…unless you think about it:
posted on Thu, 22 Jan 2009 at 22:52 | permanent link | view comments
The better question is, “Who does your government think you are?” Our personal identities are getting swallowed up in our nation identities, thanks to the REAL ID act (2005).
There are many good reasons why a centralized, nationalized ID card is a bad idea (aside from the obvious “Papers, please!” imagery). The Wall Street Journal recently ran an article by Bruce Schneier (I’m a fan) about some of the problems with a centralized national ID:
Decentralized authentication systems work better than centralized ones. Open your wallet, and you’ll see a variety of physical tokens used to identify you to different people and organizations: your bank, your credit card company, the library, your health club, and your employer, as well as a catch-all driver’s license used to identify you in a variety of circumstances. That assortment is actually more secure than a single centralized identity card: each system must be broken individually, and breaking one doesn’t give the attacker access to everything. This is one of the reasons that centralized systems like REAL ID make us less secure.
For example, with multiple identification tokens, if your credit card is lost or stolen, you make a call to the bank or card company and it’s settled: the card is deactivated and the damage is mitigated. The rest of your life is still secure. If you lose your library card, you might run up a big overdue fine, but that’s about as far as a criminal can get with a library card. Driver’s license? You can’t drive anymore (legally) but you shouldn’t have any trouble with the rest of your life as long as you’ve got additional id of some kind.
But let’s take all of these authentication tokens and consolidate them into one single card. Convenient, eh? Now are wallets are thinner and I don’t have to search around for the right card. Wherever I go, one card will work for all my identification needs. But as with so many other good ideas, the problems they create are often far worse than the problem they’re trying to solve.
Consider the problem of losing a national identification card: how do you cancel it and get a replacement? How do you prove to the government (again) that you’re legitimate and deserve a new card? If it’s pretty easy to get a replacement ID, why couldn’t someone who’s stolen your previous card do the same thing?
The first question we should be asking is, what problem is the nation id card trying to solve? From the DHS REAL ID website:
REAL ID is a nationwide effort to improve the integrity and security of state-issued driver’s licenses and identification cards, which in turn will help fight terrorism and reduce fraud.
That seems like a noble cause, but having REAL ID won’t help fight terrorism and it won’t reduce fraud. The REAL ID initiative was born out of the evidence that the 9/11 hijackers had forged and faked drivers licenses among them.
But the rest of the story is that most of the hijackers has legitimate drivers licenses too, gotten through legal means. What’s more, some of the licenses were valid but had fake names on them; the weakness of the driver’s license procedures the hijackers exploited was the human weakness: they bribed a DMV clerk with $1000 each time they needed a new card.
Having a set of federal standards for a drivers license means that the REAL ID will be a de-facto national ID card, and this makes the REAL ID an even more attractive target for would-be terrorists and hucksters: a single point of failure in the system.
I’m all for improving the quality of the process to receive a drivers license, including training for DMV officials to avoid bribes, but a drivers license should remain a drivers license. We use it to ID people before they buy alcohol, tobacco and firearms because it is has a semi-official record of our birthdate on it. As the laws concerning the possession and consumption of these things are state laws, it makes sense that we can use a state issued ID card.
But to extend that state-issued card, which is simply a license to drive a motor vehicle on public property, and to use it for national identification purposes—and let’s be clear about this, a federal tracking system (why else would DHS claim it would reduce terrorism?)—this feels terribly wrong, like a big backward step in liberty.
I can’t point to any right that I’ve lost with a national ID card, other than the fact that honest citizens—the vast majority of Americans—have no need of it. To make everybody carry a national ID card for the sake of a few bad people seems wrong. History bears out the idea that as a federal government’s power increases, the liberties of its people suffer.
And REAL ID won’t work. Timothy McVeigh was a U.S. citizen. Would a national ID card have stopped him? No. Nearly all of the 9/11 hijackers were here on valid visas for legitimate reasons, and because this is a free country, we allow people here legally to also drive. I suspect most of them would have received their REAL ID cards as well. Even if we make the system foolproof, and note this, you cannot know a person’s intentions by making him carry an ID card.
You can have a pretty good idea of a person’s intentions through good old-fashioned detective and intelligence work. Most of the 9/11 hijackers were known to belong to terrorist organizations. Their whereabouts were already known to the FBI. 9/11 was a failure of action by federal crime agencies, plain and simple. To blame that failure on lack of identification is a red herring which will increase the federal government’s power and make us all less secure and less free.
posted on Fri, 16 Jan 2009 at 09:18 | permanent link | view comments
Ah, had we only had our wits about us a few years ago…
Original link (wellingtongrey.net)
posted on Mon, 17 Nov 2008 at 10:19 | permanent link | view comments
…and a waste of your time and tax-dollars.
