Forgot your password?
typodupeerror
Security

Schneier on National ID Cards, Key Escrow Locks, E-voting 400

Posted by michael
from the uncommon-sense dept.
Schneier's Cryptogram newsletter this month touches on a lot of subjects near and dear to our hearts: national ID cards, TSA-approved luggage locks, a cost-benefit analysis of stealing an election via hacking evoting machines, a nifty credit with audible security, etc.
This discussion has been archived. No new comments can be posted.

Schneier on National ID Cards, Key Escrow Locks, E-voting

Comments Filter:
  • by LostCluster (625375) * on Sunday April 18, 2004 @07:41PM (#8900101)
    We already have multipurpose-use government-issued ID cards in our wallets in the form of drivers licenses or non-driver photo ID cards issued by our states.

    The biggest problem with all of these is that there are 51 different issing bodies, one in every state plus one for Washington, D.C. Within each state, there are at least two formats to make non-drivers distinct from drivers, most states also have special "funny formats" for those under 21 so that they're more easily rejected when they try to purchase alcohol.

    But, with more than a hundred formats for the best ID system we have, it's impossible for anybody to be an expert on what security measures to look for and be able to notice when they're absent.

    No, this isn't an issue that'd protect us from suicide bombers or airplane hijackers... but being able to properly identify people is essential to financial transactions, and telling illegal immigrants that they don't belong here. It's not exactly a constitutional right to be able present a false ID as your own. The various issuers of drivers licenses should at least be able to agree on a common standard so those cards all look alike from jurisdiction to jurisdiction.
    • Don't most driver's license cards have barcodes on the back that liquor stores, etc. can scan?
      • by SuperBanana (662181) on Sunday April 18, 2004 @08:05PM (#8900233)
        Don't most driver's license cards have barcodes on the back that liquor stores, etc. can scan?

        Yup, and there are a number of companies that are happy to provide them to bartenders for nearly free. Look closely and you'll find most have a modem port and a label with instructions on how to let it "phone home".

        That kind of use needs to be made illegal reaaaal fast. I'm required by law to present my ID, but it'll get scanned and some company gets a number of pieces of personal information.

        • Well your info on the license is a matter of public record. And if the bartender feels like telling someone it's his right.

          If you want to choose to only visit places with a certain privacy policy that is your right. Just like on the web.

          • by NortWind (575520) on Monday April 19, 2004 @12:41AM (#8901495)
            Well your info on the license is a matter of public record. And if the bartender feels like telling someone it's his right.
            It's also your right to check whether or not your driver's license will stick to a really, really strong magnet.
      • by pantycrickets (694774) on Sunday April 18, 2004 @08:06PM (#8900241)
        Don't most driver's license cards have barcodes on the back that liquor stores, etc. can scan?

        Yes, and like everything else, there are tools on the net to generate fake ones. :)
      • Don't most driver's license cards have barcodes on the back that liquor stores, etc. can scan?

        Yes, but they're useless out-of-state. Witness: I have a New York State driver's license (have for eight years now), and it has two different barcodes on the back. Very nifty, and when I'm visiting my parents I can swing by the liquor store, have them scan the card, and walk out with a six-pack of Guinness no problem. I can also do the same thing where I live in Pennsylvania, except the clerks here can't scan
    • Dont forget Porto Rico, and ID's from other countries.
    • by crackshoe (751995) on Sunday April 18, 2004 @07:48PM (#8900134)
      The problem with that is that you'd be infringing on what is traditionally state territory, which rarely ends well. On the other hand, the federal government got unwilling states to roll over on drinking age, so it could be possible. It is possible to get a federal ID -- its called a passport, and they're a bit more stringent on who they give them out to (although i'd in no way gurantee that there aren't hundreds or even more fake US passports about). We are still working on figuring out if you can refuse to show a cop your ID, though.
      • by DonGar (204570) on Sunday April 18, 2004 @07:59PM (#8900201) Homepage
        I was recently told that it's illegal for an adult to walk round in public without some form of government id such as a driver's license. I was in California at the time.

        I have no idea if this is true, or (if true) which level of government is imposing this rule.

        I'm not sure which is more disturbing to me. That I can't tell if it's true (and don't know how to find out), or that the US citizens I was speaking with considered it acceptable for citizens to be required to carry their 'papers' at all times.
        • I'm curious about this too. It just can't be true.

          What about bikini-clad rollerbladers with no pockets, purse, etc?
        • I forget the details, but theres a court case floating around about this issue - whether or not you have to display identification to a police officer unless you've done something. If it is illegal in California to walk around without government ID, its probably unconstitutional, and waiting for a good court test. maybe the cali legislature was bored, and needed to make busywork.
          • by kfg (145172) on Sunday April 18, 2004 @09:51PM (#8900735)
            Yes, and /. covered the story. It is legal, by California law, for a policeman to demand ID. This is not the same thing as requiring you to have one on your person.

            If you do not have one on your person the police officer, again by California law, is legally empowered to take you into custody to determine your ID.

            So carrying ID may save you a night in the pokey, but it isn't required.

            The idea that you can even be required to produce ID, or be taken into custody for refusing to present it, is the issue currently on the docket of the Federal Supreme Court. The very fact alone that have decided to hear the case is evidence that the consider the issue has real Constitutional merit, at least to the extent that it requires federal review (the Supreme Court is only required to hear those strictly federal cases delineated in the Constitution itself. They can, and do, simply refuse cases that they don't consider worth their time).

            As a general rule (there are, of course, certain exceptions, but they are exceptions) one does not have to provide a police officer with anything other than nonresistence to arrest.

            When a bartender asks for ID he is doing so because the law requires him to certify legal age. He is not required to check your ID, he is only required to check your ID if you order a drink, and you are free not to order one. (It is a myth that those who are under the legal drinking age cannot legally go into a bar. Think about all the restaraunts and diners that serve alchohol. No problemo. Some bars refuse entry to those underage because it makes life simpler for them, and because many local law enforcement agencies don't understand this point themselves. Some bars I know only card on the weekend and the rest of week only card when a drink is actually ordered. There's no accounting for the behavior of people).

