is too hard to try and get back all your rights for a single individual, but by working in concert and specialising in this or that, we can hold back further impositions of restrictions and roll back previously imposed restrictions.
That's the theory I go on anyway, I have no desire to "go along to get along" with despotism, because that is a most hideous form of society.
No, they have to come up with one more contact (or zero more contacts if the terrorist organization already includes a good forger) and take one more action that would get lost in the noise of underage drinkers and identity-theft petty scammers.
/. If the government wants us to respect the law, it should set a better example.
Bend over and find out.
Sure, _Applied Cryptography_ is the crypto bible, and one of the best programming books ever written, even for non-crypto apps. But Schneier is rarely wrong about anything, and even less often wrong-headed. One measure of a geek is their Slashdot:Schneier reading ratio. Don't score "POSER"!
--
make install -not war
Bruce Schneier wrote: My argument . . . centers around the notion that security must be evaluated not based on how it works, but on how it fails.
... And even if we could guarantee that everyone who issued national ID cards couldn't be bribed, initial cardholder identity would be determined by other identity documents... all of which would be easier to forge.
The first problem is the card itself. No matter how unforgeable we make it, it will be forged.
Looking at the failure mode of the current hodge-podge of IDs in the U.S., we see that the current system is only as secure as the weakest state ID. This is true both as to the forgeability of the ID itself and as to the level of other documentation required to acquire it.
This situation does not provide a reason for preferring the current hodge-podge over a national ID. To the contrary, a national ID is more secure than the current system if (a) the new ID is made less forgeable than the weakest current ID and (b) the new ID requires more establishing documentation to acquire than the current weakest current ID.
The current diversity of IDs and their associated databases does not add to security because a forger need only defeat one such ID to win. That is, where a national ID would present a single point of complete failure, the current diversity presents many points of complete failure. Surely, it is easier to defend one system than dozens or hundreds.
Of course a national ID cannot be made perfectly unforgeable. However, it would be more secure. Whether the increased security costs too much in individual liberty is another question entirely.
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
How is doing a stupid thing like walking into a lion's den as you've described the same as LEGISLATING that I CANT even try, should I desire? How come I can buy poppy seeds on the store shelves, but am denied BY LAW from putting them in the ground? Or how about suicide? Is it my right to drink Drano, however imprudent after reading the warning label?
I've lived in larger metropolitan areas and sprawls than NY, but people from LA & NY think EVERYONE is a hick that can't comprehend your "new fangled" ideas....fuck you obtuse little pricks. Tell me why your SS# (which should be kept much more private than a DL#) is better off on your DL than your SS card (which is really obsolete I suppose, if your DL already has an offical state approved SS# printed on it). It just makes for more cards, and more potential leaks in your personal security.
Let's be careful with what we talk about here.
What the states control is not so much if you can drive, but where you can drive. In most jurisdictions you can drive any car as much as you like on your private property. And you can drive on someone elses private property if it's OK with them. What's the issue is if you can drive on the roads owned by the government. Just like any other road owner, they can decide who gets to drive on their roads.
The real issue here is if it's good to have the government own all roads. I don't think so.
I've already bought two of these locks. In Providence, RI, I waited at the baggage screener to see if they were going to check my baggage. The screener asked me to unlock the cases. I said that they were supposed to be able to open this lock. She said that she didn't know how. So much for communication to their employees. At least, the lock companies will send you a new product if the screeners cut open the lock (that's if you get the cut lock back).
we didn;t have them either when I was a kid until I was a young man, then they started creeping in. firstcame "dui" checkpoints. Then "car inspection" cherckpoints to check for your insurance and registration and license. Then came "seat belt" checkpoints. Now they just have "checkpoints" in general,they actually have the balls to call them "courtesy" checkpoints, and they check for everything, and if you dare to say no to any of it, it gets bad, and quickly. Real, real bad.
Tell you another thing that is going to be common, and soon, and they ALREADY have done it a someplaces, and that is taking a FORCED BLOOD SAMPLE at the checkpoints. And we also have numerous examples of both US military and FOREIGN military personnel running these "random courtesty checkpoints", usually with just a single alleged "civilian" police officer present, and sometimes not even that.
Me, I have no idea why this is allowed to go on, other than the obvious reason and which I insist is the main truth, and that is a long range plan to institute a complete two class society,eventually globally, a return to feudalism with the connected elite, then everyone else.
