Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« The Myth of the Superuser | Main | SCADA Security Hole »
May 8, 2007
REAL ID Action Required Now
I've written about the U.S. national ID card -- REAL ID -- extensively (most recently here). The Department of Homeland Security has published draft rules regarding REAL ID, and are requesting comments. Comments are due today, by 5:00 PM Eastern Time. Please, please, please, go to this Privacy Coalition site and submit your comments. The DHS has been making a big deal about the fact that so few people are commenting, and we need to prove them wrong.
This morning the Senate Judiciary Committee held hearings on REAL ID (info -- and eventually a video -- here); I was one of the witnesses who testified.
And lastly, Richard Forno and I wrote this essay for News.com:
In March, the Department of Homeland Security released its long-awaited guidance document regarding national implementation of the Real ID program, as part of its post-9/11 national security initiatives. It is perhaps quite telling that despite bipartisan opposition, Real ID was buried in a 2005 "must-pass" military spending bill and enacted into law without public debate or congressional hearings.DHS has maintained that the Real ID concept is not a national identification database. While it's true that the system is not a single database per se, this is a semantic dodge; according to the DHS document, Real ID will be a collaborative data-interchange environment built from a series of interlinking systems operated and administered by the states. In other words, to the Department of Homeland Security, it's not a single database because it's not a single system. But the functionality of a single database remains intact under the guise of a federated data-interchange environment.
The DHS document notes the "primary benefit of Real ID is to improve the security and lessen the vulnerability of federal buildings, nuclear facilities, and aircraft to terrorist attack." We know now that vulnerable cockpit doors were the primary security weakness contributing to 9/11, and reinforcing them was a long-overdue protective measure to prevent hijackings. But this still raises an interesting question: Are there really so many members of the American public just "dropping by" to visit a nuclear facility that it's become a primary reason for creating a national identification system? Are such visitors actually admitted?
DHS proposes guidelines for proving one's identity and residence when applying for a Real ID card. Yet while the department concedes it's a monumental task to prove one's domicile or residence, it leaves it up to the states to determine what documents would be adequate proof of residence--and even suggests that a utility bill or bank statement might be appropriate documentation. If so, a person could easily generate multiple proof-of-residence documents. Basing Real ID on such easy-to-forge documents obviates a large portion of what Real ID is supposed to accomplish.
Finally, and perhaps most importantly for Americans, the very last paragraph of the 160-page Real ID document deserves special attention. In a nod to states' rights advocates, DHS declares that states are free not to participate in the Real ID system if they choose--but any identification card issued by a state that does not meet Real ID criteria is to be clearly labeled as such, to include "bold lettering" or a "unique design" similar to how many states design driver's licenses for those under 21 years of age.
In its own guidance document, the department has proposed branding citizens not possessing a Real ID card in a manner that lets all who see their official state-issued identification know that they're "different," and perhaps potentially dangerous, according to standards established by the federal government. They would become stigmatized, branded, marked, ostracized, segregated. All in the name of protecting the homeland; no wonder this provision appears at the very end of the document.
One likely outcome of this DHS-proposed social segregation is that people presenting non-Real ID identification automatically will be presumed suspicious and perhaps subject to additional screening or surveillance to confirm their innocence at a bar, office building, airport or routine traffic stop. Such a situation would establish a new form of social segregation--an attempt to separate "us" from "them" in the age of counterterrorism and the new normal, where one is presumed suspicious until proven more suspicious.
Two other big-picture concerns about Real ID come to mind: Looking at the overall concept of a national identification database, and given existing data security controls in large distributed systems, one wonders how vulnerable this system-of-systems will be to data loss or identity theft resulting from unscrupulous employees, flawed technologies, external compromises or human error--even under the best of security conditions. And second, there is no clear guidance on the limits of how the Real ID database would be used. Other homeland security initiatives, such as the Patriot Act, have been used and applied--some say abused--for purposes far removed from anything related to homeland security. How can we ensure the same will not happen with Real ID?
