Schneier on National ID Cards, Key Escrow Locks, E-voting
Schneier's Cryptogram newsletter this month touches on a lot of subjects near and dear to our hearts: national ID cards, TSA-approved luggage locks, a cost-benefit analysis of stealing an election via hacking evoting machines, a nifty credit with audible security, etc.
We already have multipurpose-use government-issued ID cards in our wallets in the form of drivers licenses or non-driver photo ID cards issued by our states.
The biggest problem with all of these is that there are 51 different issing bodies, one in every state plus one for Washington, D.C. Within each state, there are at least two formats to make non-drivers distinct from drivers, most states also have special "funny formats" for those under 21 so that they're more easily rejected when they try to purchase alcohol.
But, with more than a hundred formats for the best ID system we have, it's impossible for anybody to be an expert on what security measures to look for and be able to notice when they're absent.
No, this isn't an issue that'd protect us from suicide bombers or airplane hijackers... but being able to properly identify people is essential to financial transactions, and telling illegal immigrants that they don't belong here. It's not exactly a constitutional right to be able present a false ID as your own. The various issuers of drivers licenses should at least be able to agree on a common standard so those cards all look alike from jurisdiction to jurisdiction.
I don't thing that it is really necessary to have standardized national ID cards.. the money required to implement such a massive project would be substantial.. and the gain is not clear. Why would having national ID cards help TSA identify people any better than state ID cards such as drivers licenses, and government issued IDs such as military identification cards?
Yup, and there are a number of companies that are happy to provide them to bartenders for nearly free. Look closely and you'll find most have a modem port and a label with instructions on how to let it "phone home".
That kind of use needs to be made illegal reaaaal fast. I'm required by law to present my ID, but it'll get scanned and some company gets a number of pieces of personal information.
Please help metamoderate.
Not necessarily... We only see zero-day hacks that are detectable. Going through the trouble of getting the Windows source code suggests you're after something else than just the average virus worm... Remember those are in it for the short haul. Do a lot of damage before the virus scanners catch up with you. The black-hats gaining access to the source would likely not be in it for the short haul, but looking for longer-term profit. An exploit would be worth a lot more if it wasn't discovered criminals were using it, and could be used on choice, hand-picked targets only. True, compromising a few hundred or thousand computers isn't anywhere near as spectacular as Code Red. But the criminals aren't in it for spectacle, they're in it for money or power.
Because several states now allow illegal immigrants to obtain drivers licenses using two very insecure forms of Identification: A consular identification card issued by foreign consulate offices, or the ITIN Number supplied by the IRS to people who can't qualify for a social security number.
The consular card is recognized by the FBI as an insecure document. The only reason they are needed is because the recipient entered the U.S. illegaly and does not possess a valid visa, passport or other identification provided through legal channels. There have been cases where people have been arrested carrying multiple copies of this ID, with the same picture and differing names.
The ITIN number can be obtained by calling a 1-800 number and providing a name and address. The IRS does nothing to verify the information given and has stated multiple times that this tax number should ONLY be used for paying taxes. This is not meant to be an Identification number, especially for obtaining a drivers licenses. They sent out a letter this past December to all governors and heads of the driver license division in each state to ask them to stop this practice. Despite this request, states like Utah refused to modify their laws to fix this security problem. This combined with the "motor voter" laws can lead to other problems such as voter fraud.
Because the drivers license is used for many other purposes other than proof that an individual knows the basic driving rules, we either need to go back to only issuing it for people with verified documentation, or creating a national ID that is only given out to citizens. The national ID would be used instead of a drivers license for employment, boarding planes, voting, etc....
It seems to me that a national ID would be an additional form, not a replacement for a state ID. Don't qualifications for a driver's license differ between states (in such things as vision testing, vehicle classifications, and so on)? In fact, it seems likely that a state ID would be one of the accepted identifiers when you apply for your NID.
Schneier's article hints that he expects such an ID system to be mandatory if implemented. That brings to mind the interesting case of Dudley Hiibel, currently before the U.S. Supreme Court. Is one obligated to identify oneself at all, if one chooses not to?
The database for such a system would necessarily provide online access to state and local law enforcement, rendering it a prime target for hackers and other criminals. And can we really be certain that the Sheriff's Office or the Department of Finance of Bugtussel County can't be bribed for direct access?
A side note: The little item about license plate shields questions whether these would be legal. The last I knew, even most of the little plastic frames that carry a car dealer's name are illegal in my state, although there are millions of them - they obscure a small part of the lettering on the plate.
I figure by 2030 or so my 6-digit UID will be something to brag about.
Yes, the police are allowed to randomly ask you for your ID card. Most of the checks seem to be for immigration violations by mainlanders. On the other hand the HK government is putting in place fast immigration checkpoints, where you run your ID card through a scanner and provide your thumbprint and you're on your way without ever being questioned by immigration officials.
This has been one of the more interesting threads I've seen in a while. I mean, this is something I actually know about: I do security in a bar.
I've seen cards from pretty much every state in the Union as well as quite a number of ones from many European nations. Recognizing what is and what is not a valid I.D. card is a hard task that I've found a lot of people who do what I do simply don't know enough to deal with.
The great number of state I.D.s, their variations in the quality of their anti-counterfeiting features. The scanner, the color copier, the laminating machine and the simple willingness of people to lie to your face make it hard to be sure that what you're looking at is real.
The current series of California Driver's license/I.D. card is, IMHO the most secure driver's license in the U.S. in terms of anti-counterfeiting features; the series immediately preceding it is a piece of crap.