I’ve been following this for over 5 years now, and it’s not getting any better (only more expensive). The billions of dollars Money spent annually on locking down the airport (aside from hardened cockpit doors) is a complete waste and makes flying a low-quality activity.
This isn’t anything new, but the article is well-written:
The Atlantic - The Things He Carried
An excerpt:
Schneier and I walked to the security checkpoint. “Counter terrorism in the airport is a show designed to make people feel better,” he said. “Only two things have made flying safer: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.” This assumes, of course, that al-Qaeda will target airplanes for hijacking, or target aviation at all. “We defend against what the terrorists did last week,” Schneier said. He believes that the country would be just as safe as it is today if airport security were rolled back to pre-9/11 levels. “Spend the rest of your money on intelligence, investigations, and emergency response.”
The Bruce Schneier mentioned here has written about this subject extensively. It’s time we start asking our people in Congress to turn off the TSA and use the money on something more effective.
Schneier: Toward a Truly Safer Nation
Schneier: Airport Pasta-Sauce Interdiction Considered Harmful
Schneier: Airline Security a Waste of Cash
Schneier: The TSA’s Useless Photo ID Rules
posted on Fri, 17 Oct 2008 at 22:32 | permanent link | view comments
Probably shouldn’t trust your local or federal government agency which isn’t subject to any legal oversight (“Just trust us.”):
New York Times - Panel to Study Military Eavesdropping
ABC News: Inside Account of U.S. Eavesdropping on Americans
CNET: Widespread cell phone location snooping by NSA?
I want to believe that our government really has our best interest at heart, and I believe the intent of the laws are such. However, I am also dead certain that not everyone can be trusted to do the right thing, especially when they’re unsupervised and warrants (which were previously used to ensure accountability and add oversight) are no longer required (thank you Patriot Act!).
This is why we need warrant laws and oversight: to protect the American people from abuses of power, which ultimately are far more threatening than outside invaders (if history is any guide). Trust your government to mean well, but don’t trust the people who work in the government to all mean well—this is why we must have abuse laws and legal protections.
posted on Wed, 15 Oct 2008 at 11:03 | permanent link | view comments
Schneier: Last Week’s Terrorism Arrests
Most of a recent essay by Bruce Schneier:
“Hours-long waits in the security line. Ridiculous prohibitions on what you can carry on board. Last week’s foiling of a major terrorist plot and the subsequent airport security changes graphically illustrates the difference between effective security and security theater.
None of the airplane security measures implemented because of 9/11 — no-fly lists, secondary screening, prohibitions against pocket knives and corkscrews — had anything to do with last week’s arrests. And they wouldn’t have prevented the planned attacks, had the terrorists not been arrested. A national ID card wouldn’t have made a difference, either.
Instead, the arrests are a victory for old-fashioned intelligence and investigation. Details are still secret, but police in at least two countries were watching the terrorists for a long time. They followed leads, figured out who was talking to whom, and slowly pieced together both the network and the plot.
…
Security measures that attempt to guess correctly don’t work, because invariably we will guess wrong. It’s not security, it’s security theater: measures designed to make us feel safer but not actually safer.
Airport security is the last line of defense, and not a very good one at that. Sure, it’ll catch the sloppy and the stupid — and that’s a good enough reason not to do away with it entirely — but it won’t catch a well-planned plot. We can’t keep weapons out of prisons; we can’t possibly keep them off airplanes.
The goal of a terrorist is to cause terror. Last week’s arrests demonstrate how real security doesn’t focus on possible terrorist tactics, but on the terrorists themselves. It’s a victory for intelligence and investigation, and a dramatic demonstration of how investments in these areas pay off.
And what can you do to help? Don’t be terrorized. They terrorize more of us if they kill some of us, but the dead are beside the point. If we give in to fear, the terrorists achieve their goal even if they are arrested. If we refuse to be terrorized, then they lose — even if their attacks succeed.
Essay originally appeared here: http://www.startribune.com/562/story/609687.html
Password Strength: Complexity vs. Length
A few weeks ago, Jason Meserve pointed out an article by columnist Roger Grimes who said that longer passwords are stronger than shorter but more complex passwords. Meserve solicited some feedback:
http://www.networkworld.com/nlvirusbug43268
I took the challenge and responded with this:
"Grimes is right on when he suggests that length is more of a
factor than complexity. Attached is a graph showing how quickly
three password character sets grow in possible combinations
(logarithmic scale). I throw in a dictionary word set to
illustrate another point about memorability.
