Slashdot Mirror
Schneier on National ID Cards, Key Escrow Locks, E-voting
Schneier's Cryptogram newsletter this month touches on a lot of subjects near and dear to our hearts: national ID cards, TSA-approved luggage locks, a cost-benefit analysis of stealing an election via hacking evoting machines, a nifty credit with audible security, etc.
We already have multipurpose-use government-issued ID cards in our wallets in the form of drivers licenses or non-driver photo ID cards issued by our states.
The biggest problem with all of these is that there are 51 different issing bodies, one in every state plus one for Washington, D.C. Within each state, there are at least two formats to make non-drivers distinct from drivers, most states also have special "funny formats" for those under 21 so that they're more easily rejected when they try to purchase alcohol.
But, with more than a hundred formats for the best ID system we have, it's impossible for anybody to be an expert on what security measures to look for and be able to notice when they're absent.
No, this isn't an issue that'd protect us from suicide bombers or airplane hijackers... but being able to properly identify people is essential to financial transactions, and telling illegal immigrants that they don't belong here. It's not exactly a constitutional right to be able present a false ID as your own. The various issuers of drivers licenses should at least be able to agree on a common standard so those cards all look alike from jurisdiction to jurisdiction.
I don't thing that it is really necessary to have standardized national ID cards.. the money required to implement such a massive project would be substantial.. and the gain is not clear. Why would having national ID cards help TSA identify people any better than state ID cards such as drivers licenses, and government issued IDs such as military identification cards?
Nicholas Weaver has an interesting letter printed in the article where he makes the case for a need to assume that Microsoft's crown jewel, the Windows Source Code, has already fallen into the hands of black-hats, since both the Chinese and Russians have legit access, and the ease of which a determined group could steal it.
It's an intresting question. However, wouldn't we have seen more zero-day hacks in circulation from the black-hats who hold the code? Or maybe these exploits are being used, but with such infrequency that it's slipping under radars...
I think michael hit it right on the head in his post (oh to be both an author and submitter at slashdot!). Most of the topics in this Cryptogram (and the past few) we *have* seen before, here and in many other security news and blog sites. The only thing I hadn't heard before is the audio-credit-card-thing and I really doubt you'll be seeing consumers hold their cards up to their microphones. Heck, most non-techie folks I deal with don't even realize they *have* a microphone and the rest of them still have theirs in the original plastic shipping material it came in.
So, as Cryptogram becomes yet-another-blog, will it cause Schneier to lose relevancy? I hope not, since a large number of "security managers" hang on his every word and, in the past, this has been a positive thing for getting funding so we can get real work done.
Here's hoping for an influx of creative and incisive Cryptograms the rest of the year, otherwise I'll be on the lookout for Schneier with his WiFi laptop @ Starbucks or the next blog convention.
Mind the gap...
The "escrow key" model of lock that now being distributed in the form of lugage lock leaves interesting options for a traveler...
- Leave your suitcase unlocked. The TSA can get access, and so can anybody else who wants to try to open it.
- Lock your suitcase the old fashioned way. If the TSA wishes to check your bag, they'll bust your lock. Bad guys can also bust the lock. At least, if the contents are tampered with, you'll see a defeated lock when you recover your bag.
- Lock your suitcase with the TSA-compliant locks. Most people can't open your bag, but TSA key holders (both good guys and bad guys) can get into your bag without having to break anything.
Hmm.. which option to chose?
I don't see it that way. They have the right to cut the lock off already. The difference is that you can still have locked luggage... an extra level of tamper protection against the other people handling the baggage.
I have personal experience with the TSA baggage screening functions and the chances of something being stolen from bags is pretty darned slim unless there was a conspiracy of players involved which is also highly unlikely. It is rare if basically impossible for a single TSA screener to open a bag unsupervised. Further, it requires a supervisor or higher ranking person to handle the TSA keys to the TSA locks. Cutting these locks are forbidden. If it was cut, you can be 99% certain it was by someone else.
So when it comes to auditing the access to baggage, there's a higher probability of determining the point of failure.
I think more can be done but speed and efficiency must be balanced against accountability. No one wants to be required to be present 3 hous before the flight do they? Didn't think so.
The TSA lock merely gives people the option of having a lock that will not be cut by TSA.