As currently proposed, Real ID will fail for several reasons. From a technical and implementation perspective, there are serious questions about its operational abilities both to protect citizen information and resist attempts at circumvention by adversaries. Financially, the initial unfunded $11 billion cost, forced onto the states by the federal government, is excessive. And from a sociological perspective, Real ID will increase the potential for expanded personal surveillance and lay the foundation for a new form of class segregation in the name of protecting the homeland.
It's time to rethink some of the security decisions made during the emotional aftermath of 9/11 and determine whether they're still a good idea for homeland security and America. After all, if Real ID was such a well-conceived plan, Maine and 22 other states wouldn't be challenging it in their legislatures or rejecting the Real ID concept for any number of reasons. But they are.
And we as citizens should, too. Let the debate begin.
Again, go to this Privacy Coalition site and express your views. Today. Before 5:00 PM Eastern Time. (Or, if you prefer, you can use EFF's comments page.)
Really. It will make a difference.
EDITED TO ADD (5/8): Status of anti-REAL-ID legislation in the states.
EDITED TO ADD (5/9): Article on the hearing.
Posted on May 8, 2007 at 12:15 PM • 57 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The UK governments plans for ID cards are more advanced, but also lack any real problem for which ID cards are a reasonable solution.
Ministers claim that ID cards will prevent benefit fraud, but most such fraud is based on medical disability for which ID is irrelevant; claims are made that ID cards will reduce crime, but comparisons with countries that already have ID cards suggest otherwise; claims are made that ID cards will help prevent terroristism, but home grown terrorists will have cards and foreign terrorists will not.
Recently one government spokesperson suggested that an ID card could be used to prevent Internet fraud... totally failing to understand how absent authentication works.
Whenever the claimed benefits of ID cards are closely examined they turn out to be minor or spin. There is only one sure thing about ID cards, they are hugely expensive to introduce and maintain. In the UK the costs will probably exceed $20 billion over 10 years; in the US expect costs to reach $100 billion or more.
More info at http://www.no2id.net/index.php
Posted by: Geoff Lane at May 8, 2007 12:42 PM
According to the government, proving your identity before entering is sufficient protection.
With that reasoning, you can keep an airplane's cockpit door open and allow everyone to enter, as long as they show their ID to a guard at the cockpit door, and voila, you're completely safe from hijackings.
Posted by: FP at May 8, 2007 12:43 PM
Done.
And it, oddly enough, does seem to make a difference folks.
Push back from many people has at least greatly slowed NAIS (National Animal Identification System) from being implemented -- the amount of pushback seems to have geuninely shocked USDA.
For those unfamiliar with NAIS...under the original proposal if I wanted chickens in my backyard again and wanted to mail-order the eggs or buy adult chickens through "proper" channels...I'd have to register my property with the State's Dept. of Agriculture...and identify each Chicken with a band or RFID and keep records of what happened to them... Yes, it was and largely remains that absurd.
Worse, as part of the registration process you had to "voluntarily" agree to allow administrative searches of your property at will (i.e. no search warrant) as part of being assigned a premise ID.
We're not talking about "privileges" like driver's licenses folks -- we're talking being required to cede constitutional rights in order to grow your own food.
Posted by: Matt from CT at May 8, 2007 12:46 PM
Actually, Bruce may be amused perusing this site:
Including one recent tidbit --
Wisconsin said they'd revoke the milking certification for any farm that hadn't registered by 1 May.
When that date came and 1,300 Farms had simply refused to comply...the state blinked and announced they wouldn't be pulling the permits.
Vermont had basically the same reaction -- sufficient numbers of farms that refused to register for Premise IDs that the economic cost of forcing them to close would not be politically tolerable.
Posted by: Matt from CT at May 8, 2007 12:51 PM
Matt from CT comments:
> And it, oddly enough, does seem to make a difference folks.
It does. Deborah Pierce of Privacy Activism describes one example at http://stoprealidnow.blogspot.com/2007/05/...
The biggest one I've seen involved Secure Flight -- a passenger profiling system that the US wanted.
DHS and DoT published a draft rule in the Federal Register .... We commented it to death, we hit all of the press we could, and basically forced them to convene a committee (DHS put it together). A scathing report was issued, and guess what? Secure Flight was killed. It's still dead.