            In the past anything that could serve as a legal document showing age was accpetable. On my eighteenth birthday I bought a bottle of wine with my birth certificate ( I poured the wine down the drain. I wanted the bottle to put a ship in. It was crappy Mogan David anyway. Just the right bottle though). I have also used my passport.

            The sticky wicket is the lack of a photo on the birth certificate (not that it would do any good if one were included), thus the ease with which one person's ID can be used by another.

            We're getting really frickin' paranoid about all this ID shit, and according to my bank my federally issued passport no longer, in their interpretation of the law, qualifies for photo ID according to the PATRIOT Act.

            And, in theory at least, your passport is certified and issued to you by the frickin' Secertary of State.

            In future I suppose I'll also need, along with my driver's license (technically this cannot be required for any purpose other than operation of a motor vehicle. Well, that idea seems to have gone by the boards. In my state you cannot get a nondriver's ID is you already have a driver's license. You may keep an expired driver's license (with a hole punched in) as a "nondriver's ID" if you wish. Yeah. Right.), a federal ID card, a note from my mayor, the President himself; and my mommy.

            KFG
            • When a bartender asks for ID he is doing so because the law requires him to certify legal age. He is not required to check your ID, he is only required to check your ID if you order a drink, and you are free not to order one. (It is a myth that those who are under the legal drinking age cannot legally go into a bar. Think about all the restaraunts and diners that serve alchohol. No problemo. Some bars refuse entry to those underage because it makes life simpler for them, and because many local law enforceme

        • by x136 (513282) on Sunday April 18, 2004 @09:01PM (#8900495) Homepage
          I went for a walk at somewhere around midnight a few weeks back (in CA), without any kind of identification on me. A police officer on patrol stopped me and asked me a few questions (apparently there had been some burglaries in the area recently). He asked for ID, and didn't say anything about that being illegal when I told him that I had none. He took down some information, and we both went on our merry ways.

          So I doubt there is any such law, at least in California. Besides, what about the homeless? Surely many of them have no ID to show.
        • "I was recently told that it's illegal for an adult to walk round in public without some form of government id such as a driver's license. I was in California at the time."

          If might be true in California, but I do not believe it's true in New England. I've lived in a few states there and I have never encountered such a law.

          You might be required to identify yourself to an officer. That is not the same thing as carrying a picture id ("Yes Officer, I'm Joe Blow, and I live at 372 Main St. How are you today
        • by jcr (53032) <jcr@nOspAm.mac.com> on Monday April 19, 2004 @12:36AM (#8901470) Journal
          I was recently told that it's illegal for an adult to walk round in public without some form of government id such as a driver's license.

          If the person who told you that was any kind of government official, then you should make as big a stink about it as you possibly can. Charge the thug with "Conspiracy to Deprive of a Constitutional Right under Color of Authority" (nominally carries a penalty of up to ten years in a federal pen.)

          Demand a public apology and retraction of the statement, and proclaim to the world that you won't tolerate any such attempt at intimidation. In short, such a claim should be a career-limiting move for anyone in a government job.

          It is not yet the case that you are required to carry an ID if you're not doing something that requires a license. (EG, if you're not driving a car, cutting someone's hair , giving a massage, working on their plumbing, etc. for money).

          If you *are* carrying a california DL, then you do have to show it, since the legal theory is that it belongs to the state, not to you. If you're carrying any other ID, and a state officer asks to see it, it's your prerogative to refuse.

          I can't emphasize enough the importance of refusing unreasonable intrusions on our privacy. The more unpleasant it is for a cop to do so, the less it's going to happen.

          -jcr
        • It is Good that the law is indeterminate; in the Westminster system of government, the legislature IS the law, and they are also the high court.

          At least here there is a branch of government that can protect our liberties--and look at the social history of the twentieth century to realize how much the Court has done before an obstinate Congress.

          If you want to find out what the law is, there are great web resources all over [www.oyez.org] but since this particular issue hasn't been decided by the Supreme Cou

      • I know for a fact that in the state of Virginia (where I live), you are required to present your driver's license for examination upon the request of any bona-fide law officer. Now, I am not sure if that only applies to driver's licenses or if the actual wording of the code is broad enough to include DMV-issued identification. Virginia tends to be a bit strict on this type of issue, especially since 9/11. But, I am sure other states have similar requirements. It all falls back to the "driving is a privilege
        • I know for a fact that in the state of Virginia (where I live), you are required to present your driver's license for examination upon the request of any bona-fide law officer.

          Only if you're driving. Carrying ID is not required for simply walking in public.

    • The biggest problem with all of these is that there are 51 different issing bodies, one in every state plus one for Washington, D.C.

      Pluuuus, American Samoa, Guam, N. Mariana Islands, Puerto Rico, & the US Virgin Islands. :)

      Not to mention that we do and will most likely continue to accept Canadian and Mexican IDs without much hassle.
      • It has been demonstrated that ID cards are completely ineffective.

        ID cards didn't make a blind bit of difference to the terrorists who took out that train last month. They don't make any difference to Al-Qaeda or to ETA for that matter.

        ID cards are just a kneejerk reaction by politicians who have to be *seen* to be doing something. ID cards must make us more secure... Right?

    • by cuiousyellow (89995) <grant@@@jokerbone...com> on Sunday April 18, 2004 @07:53PM (#8900166) Homepage
      Schneier said it better than I could so I'll just quote the article you failed to read...
      The first problem is the card itself. No matter how unforgeable we make it, it will be forged. And even worse, people will get legitimate cards in fraudulent names.


      Two of the 9/11 terrorists had valid Virginia driver's licenses in fake names. And even if we could guarantee that everyone who issued national ID cards couldn't be bribed, initial cardholder identity would be determined by other identity documents... all of which would be easier to forge.
      • How it fails (Score:3, Interesting)

        by PMuse (320639)
        Bruce Schneier wrote: My argument . . . centers around the notion that security must be evaluated not based on how it works, but on how it fails.

        The first problem is the card itself. No matter how unforgeable we make it, it will be forged. ... And even if we could guarantee that everyone who issued national ID cards couldn't be bribed, initial cardholder identity would be determined by other identity documents... all of which would be easier to forge.


