Schneier on Security
A blog covering security and security technology.
« U.S. Compromises Canadian Privacy |
| Fraud and Western Union »
November 18, 2005
Ex-MI5 Chief Calls ID Cards "Useless"
The case for identity cards has been branded "bogus" after an ex-MI5 chief said they might not help fight terror.
Dame Stella Rimington has said most documents could be forged and this would render ID cards "useless".
She said: "ID cards have possibly some purpose.
"But I don't think that anybody in the intelligence services, particularly in my former service, would be pressing for ID cards.
"My angle on ID cards is that they may be of some use but only if they can be made unforgeable - and all our other documentation is quite easy to forge.
"If we have ID cards at vast expense and people can go into a back room and forge them they are going to be absolutely useless.
"ID cards may be helpful in all kinds of things but I don't think they are necessarily going to make us any safer."
Posted on November 18, 2005 at 6:48 AM
• 26 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
When our security-service people start telling us that ID cards are a waste of time and money, I begin to wonder if maybe they are actually a good idea after all.
Once upon a time, I had a wallet stolen, and needed to go down to the Secretary of State's office to get a new one. I'm standing in line with a group of people, and we're all taking about how easy it would be to get one's hands on the documents you'd need to get a driver's license with someone else's name and address on it. (In effect, to commit identity theft. But since this was over ten years ago, and ID hadn't entered the popular lexicon at that point, that wasn't the term we used.) Dame Rimington raises that same point. Handing out national ID cards to adults is problematic, because it's really hard to genuinely authenticate the person applying for the card. The ability to forge or fraudulently come by the supporting documents renders the whole system fairly worthless. For this sort of thing to really work, you'd almost need to hand them out at birth, and then put a thumbprint or something on them. Then, of course, you run into the problem of keeping all of the print data secure.
While the quest to "whitelist" large swaths of society, while hopefully leaving the bad guys out in the cold is understandable, it really doesn't seem possible in any realistic fashion. Trying to create a feeling of ironclad security to avoid the fear and anxiety of insecurity appears to be driving initiatives that just don't stand up to scutiny.
I wrote from Spain where all of us have an ID card... they are not useless, they have some uses but if you think they will help you to avoid any risk you are wrong.
They are another tool than can help in some situations,.... and can be the problem in others.
ID Cards are as good as their source of origin. If this source is corrupt in any way the credibility is as well.
I agree with Ernesto. ID cards are useful.
Simlar to some of the above logic would be the following: Windows has bugs with security implications, but are hard to exploit, or are unknown as of now. So, why bother with security at all. Since these undiscovered bugs exist, lets throw out all current security enforcement measures, because they can be circumvented.
I for one am a fan of making exploitation of holes difficult. There is no reason to be low-hanging fruit when you can be at the top of the tree. It's about mitigating risk.
Ernesto: We (in the states) already have ID cards, what we don't have is a national one (save the passport, and one doesn't need that, unless one is leaving the country.
Another 'all important ID card' problem just occured to me. When you have that much stake in something, what happens if you lose it? What process do you go through to invalidate the old one, and get a new one?
Imagine losing your wallet.
"Sure, we can issue you a new REAL-ID, please provide 2 forms of picture ID..."
"Sure, we can issue you a new driver's license, can I see your REAL-ID card please?"
A more fitting example would be installing a firewall that doesn't work and continuing to advocate the use of said firewall even though its primary purpose is not fulfilled.
One does not use Windows to be more secure, one uses it to get things done.
If the primary purpose of the id card is to make us more secure and it doesn't do that then it's a bad idea. Given than we have limited resources we can't squander them on enterprises with a low rate of return.
The useful aspects of ID cards are directly related to the cost of creating false copies. In general terms if it costs $200 USD to make a usable fake, then it would help to protect you against theft that gained the criminal less than $200. Simple economics.
Decent systems are going to require more data flow in both directions. For example many law enforcement agencies are returned a digital picture when they run a license. If the picture on file does not match the picture on the card (or the person being run) then the officer will have a better chance of spotting the forgery. Getting a fake picture into the central database would be possible, but the cost rather high.
Many agencies can also send in pictures. You may be able to give a false name, but your image will be taken and compared to verify your information.
Does everything have to be useful for fighting terrorists nowadays? ID cards can be IMHO quite useful but not particularly for fighting terrorists.