Posted by: Jon at May 8, 2007 1:40 PM
We all agree that government 'implements poorly'. They cannot help themselves.
However, there is a real need to be able to identify bad people. Having worked on the IT side of law enforcement and integrating to federal systems, I know first hand how difficult a problem they are facing.
Currently, each State does their own thing with their own rules. All states are already interconnected with each other. Thus, any police officer can query drivers license data from any state. Real ID isn't adding a national database as some sort of a new capability. That has been here for 30 years.
One existing problem, though, is that some states have weak (some say non-existent) standards for issuing ID cards or DL's. That is a pretty weak link in the system.
What suggestions could we from the security industry make to improve the quality of the data? Would minimum system-wide standards be in order?
Posted by: roenigk at May 8, 2007 1:45 PM
"However, there is a real need to be able to identify bad people."
How exactly does real ID do that? How do you do that without simultaneously mislabeling a larger number of not-bad people as bad people too?
As far as I can see, real ID only identifies people who have or can dig up, find, or make "identifying documents" acceptable in a participating state with weak authentication practices.
I would be pleased as punch to be able to carry a driver's license that was marked "Not a Real ID".
Posted by: j at May 8, 2007 2:01 PM
I think we need a national ID card and database. The db should have pictures, finger prints and DNA. Sure would make crime fighting easier.
Posted by: Brad at May 8, 2007 2:18 PM
Alternate method: email oscomments@dhs.gov Be sure to put "Docket No. DHS-2006-0030" in the subject line.
Posted by: Jim Harper at May 8, 2007 2:41 PM
I thought I already had real IDs:
A passport
A California State Driver License
A Social Security Card
A Birth Certificate
So know I guess I need a really realer
real id to really id them all!
The only really real good news about
this is that our government is
so incompetent that they real never
really be able to put together such
a system that really works.
Unfortunately it will probably really
work just well enough to really make
life difficult. I guess we will have to
get down to the real work of making
more prisons to torture the real
story out of those really real terrorists.
Posted by: Greyhound at May 8, 2007 2:43 PM
>That is a pretty weak link in the
>system.
Years ago, there was Elm Streets all across America...with Elms on them.
Today, the streets remain named after the trees that died decades ago.
It's the problem with monocultures of any type -- whether it's trees, or anti-virus software, or e-mail servers, or ID cards.
If a town, organization, or nation relies solely on one "standard", no matter how strong you make that standard...once it's broken everything crashes at once.
That's why streets should have many different trees planted along them.
That's why different antivirus vendors should be used for perimeter / server / desktop use.
That's why having different e-mail servers is good from a resilency standpoint -- no matter how much redudnacy and hardening you do of any single vendor's product...a flaw in that single product could take down all communications over it.
And it's why federalism is good and allowing States to have their own standards and procedures is good -- a hack of one is not a hack of all.
Establishing identity, when it matters, needs to be much more involved then simply checking papers. Papers can be forged, and when under Real ID standards some forges the first ones...it means all have fallen simultaneously.
Posted by: Matt from CT at May 8, 2007 3:03 PM
Submitted my comment on the site. It's a pain in the ass to use, but what must be done must be done.
Posted by: Stephen Touset at May 8, 2007 3:23 PM
@roenigk
"there is a real need to be able to identify bad people."
So is that a field on the REAL ID card?
Name, DoB, Bad Person
Will that be one of the questions on the application; "Are you a terrorist?"
If you really think that REAL ID will help then you should read this...
Posted by: stacy at May 8, 2007 3:47 PM
Why go through the time and expense? History shows that IDs by themselves do nothing. When the Germans occupied France they issued papers to the French people. However, the people were still able to put up a stiff resistance movement.
Does occupied America really need wartime identification papers?
Posted by: POW at May 8, 2007 3:50 PM
Thanks Bruce,
I saw this post half an hour before the deadline and was able to get a letter drafted and sent just in time. Thank you for letting us all know.