It just goes to show that there are a lot of nice sounding reasons for us to give up some freedom and have it nickled and dimed to death, but there is one main reason to keep freedom and that is freedom. Unlike these other things, liberty is an end in itself - it derives from the fact that people are creatures of choice and not like the animals. There is no such thing as too much liberty ... it would be like saying that science is too rational.
So here's a shocker. The federal government sets or negotiates a common anti-counterfeit system to use on driver's licenses. Like a 2-D barcode with cryptographically signed info and a special hologram.
Ever notice how we're getting closer and closer to east germany? I mean hell, the local cops already sit at the town border running license plates(yay in-car cruiser terminals!) and checking for DWB.
Please help metamoderate.
How long is it until somebody buys up some of these TSA-unlockable locks and reverse engineers their way into a duplicate of the TSA key?
I just wish that these ID systems were more secure. Instead of using easily stolen and duplicated plaintext identifiers (like an SSN and mother's maiden name), I'd like to see a secure encoded number that is unique to each application. This unique number (different each time it is asked for) would be resolvable to a single identity inside secure back-office applications or through access to a central secure server.
A smart ID card would hand-out unique numbers and log who got which ID. That way any theft of identity is traceable to the source. The card owner could then use the card to trace who was using their data.
I'm sure there are a million potential vulnerabilites with the idea, but the current approach seems much more insecure than this proposal.
Two wrongs don't make a right, but three lefts do.
I lock my luggage more for the guarantee that it won't come open when being handled than the security.
There is simply no reason the TSA couldn't get the keys for the main styles of suitcase locks currently in use. Four or five keys would open probably 95% of luggage.
This is just a way for a company to make money solving something that shouldn't be a problem to begin with.
LordBodak's journal.
This was exactly his point.
I hereby place the above post in the public domain.
Yup, and there are a number of companies that are happy to provide them to bartenders for nearly free. Look closely and you'll find most have a modem port and a label with instructions on how to let it "phone home".
That kind of use needs to be made illegal reaaaal fast. I'm required by law to present my ID, but it'll get scanned and some company gets a number of pieces of personal information.
Please help metamoderate.
The guest essay says that one must assume that someone attacking the integrity of an election has at least a $100 million budget. While it is true that a lot of money is raised in elections, not all of that could be invested in a project to steal an election without anyone noticing. Therefore, the above estimate seems to be much too high.
Lenz Blog
Option 4: lock your bag with both the TSA lock and an ordinary lock. Then you can detect all forms of intrusion (assuming that your bag is suitably well-built).
DROS - Open-Source Robot Software
Why must everything be on a national scale?
People in different parts of the country have different ideas about the balance between security, freedom, and privacy.
I don't see why there couldn't be "zones" where local people decide just what that balance should be. Maybe it would work best at the city or town level.
The people of LA, SF, and New Orleans, for instance would probably be willing to take more risk than the people of Nashville or Lakeland, FL. Why can't they have different standards?
Now I realize it might be impractical for things like air-travel. A plane can fly coast to coast, so everyone under it's path has an interest in the standards used to admit passengers, but there are plenty of other things that can still be a local decision.
If the people of LA don't want ID cards, then let them take the risks associated with not having those cards. If the people of Nashville want cards to feel safer, then let them.
So long as people are allowed to choose what set of rules they want to live under, I don't see a problem.
But, with more than a hundred formats for the best ID system we have, it's impossible for anybody to be an expert on what security measures to look for and be able to notice when they're absent.
That's why these exist. When in doubt, check the book.
Then again, someone could use these guide to ensure their fakes are up to snuff-- I used one of them many moons ago when I was under 21, to perfect the counterfeit NJ driver's licenses that I used to make for fun and profit. I was turning out passable fakes (mine were MUCH better than the one shown at that link) as a broke college student with 1992 technology consisting mainly of a Mac LC, a StyleWriter, a Polaroid camera, and a can of gold spray paint for the hologram. Hell, back then I even forged verifying documentation-- for female customers I did a completely fabricated student ID from a ficticious college, complete with official-looking dignified logo and a magstrip made from a piece of old VHS videotape. For my male customers I did phony Selective Service cards that were meticulously duplicated with Aldus Pagemaker, and printed out on an inkjet using an ink cart that I flushed out and filled with green ink that matched what was used on the real thing.