In my estimation, we are 2/3rds (or so) there already in practical terms. The children in public schools now are even worse off, they have been radically conditioned since entering schools to accept this. They are taught group think, the real answer (or their opinion) isn't as important as the politically correct answer and the state's opinion, that the state provides all and should provide all, that you always obey the state, that you always "obey orders", and that individualism and contrarianism is not only discouraged, but it is disallowed in most cases. They are training a full generation to be total serfs, and the next two generations older are going along with it, content with their carrot and stick mass conditioning which is the duality of bread and circuses distractions, and the threat of puinishment from loss of "permission" to do something in your life to the very real threat of immediate ultra violence to their person on the spot or delayed somewhat as they are funnelled through the justice "system" quagmire.
Carrot and stick, just like how draft animals of the herd are "broken".
I do have to ask though, what about your secret police and state run informers and political crimes, etc? This is not an accurate representation of what was going on? And did you not have an uber political/economic elite who were totally above the law?
Yep, that's right. Just as increased airport security will protect us from hijackings... So, anyone remember how far it is from Russia to Alaska? About 50 miles, I think, across the Bering Strait. In other words, a plane hijacked (or even bought) somewhere outside the US, could be stuffed full of terrorists and/or explosives and enter US airspace on a properly logged flightplan...
I don't know if there's a hell of a lot worth bombing in Alaska (oil fields, maybe?) but the plane wouldn't need to stop there. A 747 carries enough fuel to cross the Atlantic - assume it starts fully-fueled from as close to Alaska as possible, and it could reach any major city on the West Coast. What's the seating & cargo capacity of a 747? Load every seat with one passenger-equivalent of C4 (or dynamite, or fuel...) and load up the cargo space too, and you'd more than compensate for the fuel used to reach a major city.
I suppose the same goes for any country, really. I don't think any country is out of reach of a fanatic with a legitimately-owned airplane...
That's what explosives detection machines are for.
you are saying:
Freedom allows (notice I didn't say approves-me) rape/child molestation/illegal ownership of weapons/etc..)
This is bad, so
We must limit freedom.
Bad bad bad....remember, freedom didn't do/encourage/support ANY of what you suggested. Ever hear "when X is outlawed, only outlaws will have X" ? You are confusing the issue, as it would be ABSURD to brainwash children simply for control (hasn't happened yet, even with all the freedoms we've possessed and no rational person has yet gone far enough (extreme?) in their attempts to even suggest it (except for you, I suppose). I realize you weren't really endorsing those ideas, but you strike me as someone who puts little faith in humanity (gee, how'd we ever get this far without limiting people is beyond me..../sarcasm), and is implying we must set limits on all human behavior simply because all aspects of it will eventually be taken to ridiculous extremes and/or abused (guilty before proven innocent?).
Btw. the things you've mentioned are, for the most part, already assumed/banned/regulated/etc....so tell me how FURTHER limitations will help those that ALREADY pose no problem?
From the article you linked, I don't think the situations sound similar at all. Anyway, if you tried to sue the city because a cop asked you for ID, you'd be laughed out of any courtroom. If you tried to get a D.A. to prosecute a cop for asking you for ID, you'd be laughed at. Unless you were beaten up like this guy was, it wouldn't be worth it.
a. On or about August 9, 1997, in a police car in Brooklyn, New York, the defendants CHARLES SCHWARZ and THOMAS WIESE hit and physically assaulted Abner Louima while his hands were handcuffed behind his back.
b. On or about August 9, 1997, in a police car in Brooklyn, New York, the defendants JUSTIN VOLPE, THOMAS BRUDER, CHARLES SCHWARZ, and THOMAS WIESE hit and physically assaulted Abner Louima while his hands were hands were handcuffed behind his back.
c. On or about August 9, 1997, in a rest room at the 70th Precinct, the defendants JUSTIN VOLPE and CHARLES SCHWARZ hit and physically assaulted Abner Louima, by kicking him and by shoving a wooden stick into his rectum and mouth while his hands were handcuffed behind his back.
My other first post is car post.
Remember, it is the "United States of America" - not just "America", or the "Country of America", or the "State of America", or anything silly like that, but the "United States". Notice the capitalization of "States".
You see, each of the States of the Union *is* a country, with laws and constitutions drawn up by representatives of the People of that State. These laws and constitutions are supposed to reflect and be based upon (but not in entirety) the overarching Constitution of the United States. Each of these States, as they came into being, and gradually gained "Statehood", were given the option of joining the "United States". Invariably, the individual States signed on to become part of the greater Union (however, I believe some of the late joiners only did so not because of an educated reasoning, but because "all the others have" - ie, herd mentality) - safety in numbers?
