ID cards are a waste, says security guru

R.A. Hettinga rah at shipwright.com
Tue Mar 8 08:35:33 EST 2005 

<http://www.computerweekly.com/print/ArticlePrinterPage.asp?liArtID=137172&liFlavourID=1>



Printed from ComputerWeekly.com

IT Management: Security

by Bill Goodwin
Tuesday 8 March 2005
ID cards are a waste, says security guru
Bruce Schneier tells Computer Weekly why ID cards could exacerbate crime
and why the only way to beat ID theft is to make banks responsible for its
prevention.

The UK's plans for biometric identity cards are a waste of money, one of
the world's leading experts on computer security said this week.

 In an interview with Computer Weekly, Bruce Schneier, security author and
chief technology officer of internet security group Counterpane, said the
programme could do more harm than good.

 "ID cards are a waste of money. The amount of good they will do is not
nearly worth the cost. They will not reduce crime, fraud or illegal
immigration," he said.

 The adoption of ID cards would encourage criminals to attempt forgeries,
he said, potentially exacerbating crime rather than reducing it.

 "Every credential has been forged. As you make a credential more valuable,
there is more impetus to forge it. The reason identity theft is so nasty
now is that your identity is so much more valuable than it used to be. By
putting in the infrastructure, we have made the crime more common. That's
scary."

 He said the UK government, like other governments around the world, was
investing in the technology as a form of control but marketing it as better
security.

 "We are living in a world where governments are looking for more control.
They are looking for measures that increase control. It is being sold as
security but it is really control," he said.

 Schneier said that the US plans to spend £10bn on a programme to build
checkpoints at airports to prevent terrorists boarding planes are a similar
waste of money.

 "If you had a list of people that were so dangerous you would never let
them on an aircraft and £10bn, would you build a series of checkpoints at
airports just in case they happened to walk through them, or hire FBI
agents to investigate those people?" he said.

 "We are building a security system that only works if the terrorist
happens to choose the tactic of going on an aircraft, yet we are affecting
the privacy of every airline passenger."

 Schneier said ID theft will only be solved when banks are given
responsibility to prevent it. "As soon as it becomes the banks' problem, it
will be solved. The entity that is responsible for the risk will mitigate
the risk."

 Credit card fraud in the US fell dramatically after the banks become
responsible for refunding customers with losses of more than £25 caused by
fraud, he said.

Schneier's CV

 Security technologist and author Bruce Schneier is a founder and chief
technical officer of Counterpane Internet Security.

 Schneier is the author of eight books including Beyond fear: thinking
sensibly about security in an uncertain world. Secrets and lies: digital
security in a networked world has sold 100,000 copies. Applied
cryptography, now in its second edition, has sold more than 150,000 copies
and has been translated into five languages.

 He writes the e-mail newsletter Crypto-Gram, which has over 100,000
readers. He is a frequent writer and lecturer on cryptography, computer
security and privacy.

 Schneier designed the Blowfish and Twofish encryption algorithms, the
latter a finalist for the new Federal Advanced Encryption Standard. He
holds a masters degree in computer science from American University and a
degree in physics from the University of Rochester.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list