Those days are over, but sometimes I do find myself wondering what kind of marvelous forgeries I could turn out with the kind of high-tech toys available to me now.
They're just musicians folks.
Here's the link, supreme court to hear the case on producing identity on demand.
Because several states now allow illegal immigrants to obtain drivers licenses using two very insecure forms of Identification: A consular identification card issued by foreign consulate offices, or the ITIN Number supplied by the IRS to people who can't qualify for a social security number.
The consular card is recognized by the FBI as an insecure document. The only reason they are needed is because the recipient entered the U.S. illegaly and does not possess a valid visa, passport or other identification provided through legal channels. There have been cases where people have been arrested carrying multiple copies of this ID, with the same picture and differing names.
The ITIN number can be obtained by calling a 1-800 number and providing a name and address. The IRS does nothing to verify the information given and has stated multiple times that this tax number should ONLY be used for paying taxes. This is not meant to be an Identification number, especially for obtaining a drivers licenses. They sent out a letter this past December to all governors and heads of the driver license division in each state to ask them to stop this practice. Despite this request, states like Utah refused to modify their laws to fix this security problem. This combined with the "motor voter" laws can lead to other problems such as voter fraud.
Because the drivers license is used for many other purposes other than proof that an individual knows the basic driving rules, we either need to go back to only issuing it for people with verified documentation, or creating a national ID that is only given out to citizens. The national ID would be used instead of a drivers license for employment, boarding planes, voting, etc....
and if they are convinced they have ACCURATE code, are probably waiting for such a time as a massive coordinated attack is launched, cyber attack just being one of the facets. Small exploits for training and practice, sure, anything really spiffy they might find they will hold in check until needed-if they trust the sploit that is.
China has even created an entire new military wing of the PLA devoted entirely to cyber warfare, and they are giving it a long range importance equal to air force, land forces, navy, etc.
Now, to be fair, we don't know that MS gave them accurate code, they could have well given them some NSA (whoever, don't matter) doctored stuff that has a lot of nifty backdoors in it as well, we just don't know. I would guess that the state intel agencies in those two countries would be suspicious of it and audit heck out of it anyway before assuming it's completely legit. In fact, even if they hacked in and stole it they would still need to be suspicious of it, as letting it get "stolen" could be a variation on the false flag dodge as well, it's a great way to instill credibility in something if you can be persuaded you have aquired the real deal, so it's equally credible to think of offering the false deal as bait-sort of a honeypot kinda- and letting it get "stolen".
You ought to be able to call your luggage on your cell phone and get its location. Wherify has announced a product for this, but isn't yet shipping.
It seems to me that a national ID would be an additional form, not a replacement for a state ID. Don't qualifications for a driver's license differ between states (in such things as vision testing, vehicle classifications, and so on)? In fact, it seems likely that a state ID would be one of the accepted identifiers when you apply for your NID.
Schneier's article hints that he expects such an ID system to be mandatory if implemented. That brings to mind the interesting case of Dudley Hiibel, currently before the U.S. Supreme Court. Is one obligated to identify oneself at all, if one chooses not to?
The database for such a system would necessarily provide online access to state and local law enforcement, rendering it a prime target for hackers and other criminals. And can we really be certain that the Sheriff's Office or the Department of Finance of Bugtussel County can't be bribed for direct access?
A side note: The little item about license plate shields questions whether these would be legal. The last I knew, even most of the little plastic frames that carry a car dealer's name are illegal in my state, although there are millions of them - they obscure a small part of the lettering on the plate.
I figure by 2030 or so my 6-digit UID will be something to brag about.
Yes, the police are allowed to randomly ask you for your ID card. Most of the checks seem to be for immigration violations by mainlanders. On the other hand the HK government is putting in place fast immigration checkpoints, where you run your ID card through a scanner and provide your thumbprint and you're on your way without ever being questioned by immigration officials.
Of course, this case is still pending before the US Supreme Court. The story previously posted covers the case so far. The law was upheld by the Nevada Supreme Court.
Whenever I think of ID cards, the solution that pops to my mind is to have something with flash-like memory with three blocks of data:
1) A section with my pertinent identification data (picture, description, date of birth, name), in plaintext but cryptographically signed by the government. Anyone that wants to verify my identity can read this area, check the signature, and match the data there against the person standing before them.
