Australia Is Testing Virtual Passports

Australia is going to be the first country to have virtual passports. Presumably, the passport data will be in the cloud somewhere, and you'll access it with an app or a URL or maybe just the passport number.

On the one hand, all a passport needs to be is a pointer into a government database with all the relevant information and biometrics. On the other hand, not all countries have access into all databases. When I enter the US with my US passport, I'm sure no one really needs the paper document -- it's all on the officers' computers. But when I enter a random country, they don't have access to the US government database; they need the physical object.

Australia is trialing this with New Zealand. Presumably both countries will have access into each others' databases.

Posted on November 3, 2015 at 6:20 AM • 49 Comments

Comments

HugoNovember 3, 2015 6:38 AM

And, of course, as a real democracy, they asked the population for their opinion. After all, it's their data.

Ow... wait... never mind.

WinterNovember 3, 2015 6:42 AM

I understand that the NSA and assorted other countries already have compiled a database of all humans, including biometrics.

As part of the venerable 5 eyes, Australia and New Zealand should be able to use that database instead of rolling their own?

MrPuckNovember 3, 2015 6:54 AM

International travel will be so much easier when people get those ID chips implanted.

Clive RobinsonNovember 3, 2015 7:25 AM

Oh boy what a lovely idea not.

You will still need to have some "key" into the database so you are still going to need a document to remember the "key" at some point.

Secondly where is the database going to be kept. If it's only in your home nation, what happens when the communications goes down? It's unreasonable to expect every nation to keep a copy of every other nations database so... The only other option is to forward your details to the destination to arive before you do. But if they forward on your details to the other country when you book the trip, what happens to them when you get back? What happens if you change your itinerary for some reason and you arive but your details have not?

Could go on for ages like this, but lets be honest the whole idea has got more holes than a seven foot Swiss cheese wheel.

And that's before you get onto intelligence officers and people in witness protection. Because I'm sure the likes of the US will compile their own DB for every visitor and look for duplicates or near misses on the bio-metrics and flag them up. I also think they would make the records available to all Federal Agencies and LEOs as well, which means you will not have any privacy at all.

And that's assuming the DB is accurate in the first place. There are various studies that indicate that the likes of hospital DBs are full of errors etc, some by as much as 20% of the records.

The whole idea strikes me as reaking of a back door way to get party political funds and political nest feathering via the awarding of contracts to those select donors. Which is what UK Prime Minister Tony Blair was trying to do with the UK National ID Card.

Which brings us around to the question of crime, such a DB is going to be very much open to crime of all forms.

I don't know what bunch of politico's and Civil Servants drempt this up but they kind of need to have their heads examined.

But as a commenter on another thred noted abou PLAID "this is Australia"...

AdamNovember 3, 2015 7:29 AM

Here in Ireland the government has started offering credit card size passports but the catch is they're only good for EU travel. EU citizens don't need to have their passport stamped when moving around the EU so passport is basically just a photo ID. But outside of Europe you'd still need a regular passport because random countries are in the habit of stamping entry visas, stapling bits of paper to the pages and so on.

So I'm not sure what use a virtual passport would be unless every country signed up to the same standard and their systems could cope with it upon entry and exit. I could see also see a serious issue of trust with countries capturing their own sets of biometrics just in case the person standing front of them became somebody else the next time they visited. I expect the system would also have to cope with the usual problems with identical twins, amputees, disabled people, babies etc.

So nice idea and probably useful for Australia and New Zealand. Let's see if it works out for Australians flying further afield.

buntklicker.deNovember 3, 2015 7:51 AM

Your physical document does fulfil a function even when you enter your home country: That you possess a genuine passport in your name is a strong indicator that you are indeed the person you claim to be. Not conclusive proof, but an indicator nonetheless.

In a nation that has separate ID cards and driving licences (and hence does not use driving licences as ID), the latter could easily be replaced by a DB look-up. Possession of the licence means nothing; if I can prove who I am with my ID card, the police could look simply up my driving licence status.

gregNovember 3, 2015 8:21 AM

Australia and NZ have even had a no passport policy at times. We are more or less open border with no work permits etc needed.

As for a database that other countries can access. Are you guys seriously telling me they don't *already* have that? Really? With a straight face?

At least this way i get a benefit from that access. Now i don't need the physical passport.