        Looking at the failure mode of the current hodge-podge
    • by SuperBanana (662181) on Sunday April 18, 2004 @07:59PM (#8900205)
      But, with more than a hundred formats for the best ID system we have, it's impossible for anybody to be an expert on what security measures to look for and be able to notice when they're absent.

      So here's a shocker. The federal government sets or negotiates a common anti-counterfeit system to use on driver's licenses. Like a 2-D barcode with cryptographically signed info and a special hologram.

      Ever notice how we're getting closer and closer to east germany? I mean hell, the local cops already sit at the town border running license plates(yay in-car cruiser terminals!) and checking for DWB.

    • by Anonymous Coward on Sunday April 18, 2004 @08:23PM (#8900323)
      But, with more than a hundred formats for the best ID system we have, it's impossible for anybody to be an expert on what security measures to look for and be able to notice when they're absent.

      That's why these [driverslicenseguide.com] exist. When in doubt, check the book.

      Then again, someone could use these guide to ensure their fakes are up to snuff-- I used one of them many moons ago when I was under 21, to perfect the counterfeit NJ driver's licenses [phreak.co.uk] that I used to make for fun and profit. I was turning out passable fakes (mine were MUCH better than the one shown at that link) as a broke college student with 1992 technology consisting mainly of a Mac LC, a StyleWriter, a Polaroid camera, and a can of gold spray paint for the hologram. Hell, back then I even forged verifying documentation-- for female customers I did a completely fabricated student ID from a ficticious college, complete with official-looking dignified logo and a magstrip made from a piece of old VHS videotape. For my male customers I did phony Selective Service cards that were meticulously duplicated with Aldus Pagemaker, and printed out on an inkjet using an ink cart that I flushed out and filled with green ink that matched what was used on the real thing.

      Those days are over, but sometimes I do find myself wondering what kind of marvelous forgeries I could turn out with the kind of high-tech toys available to me now.
    • by Dictator For Life (8829) on Sunday April 18, 2004 @08:45PM (#8900440) Homepage
      being able to properly identify people is essential to financial transactions

      ...and, if you RTFA, you'd know that ID cards present absolutely no guarantees about this - even if you have a single standard - because a) they can always be forged, and b) crooks can get legitimate IDs through illegitimate (or even legitimate) means, and c) sometimes the idiots checking the IDs don't even bother to do their job. [bbc.co.uk]

      You can't prevent fraud with an ID card. You can't prevent illegal immigration with an ID card. You can't prevent terrorism with an ID card. Setting aside for the moment the question of whether an ID card can be useful, the Powers That Be are presenting arguments in favor of the cards that are demonstrably bogus. If these are the best arguments that they have for the things, then I'd say we might as well scrap the whole thing now. If there's a valid reason, what is it?

    • But, with more than a hundred formats for the best ID system we have, it's impossible for anybody to be an expert on what security measures to look for and be able to notice when they're absent.

      In other words, there's a high rate of error in the identification system, so people are less likely to trust the identification as correct.

      Now, imagine a system where you could just glance at the national ID and be 99.99% certain that you've ID'd the person correctly. ... now, if I have a spam checking system tha
  • by icypyr0 (636724) <icypyro@@@wi...rr...com> on Sunday April 18, 2004 @07:46PM (#8900124)
    I don't thing that it is really necessary to have standardized national ID cards.. the money required to implement such a massive project would be substantial.. and the gain is not clear. Why would having national ID cards help TSA identify people any better than state ID cards such as drivers licenses, and government issued IDs such as military identification cards?
    • I don't think it'd help the TSA much at all, because I'm sure by now they can authenticate any form of acceptable ID with a computer check to make sure that the ID's name, number, and picture all exist on one that was really issued.

      What a national standard would fix would be the situations where an ID card is presented to somebody who doesn't have access to the databases it takes to verify the validity of the card, like employers or bartenders. It'd make life a little harder on somebody who intends on pres
      • I don't think it'd help the TSA much at all, because I'm sure by now they can authenticate any form of acceptable ID with a computer check to make sure that the ID's name, number, and picture all exist on one that was really issued.

        Actually, there is not much a local cop can do to tell the difference between a real ID and fake ID. He can run the number, get a physical description back. But I can listen to my police scanner, collect descriptions and ID numbers, until I find one that matches me. Whip up a
    • by Z303 (724462)
      Not having any clear gains is not stopping the UK Government steamrolling ID cards onto the statute books. See Stand [stand.org.uk].
    • We already have a national standardized ID Card, its called a passport. Just make everyone get one and you're done.
    • It is necessarry... (Score:5, Interesting)

      by ddavis539 (691782) on Sunday April 18, 2004 @08:29PM (#8900356)
      Because several states now allow illegal immigrants to obtain drivers licenses using two very insecure forms of Identification: A consular identification card issued by foreign consulate offices, or the ITIN Number [irs.gov] supplied by the IRS to people who can't qualify for a social security number.

      The consular card is recognized by the FBI as an insecure document. The only reason they are needed is because the recipient entered the U.S. illegaly and does not possess a valid visa, passport or other identification provided through legal channels. There have been cases where people have been arrested carrying multiple copies of this ID, with the same picture and differing names.

      The ITIN number can be obtained by calling a 1-800 number and providing a name and address. The IRS does nothing to verify the information given and has stated multiple times that this tax number should ONLY be used for paying taxes. This is not meant to be an Identification number, especially for obtaining a drivers licenses. They sent out a letter [irs.gov] this past December to all governors and heads of the driver license division in each state to ask them to stop this practice. Despite this request, states like Utah refused to modify their laws to fix this security problem. This combined with the "motor voter" laws can lead to other problems such as voter fraud.