I asked about 5 of my friends to send letters as well just by linking to your blog in an IRC channel and telling folks to read it. The posting reflected the urgency a lot better than the EFF page (which are good, just standard...) and some of the others. This entry has had real impact.
I hope it was enough,
~D.J.
Posted by: D.J. Capelis at May 8, 2007 4:01 PM
Oh, now I understand. It's not a real database, it's a relational database. Spin those words folks, it's all in the symantics.
Posted by: Paul at May 8, 2007 4:07 PM
@Brad
"I think we need a national ID card and database. The db should have pictures, finger prints and DNA. Sure would make crime fighting easier."
Please tell me that was sarcasm Brad.
Posted by: Reviewer at May 8, 2007 5:42 PM
Luckily, I don't live in the US, but... things like this tend to ripple down to other countries aswell... *bows for the almighty USA*
Posted by: Mindy at May 8, 2007 5:47 PM
Montana recently passed legislation preventing the state government from taking part in the Real ID program. They felt it was too intrusive and unfunded.
Posted by: Henry at May 8, 2007 7:39 PM
Why would you trust these people to manage data on millions of people when they can't manage confidential data on 100,000 of their own employees?
Details and amusing PR here:
http://www.tsa.gov/datasecurity/index.shtm
Posted by: AlanS at May 8, 2007 8:52 PM
Here's what I commented: The "Real ID" system proposed is a colossal waste of taxpayer money, and far more importantly, the fragile credibility of DHS. Any security specialist knows that a "unbreakable" ID will be immediately compromised. Far from correcting a vulnerability, the "Real ID" system creates a number of new vulnerabilities based on excessive reliance on a single form of identification. Reputable organizations and entities have laid out these points in far greater detail. Further, the "Real ID" system promises to create unnecessary and damaging barriers to employment, credit and most importantly to the exercise of Constitutional rights in voting, access to the court system and government buildings, travel across state borders, and freedom of speech. Consider that the added costs of "Real ID" will cause large numbers of poor people not to get one. This will result in delays in employment and public benefits eligibility, more limited access to already difficult credit and banking resources, and reduce effectiveness of law enforcement by creating a larger "sea" of undocumented persons for criminals to hide within. I am very concerned that the "Real ID" initiative will make it more difficult for people to exercise their right to vote. The requirement to produce identity documents that many poor people do not have, or cannot easily obtain (birth certificates, utility bills, land title / rental agreements, etc.) could well be used to disenfranchise voters en masse. One last consideration: my training in Social Ecology at the University of California, Irvine was in complex systems theory. It is my belief that the "Real ID" project is doomed to failure due to the interlocking complexities created by direct and indirect costs of implementation, unless the true goal is to create a document to separate the rich from the poor. Such an attempt is un-American on its face and should be forthrightly abandoned. If the goal is to strengthen existing ID systems, a radically different, much cheaper and far more effective approach would be to create a qualification process by which any ID, privately issued or publicly issued, could be vetted as acceptable to the Federal government. This would allow such varied organizations as banks, schools, private agencies, public agencies, and even volunteer groups to prove their internal identifications worthy of clearance, bringing up the credibility of identification to the benefit of all. This open-source qualification process would allow, for example, Bank of America to issue valid identification -- or the University of California -- or IBM -- or even the Salvation Army -- if the process met strict and audited standards. Costs would be dramatically reduced because these organizations already spend much effort, although piecemeal, to verify identity and improve security. Perhaps even the ACLU could get in on the identification-issuance bandwagon, if willing and able to identify persons issued identification, vouch for their identity, and have a verified process for control of issuance, control of documents and their creation, and resultant databases. Thank you.
Posted by: Andrew at May 8, 2007 9:01 PM
Have you every tried to do anything in the US without a driving license?
I once spent a prolonged visit (9 months) in the USA and was contantly asked for my "drivers license" and met with total confusion when I produced my photoless UK license.
You yanks are already have ID cards -- they are just not very good ones.
Posted by: supersnail at May 9, 2007 1:55 AM
We have had national ID cards in Sweden since before the second world war. Along with personal ID numbers. I have yet to understand why they are considered the source of all evil over there.
