Schneier on National ID Cards, Key Escrow Locks, E-voting
Schneier's Cryptogram newsletter this month touches on a lot of subjects near and dear to our hearts: national ID cards, TSA-approved luggage locks, a cost-benefit analysis of stealing an election via hacking evoting machines, a nifty credit with audible security, etc.
We already have multipurpose-use government-issued ID cards in our wallets in the form of drivers licenses or non-driver photo ID cards issued by our states.
The biggest problem with all of these is that there are 51 different issing bodies, one in every state plus one for Washington, D.C. Within each state, there are at least two formats to make non-drivers distinct from drivers, most states also have special "funny formats" for those under 21 so that they're more easily rejected when they try to purchase alcohol.
But, with more than a hundred formats for the best ID system we have, it's impossible for anybody to be an expert on what security measures to look for and be able to notice when they're absent.
No, this isn't an issue that'd protect us from suicide bombers or airplane hijackers... but being able to properly identify people is essential to financial transactions, and telling illegal immigrants that they don't belong here. It's not exactly a constitutional right to be able present a false ID as your own. The various issuers of drivers licenses should at least be able to agree on a common standard so those cards all look alike from jurisdiction to jurisdiction.
Not necessarily... We only see zero-day hacks that are detectable. Going through the trouble of getting the Windows source code suggests you're after something else than just the average virus worm... Remember those are in it for the short haul. Do a lot of damage before the virus scanners catch up with you. The black-hats gaining access to the source would likely not be in it for the short haul, but looking for longer-term profit. An exploit would be worth a lot more if it wasn't discovered criminals were using it, and could be used on choice, hand-picked targets only. True, compromising a few hundred or thousand computers isn't anywhere near as spectacular as Code Red. But the criminals aren't in it for spectacle, they're in it for money or power.