      Because the drivers license is used for many other purposes other than proof that an individual knows the basic driving rules, we either need to go back to only issuing it for people with verified documentation, or creating a national ID that is only given out to citizens. The national ID would be used instead of a drivers license for employment, boarding planes, voting, etc....
    • by Sycraft-fu (314770) on Sunday April 18, 2004 @08:33PM (#8900384)
      Well for the TSA it's just simpler. I mean with state IDs there are so damn MANY of them. Each state has, at a minimum, one kind of driver license. In reality though, there are lots more. Here in Arizona there are no less than FIVE that I am aware of. There are old style ones with a typed card and picture laminated in them. There are old style, but newer, digital ones with a plain background. There are the current digital ones with a landscape background, and finally the current ones rotated 90 degrees for those under 21.

      Now consider that we have 50 states, and I'm sure Arizona isn't the only one with a case like that. That's a lot of IDs to learn how to recognise and tell if they are fake or not. Much easier if there is one standardised ID.

      Now for general use it is nice to have a singular ID that is univerally accepted. It can also be used to not things such as citizenship and so on. I mean right now, there is no real US citizen ID. The closest thing is a passport, but that is really a travel document. Also, a passport is fairly expensive and inconvienet to get.

      I suggest we hit up some of the non-US /.ers for their thoughts on national IDs, as many countries already have them. It's not really a new concept.
  • by LostCluster (625375) * on Sunday April 18, 2004 @07:48PM (#8900132)
    Nicholas Weaver has an interesting letter printed in the article where he makes the case for a need to assume that Microsoft's crown jewel, the Windows Source Code, has already fallen into the hands of black-hats, since both the Chinese and Russians have legit access, and the ease of which a determined group could steal it.

    It's an intresting question. However, wouldn't we have seen more zero-day hacks in circulation from the black-hats who hold the code? Or maybe these exploits are being used, but with such infrequency that it's slipping under radars...
    • by theM_xl (760570) on Sunday April 18, 2004 @08:08PM (#8900251)
      Not necessarily... We only see zero-day hacks that are detectable. Going through the trouble of getting the Windows source code suggests you're after something else than just the average virus worm... Remember those are in it for the short haul. Do a lot of damage before the virus scanners catch up with you. The black-hats gaining access to the source would likely not be in it for the short haul, but looking for longer-term profit. An exploit would be worth a lot more if it wasn't discovered criminals were using it, and could be used on choice, hand-picked targets only. True, compromising a few hundred or thousand computers isn't anywhere near as spectacular as Code Red. But the criminals aren't in it for spectacle, they're in it for money or power.
    • We are to the point with most software, including Windows, that exploits aren't just obvious anymore. You have to go looking and testing for that, no matter if you have the source or not. As the many OSS programs (wu-ftpd being my favourite example) just because you have the source, doesn't mean that exploits are instantly apparant.

      I think from an exploit finding point of view, it's roughly a wash open or closed source, at least when the closed source is from a company that has the resources to review it.
    • And it just depends on what color hat you consider the NSA to have. I guarantee you that they have:

      1) Every line of MS's source code, volunteered by MS.
      2) Teams of people attempting to find vulnerabilities in the source or with penetration testing.

      They probably do submit anything notable that they find back to Microsoft, though. Just because that makes it easier for the NSA to secure the nation's computers, which they sometimes consider their responsibility.
      • They probably do submit anything notable that they find back to Microsoft, though.

        They probably do no such thing. Every patched bug is a bug the NSA can no longer use againt other countries. It is not in their best interest to better secure the Chinese, the North Koreans, the Cubans, or any other nation on earth. That makes intelligence gathering and intentional espionage tougher.

  • by hrbrmstr (324215) * on Sunday April 18, 2004 @07:52PM (#8900154) Homepage Journal
    I think michael hit it right on the head in his post (oh to be both an author and submitter at slashdot!). Most of the topics in this Cryptogram (and the past few) we *have* seen before, here and in many other security news and blog sites. The only thing I hadn't heard before is the audio-credit-card-thing and I really doubt you'll be seeing consumers hold their cards up to their microphones. Heck, most non-techie folks I deal with don't even realize they *have* a microphone and the rest of them still have theirs in the original plastic shipping material it came in.

    So, as Cryptogram becomes yet-another-blog, will it cause Schneier to lose relevancy? I hope not, since a large number of "security managers" hang on his every word and, in the past, this has been a positive thing for getting funding so we can get real work done.

    Here's hoping for an influx of creative and incisive Cryptograms the rest of the year, otherwise I'll be on the lookout for Schneier with his WiFi laptop @ Starbucks or the next blog convention.
  • by LostCluster (625375) * on Sunday April 18, 2004 @07:52PM (#8900155)
    The "escrow key" model of lock that now being distributed in the form of lugage lock leaves interesting options for a traveler...

    - Leave your suitcase unlocked. The TSA can get access, and so can anybody else who wants to try to open it.
    - Lock your suitcase the old fashioned way. If the TSA wishes to check your bag, they'll bust your lock. Bad guys can also bust the lock. At least, if the contents are tampered with, you'll see a defeated lock when you recover your bag.
    - Lock your suitcase with the TSA-compliant locks. Most people can't open your bag, but TSA key holders (both good guys and bad guys) can get into your bag without having to break anything.

    Hmm.. which option to chose?
  • by erroneus (253617) on Sunday April 18, 2004 @07:52PM (#8900158) Homepage
    I don't see it that way. They have the right to cut the lock off already. The difference is that you can still have locked luggage... an extra level of tamper protection against the other people handling the baggage.

    I have personal experience with the TSA baggage screening functions and the chances of something being stolen from bags is pretty darned slim unless there was a conspiracy of players involved which is also highly unlikely. It is rare if basically impossible for a single TSA screener to open a bag unsupervised. Further, it requires a supervisor or higher ranking person to handle the TSA keys to the TSA locks. Cutting these locks are forbidden. If it was cut, you can be 99% certain it was by someone else.

    So when it comes to auditing the access to baggage, there's a higher probability of determining the point of failure.

    I think more can be done but speed and efficiency must be balanced against accountability. No one wants to be required to be present 3 hous before the flight do they? Didn't think so.