The new current series of New Jersey Licenses that I've seen, maybe, five of in the last two months is *very* secure if the person looking at it has an ultraviolet light on him and is actually aware that there is a new series to look at while the preceding series is the most easily and most convincingly counterfeited I.D. I've ever seen, and I see it over, and over and over.
A national I.D. card would certainly eliminate the problem of having to have real expertise to spot fakes and anyone who says otherwise is engaging in wishful thinking.
The most current version of the the United State's green card has anticounterfeiting features that I don't even know the names of, but I know their absence would be easy to spot.
Couple this with mag-strip technology to store information and you could standardize one or more pieces of equipment that any bar or other place that had to determine age or identity would have present that would instantly and permanently remove the guesswork. Put biometric data on the card and give me a thumbprint scanner and underage drinking is pretty much over until counterfeiting technology gets better.
That's how good the current green card, or some variant of it would be as a national I.D card. It would make my job ridiculously easy.
Now here's why I hate it.
First off, the article makes one really interesting point: for a really determined person, someone who wanted to hijack planes or steal a million or what have you, no card will be completely secure everywhere up the line to the point where you get one.
Someone with enough cash, or enough juice with the right people, or willing to put in enough work will be able to get either a valid I.D. in a false name, a borrowed/stolen card or a relatively convincing forgery if it is important enough to them.
Viewed this way, a national I.D. card can be said not to provide greater national security but greater control for people with access to the information that a national I.D. card would provide. In terms of anything important, really important--a real, immediate threat like the 9/11 attack--a national I.D. card would be useless.
In terms of centralized information processing, a national I.D. card would be an enormous Christmas present to big brother, providing governments with a key to interweaving databases, giving anyone in authority all the power they need to pressure anyone who isn't into being a more perfect citizen.
Under the current system, a kid with a really, really good fake I.D. can get past me and that's fine. It's a game. I win most rounds. I'm sure the kids win a few and that's the way things should be.
Getting stopped by the cops for taking a desperation leak on a wall at five A.M. and having them know everything about you from whether or not you did your last round of jury-duty to your cholesterol is not something I'm looking forward to.
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
You got it, it's called conditioning or brainwashing. they do it to the cops and military until they are conditioned them selves, then they pass it on to "civvies".
The special forces are all getting chipped soon, then the nations police forces, so when it comes your turn, they will say "WE got chipped, it's legal and you must do it!!" Might take a few years, but it's coming.
Right up above, in another post the oft repeated by thoroughly wrong "driving is a privelege and not a right". That's BS, but the entire nation got conditioned into it, now it's accepted that you DON'T have a freedom to travel without their permit or "permission". Ridiculous? Nope, just the one step at a time deal. Would you apply for your "speech" permit? Ridiculous? Most states you need a "permit" for your second amendment "right". Well, if you need the state's permission, it sure ceased to be a "right", yet it's "the law" almost everywhere in some form or another, only one state, vermont, has followed the "born-with right" concept there. What's the difference? The numbering in the constitution? 1-2-3-4, the order in which they strip them doesn't matter as much as they HAVE been doing it and once gone, it stays gone. The goons will just take the easier ones first, that's all. That's what they have been doing. A "permit" to travel, to drive your property on a public road, a road you partially own by being the "public" and pay for via fuel taxes anyway, yet you need a "permit" for your "born-with right to travel" and everyone eats it up, because that right got stripped gradually and turned into needing "their permission".
One at a time freedoms get stripped, people excuse it, they get wishy washy on it, society wimps out, eventually like in all other despotic regimes down through history, you wake up one day and you have no more rights, you are their chattel, and you wonder why it happened, how it snuck up on you. "You" being a generic of course. It's because people just REFUSE to follow through with a normal extrapolation of causalities, events, and provocations. They will not put 2+2 together, they fall into the now cliched "cognizant dissonance" state. It's not that they can't see it, they don't WANT to see it, they pull a turbo ostrich head in the sand, if it's pointed out to them they will vehemently deny the obvious, all the way into absurdity.
Just since I've been a kid we've have lost a TON of rights, now we even put up with "random checkpoints" stuff I was taught in school was only done in places like soviet union or east germany. It was something to revile against,. to thank ourselves and congratulate ourselves we didn't live under such a regime and culture of brutality and exploitation. but now we put up with it, every excuse in the book, but the fact remains, it's now "the LAW" and the US public meekly submits. We wimp out.. Now it's "normal" and the dudes in blue (or black) willingly just "follow ze orders" and "swear an oath to the constitution", yet hardly any of them know it, understand it, or see how they are being used to force the people into obedience to the state.
And this "the people"? More concerned with entertainments mostly, and way too scared to do much about it, they will even put up with obvious vote hijacking and fraud, and with having a controlled parroting media mostly. They put up with hijacked money, stolen labor, rigged elections, wars created by a single tin pot dictator, "executive orders" and never ending and overlapping "national state of emergency" decrees, confiscation of property on a whim, the denial of even a right to property in a lot of cases, obvious and overt bribery being how the nations political business is done, and on and on and on.
It all happened one step at a time, though, not all at once, never enough to get the people alarmed and disgusted enough to "just say no" back at them.
It's sorta sad, but really, you can sort of understand it when you see they will make an example of anyone who dares actually say "no" to illegalities being
As an experiment, whenever I fly I try to use a non-standard ID card. It was issued by the federal government (not a state government), so technically it should be legal. It is accepted about 80% of the time. The disturbing part, though, is that I can guarantee that they're accepting it in order to cover their own shame at not recognizing it. In fact, usually the conversation is something like: