Entries Tagged "ID cards"

Page 3 of 10

ID Cards for Port Workers

While I am strongly opposed to a national ID, I have consistently said that giving strongly secured ID cards to groups like port workers is a good idea. It’s happening in New England:

The scannable card serves as proof that a background check has been performed and it contains features aimed at preventing misuse. In addition to a photograph, the card contains a smart chip that carries a copy of the holder’s fingerprint. Port and delivery workers, cargo handlers, and other employees who must venture into sensitive or secure areas will be required to submit to a fingerprint scan before entering those locations. The scanning machine will automatically perform a match analysis with the fingerprint embedded in the smart chip.

This is a great application for these cards.

Posted on October 21, 2008 at 1:28 PMView Comments

Me Helping Evade Airport Security

Great article from The Atlantic:

As we stood at an airport Starbucks, Schneier spread before me a batch of fabricated boarding passes for Northwest Airlines flight 1714, scheduled to depart at 2:20 p.m. and arrive at Reagan National at 5:47 p.m. He had taken the liberty of upgrading us to first class, and had even granted me “Platinum/Elite Plus” status, which was gracious of him. This status would allow us to skip the ranks of hoi-polloi flyers and join the expedited line, which is my preference, because those knotty, teeming security lines are the most dangerous places in airports: terrorists could paralyze U.S. aviation merely by detonating a bomb at any security checkpoint, all of which are, of course, entirely unsecured. (I once asked Michael Chertoff, the secretary of Homeland Security, about this. “We actually ultimately do have a vision of trying to move the security checkpoint away from the gate, deeper into the airport itself, but there’s always going to be some place that people congregate. So if you’re asking me, is there any way to protect against a person taking a bomb into a crowded location and blowing it up, the answer is no.”)

Schneier and I walked to the security checkpoint. “Counterterrorism in the airport is a show designed to make people feel better,” he said. “Only two things have made flying safer: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.” This assumes, of course, that al-Qaeda will target airplanes for hijacking, or target aviation at all. “We defend against what the terrorists did last week,” Schneier said. He believes that the country would be just as safe as it is today if airport security were rolled back to pre-9/11 levels. “Spend the rest of your money on intelligence, investigations, and emergency response.”

Schneier and I joined the line with our ersatz boarding passes. “Technically we could get arrested for this,” he said, but we judged the risk to be acceptable. We handed our boarding passes and IDs to the security officer, who inspected our driver’s licenses through a loupe, one of those magnifying-glass devices jewelers use for minute examinations of fine detail. This was the moment of maximum peril, not because the boarding passes were flawed, but because the TSA now trains its officers in the science of behavior detection. The SPOT program — Screening of Passengers by Observation Techniques — was based in part on the work of a psychologist who believes that involuntary facial-muscle movements, including the most fleeting “micro-expressions,” can betray lying or criminality. The training program for behavior-detection officers is one week long. Our facial muscles did not cooperate with the SPOT program, apparently, because the officer chicken-scratched onto our boarding passes what might have been his signature, or the number 4, or the letter y. We took our shoes off and placed our laptops in bins. Schneier took from his bag a 12-ounce container labeled “saline solution.”

“It’s allowed,” he said. Medical supplies, such as saline solution for contact-lens cleaning, don’t fall under the TSA’s three-ounce rule.

“What’s allowed?” I asked. “Saline solution, or bottles labeled saline solution?”

“Bottles labeled saline solution. They won’t check what’s in it, trust me.”

They did not check. As we gathered our belongings, Schneier held up the bottle and said to the nearest security officer, “This is okay, right?” “Yep,” the officer said. “Just have to put it in the tray.”

“Maybe if you lit it on fire, he’d pay attention,” I said, risking arrest for making a joke at airport security. (Later, Schneier would carry two bottles labeled saline solution — 24 ounces in total — through security. An officer asked him why he needed two bottles. “Two eyes,” he said. He was allowed to keep the bottles.)

Posted on October 16, 2008 at 4:32 PMView Comments

Identity Farming

Let me start off by saying that I’m making this whole thing up.

Imagine you’re in charge of infiltrating sleeper agents into the United States. The year is 1983, and the proliferation of identity databases is making it increasingly difficult to create fake credentials. Ten years ago, someone could have just shown up in the country and gotten a driver’s license, Social Security card and bank account — possibly using the identity of someone roughly the same age who died as a young child — but it’s getting harder. And you know that trend will only continue. So you decide to grow your own identities.