    The TSA lock merely gives people the option of having a lock that will not be cut by TSA.
    • RTFA (Score:2, Informative)

      This was exactly his point.
    • by liquidsin (398151) on Sunday April 18, 2004 @08:04PM (#8900230) Homepage
      Well the police already have the right to bust down my door if they have a warrant, but I won't be giving them a key any time soon. They already have *legal* channels to go about getting into the luggage. This is just stupid. Breaking the lock on every suitcase they come across? What's the advantage? Between xrays and chemical detectors and geiger counters, why do they even need to be able to go through the luggage? And why is this being done after it's checked if it's so important? Why not when it's checked in, so at least the owner can open the lock with the key instead of having it destroyed, or at least know that their lock is being broken.
    • If you want to know whether your case was opened by the TSA and still use a lock that they won't break, use a security tag and a TSA lock. They will break the tag (usually a zip-tie type thingy) but not the lock.

      If it was never opened, you break the tag and open the lock
      If it was opened by the TSA or a knowledgable criminal, the tag is broken, but not the lock
      If it was opened by a criminal then either they had TSA equipment/knowledge, or both the lock and tag are broken.

      I usually just boobie trap m
    • by Anonymous Coward on Sunday April 18, 2004 @08:24PM (#8900335)
      who had their instruments stolen when they were sumitted to security. The TSA just gave them the run-around and told them to prove that they in fact sent the instruments through security. These musicians, unfortunately for them, were from Scotland and had no real recourse. Those of us AMericans at the concert, chipped in for them to get replacements until they could straighten things out with the TSA. The money was also an appology for the shitty way that our guests were treated by the TSA.

      They're just musicians folks.

    • God we got the worst of the security systems in the world. I can check in at Soeul with full baggage check (I mean FULL!) and get to my plane in under 1 hour.

      Coming into the country, they check all bags. If it is locked, it is marked for customs to open.

      All this with the matching passeranger in front of them.

      TSA servers no meaningful need except job creation for the administration.
    • by Teun (17872)
      Present 3 hours before flight?
      It's already the case when flying to the US from Europe.
      That's ofcourse logic in the light that all these 9/11 hijackers were Europeans.

      (Oops, that's demographic profiling the Bush-light way...)

      If/when security is realy implemented at airports no locks are needed anyway.

  • Moral: Liberty (Score:5, Insightful)

    by argoff (142580) on Sunday April 18, 2004 @07:58PM (#8900197)
    It just goes to show that there are a lot of nice sounding reasons for us to give up some freedom and have it nickled and dimed to death, but there is one main reason to keep freedom and that is freedom. Unlike these other things, liberty is an end in itself - it derives from the fact that people are creatures of choice and not like the animals. There is no such thing as too much liberty ... it would be like saying that science is too rational.
    • Re:Moral: Liberty (Score:2, Flamebait)

      by Stray7Xi (698337)
      So you'd support the freedom to have "consensual" sex with a 6 year old?
      Do you think anyone should be allowed to own nuclear weapons?
      Should I be free to drink and drive?

      Your freedoms should end when they threaten someone elses freedoms (whether intentional or not). Furthermore certain protections should be made for those that can't protect themselves.

      And yes science can be to rational (to most people) in opposition to emotional response.

      Animal Research, rationally it's an effective means of testing.
      The
  • Start the clock... (Score:4, Interesting)

    by LostCluster (625375) * on Sunday April 18, 2004 @07:59PM (#8900206)
    How long is it until somebody buys up some of these TSA-unlockable locks and reverse engineers their way into a duplicate of the TSA key?
    • by stienman (51024)
      The pictures showed both a keyed version with a serial number, and a 4 digit roller lock (didn't see a serial, but I imagine there is one)

      The locks are as easy to pick, I imagine, as previous luggage locks.

      The four digit combination only has 10k combinations. It would take awhile, but it's possible to get all the serial numbers matched up to 4 digit codes. Although they, hopefully, used a longer serial and like a hash function there will be many serial numbers that go to 4 digit codes so you'd have
    • by evanbd (210358)
      Suitcase locks aren't hard to pick. You can do it with a couple paperclips and a modicum of skill or time, or real tools and less skill and time. The combination luggage locks are actually pickable too, with tools (the wheels have things they catch on; the picks basically involve inserting thin bits of metal beside the wheels and catching them by hand). If someone is willing to go to that much work, your ordinary suitcase lock is only marginally better. Oddly enough, I think Bruce Schneier is at least m
  • Secure ID (Score:4, Insightful)

    by G4from128k (686170) on Sunday April 18, 2004 @08:00PM (#8900207)
    I just wish that these ID systems were more secure. Instead of using easily stolen and duplicated plaintext identifiers (like an SSN and mother's maiden name), I'd like to see a secure encoded number that is unique to each application. This unique number (different each time it is asked for) would be resolvable to a single identity inside secure back-office applications or through access to a central secure server.

    A smart ID card would hand-out unique numbers and log who got which ID. That way any theft of identity is traceable to the source. The card owner could then use the card to trace who was using their data.

    I'm sure there are a million potential vulnerabilites with the idea, but the current approach seems much more insecure than this proposal.
  • by LordBodak (561365) <msmoulton@@@iname...com> on Sunday April 18, 2004 @08:00PM (#8900209) Homepage Journal
    Come on... American Tourister hard-sided luggage has used the same key for 40 years! Most soft-sided luggage comes with those cheap locks that open with a stupid key, and they're ALL the same.

    I lock my luggage more for the guarantee that it won't come open when being handled than the security.

    There is simply no reason the TSA couldn't get the keys for the main styles of suitcase locks currently in use. Four or five keys would open probably 95% of luggage.

    This is just a way for a company to make money solving something that shouldn't be a problem to begin with.

    • Combo-based locks have no such "popular key"... and most are user-configurable. Sure, a brute-force attack at most would take only 1000 attempts, but that's 1000 attempts by hand which would take at least an hour or so.
  • by Karl-Friedrich Lenz (755101) on Sunday April 18, 2004 @08:06PM (#8900238) Homepage
    The guest essay says that one must assume that someone attacking the integrity of an election has at least a $100 million budget. While it is true that a lot of money is raised in elections, not all of that could be invested in a project to steal an election without anyone noticing. Therefore, the above estimate seems to be much too high.
    • by LostCluster (625375) * on Sunday April 18, 2004 @08:45PM (#8900435)
      I think that estimate neglects just how few votes really decided the last election. It'd only take adding 538 additional votes for Gore in any combination of Florida districts to overturn the entire result.