2) A for-gov't-eyes-only section, signed and encrypted by the government. This could contain information that should only be revealed to other parts of the government, potentially with different sections and keys for different levels of access, for things like your SIN, passport information, etc. Maybe you're a secret agent and want a way to prove you are, but only to other branches of the government...
The 'spooky' part here would be that if random people can't read the data, then the person holding the card can't read it either so he doesn't even know what's in it other than what the government has told him. I don't think it's really that big a deal though since it's not like they couldn't put anything they want to hide from you in their own hidden databases anyway.
3) And finally, a user block, where a person with an appropriate I/O device can put whatever data they feel is important to keep on them. Medical conditions, organ donation status, favourite type of flowers for the funeral, pictures of your cat, whatever!
Heck, standardize the interface, commoditize it, and let people make their own ID cards and read and write the card themselves. If you don't like that creepy gov't-only block, don't write it to the card. As long as that first, signed block is there, it'll serve its primary purpose.
This has been one of the more interesting threads I've seen in a while. I mean, this is something I actually know about: I do security in a bar.
I've seen cards from pretty much every state in the Union as well as quite a number of ones from many European nations. Recognizing what is and what is not a valid I.D. card is a hard task that I've found a lot of people who do what I do simply don't know enough to deal with.
The great number of state I.D.s, their variations in the quality of their anti-counterfeiting features. The scanner, the color copier, the laminating machine and the simple willingness of people to lie to your face make it hard to be sure that what you're looking at is real.
The current series of California Driver's license/I.D. card is, IMHO the most secure driver's license in the U.S. in terms of anti-counterfeiting features; the series immediately preceding it is a piece of crap.
The new current series of New Jersey Licenses that I've seen, maybe, five of in the last two months is *very* secure if the person looking at it has an ultraviolet light on him and is actually aware that there is a new series to look at while the preceding series is the most easily and most convincingly counterfeited I.D. I've ever seen, and I see it over, and over and over.
A national I.D. card would certainly eliminate the problem of having to have real expertise to spot fakes and anyone who says otherwise is engaging in wishful thinking.
The most current version of the the United State's green card has anticounterfeiting features that I don't even know the names of, but I know their absence would be easy to spot.
Couple this with mag-strip technology to store information and you could standardize one or more pieces of equipment that any bar or other place that had to determine age or identity would have present that would instantly and permanently remove the guesswork. Put biometric data on the card and give me a thumbprint scanner and underage drinking is pretty much over until counterfeiting technology gets better.
That's how good the current green card, or some variant of it would be as a national I.D card. It would make my job ridiculously easy.
Now here's why I hate it.
First off, the article makes one really interesting point: for a really determined person, someone who wanted to hijack planes or steal a million or what have you, no card will be completely secure everywhere up the line to the point where you get one.
Someone with enough cash, or enough juice with the right people, or willing to put in enough work will be able to get either a valid I.D. in a false name, a borrowed/stolen card or a relatively convincing forgery if it is important enough to them.
Viewed this way, a national I.D. card can be said not to provide greater national security but greater control for people with access to the information that a national I.D. card would provide. In terms of anything important, really important--a real, immediate threat like the 9/11 attack--a national I.D. card would be useless.
In terms of centralized information processing, a national I.D. card would be an enormous Christmas present to big brother, providing governments with a key to interweaving databases, giving anyone in authority all the power they need to pressure anyone who isn't into being a more perfect citizen.
Under the current system, a kid with a really, really good fake I.D. can get past me and that's fine. It's a game. I win most rounds. I'm sure the kids win a few and that's the way things should be.
Getting stopped by the cops for taking a desperation leak on a wall at five A.M. and having them know everything about you from whether or not you did your last round of jury-duty to your cholesterol is not something I'm looking forward to.
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
"Sir, just for ID verification purposes, I need your Social Security number."
"Sure, it's ###-##-####."
Even a skript-kidd1e ought to be able to see what the problem is here. I think that someone who knows your Social Security number shouldn't have any more on you than some who who knows, say, your phone number.