Call it “identity farming.” You invent a handful of infants. You apply for Social Security numbers for them. Eventually, you open bank accounts for them, file tax returns for them, register them to vote, and apply for credit cards in their name. And now, 25 years later, you have a handful of identities ready and waiting for some real people to step into them.

There are some complications, of course. Maybe you need people to sign their name as parents — or, at least, mothers. Maybe you need to doctors to fill out birth certificates. Maybe you need to fill out paperwork certifying that you’re home-schooling these children. You’ll certainly want to exercise their financial identity: depositing money into their bank accounts and withdrawing it from ATMs, using their credit cards and paying the bills, and so on. And you’ll need to establish some sort of addresses for them, even if it is just a mail drop.

You won’t be able to get driver’s licenses or photo IDs in their name. That isn’t critical, though; in the U.S., more than 20 million adult citizens don’t have photo IDs. But other than that, I can’t think of any reason why identity farming wouldn’t work.

Here’s the real question: Do you actually have to show up for any part of your life?

Again, I made this all up. I have no evidence that anyone is actually doing this. It’s not something a criminal organization is likely to do; twenty-five years is too distant a payoff horizon. The same logic holds true for terrorist organizations; it’s not worth it. It might have been worth it to the KGB — although perhaps harder to justify after the Soviet Union broke up in 1991 — and might be an attractive option for existing intelligence adversaries like China.

Immortals could also use this trick to self-perpetuate themselves, inventing their own children and gradually assuming their identity, then killing their parents off. They could even show up for their own driver’s license photos, wearing a beard as the father and blue spiked hair as the son. I’m told this is a common idea in Highlander fan fiction.

The point isn’t to create another movie plot threat, but to point out the central role that data has taken on in our lives. Previously, I’ve said that we all have a data shadow that follows us around, and that more and more institutions interact with our data shadows instead of with us. We only intersect with our data shadows once in a while — when we apply for a driver’s license or passport, for example — and those interactions are authenticated by older, less-secure interactions. The rest of the world assumes that our photo IDs glue us to our data shadows, ignoring the rather flimsy connection between us and our plastic cards. (And, no, REAL-ID won’t help.)

It seems to me that our data shadows are becoming increasingly distinct from us, almost with a life of their own. What’s important now is our shadows; we’re secondary. And as our society relies more and more on these shadows, we might even become unnecessary.

Our data shadows can live a perfectly normal life without us.

This essay previously appeared on Wired.com.

EDITED TO ADD (9/9): Interesting commentary.

Posted on September 9, 2008 at 5:42 AMView Comments

My LA Times Op Ed on Photo ID Checks at Airport


The TSA’s useless photo ID rules

No-fly lists and photo IDs are supposed to help protect the flying public from terrorists. Except that they don’t work.

By Bruce Schneier

August 28, 2008

The TSA is tightening its photo ID rules at airport security. Previously, people with expired IDs or who claimed to have lost their IDs were subjected to secondary screening. Then the Transportation Security Administration realized that meant someone on the government’s no-fly list — the list that is supposed to keep our planes safe from terrorists — could just fly with no ID.

Now, people without ID must also answer personal questions from their credit history to ascertain their identity. The TSA will keep records of who those ID-less people are, too, in case they’re trying to probe the system.

This may seem like an improvement, except that the photo ID requirement is a joke. Anyone on the no-fly list can easily fly whenever he wants. Even worse, the whole concept of matching passenger names against a list of bad guys has negligible security value.

How to fly, even if you are on the no-fly list: Buy a ticket in some innocent person’s name. At home, before your flight, check in online and print out your boarding pass. Then, save that web page as a PDF and use Adobe Acrobat to change the name on the boarding pass to your own. Print it again. At the airport, use the fake boarding pass and your valid ID to get through security. At the gate, use the real boarding pass in the fake name to board your flight.

The problem is that it is unverified passenger names that get checked against the no-fly list. At security checkpoints, the TSA just matches IDs to whatever is printed on the boarding passes. The airline checks boarding passes against tickets when people board the plane. But because no one checks ticketed names against IDs, the security breaks down.

This vulnerability isn’t new. It isn’t even subtle. I wrote about it in 2003, and again in 2006. I asked Kip Hawley, who runs the TSA, about it in 2007. Today, any terrorist smart enough to Google “print your own boarding pass” can bypass the no-fly list.

This gaping security hole would bother me more if the very idea of a no-fly list weren’t so ineffective. The system is based on the faulty notion that the feds have this master list of terrorists, and all we have to do is keep the people on the list off the planes.