      If you're going to bias the election in favor of either of the two major parties, you have no need to attack the states in which your candidate is already going to win. You only need to bias enough close states to top the electoral vote balance, the popular vote doesn't matter.

      As much as we say this is a nation of one-person-one-vote, that's never been the way a presdiential election is really scored.
    • by Jah-Wren Ryel (80510) on Sunday April 18, 2004 @10:54PM (#8900986)
      While it is true that a lot of money is raised in elections, not all of that could be invested in a project to steal an election

      Yeah, that's one reason why he picked $100M instead of the total of $500M that was raised between the two parties last time around. He never said ALL raised money would be spent on the attack.

      Furthermore, the $500M was the amount of money actually reported to the election commision. If a serious attack was planned, the money spent would be off the books to begin with and so not limited by even the $500M figure -- a cadre of the upper class, a billionaire boy's club, might easily toss a cool $1B at such a project if they felt the ROI would justify it.

      Look at how immensley profitable George Bush has been for the military-industrial complex. That group of companies could easily afford $1B to put Bush into office -- if they did, they have certainly made back their investent tenfold.
  • by mc6809e (214243) on Sunday April 18, 2004 @08:14PM (#8900276)
    Why must everything be on a national scale?

    People in different parts of the country have different ideas about the balance between security, freedom, and privacy.

    I don't see why there couldn't be "zones" where local people decide just what that balance should be. Maybe it would work best at the city or town level.

    The people of LA, SF, and New Orleans, for instance would probably be willing to take more risk than the people of Nashville or Lakeland, FL. Why can't they have different standards?

    Now I realize it might be impractical for things like air-travel. A plane can fly coast to coast, so everyone under it's path has an interest in the standards used to admit passengers, but there are plenty of other things that can still be a local decision.

    If the people of LA don't want ID cards, then let them take the risks associated with not having those cards. If the people of Nashville want cards to feel safer, then let them.

    So long as people are allowed to choose what set of rules they want to live under, I don't see a problem.

  • by Animats (122034) on Sunday April 18, 2004 @08:42PM (#8900419) Homepage
    There's an indicator on the TSA-openable lock that turns red when it's opened with the master key. So you have some idea of what's going on. The next step should be to put a clock in the thing, so you know when it was opened. That helps place blame.

    You ought to be able to call your luggage on your cell phone and get its location. Wherify has announced a product for this, but isn't yet shipping.

  • by Fortran IV (737299) on Sunday April 18, 2004 @08:45PM (#8900442) Journal
    It seems to me that a national ID would be an additional form, not a replacement for a state ID. Don't qualifications for a driver's license differ between states (in such things as vision testing, vehicle classifications, and so on)? In fact, it seems likely that a state ID would be one of the accepted identifiers when you apply for your NID.

    Schneier's article hints that he expects such an ID system to be mandatory if implemented. That brings to mind the interesting case of Dudley Hiibel [papersplease.org], currently before the U.S. Supreme Court. Is one obligated to identify oneself at all, if one chooses not to?

    The database for such a system would necessarily provide online access to state and local law enforcement, rendering it a prime target for hackers and other criminals. And can we really be certain that the Sheriff's Office or the Department of Finance of Bugtussel County can't be bribed for direct access?

    A side note: The little item about license plate shields questions whether these would be legal. The last I knew, even most of the little plastic frames that carry a car dealer's name are illegal in my state, although there are millions of them - they obscure a small part of the lettering on the plate.
  • by Dr.Hair (6699) on Sunday April 18, 2004 @08:50PM (#8900461) Homepage
    Hong Kong actually has a "national" ID card. Since so few people here drive, you can't use a driver's license as a form of identification. The new smart ID cards [smartid.gov.hk] have a chip in them that stores the digitised thumbprint and signature among other information. They also function as a national library card and you can apply for a free e-cert (PKI) administered by Hong Kong Post

    Yes, the police are allowed to randomly ask you for your ID card. Most of the checks seem to be for immigration violations by mainlanders. On the other hand the HK government is putting in place fast immigration checkpoints, where you run your ID card through a scanner and provide your thumbprint and you're on your way without ever being questioned by immigration officials.

    • Spain also has a national ID card.

      You get fingerprinted when they give it to you. Hasn't made any difference at all. To security obviously, with ETA and the recent train bombing, but also to the level of illegal immigration from Morocco.

  • by cheide (731641) <cnh_pub@shaw.ca> on Sunday April 18, 2004 @09:13PM (#8900561)
    Whenever I think of ID cards, the solution that pops to my mind is to have something with flash-like memory with three blocks of data:

    1) A section with my pertinent identification data (picture, description, date of birth, name), in plaintext but cryptographically signed by the government. Anyone that wants to verify my identity can read this area, check the signature, and match the data there against the person standing before them.

    2) A for-gov't-eyes-only section, signed and encrypted by the government. This could contain information that should only be revealed to other parts of the government, potentially with different sections and keys for different levels of access, for things like your SIN, passport information, etc. Maybe you're a secret agent and want a way to prove you are, but only to other branches of the government...

    The 'spooky' part here would be that if random people can't read the data, then the person holding the card can't read it either so he doesn't even know what's in it other than what the government has told him. I don't think it's really that big a deal though since it's not like they couldn't put anything they want to hide from you in their own hidden databases anyway.

    3) And finally, a user block, where a person with an appropriate I/O device can put whatever data they feel is important to keep on them. Medical conditions, organ donation status, favourite type of flowers for the funeral, pictures of your cat, whatever!

    Heck, standardize the interface, commoditize it, and let people make their own ID cards and read and write the card themselves. If you don't like that creepy gov't-only block, don't write it to the card. As long as that first, signed block is there, it'll serve its primary purpose.
  • by TygerFish (176957) on Sunday April 18, 2004 @09:20PM (#8900599)
    This has been one of the more interesting threads I've seen in a while. I mean, this is something I actually know about: I do security in a bar.