And boy oh boy. Time to get with the program. Your data is out there and people can access it. The cat is out of the bag. It is not going back in. No amount of browser "do not track" will change that. No amount of arm waving about privacy will uncollect data.

What i want to see is *open access* to my data for me. In NZ i technically get that. I am suppose to be able to see all the data they collected and *correct it* if it is in error.

In truth i suspect the way to deal with information asymmetry is to let everyone have access to all official databases. That way i can at least check a cops badge properly. I doubt i can tell the difference between a fake and the real thing.

Poul-Henning KampNovember 3, 2015 8:23 AM

This is a really shitty deal seen from the citizens point of view.

Passports are used as ID in a lot of circumstances outside border/imigration, and when abroad it is not just a passport, it is your *only* treaty-protected guaranteed to be considered identity paper.

The first thing police forces ask from foreigners is "Passport!" and if you cannot produce it, you can be in for a whole lot of trouble and hurt, in particular if you look like a political target demographic.

In many countries if you are arrested, police will not initiate procedures for notifying your countrys diplomatic precense of your predicament, unless you wave your passport very prominently under there noses.

Heck even an expired and cancelled passport is better than no passport at all.

gregNovember 3, 2015 9:05 AM

I have gone without a passport back a few decades ago. Yea it was no problem. Pays to live somewhere to know a place.

JohnNovember 3, 2015 9:22 AM

Imagine when the system goes down, imagine how much easier it will be to hack your data, and finally imagine this as the first step to a permanently implanted chip.

Convenience is the death of liberty.

parabarbianNovember 3, 2015 9:30 AM

"And that database link will be done over the internet. Just a guess."

Don't worry. The government will use the new, upgraded clipper chip to keep it secure.

CallMeLateForSupperNovember 3, 2015 10:05 AM

"Virtual passports"; presumably this will provide virtual security. Virtual, as in "sort-of-but-not-quite".

Unless and until other countries have access to the AU-NZ database, this seeems to be a Two Eyes program. Take *that*, US-CA-GB! (GB purposely listed last)

Goldman SquidNovember 3, 2015 10:18 AM

"Australia is Testing The Waters with The Docile Sheep"

Goal: All Biometrics, signatures and key details in 5-eyes database (to go along with your fingerprints you crims)

Laughable cover: "For your safety, security & convenience yada yada"

Eventual implementation: Poorly encrypted (if at all) data storage with a magical pipeline to Washington

End game: Your data is with ze authoritiez for good

MIC effort: C-

Rationale: Weak marketing of the latest Ministry of Information product. Try some more Arabic names,black flags or emotional pleas for non-existent security threats & recycle propaganda on State television with an ex-SAS solider that you helicoptered into some blue ribbon seat.

Question: Did the totalitarian state jackboots get softer with a Goldman Sachs touch?

The bottom line: The Land Down Under - Put Another Sheep on the Barbie.

Uh, not quiteNovember 3, 2015 10:49 AM

Uh, Bruce, you forgot about the 'A' in CIA.

What happens when the network or computers go down (as they did recently in Houston). The paper document allows immigration to continue (though very slowly).

Eire Old BoyNovember 3, 2015 10:57 AM

I do remember a blog item where someone was crossing the US-Canada border and had forgotten his passport but did have a photocopy of the info page. A quick database lookup later and your man was across the border.

Quick question: what happens when the Border Agencies foul-up and attach the wrong finger prints to the Database record?

albertNovember 3, 2015 11:06 AM

@CallMeLateForSupper,

"Virtual security" via 'virtual identification'. If it's in the database, it must be true, right? At least they'll get protection from 'virtual terrorists'.

Score a half-point for the NWO conspiracy theorists.
.......

"...Another initiative InnovationXchange is pioneering includes a US$100 million data collection service in partnership with Bloomberg Philanthropies.
Former New York mayor Michael Bloomberg sits on InnovationXchange's reference group.
His organisation will tip in $85 million with the Australian government contributing $15 million...."

Nothing like good old fashioned 'pioneering'.

I'm beginning to see the light....

. .. . .. _ _ _ ....

Nick T.November 3, 2015 11:34 AM

Don't forget the controversy over government ministers (for example in the UK) quietly revoking people's citizenship while they are out of the country. Having a system in which you are a citizen if the government database says so and not otherwise could become very risky.