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
I really don't see the point of his cost benefit analysis of stealing an election. There is no correlation between the campaign budgets and the value of, or resources available to steal an election. If you are to look back at the last couple of years its pretty obvious that controlling the U.S. government is worth trillions of dollars to the party that wins. There is usually at least a thousand to one payoff from the largesse of the U.S. treasury for large campaign contributors when your candidate wins. Just a few examples, in the case of the Bush administration they've given:
- hundreds of billions in tax cuts to their wealthy benefactors
- $55 billion a year in the so called Medicare reform plan much of which is going in to the pockets of insurance and drug companies, key Republican benefactors. The drug companies have been given a bonanza in that the U.S. government will be buying billions in drugs for seniors, but are precluded by law from negotiating fair prices, so drug companies can charge as much as they dare. This is the antithesis of a free market, purchasing without negotiation.
- $18 billion dollars of no bid cost plus contracts have gone to Halliburton for Iraq
- the list goes on
- Koch oil was facing a $500 million in pollution fines under the Clinton adminstration, when their man Bush won over Gore the fines were reduced to $20 million.
The fact is the Republican's have an enormous financial incentive to do whatever it takes to retain the presidency and the house, and to achieve the holy grail, a fillibuster proof majority in the Senate. Gaining a fillibuster proof majority will be hard but it is the holy grail to the Republicans because they could then pass any legislation, no matter how extreme, as long as they can keep their party's legislators in line through deceit, intimidation and bribery (like they did to pass the Medicare reform bill).
Its also an unfortunate fact that the Republican's have two key resources at their disposal that are priceless:
First, they control the resources of the Federal government, especially in the shadowy world of Defense, Intelligence and law enforcement. For example the DOD's recent efforts to gain electronic control of the vote of soldiers and oversees American's would allow whomever control that system, which is by definition the President and the Secretary of Defense to control millions of votes for next to nothing.
The Republicans, as has been pointed numerous times, disproportionately control the companies that control electronic voting machines. This inside track gives the Republican's a huge advantage should they decide to try and rig the upcoming election.
You might think this far fetched but having watched Bob Woodward on 60 minute tonight I'm thinking anything is possible from the people who currently occupy the White House. Dick Cheney in particular appears to be pulling the strings of a President who is in over his head intellectually and FREQUENTLY setting policy based on prayer, divine guidance and the manipulations of people like Cheney, Rumsfeld, Rove and Wolfowitz, because he is simply not up to the job that faces him intellectually.
One of many disturbing things Woodward listed was that Tommie Franks at one point spent $700 million dollars on Iraq war preparations before Congress was consulted on a war with Iraq or had approved any money. They apparently took this money from an Afghanistan authorization, without telling Congress, which is both unconstitutional and an impeachable offense. Only Congress can allocate money.
At this weeks press conference the President was repeatedly asked if he'd made a mistake. He either couldn't think of anything, or denied any mistakes had been made, which is pretty implausible. The many failures in failing to stop 9/11 and in the mess that is no Iraq have led to no one in the administration being held accountable. Its as if they make no mistakes. Infallibility is a leading indicator of a a couple kinds of leadership, a dictator
@de_machina
You got it, it's called conditioning or brainwashing. they do it to the cops and military until they are conditioned them selves, then they pass it on to "civvies".
The special forces are all getting chipped soon, then the nations police forces, so when it comes your turn, they will say "WE got chipped, it's legal and you must do it!!" Might take a few years, but it's coming.
Right up above, in another post the oft repeated by thoroughly wrong "driving is a privelege and not a right". That's BS, but the entire nation got conditioned into it, now it's accepted that you DON'T have a freedom to travel without their permit or "permission". Ridiculous? Nope, just the one step at a time deal. Would you apply for your "speech" permit? Ridiculous? Most states you need a "permit" for your second amendment "right". Well, if you need the state's permission, it sure ceased to be a "right", yet it's "the law" almost everywhere in some form or another, only one state, vermont, has followed the "born-with right" concept there. What's the difference? The numbering in the constitution? 1-2-3-4, the order in which they strip them doesn't matter as much as they HAVE been doing it and once gone, it stays gone. The goons will just take the easier ones first, that's all. That's what they have been doing. A "permit" to travel, to drive your property on a public road, a road you partially own by being the "public" and pay for via fuel taxes anyway, yet you need a "permit" for your "born-with right to travel" and everyone eats it up, because that right got stripped gradually and turned into needing "their permission".