    I've seen cards from pretty much every state in the Union as well as quite a number of ones from many European nations. Recognizing what is and what is not a valid I.D. card is a hard task that I've found a lot of people who do what I do simply don't know enough to deal with.

    The great number of state I.D.s, their variations in the quality of their anti-counterfeiting features. The scanner, the color copier, the laminating machine and the simple willingness of people to lie to your face make it hard to be sure that what you're looking at is real.

    The current series of California Driver's license/I.D. card is, IMHO the most secure driver's license in the U.S. in terms of anti-counterfeiting features; the series immediately preceding it is a piece of crap.

    The new current series of New Jersey Licenses that I've seen, maybe, five of in the last two months is *very* secure if the person looking at it has an ultraviolet light on him and is actually aware that there is a new series to look at while the preceding series is the most easily and most convincingly counterfeited I.D. I've ever seen, and I see it over, and over and over.

    A national I.D. card would certainly eliminate the problem of having to have real expertise to spot fakes and anyone who says otherwise is engaging in wishful thinking.

    The most current version of the the United State's green card has anticounterfeiting features that I don't even know the names of, but I know their absence would be easy to spot.

    Couple this with mag-strip technology to store information and you could standardize one or more pieces of equipment that any bar or other place that had to determine age or identity would have present that would instantly and permanently remove the guesswork. Put biometric data on the card and give me a thumbprint scanner and underage drinking is pretty much over until counterfeiting technology gets better.

    That's how good the current green card, or some variant of it would be as a national I.D card. It would make my job ridiculously easy.

    Now here's why I hate it.

    First off, the article makes one really interesting point: for a really determined person, someone who wanted to hijack planes or steal a million or what have you, no card will be completely secure everywhere up the line to the point where you get one.

    Someone with enough cash, or enough juice with the right people, or willing to put in enough work will be able to get either a valid I.D. in a false name, a borrowed/stolen card or a relatively convincing forgery if it is important enough to them.

    Viewed this way, a national I.D. card can be said not to provide greater national security but greater control for people with access to the information that a national I.D. card would provide. In terms of anything important, really important--a real, immediate threat like the 9/11 attack--a national I.D. card would be useless.

    In terms of centralized information processing, a national I.D. card would be an enormous Christmas present to big brother, providing governments with a key to interweaving databases, giving anyone in authority all the power they need to pressure anyone who isn't into being a more perfect citizen.

    Under the current system, a kid with a really, really good fake I.D. can get past me and that's fine. It's a game. I win most rounds. I'm sure the kids win a few and that's the way things should be.

    Getting stopped by the cops for taking a desperation leak on a wall at five A.M. and having them know everything about you from whether or not you did your last round of jury-duty to your cholesterol is not something I'm looking forward to.

  • by demachina (71715) on Sunday April 18, 2004 @09:44PM (#8900701)
    I really don't see the point of his cost benefit analysis of stealing an election. There is no correlation between the campaign budgets and the value of, or resources available to steal an election. If you are to look back at the last couple of years its pretty obvious that controlling the U.S. government is worth trillions of dollars to the party that wins. There is usually at least a thousand to one payoff from the largesse of the U.S. treasury for large campaign contributors when your candidate wins. Just a few examples, in the case of the Bush administration they've given:

    - hundreds of billions in tax cuts to their wealthy benefactors
    - $55 billion a year in the so called Medicare reform plan much of which is going in to the pockets of insurance and drug companies, key Republican benefactors. The drug companies have been given a bonanza in that the U.S. government will be buying billions in drugs for seniors, but are precluded by law from negotiating fair prices, so drug companies can charge as much as they dare. This is the antithesis of a free market, purchasing without negotiation.
    - $18 billion dollars of no bid cost plus contracts have gone to Halliburton for Iraq
    - the list goes on
    - Koch oil was facing a $500 million in pollution fines under the Clinton adminstration, when their man Bush won over Gore the fines were reduced to $20 million.

    The fact is the Republican's have an enormous financial incentive to do whatever it takes to retain the presidency and the house, and to achieve the holy grail, a fillibuster proof majority in the Senate. Gaining a fillibuster proof majority will be hard but it is the holy grail to the Republicans because they could then pass any legislation, no matter how extreme, as long as they can keep their party's legislators in line through deceit, intimidation and bribery (like they did to pass the Medicare reform bill).

    Its also an unfortunate fact that the Republican's have two key resources at their disposal that are priceless:

    First, they control the resources of the Federal government, especially in the shadowy world of Defense, Intelligence and law enforcement. For example the DOD's recent efforts to gain electronic control of the vote of soldiers and oversees American's would allow whomever control that system, which is by definition the President and the Secretary of Defense to control millions of votes for next to nothing.

    The Republicans, as has been pointed numerous times, disproportionately control the companies that control electronic voting machines. This inside track gives the Republican's a huge advantage should they decide to try and rig the upcoming election.

    You might think this far fetched but having watched Bob Woodward on 60 minute tonight I'm thinking anything is possible from the people who currently occupy the White House. Dick Cheney in particular appears to be pulling the strings of a President who is in over his head intellectually and FREQUENTLY setting policy based on prayer, divine guidance and the manipulations of people like Cheney, Rumsfeld, Rove and Wolfowitz, because he is simply not up to the job that faces him intellectually.

    One of many disturbing things Woodward listed was that Tommie Franks at one point spent $700 million dollars on Iraq war preparations before Congress was consulted on a war with Iraq or had approved any money. They apparently took this money from an Afghanistan authorization, without telling Congress, which is both unconstitutional and an impeachable offense. Only Congress can allocate money.

    At this weeks press conference the President was repeatedly asked if he'd made a mistake. He either couldn't think of anything, or denied any mistakes had been made, which is pretty implausible. The many failures in failing to stop 9/11 and in the mess that is no Iraq have led to no one in the administration being held accountable. Its as if they make no mistakes. Infallibility is a leading indicator of a a couple kinds of leadership, a dictator
  • by cwm9 (167296) on Sunday April 18, 2004 @10:42PM (#8900942)
    I understand the worry some people have about hacked systems, but what I don't understand is the response to it.