All of this really is moot, though - the whole idea of what a State is truely dissolved with Lincoln and the Civil War. The Civil War had very little to do with slavery, and everything to do with States Rights. Since the Union was voluntarily entered into by citizens of States that are technically Sovereign, they also had the right (since this right is not (was not?) in the United States Constitution, thus goes to the States and People) to secceed from that Union. A bunch of States got together, said "yea", and decided they wanted to branch off and form a different Union (supposedly within their rights as Sovereign States). The reason this occurred was because Lincoln was telling the States how to run things - instead of letting these States run their own business as how they saw fit.
The people in those times could see what was happenning (not sure how, they didn't have TV or internet - just newspapers and telegraphs - but perhaps they were more interested in how they governed themselves, or less satiated, or something - ah, what am I saying - THEY WEREN'T F'N SHEEP, THAT'S WHY!) - and decided to change it. Unfortunately (for all of the States, and the people governed within), they lost - big.
So now we have the "United States of America", but in name only. Even that is fading - more often than not we are called, and call ourselves, the "US", "USA", "America" (forget the fact that America is a region), and to a lesser extent, the "United States".
Reason is the Path to God - Anon
... me, too. It's about that time.
Mr. Schneier,
In your article you criticize National ID Cards. It is my opinion that many of your points are invalid and/or misleading. More broadly, it is my opinion that your opposition to National ID Cards is based more on philosophical opposition to the idea that the actual reality of any such system. Of course, I would like to point out that many democratic nations have ID cards without undermining civil liberties and in fact providing essentially perfect protection against identity theft (which the US most assuredly does not have). Overall, a National ID Card is basically an unforgable driver's license. Why such a thing should arouse such fierce opposition is not clear to me, although obviously it does.
A few specific points:
1. Any decent National ID Card would be totally unforgable. The technology required for an unforgable ID card has existed for years and would presumably be employed in the U.S. For example, all of the information on the card would be digitally signed using a secret key. To be useful the signed information would include a picture, fingerprints and/or iris data. Any attempt to create a fake ID would show up as a digital signature mismatch. To date no cryptographic flaws have been found in the standard digital signature algorithms used in the U.S. and around the world.
Of course, there is always the risk that the secret key used to sign ID cards might be lost. Presumably enormous care would be taken to prevent any such failure. Beyond that, an array of different secret keys could easily be used to sign ID cards. Each key could be separately stored and protected so that the loss of any one key would not compromise the system. Giving the keys limited lifetimes (5-10 years) would ensure that at least one key was still intact at the point that the secret keys (and cards) would have to be replaced.
In addition, the data on the cards would also be stored in some central database. This means that even if all of the secret keys leaked, a National ID Card could still not be forged. Why? Because the data on the forged ID card would not match the contents of the database and would result in the immediate recognition that card in question was invalid. In other words, to successfully create a fake ID card, someone would have to obtain all of the secret keys used to sign ID cards and simultaneously corrupt the national identification database.
2. Your article asks what would happen if the database crashed or was otherwise unavailable. The answer is not much. Why? Because the ID cards would be self-verifying as stated above. Even if terrorists successfully attacked the ID database with the intent of stopping database verification they would still have to obtain all of the secret keys to create even one forged ID. Beyond that the ID database could easily be replicated. What many folks may not realize is how small such a database would be. Allowing for 100K per person and 300 million records, only 30 terabytes would be needed for all of the records. This is roughly 120 current generation disk drives from your local CompUSA at a cost of around $30K.
In practice, higher quality and higher cost disks would be used. However, the cost would still be minimal. A recent copy of the Gilder Technology Report claimed that commercial disk space costs around $2.33 per gigabyte per year. That puts the disk storage costs of the ID database under $100K per year. Obviously the support costs of any such system could dwarf the hardware expenditures. However, it should be clear that such a system could incorporate a high level of physical replication to ensure continuous availability under any set of circumstances short of "Deep Impact" (the movie).
3. Your article suggests that any database system would be vulnerable to hackers, viruses, worms, etc. that could corrupt its contents. In my opinion, these threats can be controlled and are not an obstacle to deploying any such system. The best evidence is that the Federal government already runs any number of critical data