One at a time freedoms get stripped, people excuse it, they get wishy washy on it, society wimps out, eventually like in all other despotic regimes down through history, you wake up one day and you have no more rights, you are their chattel, and you wonder why it happened, how it snuck up on you. "You" being a generic of course. It's because people just REFUSE to follow through with a normal extrapolation of causalities, events, and provocations. They will not put 2+2 together, they fall into the now cliched "cognizant dissonance" state. It's not that they can't see it, they don't WANT to see it, they pull a turbo ostrich head in the sand, if it's pointed out to them they will vehemently deny the obvious, all the way into absurdity.
Just since I've been a kid we've have lost a TON of rights, now we even put up with "random checkpoints" stuff I was taught in school was only done in places like soviet union or east germany. It was something to revile against,. to thank ourselves and congratulate ourselves we didn't live under such a regime and culture of brutality and exploitation. but now we put up with it, every excuse in the book, but the fact remains, it's now "the LAW" and the US public meekly submits. We wimp out.. Now it's "normal" and the dudes in blue (or black) willingly just "follow ze orders" and "swear an oath to the constitution", yet hardly any of them know it, understand it, or see how they are being used to force the people into obedience to the state.
And this "the people"? More concerned with entertainments mostly, and way too scared to do much about it, they will even put up with obvious vote hijacking and fraud, and with having a controlled parroting media mostly. They put up with hijacked money, stolen labor, rigged elections, wars created by a single tin pot dictator, "executive orders" and never ending and overlapping "national state of emergency" decrees, confiscation of property on a whim, the denial of even a right to property in a lot of cases, obvious and overt bribery being how the nations political business is done, and on and on and on.
It all happened one step at a time, though, not all at once, never enough to get the people alarmed and disgusted enough to "just say no" back at them.
It's sorta sad, but really, you can sort of understand it when you see they will make an example of anyone who dares actually say "no" to illegalities being
Here is another story at findlaw. another more in depth look, citing previous cases and courts findings. This writers take is that it IS a "broad sense" case, and he cites his reasons for that opinion. Me, I think a better test case could have been found, but, in modern soviet USA, "best test cases" find YOU!
I understand the worry some people have about hacked systems, but what I don't understand is the response to it.
Instead of being so worried about it, why not simply close the loop with the voter to make fraud detection easy?
What I mean is, suppose after I vote, I enter a password/PIN which is used to encrypt a random number used to identify my vote. The machine records both my random number and my votes, but not my pin. This encrypted information is then printed for me before I leave. When I get home, and after the votes have been counted, I hop online and download a JAVA applet which lets me decode my random identifying number in private. I can then punch this number into the net (which let's me see any vote I want since the information isn't tied to anyone) -- and tells me who I voted for. If the information doesn't match, I call 1-800-voter-fraud and turn the matter over to the FBI.
Ok, I haven't exactly fleshed out the whole thing here, because you need some way of making sure people don't claim they've been a victom of fraud when they haven't been, but I suspect given a few bright people, some public encryption algorithsm, and some time, we could probably solve that problem.
The point is, if 10% (or some other threshold) of a voting district says their vote doesn't match up correctly while the rate in the rest of the nation is 1%... you know theres a problem and can call for a revote in that district.
As a slightly off topic aside, I really wish I could vote for MULTIPLE people in the order I wanted them elected. Thus, when I vote for some third party person who is obviously not going to get elected, I can still throw my weight behind my #2 candidate who might otherwise be hindered by my real vote -- and at the same time, I get my voice heard with reguard to my true desires.
-Chiem
Yes, most American law is still (although this is eroding) state by state and city by city. Bear in mind, however, just because it's a local or state law doesn't mean that it will pass Constitutional muster, and is thus, in itself, legal.
Many, many local laws are (some rather blatently) contrary to Supremem Court rulings (my own city recently had to pony up $30 mil for unconstitutional prosecution of a law that had already been covered, in some depth, by the Supreme Court, leaving my mayor to publicly wonder what other local laws might be contrary to federal law. He wasn't a very bright fellow (and I have to surmise corporation counsel wasn't either), I could have given him a list, including the one he violated).
They stand until someone challanges them, and it simply isn't worth it, in either time or money, for most people to challange them.
Nor is there any requirement ( as per above post) for the Supreme Court to hear such a challange, even though it has merit.