Mark McC.November 3, 2015 1:28 PM

@Evelyn C. Leeper,
"One could see this for United States/Canada border crossings."

This seems not very different from the current use of Enhanced Drivers Licenses (British Columbia, Manitoba, Ontario and Quebec) for land entry and NEXUS Air cards for air entry, presently used in lieu of a physical passport.

Earl KillianNovember 3, 2015 1:30 PM

The next step is to replace your passport number with a chip that sequentially hands out pre-generated 128-bit random numbers. You submit this number to the passport server and it brings up the associated record. It also deletes the number (and the ones before it) as a lookup key, so values can only be used once.

ThomasNovember 3, 2015 2:21 PM

From the article:
"""
The minister revealed the idea at the InnovationXchange headquarters in Canberra. InnovationXchange is a brainchild of the minister, dreamed up to disrupt the traditional ways bureaucrats distribute the aid budget, which the Coalition has severely cut since coming to office.
"""

Clive seems to have hit it in one. Again.

It's a redistribution if aid from "foreign" to "corporate".

As for the implementation I assume it's a secondary passport, in addition to the current paper one, that's valid only in AU-NZ. For now.

Cash and paper passports can be used without leaving a trail.
Virtual equivalents leave a digital audit trail wherever they go.
doubleplusgood!!

gregNovember 3, 2015 2:26 PM

"Cash and paper passports can be used without leaving a trail"
?? Really?

Passports do leave a trail. Lots of trail. What do you think they do at borders? Watch teletubbies?

And cash is not as anonymous as you think.

b0bNovember 3, 2015 2:59 PM

At some point all you need is to ensure the carrier is the one the data is all about.

I don't care if the person checking me is allowed to see data about myself he could have checked with a scanner/blood test/whatever.

It's all about what they would be allowed to check about you in person, and what they're allowed to check through DB or whatever.

Once that's cleared it's all gonna be easier.

Alien JerkyNovember 3, 2015 3:15 PM

I just renewed my US passport. It is an RFID chip in it. Seems they can track my movements and id me with that alone.

BoppingAroundNovember 3, 2015 3:58 PM

I have an idea: couple it with Facebook and add some fancy 'citizen score' rating system. Preferably visible only to cleared government officials so it will have some enigmatic aura [A] around it.

When there will be drone police, low-scorers can be kept under closer surveillance. High-scorers too — buttlickers betray first. And with IoT around… Boy, will it be fun.

-------------------------------------

[A] But with that foul stench, will it be actually enigmatic?

ughNovember 3, 2015 6:03 PM

You're overestimating the competence of US Customs. My friend who's a US permanent resident tried to re-enter the US after a month-long vacay, had her UK passport with her, but not the physical US green card, and they wouldn't let her on the plane. It was very frustrating considering we figured exactly what you did: that they would have all her info on a computer anyway. She had to scramble to stay at a hotel with her upset, home-sick 3-yr old, and have someone go into her house and mail the card to her. Otherwise, there'd be a month-long process to issue whats called a "Boarding Foil" to get back into the US. Infuriating!!!

Peter KNovember 3, 2015 7:38 PM

@ Clive Robinson, "Secondly where is the database going to be kept. If it's only in your home nation, what happens when the communications goes down? It's unreasonable to expect every nation to keep a copy of every other nations database so... The only other option is to forward your details to the destination to arive before you do. But if they forward on your details to the other country when you book the trip, what happens to them when you get back? What happens if you change your itinerary for some reason and you arive but your details have not?"

Reason being they gotta have it all sorted out before a visitor get on the plane, in bulk. Pretty much how no fly list works, with more data sets attached. Anyone who lands without pre-registration will probably be kept in a small air conditioned room until the system clears. It's much safe travel for everyone with smart chips etched into their passports instead of biometrics and virtual passports.

Doubt those aussies will be able to get into say North Korea anytime soon.

Dirk PraetNovember 3, 2015 7:47 PM

@ Alien Jerky

I just renewed my US passport. It is an RFID chip in it. Seems they can track my movements and id me with that alone.

There's plenty of RFID-blocking wallets out there. I've been using one for years.

Spaceman SpiffNovember 3, 2015 8:13 PM

And what could POSSIBLY go wrong? Australia has such a great reputation for securing their government systems, NOT!