That’s just not true. The no-fly list — a list of people so dangerous they are not allowed to fly yet so innocent we can’t arrest them — and the less dangerous “watch list” contain a combined 1 million names representing the identities and aliases of an estimated 400,000 people. There aren’t that many terrorists out there; if there were, we would be feeling their effects.

Almost all of the people stopped by the no-fly list are false positives. It catches innocents such as Ted Kennedy, whose name is similar to someone’s on the list, and Yusuf Islam (formerly Cat Stevens), who was on the list but no one knew why.

The no-fly list is a Kafkaesque nightmare for the thousands of innocent Americans who are harassed and detained every time they fly. Put on the list by unidentified government officials, they can’t get off. They can’t challenge the TSA about their status or prove their innocence. (The U.S. 9th Circuit Court of Appeals decided this month that no-fly passengers can sue the FBI, but that strategy hasn’t been tried yet.)

But even if these lists were complete and accurate, they wouldn’t work. Timothy McVeigh, the Unabomber, the D.C. snipers, the London subway bombers and most of the 9/11 terrorists weren’t on any list before they committed their terrorist acts. And if a terrorist wants to know if he’s on a list, the TSA has approved a convenient, $100 service that allows him to figure it out: the Clear program, which issues IDs to “trusted travelers” to speed them through security lines. Just apply for a Clear card; if you get one, you’re not on the list.

In the end, the photo ID requirement is based on the myth that we can somehow correlate identity with intent. We can’t. And instead of wasting money trying, we would be far safer as a nation if we invested in intelligence, investigation and emergency response — security measures that aren’t based on a guess about a terrorist target or tactic.

That’s the TSA: Not doing the right things. Not even doing right the things it does.

Posted on September 1, 2008 at 5:15 AMView Comments

Flying Without ID

Seems like the procedure has changed:

Mr. Peters nodded, and then looked down at the sheet which I had filled out and signed. “I’m going to have to make some calls to verify your identity.”

I nodded.

He pulled out a cell phone. I had assumed that we would be going to some separate screening room, but that wasn’t the case. He stood facing the silver table, and I leaned back against it. So this was the dreaded interview. People walked past us with bags and luggage.

“Hello,” he said. “Security.” Long pause. It sounded like he was transferred. He said a number that I think had the same number of digits as a phone number. Then he said a shorter number. “No, she doesn’t.” He wrote something in small letters on the form. Then he spelled my name over the phone. “D-A-V-I-D-O-F-F. That’s Indigo Delta… yes.”

He looked at me. “What’s the name of a street that you lived on prior to your current address?”


“Inman,” he repeated. There was a pause. “Where did you live in 2004?”

“Hmm…” I said. “New Mexico? I think? Maybe Massachusetts.”

He conferred with the person on the phone. “That’s fine.” He hung up.

“All right,” he said. “You’re going to go through full security screening.” He wrote “SSSS” in red marker on my printed boarding pass. He handed my form to one of the officers at the podium, and then gestured to the first screening line. “Right here.”

This only works if you’ve lost your ID, not if you refuse to show it.

Posted on August 12, 2008 at 12:33 PMView Comments

New TSA ID Requirement

The TSA has a new photo ID requirement:

Beginning Saturday, June 21, 2008 passengers that willfully refuse to provide identification at security checkpoint will be denied access to the secure area of airports. This change will apply exclusively to individuals that simply refuse to provide any identification or assist transportation security officers in ascertaining their identity.

This new procedure will not affect passengers that may have misplaced, lost or otherwise do not have ID but are cooperative with officers. Cooperative passengers without ID may be subjected to additional screening protocols, including enhanced physical screening, enhanced carry-on and/or checked baggage screening, interviews with behavior detection or law enforcement officers and other measures.

That’s right; people who refuse to show ID on principle will not be allowed to fly, but people who claim to have lost their ID will. I feel well-protected against terrorists who can’t lie.

I don’t think any further proof is needed that the ID requirement has nothing to do with security, and everything to do with control.

EDITED TO ADD (6/11): Daniel Solove comments.

Posted on June 11, 2008 at 1:42 PMView Comments

The ID Divide

Yesterday, the Center for American Progress published its paper on identification and identification technologies: “The ID Divide: Addressing the Challenges of Identification and Authentication in American Society.” I was one of the participants in the project that created this paper, and it’s worth reading.

Among other things, the paper identifies six principles for identification systems:

  • Achieve real security or other goals
  • Accuracy
  • Inclusion
  • Fairness and equality
  • Effective redress mechanisms
  • Equitable financing for systems

From the Executive Summary:

How can these principles be honored in practice? That’s where the “due diligence” process comes into play when considering and implementing identification systems. Due diligence in the financial world of mergers and acquisitions and other important corporate transactions is conducted before a company makes a major investment. Proponents of, say, a merger (or in our case, a new identification program) can err on the side of optimism, concluding too readily that the merger (or new ID program) is clearly the way to go. Thorough due diligence protects against such over-optimism.

