Gregory Machler November 30, 2004 4:12 PM


Do you have any concerns about fear of terrorism leading to a world-state where national IDs are
used globally and we live in a 1984ish type

What are your thoughts in regards to federated IDs? They are great for corporations that want
to track transactions amongst business entities
for given individuals.

Is the reduction of passwords (for a single user) a significant enough gain to warrant this centralization of control? Doesn’t it make identity theft an even greater threat – since you could gain access to even more systems?

Eric November 30, 2004 5:51 PM

We tend to hear quite a bit from security experts such as Bruce about why various proposed solutions for identification and security won’t work, and what the flaws and exploits inherent to them are.

These are all good things to know, as it steers us away from bad ‘security’

But what I’d like to hear far more of (although I realize it’s probably much harder to write about) would be honest proposals for what would be good ideas for replacement protocols and technologies.

So far, that seems mostly limited to “Well-trained professionals keeping their eyes open”

While admirable, surely that isn’t the be-all, end-all of security. Surely there must be more innovations out there that can take some of the load off these well-trained professionals and those who pay their wages.

Isn’t there?

Andreas Sikkema December 1, 2004 2:57 AM

The problem with innovations is that they mostly end up being machines. Compared to humans, machines are stupid, so they tend to be over cautious and do everything in bulk. I think this is one of the problems Bruce is trying to prevent.

Clive Robinson December 1, 2004 6:03 AM

Security like may other things is a process subject to the “laws of human nature”,

1, It continously evolves.
2, It has non linier but oscilitory behaviour.
3, It’s subject to market forces.
4, It’s subject to prejudice.
5, It’s subject to resource limitations.
6, It’s a three state game (win,draw,lose)

and several others.

The Comunist block colapsed for many reasons however one of the prominent ones was it could not afford it’s security (market forces).

East Germany did not see it’s downfall and 9/11 happend, not because the information was not there but there where insuficient analysts (resources) and they where looking in the wrong areas (prejudice).

When a security event (9/11) happens in an open society there is a knee jerk action, security quickly ramps up as long as there are the resources and the people it is applied against accept it, which for a time they do. In an open society the limitations start to apply and security ebbs slowly away, untill such time as another security event happens. This gives one type of oscillitory behaviour.

In a closed society security builds up slowly as the resources are found for it, it continues to increas beyond the point where it is sustainable leaving the society week and inflexible. At some point an event happens such that causes the resources to be diverted away from security (crop failer, epedemic, earthquake etc). As the event is dealt with the resources return to security, unless the event was sufficient to cause an attempt at a change in governance. Unfortunatly this is often expensive in infrestructure and manpower (Civil War) often the change results not in an open society but another closed society and this is the second type of oscilitory behaviour.

In both cases there is a time lag involved, time to election in an open society, time for overt oposition to gain imputus in a closed society.

All societies are placed somewhere between the extreams of open and closed. Thise means that their resultant pattern is a combination of both major types of oscillitory behaviour and appears chaotic when a scociety is away from the extreams (I wish you luck on trying to model it ;).

As Bruce points out in his artical there are two main types of security in an democratic society Governmental (mainly open) and Corparate (mainly closed), in normal times they are usually in conflict, however they play for marginal wins or draws, based on the accumulation of assets or resources (money). This causes minor oscilitory behaviour.

In a closed society there are again two types of security Governmental (mainly closed) and Organisational (usually closed) again they are usually in conflict. The organisations are either part of the current covernance or in opostion to it. If an organisation is part of the Government it tends to play for minor wins and settle for draws, based on the accumulation of influance and control (power). If not part of the government they are usually signed up to what is a mutual destruction pact where there is no draw only total win and total lose.

Where ever there is conflict you get an advancment of tactics and behaviour (evolution) usually the predomenent entity (Governement) has the advantage in this due to superior but limited resources.

However in a closed society a non governmental organisation has the advantage of playing against a resource rich but limited oponent, that has many unrelated organisational oponents (both real and imaginary). If the organisation does not become subject to scrutiny (prejudice) from the government then their activities can progrees without hinderence. This gives them a significant advantage when it comes to single/first strike events (Fall of East Germany etc).