CuriousNovember 4, 2015 2:07 AM

What is stopping this from becoming some ball-and-chain-ID required for surfing the internet in the future? :|

CuriousNovember 4, 2015 2:28 AM

To add to my former comment:
I can easily imagine some future, where BIO ID and passport ID are being used together.

Biometric ID's (different types) could be made to be purely associative, resulting in some id number, and only made "useful" when matched against a second set of ID like a virtual passport. Presumably, multiple biometeric id's would be required to establish some credibility for this (and not just a single finger print).

Then, I can imagine how it would be argued that wanton monitoring of biometric ID's everywhere and anytime isn't surveillance, because of how the ID number isn't a "personal" or "identifiable" attribute.

And how about a third database that is unique to each group running a registry (country, police, etc), because of how the ID numbers for cross referencing "passport id's" are randomized, linking a fixed ID number with a passport, via some randomized list for cross referencing.

This could be a global system, in order to work with each registry being handed a randomized list from a global master list, which in turn is why such a system would be terribly pervasive. Or, it could start as a system for each nation to use, together with other nations, exchanging ID's and making people identifiable in the process. Or maybe, both, a global system, and a national system, one secret and one official.

I am no expert in such matters and I did no sleep on this, so please excuse my use of imagination here.

MickieNovember 4, 2015 6:25 AM

@ Curious

"I am no expert in such matters and I did no sleep on this, so please excuse my use of imagination here."

Welp, no one is an expert in such because such a system does not exist just yet.

What you describe will likely run into basic problems encountered by the current, past and present, global domain name registry, substitute validity for expirations, as it exhibit the same globally desynchronized nature ripe for manipulations by bad actors.

ThomasNovember 4, 2015 7:53 AM

@ greg
> "Cash and paper passports can be used without leaving a trail"
>?? Really?

>Passports do leave a trail. Lots of trail. What do you think they do at borders?
>Watch teletubbies?
If only...

I can identify myself with my paper passport 'offline', without alerting the issuer (granted, whoever I identify myself will likely make a note of it).

With a virtual passport "big brother" will be notified every time I use it.

> And cash is not as anonymous as you think.
Ah yes, the "RFID" strip that's actually a GPS tracker...

Again, cash can be used 'offline', passing through many hands before it reaches someone who might want to trace it. It can be retrospectively traced, but that's a lot of effort.

virtual cash 'phones home' with every transaction, generating lots of yummy metadata: who gave, who took, how much, where, when, ...

Clive RobinsonNovember 4, 2015 8:37 AM

@ Thomas,

Ah yes, the "RFID" strip that's actually a GPS tracker...

Nothing so fancy, there is a company I know of that makes "note counters" that also detect forgeries by optical means, it can also read and output the note serial numbers.

Currently it's a little slow but they are working on getting the speed up as "there is Government Interest" in having the technology in banks and vending / cash machines along with sufficiently high res facial photographs. They are also looking at using facial recognition with bank cards so banks etc can "limit or prevent card fraud"...

So "Welcome to the Goldfish bowl"

Oh I forgot to mention somebody I know of is looking for "seed money" to develop "store security scanners" to read mobile phones, RFIDs and potentialy NFC cards and other contactless readers...

Apparently it's partly my fault, as he read one of my long past comments on building such scanners into door frames... I've declined to get involved, but that's not likely to stop the development...

Ain't life grand... Not!

albertNovember 4, 2015 1:11 PM

@greg,
Strange you should mention Teletubbies. The childrens TV series was one of the most creative depictions of the surveillance state that I've ever seen. Fascinating, and scary.

@Clive,
Not to worry, there's a big push to eliminate cash money (I think Sweden). The banksters want to control ALL financial transactions, so they can get their pound of flesh from everyone. Of course, there are many advantages for the LE/IC as well. 1984 seems so old-fashioned now.

@CallMeLateForSupper,
Not my intention at all. I usually use ellipses... when I quote someone. Single quotes would have been more appropriate. Noted.

. .. . .. _ _ _ ....

MNovember 5, 2015 9:27 AM

@Thomas "I can identify myself with my paper passport 'offline', without alerting the issuer (granted, whoever I identify myself will likely make a note of it)."