You already have the social security numbers and state issued id cards...
What I think should be a considerably larger issue in the states is how companies and the state are allowed to handle personal data. I think that is where the real issues are.
Posted by: Student at May 9, 2007 7:12 AM
We do need to identify bad people. Not in advance, but after we catch them being bad. They have a tendency to lie about their names and produce fake IDs. Actually they currently tend to produce valid but inaccurate ID.
It's a good idea to make the "weak" states use a better system of controls for issuing ID and use better ID documents. RealID does other things, it isn't that good idea.
Posted by: bad man at May 9, 2007 7:57 AM
"Real ID was buried in a 2005 'must-pass' military spending bill and enacted into law without public debate or congressional hearings."
Public debate, okay... congressional hearings, okay. But our representatives knew exactly what they were doing. As long as we continue to elect representatives who do not believe in transparency, we will continue to see buried legislation.
Perhaps we should consider passing a single subject amendment to the Constitution, similar to single subject laws for initiatives in such states as California.
But even an amendment does nothing if we elect representatives willing to bury legislation. Amendments can't be worded perfectly, and worse... can be used against you in ways you never imagined.
Posted by: C Gomez at May 9, 2007 8:17 AM
Not to be too pessimistic, but it seems that the realities of "citizen power" is growing cold. Relevently, citizens are easiest to control when they are all alike. Real ID would be another way of homogenising the people.
Posted by: Scott at May 9, 2007 9:03 AM
Get over it. If it keeps this country a little safer then I'm all for it. If you don't have a driver's license in a state then you have to have a state issued ID to do anything anyway...why not let the feds pay for it. You have to give up something for security in this day and age. I'm going to send them a message to go ahead with the plans. The paranoia is false...the government already knows everything about everyone...there are cameras everywhere in place to protect people and property. Case in point is VA Beach VA...the tourist area has cameras all up and down the strip. They are there to ensure the safety of the law abiding citizens that want to go and have a nice safe vacation.
Crawl into a hole if you don't want the government to know anything about you.
Posted by: qmeister at May 9, 2007 9:23 AM
@qmeister
That's the question: will it keep us safer? For a variety of reasons the answer is "No". In fact, it might even make us less safe. At least a few of the 9/11 hijackers had valid drivers licenses. What makes anyone think that "bad people" won't be able to get a valid Real ID? If they do, then they've been legitimized and become much bigger threats.
Oh, and with regard to "why not let the feds pay for it", evidently you didn't read carefully. Real ID is an unfunded mandate to the states. The states will have to pay. Regardless, taxpayers will foot the bill for something that likely will make us less safe, not more.
Posted by: Kurzleg at May 9, 2007 9:50 AM
I was under the impression that only immigrants (legal/illegal) would be receiving the national ID cards as stated by Guiliani in the debate???? Not americans... Thats why farms are refusing to comply as well as other entities that rely on them.
Posted by: Mark at May 9, 2007 9:51 AM
A national ID card makes perfect sense in light of the need to help improve our domestic security. Unified standards and control are necessary because terrorists can easily obtain false real identification now with the lax standards that exist in some states. How many people have to die before we can all say that doing everything possible to protect ourselves from terrorism, including adopting a sensible national ID program, is a good idea? I am sorry, but the privacy argument on this issue is uncompelling. We are not disclosing any more information than we otherwise would about ourselves by having a national ID card.
Posted by: Peter at May 9, 2007 9:53 AM
We are heading into a police state. God bless America.
We really need God's help here.
Posted by: Anonymous at May 9, 2007 10:02 AM
Quite frankly, I am massively depressed. I feel as though it is too late. A culture that breeds a gov willing to concoct this stuff will have it imposed no matter what. Even if this particular one is overturned, all of our rights to privacy will be slowly eliminated. Worse, many (most?) people seem to think its ok. My wife approves of the idea. "If it stops one terrorist then it will be worth it" - of course if she ever gets on the bad list and disappears or is unable to travel or get a job she would be screaming, but by then its too late. People just cannot see the consequences of things. They see only their own little safe lives and assume nothing wrong can ever happen, yet history shows that every single time the government has power over people it uses it.
sigh, I feel in my bones that it is too late. Decades from now, movies of this era (shown to only those permitted to do so) will look at the "quaint" viewpoints on privacy and freedom like we do when looking at cowboy movies now.
