Adam Fields (weblog)

This blog is largely deprecated, but is being preserved here for historical interest. Check out my index page at adamfields.com for more up to date info. My main trade is technology strategy, process/project management, and performance optimization consulting, with a focus on enterprise and open source CMS and related technologies. More information. I write periodic long pieces here, shorter stuff goes on twitter or app.net.

5/9/2005

Why you should urge your Senator to vote against REAL ID

In short, the Real ID Act is a huge waste of money that will likely have the opposite of the stated effect, but will enable other kinds of tracking that are not worth the cost at best and totalitarian at worst, while leaving huge vulnerabilities for legitimate users of the system (i.e. MOST of the population).

On Tuesday, it comes up for vote in the Senate. It’s already passed the House.

http://www.unrealid.com/
http://action.eff.org/site/Advocacy?id=119

Senator Durbin’s opposing viewpoint:
http://aila.org/contentViewer.aspx?bc=9,594,8140,9251

Bruce Schneier has written extensively on why a National ID card is both a waste of money and likely to make us less safe.

I’ll paraphrase here, but I urge you to read his versions:

http://www.schneier.com/crypto-gram-0404.html#1
http://www.schneier.com/crypto-gram-0402.html#6

And particularly, his analysis of REAL ID:

http://www.schneier.com/blog/archives/2005/05/real_id.html

There are several key points:

1) It’s a common fallacy that identification is security, and that putting a label on everybody will automatically mean you can identify the bad guys. This is simply not true, and it’s an excuse to get an ID card implemented for other things. It is not possible to make an unforgeable ID card, and spending money on that is money that could be better spent on other, more useful (from a security standpoint) things, like training border guards. This fallacy has been propagated for years by the airline industry – matching ID to the name on the ticket does nothing for security.

2) A national ID card is a single point of very valuable failure for ID theft. With a one-stop card that’s good for everything, the incentive to forge that one card goes WAY up.

3) There isn’t one database of every citizen, currently, although the IRS probably comes closest. There has been no discussion about the feasibility of merging a bunch of databases into one, or how access will be limited to that data, how it will be secured, etc… This is not a small problem, and it’s being swept under the rug as an afterthought.

4) A very simple question – “is this a smart way to spend how much money for … what gain exactly?”.

A few quotes from Bruce:

“REAL ID is expensive. It’s an unfunded mandate: the federal government is forcing the states to spend their own money to comply with the act. I’ve seen estimates that the cost to the states of complying with REAL ID will be $120 million. That’s $120 million that can’t be spent on actual security.

And the wackiest thing is that none of this is required. In October 2004, the Intelligence Reform and Terrorism Prevention Act of 2004 was signed into law. That law included stronger security measures for driver’s licenses, the security measures recommended by the 9/11 Commission Report. That’s already done. It’s already law.

REAL ID goes way beyond that. It’s a huge power-grab by the federal government over the states’ systems for issuing driver’s licenses.”

“Near as I can tell, this whole thing is being pushed by Wisconsin Rep. Sensenbrenner primarily as an anti-immigration measure. The huge insecurities this will cause to everyone else in the United States seem to be collateral damage.”

A few observations of my own:

- This comes on the tail of the realization that the TSA has spent 4.5 BILLION dollars in the past few years on useless “security” measures in the past 3 years, some not insignificant chunk of which was spent on things relating to identification of passengers. It has been widely concluded that the airlines are no safer than they were in 2001.

- This administration is seriously deluded about security measures in electronically readable identification (particularly RFID implementation), and was recently forced against their every protest to face the fact that bad guys don’t play by your rules, and you need to design security measures against the worst case, not the best case. I see nothing like that here.

- Just the fact that it was slipped into a military appropriations bill and will pass with no debate is reason enough for me to be suspect.

http://www.unrealid.com/
http://action.eff.org/site/Advocacy?id=119


Powered by WordPress