There are many cases, where one may need some kind of government issued photo ID, even in countries like the US, which don't have national ID cards. Actually, I had to show my ID many more times living in the US than for example in Germany, which has a national ID card. At least, a national version would avoid to have 50 types of different looking state drivers licenses, as it is currently in the US. You could probably show anybody some totally bogus out-of-state drivers-license-like looking card and get away with it.
Of course, these ID cards will be forged. But so are drivers licenses and pasports. The problem is not so much avoiding that they are forged but limiting the consequences.
ID cards are really useful for only one thing. Not to fight terrorism or crime. But to allow bureaucrats to fight against the freedom of their victims (subjects/citizens).
That should have read "general purpose ID cards". Special purpose cards are useful for specific purposes like library cards and credit cards.
Here, in Estonia we do have national ID cards (you probably have heard about it from the news). ID cards are useful when using digital documents (for signing) or using some personal services (actually even companies canhave some sort of ID cards). Security has always been a topic around here (lately especially due to proposition of using it with our new online voting and elections system).
Most people accespt ID card to be used in the same way you would use your own (handwritten) signature or as passport (you can even travel abroad to some countries with it) assuming the same or better level of security. After all, it is much easier to create a fake written signature than to create one digitally (and the timestamp server makes it even more difficult if the time of signing is important). ID card won't make all threats fade away, but it can still be put into a good use.
ID cards are useless. Why?
If someone cannot produce an ID card, does that mean he's a terrorist? Does it give you reasonable suspicion of ANYTHING?
"If someone cannot produce an ID card, does that mean he's a terrorist? Does it give you reasonable suspicion of ANYTHING?"
Even worse is the converse. If someone can produce an ID card, does that mean that he's not a terrorist? Does that give you a reasonable amount of trust of anything?
Yes, you can tie the name on the ID card to a database listing of an individual, and see if he is an "upstanding" -- whatever that means -- of the community. But is that useful in fighting terrorism? Is the risk of relying on that linking and that database worth the benefit? Those are the real questions.
What's interesting is a more philosophical point about ID cards - they subvert the balance of a democracy.
Democracy is formed by we, the people, donating some of our freedoms to a few to provide us with certain benefits.
ID cards reverse this - now the Government (the few) give freedoms to those they deem to be citizens.
It may seem a minor point, but governments should not authorise citizens - citizens authorise governments...
The real thing behind ID cards are that the bad guys are not going to use a real one.
In Spain we are going yo have an electronic ID card with criptographic chip, biometric info in it,... I will tell you about that, keep in touch
It has been noted many a times as to the problem of having "50 different ID cards" in the USA (it is actually more than that, by the way). People seem to forget that at least here it isn't the federal government that is responsible for ensuring that you are whom you say you are. Now, I will not claim that we have the best or worst system of ID authentication here--I will just note that it is one of the more "distributed" solutions available. (Historically there are important legal reasons and precidents that make things here the way that they are--and many of them point out in one way or another why using an ID for anything more than a basic check of whom somebody claims to be is problematic...)
The fact of the matter is that a person is one thing and an ID is something entirely different--and that if they were meant to be one and the same then the great "spirit in the sky" (or whatever the hell else...) would have made them that way. Therefore we need to focus in on the key problems that make us _want_ to have ID cards and such. The key issue is trust--not identity.
Do you trust that you are whom you say you are?
Actually real democracy means we all can be direct part of any judgement process. That means no representatives as it is common in "democratic republics". So ID card give us cheaper methods of hearing everyone by giving everyone easier access to voting process and even submission of bills (as we have special portal for this very purpose). This is most definitely a step closer to real pure democracy.
Another question is wether we want everyone to be able to affect the judging and voting process? Is the majority of humankind smart enough to make smart decisions? Sometimes it seems even our represenatives aren't smart enough!
Bruce, along these lines of identity I'm surprised you haven't written about the man posing as the "Earl of Buckingham": (http://www.theregister.co.uk/2005/11/09/baron_bofh_banged_up/). (Or maybe you did and I missed it.) An interesting question is whether his false identity really harmed anyone. As far as anyone seems to be able to tell, other than the phony name he led an ordinary life.
I admit that i'm a bit of a dilettante when it comes to security, id cards and the like.