Posted by: Mark at May 9, 2007 10:16 AM
i don't see what the big deal is. i already have a driver's license - why not replace it with a "national id"? makes sense to me. everyone will have the same ID, so it will be A LOT easier to discover fraudulent IDs... right? maybe i'm missing something (actually i'm sure i'm missing something). anyone want to post a link that shows the PROS & CONS of making this REAL ID?
obviously i wouldn't want the "database" abused, but couldn't the database in my home state be abused? what about at the social security center --- is that not subject to the same abuse?
please don't counter with "i'm an idiot" - i'm looking for info on this subject before i make a final decision.
Posted by: trainwrecka at May 9, 2007 11:12 AM
To me, this "RealID" nonsense is created for the sole purpose of taking identification powers from the States and giving them to the Federal Government. It may not appear that way now, but there is no reason that such a thing can't happen in the future.
It would go something like this:
1) Force the states to make all IDs REALID compliant
2) Problems found can be blamed on states not following guidelines laid out by the Feds.
3) A crisis is then found (staged?) to get people to say "we need the feds in charge of this"
4) Bring the ID powers officially under federal control
5) Get the ID used for absolutely everything
6) Once you need the ID to work and live, then whoever controls the Fed. Government will be able to track, monitor, etc. every single person and be able to shutdown any person's ability to live and work by putting them on a No-ID list. (Similar to already existing No-Fly lists which effectively control your ability on fly on any major airline.)
If you doubt this outline, then ask yourself how we got to a point where we even have a national no-fly list? [Which you cannot even find out in advance if you are on. Many agencies can add your name but good luck getting off of it.]
Power is best when separated, not combined.
Posted by: bzelbob at May 9, 2007 12:36 PM
I am glad that I found this site and its recommendation to speak my thoughts. I have forwarded an email and have encouraged the enactment of the Act as soon as possible.
Posted by: Robert at May 9, 2007 12:44 PM
Meanwhile, in Utah and Florida, some interesting laws are passed behind your backs...
http://le.utah.gov/~2007/bills/hbillenr/...
13-32a-103. Compliance with criminal code and this chapter.
134 Every pawn or secondhand business shall, regarding each article of
135 property a person pawns or sells, comply with the requirements of this chapter and the
136 requirements of Subsections 76-6-408 (2)(c)(i) through (iii) regarding the person's:
137 (1) legal right to the property;
138 (2) fingerprint; and
139 (3) picture identification.
140
Posted by: Anony at May 9, 2007 1:29 PM
154 (ii) the number of the driver license or other form of positive identification presented
155 by the person, and notations of discrepancies if the person's physical description, including
156 gender, height, weight, race, age, hair color, and eye color, does not correspond with
157 identification provided by the person;
158 (iii) the person's signature; and
159 (iv) a legible fingerprint of the person's right thumb, or if the right thumb cannot be
160 fingerprinted, a legible fingerprint of the person with a written notation identifying the
161 fingerprint and the reason why the thumb print was unavailable;
Posted by: Anony at May 9, 2007 1:32 PM
As a rule of thumb, legislators who sneak something into otherwise "must-pass" legislation because they know it cannot pass as a stand-alone item should at the very least be immediately expelled from their post, if not charged with treason at risk of death. The system whereby our laws are created was founded on the principles of open debate and careful deliberation, and when one legislator violates the trust of their constituency by depriving most or all other legislators and their constituencies of the right to due discourse on something that he or she intends to see made into law, they have fundamentally altered our nation for the worse.
Sensenbrenner should be more than ashamed; he should be out of a job, he should be brought up on charges, and he should have a bright light shined into his eyes and be made to confess the names of his true masters.
Posted by: Austin at May 9, 2007 2:21 PM
I object. This constant attack on our civil liberties has got to stop I will never vote Republican again.