    Instead of being so worried about it, why not simply close the loop with the voter to make fraud detection easy?

    What I mean is, suppose after I vote, I enter a password/PIN which is used to encrypt a random number used to identify my vote. The machine records both my random number and my votes, but not my pin. This encrypted information is then printed for me before I leave. When I get home, and after the votes have been counted, I hop online and download a JAVA applet which lets me decode my random identifying number in private. I can then punch this number into the net (which let's me see any vote I want since the information isn't tied to anyone) -- and tells me who I voted for. If the information doesn't match, I call 1-800-voter-fraud and turn the matter over to the FBI.

    Ok, I haven't exactly fleshed out the whole thing here, because you need some way of making sure people don't claim they've been a victom of fraud when they haven't been, but I suspect given a few bright people, some public encryption algorithsm, and some time, we could probably solve that problem.

    The point is, if 10% (or some other threshold) of a voting district says their vote doesn't match up correctly while the rate in the rest of the nation is 1%... you know theres a problem and can call for a revote in that district.

    As a slightly off topic aside, I really wish I could vote for MULTIPLE people in the order I wanted them elected. Thus, when I vote for some third party person who is obviously not going to get elected, I can still throw my weight behind my #2 candidate who might otherwise be hindered by my real vote -- and at the same time, I get my voice heard with reguard to my true desires.

    -Chiem

    • by slykens (85844) on Sunday April 18, 2004 @11:02PM (#8901022)
      I hop online and download a JAVA applet which lets me decode my random identifying number in private. I can then punch this number into the net (which let's me see any vote I want since the information isn't tied to anyone) -- and tells me who I voted for.

      While your plan makes provisions for "randomly" pulling multiple voter records to obfuscate what your actual vote was you're creating a system by which your identity could potentially be tracked and tied to your vote, something paper ballots in todays world are designed to avoid.

      Regardless of your position on guns this is similar to the government retaining NICS records as a passive database of gun owners, something that was specifically prohibited by law but is somehow argued to be allowed for "administrative" purposes. Another example is the passive database created by LEOs running serial numbers of firearms in possession of lawful carry permit holders during traffic stops.

      In the voting case the party in power would simply record your IP/telephone number and the voter ID number you checked on, especially since most people will only check their own record, and now they know you voted for the other guys.

      There are some collection agencies that run a similar passive information collection effort by sending you a letter telling you that you have an "important" message waiting at 800-123-4567, id 987654. You call in and pick up the message, something like, "Please drive carefully!" and figure WTF. Well, now they've got the number you called from and will be calling in a day or two.

      There are *many* forms of passive data collection, these are just a few examples.

      In my personal opinion the only way to make electronic voting work is to produce a paper ballot from the voting machine for the voter to look at and verify then place in the ballot box to be read optically at a central counting station. This allows the ease of use of electronic machines to be married to the accountability of the physical paper trail of ballots we are familiar with.

    • suppose after I vote, I enter a password/PIN which is used to encrypt a random number used to identify my vote. The machine records both my random number and my votes, but not my pin.

      Man, that is insanely over-complicated, and pointless as well.

      First off, why encrypt? If each vote has a time/date-stamp, you just enter that (say) 12-digit number, and can see who the vote was registered for, encryption-free. To satisfy privacy concerns, that could be a random string instead of date/time.

      But just because

  • One concern I've had with the current state of ID cards is that nobody seems to know what's acceptable. For example, is my school ID acceptable? No? It's a state school... does that make it count?

    As an experiment, whenever I fly I try to use a non-standard ID card. It was issued by the federal government (not a state government), so technically it should be legal. It is accepted about 80% of the time. The disturbing part, though, is that I can guarantee that they're accepting it in order to cover their own shame at not recognizing it. In fact, usually the conversation is something like:

    ID, please? [I show my ID] No, we need a government-issued ID card.
    That *is* a government-issued ID card.
    Really?
    Yes.
    Oh, okay. Go ahead.
  • by Moderation abuser (184013) on Monday April 19, 2004 @04:38AM (#8902317)

    It's called the "Documento Nacional de Identidad". You go to a government office when you reach the age of 14, are fingerprinted and issued with the card. It must be renewed every five years and it has to be used all over the place.

    The problem is that it made absolutely no difference to the effectiveness of the bombers who killed 200 people when they blew up that train in March. It hasn't even been particularly effective in the long running fight against the domestic ETA terrorist organisation and the other argument about immigration, well Spain is the gateway to Europe for Moroccan imigrants.

    So, there's no particular evidence that identity cards make any difference at all to the security of a country.

  • by Garry Anderson (194949) on Monday April 19, 2004 @07:55AM (#8902902) Homepage
    ID cards in Spain did not stop the bombings.

    Governments must think all the public are intellectually challenged morons.

    ID Cards are a Red Herring - something that draws attention away from the central issue.

    FACT: it will be very simple to identify you absolutely anywhere with a portable eye/finger scanner - without your ID Card.

    Once data is transmitted to base they can have your identity within seconds.

    The ID Card itself is totally irrelevant - it is a means to an end.

    You could be stopped anywhere and authorities would know everything about you - they would not need your ID card.

    They will have effectively branded a number on every person.

    Just like in 1942, when Nazi's began tattooing numbers on the left forearm of all prisoners.

    Find ANYBODY in Government to deny that you can be read like a barcode on a bag of peas at the supermarket till.

    They are treating us all like criminals - putting everybody's fingerprints and eye scans on file.

    The ID Card propaganda is for several reasons, including: a) making you feel safer b) to say the government are doing something and c) the more malicious motive of privacy invasion.

    It is clear that Governments want a surveillance society.
  • Comments are my father's:

    I've already bought two of these locks. In Providence, RI, I waited at the baggage screener to see if they were going to check my baggage. The screener asked me to unlock the cases. I said that they were supposed to be able to open this lock. She said that she didn't know how. So much for communication to their employees. At least, the lock companies will send you a new product if the screeners cut open the lock (that's if you get the cut lock back).

Whoever dies with the most toys wins.

Working...