I (personally) don't find a simple/long password any less
daunting than a complex password, because for both to be
effective the characters have to be somewhat randomly ordered.
Even if we reduce the set of characters to 28 (lowercase alphas
plus space and period), a long random string of those isn't much
better than a slightly shorter but more complex password.
A "simple" password should be memorable, possibly using some
word combinations (e.g. PayPal's password generating system used
to be two dictionary words glued together with a couple of
punctuation or digit characters--it may still be).
When this is the case, the "character set" (each word in the
lexicon effectively becomes a character) is about 50K and has a
solution space that grows much more quickly than single
character password sets.
That is, a password that uses random 5 dictionary words (5-7
characters each) is roughly as strong as a 16 character password
from a randomly generated small (28 char) set. Adding one more
word (6 words) is roughly equivalent to a 19 character (28 char
set) or 14 character (95 char set).
Character for character, however (this is where the graph is
misleading), the dictionary set is far longer (25-35 total
characters) than the 19 random characters from the small set,
but the dictionary set will likely be far more memorable than
random characters, which a good password should be. Throw in an
intentional typo or two with a 4-word passphrase and you've got
yourself a statistically tough one with few wasted brain cycles.
Fwiw, the old PayPal system (2 medium length dictionary words
plus 1 random character) has a solution space roughly that of a
5 character complex password (that is, not very strong).
And this is the graph:
Here is the original article. My response starts on page 3:
http://www.networkworld.com/nlsecuritynewsal43559
Thomas Greene: Crashing the Wiretapper’s Ball
“The popular law enforcement myth is that crooks are getting ever more sophisticated in their use of modern technology, so the police have got to acquire more “sophisticated” point-and-drool equipment to catch them. We find versions of this incantation in virtually every Justice Department press release or speech related to CALEA. But these tools — especially in the IP realm — are not so much sophisticated as complicated and very expensive. They’re a bad alternative to old-fashioned detective work involving the wearing down of shoes and dull stakeout sessions in uncomfortable quarters such as automobiles. The chief impulse behind this law enforcement gizmo fetish is laziness, and it’s a bad trend: The more policemen we have fiddling with computer equipment, the fewer we have doing proper legwork.
The windup is that garden-variety crooks will remain those most susceptible to remote, electronic surveillance, while sophisticated, tech-savvy bad guys will continue operating below the radar. CALEA and its most potent technological offspring are inadequate to catch the people who most need catching. The project of “lawful interception” is huge, grotesquely expensive, controversial, infused with unnecessary secrecy and often useless against the most important suspects it purports to target.
It poses a tremendous threat to human rights and dignity in countries without adequate legal safeguards, and still invites occasional abuses in countries with them. Its costs are paid by citizens who are deliberately kept in the dark about how much they’re paying for it, how effective it is in fighting crime and how susceptible it is to abuse. And that’s the way the entire cast of characters involved wants to keep it.
This essay was originally published in Wired: http://www.wired.com/news/technology/0,71022-3.html?tw=wn_story_page_next3
“We need to defend against the broad threat of terrorism, not against specific movie plots. Security is most effective when it doesn’t make arbitrary assumptions about the next terrorist act. We need to spend more money on intelligence and investigation: identifying the terrorists themselves, cutting off their funding, and stopping them regardless of what their plans are. We need to spend more money on emergency response: lessening the impact of a terrorist attack, regardless of what it is. And we need to face the geopolitical consequences of our foreign policy and how it helps or hinders terrorism.
These vague things are less visible, and don’t make for good political grandstanding. But they will make us safer. Throwing money at this year’s movie plot threat won’t.
This essay was originally published in Wired: http://www.wired.com/news/business/0,1367,68789,00.html
The Six Dumbest Ideas in Computer Security
Marcus Ranum
http://www.ranum.com/security/computer_security/editorials/dumb/
“Let me introduce you to the six dumbest ideas in computer security. What are they? They’re the anti-good ideas. They’re the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying “trying to ignore reality.” Frequently those misguided attempts are sincere efforts by well-meaning people or companies who just don’t fully understand the situation, but other times it’s just a bunch of savvy entrepreneurs with a well-marketed piece of junk they’re selling to make a fast buck. In either case, these dumb ideas are the fundamental reason(s) why all that money you spend on information security is going to be wasted, unless you somehow manage to avoid them.
Source: Crypto-Gram http://www.schneier.com/crypto-gram-0509.html