Warrantless searches, monitoring of phone calls, scanning all our emails, this is a slip into dictatorship, what ever happened to the bill of rights?
Any power not granted to the Federal Government is left to the states. So why is the Supreme Court not fighting this more? Because of a Republican majority?
Posted by: Robert Kubler at May 9, 2007 4:31 PM
I'm behind defeating this 100%
blogged it a while ago here: http://smokeringsandcoffeestains.com/?p=130 and here: http://smokeringsandcoffeestains.com/?p=133
if that helps your cause. :)
Posted by: leslie at May 9, 2007 4:46 PM
Presidential candidate Ron Paul is against the national ID as well as the IRS and the Fed.
Posted by: David Tom at May 9, 2007 4:52 PM
I blogged about this as well and added a link to http://www.privacycoalition.org/stoprealid/ though I wasn't as successful as you at creating an eloquent informed argument, sadly I was rushed to post it.
The point is that I am ready to join whom I must to stop this. The privacy coalition is a good place to start for those who are interested in helping.
Also we must hold lawmakers responsible for not opposing this proposal, that means Barack and Hillary, Ron Paul and John McCain. But remember that somewhere, someone is set to profit from this. If you can find out who it is, then I would recommend posting it to digg and del.icio.us.
But the most important thing to remember is that the new media has yet to completely supplant the old media. This means sending letters to USA Today (largest circulation in U.S.), Fox News (turn your nose, but do it), CNN, Time Magazine, Newsweek, New York Times, Wall Street Journal, even your local stations and papers.
The journey of a thousand miles begins with a single step, but if we are fast acting and smart then our steps will amplify. We know that the Bush Administration will do what they say they will do, they will lie to get it about, but we know that when opposed they can be stopped. (Social Securuty Reform anyone?)
If we sit back and allow the noise machine to demonize us then we will be as powerless as we were in the build up to war.
We must stop this. It is another addition to the decline of our civilization. Don't be afraid to fight.
Posted by: Sean Alday at May 9, 2007 5:06 PM
Nobody wants to contact DOHS for fear of becomming "a person of interest". Isn't that ironic? I've broken the habit of pleading with organized criminals, honestly if I thought there was any hope, I'd tell them just where to get off.
Posted by: :Thomas-John: Strizak. at May 9, 2007 5:52 PM
Horrible consequences of immoral laws are frequently ignored since they are impossible to predict. Only those wishing to implement the RealID have the knowledge of its real intent.
The concepts of mission creep and boiling the frog come to mind.
Posted by: Dave Smith at May 9, 2007 7:13 PM
Fear is a tool best used to strip away what our Constitution has promised. The national ID card is an afront to everything this country used to stand for.
----------------------------------------
Those who give up essential liberties for temporary safety deserve neither liberty nor safety.
~Benjamin Franklin
Posted by: Bob at May 9, 2007 8:05 PM
This isn't surprising. It's been coming for some time now, while we spoiled Americans have been too busy to notice or even care that our government stopped being "by the people", "of the people" and "for the people" a long time ago.
Posted by: Kris at May 9, 2007 10:33 PM
Are you all crazy? Real ID will have no affect on our lives. Your local DMV will re-issue your driver's license and the integration should be seamless. Such programs have worked rather successfully in other parts of the world, such as France and the EU. A standard ID format would reduce fraud because with only one form factor a fake would be far easier to detect. Plus it would also cut down on crimes like underage drinking and smoking. The way it is now, if i go to school in new york and present a california license, the barkeep may not know what a californa license looks like, and therefore as a native new yorker I could eaisly present a fake. With real ID there is no "us" or "them" they will be phased in over a couple of months. If its such an issue and you think your going to be segregated GET YOUR ID AS SOON AS THEY COME OUT MORON! frankly, nuts like you ARE security risks and you can stay off any plane im flying on
Posted by: Eric at May 10, 2007 8:26 AM
Still think RealID is good?
23-year-old Serdar Tatar (would-be assassin at Ft. Dix this week) had a valid base pass that required that he register in advance, and undergo a criminal background check to get his pass. In addition, it had to be reviewed every 30 days.