Real terorists / freedom fighters are usually the product of closed societies, imaginary ones are usually the products of open societies (Reds under the bed etc). They are by nature closed organisations that might at a later stage if they replace the government become mainly open (ie democratic). Often they pretend at being open (Faux Democratic) but remain closed (Dictatorships).

Up to half way through the last century the scope of any coperation or organisation was limited by communications (both physical and informational) this tended to limit their sphers of influence (horizons) they had. Likewise governemnts where also limited by communications but less so, however they had the advantage of playing as organisations in a (non) society that had no governance.

The problems of Univerasl Survailance did not arise prior to that time as there was effectivly little freedom except for governments.

In the 1960’s the “Golden Age” of freedom started when the cost of mobility droped to the point where it was available to all (in the Western World). This gave rise to the possibility that ordinary people could move away from their “home vilage” and start a new life, coincidentaly leaving any mistakes behind them. This “Golden age” started comming to the end when the cost of processing information dropped down to a point where all information could be held “on-line” and arbitary rules could be tested against large databases of information (profiling or targeting). The first loss of freedom that came about for the avarage person was credit, oganisations either traded credit histories amongst “peers” or setup rules based on statistical norms (credit profiling). It became possible for provably credit worth people to be refused credit, however very non creditworthy people quickly found out how to make themselves lappear very creditworthy and got credit.

The same sillyness has moved on to counter terorisum, however somebody did not learn the lesons from credit profiling. As counter terorisum is about life and liberty not money it is a whole lot more serious for anybody it effects (whic is all of us).

The big problem is that norms are based on past data and simplistic models, security is evolutionary and chaotic. Also no entity is omnipitant in outlook or has even close to the resources to be so. Terorists have very bad “credit” in counter terrorisum but know how to look “creditworthy”. Worse they try to remain invisable until their First/Single Strike so effectivly have no “credit history”, and offten no intention of living long enough to creat one.

Ultimatly the solution to terorisum is not security that is by definitian “reactive”, it is always destined to fail. But proactive policies that do not allow situations to occur where terorisum can be born of hate and envy and grow sufficiently to turn on you. The solutions are also not military in nature as warfare always has civilian casualities and they in turn have relatives who will hate you.

piglet December 1, 2004 5:35 PM

I just checked the November Cryptogram newsletter and found that Bruce has reprinted the same mistakes he had made in his blog, although they already had been corrected by the readers of his blog. Partuclarly this one is highly embarassing:

“It’s much easier to hold national elections in India, where everyone casts a single vote, than in the United States.” Which is plain wrong and looks a lot like Yankee attitude. Even those simple-minded Indians are able to cast votes but only because they have a much simpler system than the USA. India is a federal union, like the United States and dozens of other countries. But neither India nor Brazil seem to have the problems for which the US now have become famous. Please, Americans, stop to blame the laws of nature for your particular voting problems. You are responsable for that mess, nobody else.

Filias Cupio December 2, 2004 6:21 PM

“And the FBI used U.S. census data to identify Muslims in the months after 9/11.”

This greatly surprises me – I thought census data was absolutely sacrosanct. How did it happen? Did the chief of the census bureaux fight it in court, and resign in protest, having wiped the hard-drives before he went?

David Yates December 4, 2004 9:31 AM

On the use of Census Data you refer to:

“Another example of the way in which the government continues to treat Arabs and Muslims as suspects came to light last week, when news reports revealed that the US Census Bureau, at the request of the Department of Homeland Security, provided detailed statistical data about the distribution of Arab-Americans in the United States. DHS officials clamed that they needed this data for “identifying which language of signage, based upon US ethnic population, would be best to post at the major international airports.”

In a letter sent to Charles Kincannon, the Director of the Census Bureau, the ACLU condemned the release of the data, noting that although it was not barred by law, the decision to release the information “violates the spirit of trust held by millions of Americans that the information they furnish on the Census will not be used against them by law enforcement agencies.” The letter is online at “

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.