It seems to be a hard concept for some people to grasp that it may well be the law itself that is the crime.
KFG
"The law does NOT say it is illegal to walk around in public without ID"
Triple negative warning: This statment = "The law does say it is legal to walk around in public without ID." Except of course in the state you live in, where it is illegal to be without some form of ID.
Are your papers in order?
By law social security cards are NOT suppose to be used as an ID number. But its one of those laws the government looks the other way on. Many states use it for drivers license number, many schools use it for a student ID, and so on.
As an experiment, whenever I fly I try to use a non-standard ID card. It was issued by the federal government (not a state government), so technically it should be legal. It is accepted about 80% of the time. The disturbing part, though, is that I can guarantee that they're accepting it in order to cover their own shame at not recognizing it. In fact, usually the conversation is something like:
It's called the "Documento Nacional de Identidad". You go to a government office when you reach the age of 14, are fingerprinted and issued with the card. It must be renewed every five years and it has to be used all over the place.
The problem is that it made absolutely no difference to the effectiveness of the bombers who killed 200 people when they blew up that train in March. It hasn't even been particularly effective in the long running fight against the domestic ETA terrorist organisation and the other argument about immigration, well Spain is the gateway to Europe for Moroccan imigrants.
So, there's no particular evidence that identity cards make any difference at all to the security of a country.
Government of the people, by corporate executives, for corporate profits.
It has been demonstrated that ID cards are completely ineffective.
ID cards didn't make a blind bit of difference to the terrorists who took out that train last month. They don't make any difference to Al-Qaeda or to ETA for that matter.
ID cards are just a kneejerk reaction by politicians who have to be *seen* to be doing something. ID cards must make us more secure... Right?
Government of the people, by corporate executives, for corporate profits.
ID cards in Spain did not stop the bombings.
Governments must think all the public are intellectually challenged morons.
ID Cards are a Red Herring - something that draws attention away from the central issue.
FACT: it will be very simple to identify you absolutely anywhere with a portable eye/finger scanner - without your ID Card.
Once data is transmitted to base they can have your identity within seconds.
The ID Card itself is totally irrelevant - it is a means to an end.
You could be stopped anywhere and authorities would know everything about you - they would not need your ID card.
They will have effectively branded a number on every person.
Just like in 1942, when Nazi's began tattooing numbers on the left forearm of all prisoners.
Find ANYBODY in Government to deny that you can be read like a barcode on a bag of peas at the supermarket till.
They are treating us all like criminals - putting everybody's fingerprints and eye scans on file.
The ID Card propaganda is for several reasons, including: a) making you feel safer b) to say the government are doing something and c) the more malicious motive of privacy invasion.
It is clear that Governments want a surveillance society.
Bruce Schneier wrote: My argument . . . centers around the notion that security must be evaluated not based on how it works, but on how it fails.
... And even if we could guarantee that everyone who issued national ID cards couldn't be bribed, initial cardholder identity would be determined by other identity documents... all of which would be easier to forge.
The first problem is the card itself. No matter how unforgeable we make it, it will be forged.
Looking at the failure mode of the current hodge-podge of IDs in the U.S., we see that the current system is only as secure as the weakest state ID. This is true both as to the forgeability of the ID itself and as to the level of other documentation required to acquire it.
This situation does not provide a reason for preferring the current hodge-podge over a national ID. To the contrary, a national ID is more secure than the current system if (a) the new ID is made less forgeable than the weakest current ID and (b) the new ID requires more establishing documentation to acquire than the current weakest current ID.
The current diversity of IDs and their associated databases does not add to security because a forger need only defeat one such ID to win. That is, where a national ID would present a single point of complete failure, the current diversity presents many points of complete failure. Surely, it is easier to defend one system than dozens or hundreds.
Of course a national ID cannot be made perfectly unforgeable. However, it would be more secure. Whether the increased security costs too much in individual liberty is another question entirely.
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
I've already bought two of these locks. In Providence, RI, I waited at the baggage screener to see if they were going to check my baggage. The screener asked me to unlock the cases. I said that they were supposed to be able to open this lock. She said that she didn't know how. So much for communication to their employees. At least, the lock companies will send you a new product if the screeners cut open the lock (that's if you get the cut lock back).