It's Crypto-Gram day again...
Lastly, and for the umpteenth time, Schneier explains why "better" (more centralized, more standardized) identity cards wouldn't make us any safer from terrorism, this time in the context of a recent proposal called V-ID, from journalist/entrepeneur Stephen Brill. The whole article is worth reading, but here are some choice passages:
Trusted people within Choicepoint and V-ID are, of course, a potential problem. Several of the 9/11 terrorists had real Virginia driver's licenses in fake names, issued by dishonest state employees. This system will not be immune to that sort of problem, although I'm sure the creators will take pains to minimize the risk.
I worry about the back-end system. Somewhere there will be a computer that generates the questions, matches identity information with government databases, and generally administers the system. The fingerprint database will be stored somewhere, possibly on every reader. These databases would be vulnerable to attack, from insiders and outsiders.
...
The system is designed to be decentralized, so that someone cannot be tracked through the use of the card. It is an open question as to whether law enforcement could force the company to change that design and use the system to track people. The infrastructure is all there to do that: software on the reader and a communications system between the readers and some central point. Brill has said that it would be impossible, but from his description of the system, that's clearly not true.
...
Brill's plan is that people who have the card get a more lenient security treatment than people without. Call it what you will, but it means that people with the card are more trusted than people without.
The reality is that the existence of the card creates a third, and very dangerous, category: bad guys with the card. Timothy McVeigh would have been able to get one of these cards. The DC sniper and the Unabomber would have been able to get this card. Any terrorist mole who hasn't done anything yet and is being saved for something big would be able to get this card. Some of the 9/11 terrorists would have been able to get this card. These are people who are deemed trustworthy by the system even though they are not.
And even worse, the system lets terrorists test the system beforehand. Imagine you're in a terrorist cell. Twelve of you apply for the card, but only four of you get it. Those four not only have a card that lets them go through the easy line at security checkpoints; they also know that they're not on any terrorist watch lists. Which four do you think will be going on the mission? By "pre-approving" trust, you're building a system that is easier to exploit.
By any serious security analysis, identity cards are not an effective antiterrorism measure. On the other hand, they would be damn handy if you wanted to track the movements and behavior of ordinary Americans for political purposes. Of course, our government would never do that.
UPDATE: More on FBI surveillance of protesters (several large Quicktime files).