You can safely assume that every time you check in at an airport or give your passport number when booking a flight ticket your data is being checked against some databases and transferred to all interested parties.

OrangeNovember 5, 2015 5:58 PM

@ M

You can safely assume that every time you check in at an airport or give your passport number when booking a flight ticket your data is being checked against some databases and transferred to all interested parties.

You can add booking into a foreign hotel to that list.

ianfNovember 6, 2015 1:42 PM


@ Adam: [EU Ireland offers…] new credit card size passports, only good for EU travel. Outside of Europe you'd still need a regular passport because random countries are in the habit of stamping entry visas, stapling bits of paper to the pages and so on.

Are you talking of a national ID card that's on offer in plenty of EU countries (not the UK far as I know), with the embedded, if not currently used, chip—or something new, specifically called "EU Passport" in c-card format issued by Eire? Observe that, due to the ongoing migration crisis, you had now better carry a passport when traveling to and from South-eastern parts of Europe anyway.


I'm not sure what use a virtual passport would be unless every country signed up to the same standard and their systems could cope with it upon entry and exit.

EU governments introduce biometric passports gradually so people will get used to the chips in them, and then suddenly one day there's a new law that requires these chips to be populated with fingerprint or iris data, "so we can stave off illegal immigration" (fat good it worked now, didn't require any passports).


@ Evelyn C. LeeperOne could see this for United States/ Canada border crossings.

In theory, yes. According to the “BorderLine” documentary film, however, that very border in places has become nearly impenetrable even to native Canadians who have lived 50m from the crossings all their lives. In the wake of easy availability of post-2001/9/11 DHS funds for improved border security, the US-Canada branches of the CBP flexed as much muscle as they could muster to excessively fortify and weaponize what was and still is the safest border in North America. Because, WHAT ARE THEY, CHOPPED LIVER? So I would not harbor much hope for these fairly low-intensity crossings ever becoming more efficient and welcoming, electronic passports or not (see Parkinson's Law for elaboration). Yes, I watched it.


@ ugh, do UK passport holders suddenly require a visa to the US? I know they need the $14 ESTA advance travel authorization for the visa waiver, but that should be it. Unless your British friend needlessly disclosed to [whom?] that she's a Green Card-holding US resident, in which case probably other rules applied: how long she was away, etc. So whose competence would we be talking about here?


@ Clive Robinson […] [Governments] are also looking at using facial recognition with bank cards so banks etc can "limit or prevent card fraud"...

So what do you think will happen if, when my bank suddenly wants me to submit to their "look into my eyes, look into my eyes" moment on each withdrawal BECAUSE IT IS VITAL to their operation?
Hint: I write a magazine J'Accuse of Big Brother article about how to find another bank without such a requirement EVER.

Orange JuiceNovember 6, 2015 4:48 PM

@ ianf

"fat good it worked now, didn't require any passports"

There's a good reason national IDs should be separated from a nation's passports. Passport numbers are given to foreign countries, whereas IDs are used for private stuff pertaining to your national interest, such as claiming of pensions. Any combination of such is a dangerous intrusion into not only the privacy of yourself but also a nation's sovereignty.

Not surprised we're going down that road. We've been heading down towards the vision of Global Village more swiftly than not with the ongoing passage of trade agreements and privacy erosion rules to supplement an escalation in international conflicts.

RhialtoNovember 9, 2015 10:37 AM

@ianf : A general remark about the ESTA "visa waiving" in general that I've wanted to make for a while. I don't quite see how they can call them "visa waivers" in the first place. As far as I can see, you need to apply for them in advance, you have to pay for them, and they can be refused. Hardly different from a visum.

David MunzenmaierNovember 10, 2015 8:48 AM

@Evelyn C. Leeper,
"One could see this for United States/Canada border crossings."

This already exists for US Passport Holders. They call it - wait for it - a Passport Card (no points for originality here in the states...)

@ugh
"You're overestimating the competence of US Customs. My friend who's a US permanent resident tried to re-enter the US after a month-long vacay, had her UK passport with her, but not the physical US green card, and they wouldn't let her on the plane. "

That's not ICE (US Immigration and Customs Enforcement), that's the airline. They are all ultra sensitive to toeing the line as they get fined and have to pay for the return travel if they let non-compliant pax fly.