After getting my British Citizenship, some months ago - I realised how easy it would be for someone to obtain a completely real id, based on fraudulent data.
I've lived here for 10 years, used two different passports, and know many people who are able to verify that they know me as a particular person as described on my passport. Take the guy here in the UK who was only recently discovered to have falsified his identity - his wife and kids were none the wiser.
(Above posted by Vance)
I think the plans for the UK national id card are seriously flawed. It's too high-tech to be a valid, workable solution. Look at the RFID chips in passports scenario - it's going to be hard enough having the network infrastructure to be stable enough to cope with the numbers of people who travel internationally to London Heathrow every day, but when you've got people who are supposed to use their eyes, experience and common sense to make a value judgement on someone standing in front of them - it's going to be much harder to ensure nothing goes wrong.
The ID card situation is worse - when you've got a pack of jobsworth's doing the processing (i.e. "Sorry mate, that's more than my job's worth) it's all going to go horribly wrong.
These are people who have a hard enough time trying to understand the response codes on a POS system, let alone understand and operate a system which certainly won't be user friendly.
I look at the "new" chip and pin systems that are in use in the UK - EFTPOS funds transfer has been around for at least a decade - where you enter your pin number at a terminal attached to a POS system. Never had a problem in NZ, but here in the UK I see two or three machine failures a day in different stores. I simply cannot imagine the systems to be used to verify ID cards being that much more robust.
The proposed introduction of the ID card system in the US and the UK, together with the UK's National ID Register system has little to do with national security at all. That's nonsense.
Firstly, it is supposed to show the people that the government is serious about fighting terrorism. In fact this is only political grandstanding, where the government is merely being seen to be fighting terrorism.
Secondly, both proposed ID schemes have everything to do with the increased control of the state over the citizen. In the US there is a very widespread, if informal, belief on the part of the law enforcement agencies that "after 9/11 nobody has any rights any more". Patriot I and Guantanamo are prime examples.
And as far as the UK is concerned, I don't believe it's too cynical to say that the government knows perfectly well that its proposed ID system is flawed and will not work but - and this is the nasty bit - that's not why the whole system's being introduced.
As with the RealID in the US, the British government is introducing the ID card and National Identity Register in order to increase its control overthe British people. Consider: for the first time in British history all UK residents will be obliged to register their addresses with the authorities - just like here in continental Europe [I live in Germany] and the card will be required in order to use government services such as medical services, get a job, open a bank account etc. etc. The government claims that it will not have access to your medical records etc., but I would suggest that that's only a matter of time.
The British ID card is intended to be a form of internal passport without which life in the UK is deliberately designed to be impossible and which will make the citizen's life read like an open book. With all this information, the British state will be able to increase its power over the people (don't forget: in this information age, knowledge is power).
Far-fetched? Remember: we also live in an age where technology now makes it possible to record fingerprints and iris prints etc. on silicon chips as well as hard discs (our DNA prints will probably follow in a few years).
All this is being done to supposedly reduce benefit fraud, illegal employment and illegal immigration and - more incredibly - terrorism. I would suggest that these problems could be solved more effectively by spending the money on more personnel such as police, and immigration and employment inspectors etc., a more effective, no-tech, "boots on the ground" solution, or what the CIA charmingly calls "humint".
And those who argue that all the above proposals are OK, claiming that they've "got nothing to hide", are kidding themselves. Everybody has something to hide. I'm not talking about guilty consciences, I'm talking about the concept of legitimate privacy, such as medical records, salary, credit card transactions, personal investments etc. Imagine getting your pay slip or bank statement etc. in a transparent plastic cover, letting everybody see what you earn or how much you've got in your bank account.
No, compulsory ID's are for the benefit of the state, not the citizen. And don't ever let anyone tell you different.
are you going to do business with me now.. when you have seen life..
Cards will not be available to us citisens until 2009 due to the technologies involved in producing them and the enormous task of getting everyone registered. There is a project to introduce facial recognition booths which also read the card and prove that you are who the card says you are. This will have an enormous benefit at Airports where the current queues are frequently horrendous. Similar Identity readers will become standard eventually in all places where a need to authenticate identity is required. eg. BANKS, REGISTRY OFICES etc. The benefits will far out way any percieved dissadvantges.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.