In the pages that follow, we apply this due diligence process to some recurring technical problems with current and proposed identification programs. And we discover—as you’ll see toward the end of the report—that ID programs that rely on “shared secrets,” such as Social Security numbers or your mother’s maiden name, are becoming more insecure due to the increased use of identification. Similarly, ID programs based on biometrics such as fingerprints or iris scans are not the “silver bullets” that some proponents claim they are, but rather could become compromised rapidly if deployed in haphazard ways.

We then apply our progressive principles and due diligence insights to two current examples of identification programs. The first details why it would be bad policy to require government-issued photo ID for in-person voting. The second shows the basically sound policy rationale for the Transportation Worker Identification Card, used for workers with access to security-critical port facilities. By examining one identification program that is reasonable, and one that is not, our analysis shows the usefulness of the Progressive Principles for Identification Systems.

I participated in the panel discussion announcing this report, along with Jim Harper (Director of Information Policy Studies at the Cato Institute).

Posted on June 4, 2008 at 6:34 AMView Comments

Giving Drivers Licenses to Illegal Immigrants

Many people say that allowing illegal aliens to obtain state driver’s licenses helps them and encourages them to remain illegally in this country. Michigan Attorney General Mike Cox late last year issued an opinion that licenses could be issued only to legal state residents, calling it “one more tool in our initiative to bolster Michigan’s border and document security.”

In reality, we are a much more secure nation if we do issue driver’s licenses and/or state IDs to every resident who applies, regardless of immigration status. Issuing them doesn’t make us any less secure, and refusing puts us at risk.

The state driver’s license databases are the only comprehensive databases of U.S. residents. They’re more complete, and contain more information – including photographs and, in some cases, fingerprints – than the IRS database, the Social Security database, or state birth certificate databases. As such, they are an invaluable police tool – for investigating crimes, tracking down suspects, and proving guilt.

Removing the 8 million-15 million illegal immigrants from these databases would only make law enforcement harder. Of course, the unlicensed won’t pack up and leave. They will drive without licenses, increasing insurance premiums for everyone. They will use fake IDs, buy real IDs from crooked DMV employees – as several of the 9/11 terrorists did – forge “breeder documents” to get real IDs (another 9/11 terrorist trick), or resort to identity theft. These millions of people will continue to live and work in this country, invisible to any government database and therefore the police.

Assuming that denying licenses to illegals will make them leave is head-in-the-sand thinking.

Of course, even an attempt to deny licenses to illegal immigrants puts DMV clerks in the impossible position of verifying immigration status. This is expensive and time-consuming; furthermore, it won’t work. The law is complicated, and it can take hours to verify someone’s status only to get it wrong. Paperwork can be easy to forge, far easier than driver’s licenses, meaning many illegal immigrants will get these licenses that now “prove” immigrant status.

Even more legal immigrants will be mistakenly denied licenses, resulting in lawsuits and additional government expense.

Some states have considered a tiered license system, one that explicitly lists immigration status on the licenses. Of course, this won’t work either. Illegal immigrants are far more likely to take their chances being caught than admit their immigration status to the DMV.

We are all safer if everyone in society trusts and respects law enforcement. A society where illegal immigrants are afraid to talk to police because of fear of deportation is a society where fewer people come forward to report crimes, aid police investigations, and testify as witnesses.

And finally, denying driver’s licenses to illegal immigrants will not protect us from terrorism. Contrary to popular belief, a driver’s license is not required to board a plane. You can use any government-issued photo ID, including a foreign passport. And if you’re willing to undergo secondary screening, you can board a plane without an ID at all. This is probably how anybody on the “no fly” list gets around these days.

A 2003 American Association of Motor Vehicle Administrators report concludes: “Digital images from driver’s licenses have significantly aided law enforcement agencies charged with homeland security. The 19 (9/11) terrorists obtained driver licenses from several states, and federal authorities relied heavily on these images for the identification of the individuals responsible.”

Whether it’s the DHS trying to protect the nation from terrorism, or local, state and national law enforcement trying to protect the nation from crime, we are all safer if we encourage every adult in America to get a driver’s license.

This op ed originally appeared in the Detroit Free Press.

Posted on February 13, 2008 at 5:57 AM

Sidebar photo of Bruce Schneier by Joe MacInnis.