FWIW
DLM

ianfNovember 10, 2015 12:56 PM


[Response to @ Rhialto at end]

@ Orange Juice […] “national IDs should be separated from a nation's passports. Passport numbers are given to foreign countries, whereas IDs are used for private stuff pertaining to your national interest, such as claiming of pensions.

Hate to be throwing a spanner into your mindworks, but that utmost personal-integrity train has left the station long time ago. Once a society, most any society, reaches a certain developmental plateau, one where the polity is expected to provide services in exchange for taxes, there needs to be control mechanisms to determine who is eligible for these services and liable to taxation. A sieve for us/not us. A group of nation-societies may then consider further integration by dovetailing their laws and regulations, first in bi-lateral agreements in stages, ultimately by formal cooperation within a larger "umbrella" of participating entities. That's what's happening with the EU, the only other such attempt in history conducted on friendly terms. So that's the philosophical underpinning for the free flow of information about one's own citizens in exchange for same about other nation's ditto.

Your offhand concept of different national ID & cross-border passport ID amounts in effect to 2 separate identities, even if sharing the same "John Smith" name-label. That way madness lies.

Moreover, there is a (philosophical, but still) case to be made that the goal of a peaceful society, people not living in fear of one another, requires that as much non-critical information about citizenry as possible be made freely, or easily, available to everybody. As it was not that long ago in agrarian, early urban societies.

That means items like the date of birth, address, marital and familial status, taxed income (though perhaps not the employer or detailed sources), credit transgression history, criminal conviction (but not of having been indicted) record, and possession of state-issued driver-, gun-, and other licenses. NONE OF THAT SHOULD BE SECRET. I'm not saying that all ought to be available online, but that it needs to be in the public, rather than in any restricted domain.

    The clear exceptions would be any health-related data, and everything that falls under (even if only informal) individual-corporate disclosure agreements. The overall governing principle ought to be public by default, restricted access by exception. Anonymity, or identity by obscurity, is not a v. workable concept on the scale of a society. Your notion of segregated identities may be romantic, but also well past its sell-by-date.


@ Rhialto

Re: far as I can see, one needs to apply for ESTA in advance, pay for them, and it can be refused. Hardly different from a visum.

I take it you never had to apply for a US visum (of whatever kind—of which I think there are 31 different classes). Neither have I, always were able to travel there on an automatic visa waiver from my so-favored Western country. But I know that you mistake the pretty straightforward online ESTA application for a visum ditto.

You have no idea how costly, convoluted, and laden with mine fields that road can be. Depending on what nation/ region etc (don't ask me) you "belong to" the American USCIS (formerly INS and/or State Dept.) will apply different—but always arcane—rules, quotas, and whatever-the-flavor-du-jour floating from Washington, D.C., might be for granting one.

Don't get me started, but simple it never is, more like an alien abduction anal probe (every potential visitor a potential threat to the security of the USA – because the nineteen 2001/9/11 hijackers, so well-spoken students just dying to study there, proved to be). Personal interviews with intrusive questions about things way in the past, not unlike such on the forms needing to be submitted to Soviet authorities (somebody already did a comparative study of those… small differences). Mayhem. So, in comparison, that ESTA application seems like a piece of cake: you fill it in, they check you near instantly against their databases, and that's it. Still irritating but then NOBODY forces you to go visit the USA (I'll die not having seen the Grand Canyon, but a DVD of it is cheaper still, and doesn't require me to first scrub behind the ears, then sit pretty like a god-fearing adolescent in front of a parent ;-))

Steve Wilson (@Steve_Lockstep)November 14, 2015 11:38 PM

Bruce, I agree the passport is just a pointer, but you gloss over the end-point authentication issues when you predict that "you'll access [the virtual passport] with an app or a URL or maybe just the passport number".

There are several use case scenarios to consider but the most prevalent one of course is at border control when you are trying to prove your legitimacy to an officer. This surely calls for two factor (or physical factor) authentication. You say an "app" is an option but in more detail, surely the new system will use hardware-based challenge-response in a PK-capable device to authenticate the person? It's more about the crypto hardware than the application software (and as for quoting your passport number, on its own, that's surely unconscionable).

This will be an exemplary use case of cloud storage, where more than ever, it should be obvious that the security of the service is determined by the security of the end-points (where travellers summon up their virtual passports).


Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.