The result?
From:
http://abclocal.go.com/wpvi/story?...
"Once they have received the pass, they're on," Nesbit said.
The delivery people are not followed or monitored once they clear security, she said.
"There are 16,000 people that come through the gates every day," she said. "It's practically impossible to follow everyone."
She said the fort considers its policy for screening delivery people adequate for now, but said it could be reviewed in the future.
--------------------
If we go to RealID, it's easier, not harder, to spoof the system, because all you have to have is ONE "legitimate" ID, instead of several.
Posted by: Mitch at May 10, 2007 2:59 PM
Making sure that I am who I say I am is by far more important than trying to proove who you are not when wrongly accused of violating a law just or not. Todays understanding of DNA is a Gift from our God to use for the benifit of all who believe in a system of morrals for humanities future. Do Those who fear they will be ID'ed as the doer of evil want to be ID'ed?
Posted by: The Judge at May 13, 2007 3:21 PM
Bible Prophecy is coming to light once again. No man can buy or sell lest he have the mark in his right hand or forehead. The National ID card with it's embedded chip is just the first step. Next after the people who truly believe in Jesus Christ as their Lord and Savior, have asked JESUS CHRIST to forgive them of their sins and be their Savior, are called up to meet Christ in the air and are removed for a time from future events, then the government will have an easier time starting the implanted body chips. I just feel very sorry for those left on earth for the destruction that comes after a period of seeming peace by the false leaders.
I pray GOD, JESUS CHRIST and the HOLY SPIRIT can enlighten you about how very wrong giving yourself up to this deceptive ID plan can really be. People need to get back into the fundamentals of the Bible and not the so-called new Christian faiths that don't teach the truth from the Bible. We are truly living in the last maybe 14 years or less of this end age, which I really think is closer to 7 years or less. Not the end of the world, but the end of an age as we have previously known it.
The Baptist Pastor of the church I attend and am truly taught the word of GOD out of the BIBLE, had a dream of the Rapture (a latin word, not found in the Bible, but means caught up, which is in the Bible), and he asked the congregation how many others have had this dream in the recent past. The number of hands that went up was amazing, and mine was among them. Until you have experienced a dream or a vision from GOD like this, you can never know it's impact on how you see the future or how you live your life. Those who have been given the truth know, that no matter how much we try to stop future events from happening, they will, as it is GOD's plan, not ours. We (true believers in the true one and only GOD) only want to postpone the national and someday implanted ID's for the sake of the souls that do not yet know it's implications in regards to having a personal relationship with GOD the Father, GOD the Son, and GOD the Holy Spirit. We want you to have time to accept the BIBLE as the truth GOD has given us, and be able to have a place in eternity. Yet, the final choice is each persons, HEAVEN OR HELL, and the mark of the beast (implanted/imprinted on the forehead or right hand) is on it's black, black road to destruction for too many a soul. Another site of enlightenment is
www.theforbiddenknowledge.com/hardtruth/blackpope.htm
Posted by: Lauralee Hensley at June 5, 2007 11:04 AM
[13:16] And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:
[13:17] And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
Posted by: "Anonymous" at April 18, 2008 11:45 AM
To Lauralee
Just remember, God's word is truth and all must agree, because there is no contradiction. The beast will make war with the saints and overcome them. The days are shortened for the elect's sake and what are they doing there if there has been a rapture? Lastly, we shall all be changed, in a moment, in the twinkling of an eye...when? At the last trump. Have you checked to see what occurs before the last trump? All of the seven year tribulation. Be careful, you may be facing the mark whether you are ready or not.
Posted by: Jan at July 15, 2008 12:13 AM
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Blog Menu |
SearchBlog Home Page
Archives by Date2012 J F
  |
| Latest Book |
more books by Bruce Schneier |
| Syndication |
|
Full Text Feed
Excerpts Feed |
| Translations |
|
German
Italian |
| Crypto-Gram Newsletter |
|
If you prefer to receive Bruce Schneier's comments on security as a monthly e-mail digest, subscribe to Schneier on Security's sister publication, Crypto-Gram.
read more |
Comments