Die Flagge des Marasek

Dekostreifen

Deutsch

Current Texts Comic Imprint Calendar Search PHP-Classes Container-Wizard main.s21

Categories

Class Library
Computers
Gaming
Global Politics
Programming
Society
Weblog
World Outlook
{{login}}

Schneier attacking IDs

Permalink
Previous: KatzencontentNext: A new feature
Assigned keywords: Gesellschaft

Stumbled about a text from security expert Bruce Schneier today in which he attacks IDs. Well, the text is titled IDs and the illusion of security, but three fourths are about how profiling is wrong and harmful. Which is a valid point of view, but not quite what the title promises.

As for IDs, it is quite difficult for a German to understand the high amount of resistance US citizens put up against the very thought of having mandatory, government issued IDs. I think its a needless and even harmful resistance, from both of the security and the freedom point of view. But let's start from the beginning.

At first, Schneier calls ID a "completely useless security measure", quoting that the terrorists of Sept. 11 had photo IDs. Yes, but that does not make them useless, since the main feature of an ID is not to tell good from bad guys apart. It is a measure to properly "authenticate" people, which is, as Schneier should know, something different as "authorize". As such, IDs have to be protected against forgery, which would allow me to authenticate as someone else - and, in a second step, gain an authorization I should not have (as mentioned before, Schneier goes then on to attack the authorization part).

Having authentication in place is a valid security measure. Otherwise I could just set the passwords of all of my accounts to NULL. Which is a valid measure if I fall for the same "perfect solution fallacy" as Schneier does: "Crackers have passwords as well, and they can gain access to machines without passwords, so passwords are just useless". Same applies for about every security measure ever devised on the planet, so I guess we can go all home now and stop bothering, can't we?

Comments

Please note: comments posted won't be visible immediately, as they will be checked for harmful content.

* Title  
* Nickname  
* Comment