The always thoughtful and incisive Bruce Schneier is out with his latest CRYPTO-GRAM. He’s got an interesting take on a government-mandated $11 billion personal storage program: Real-ID.

No debate, no vote
People in other countries – yes, there are Americans who know there are other countries (thanks, Eddie Izzard) – may find this hard to credit, but Americans are opposed to a national ID card. There is no centralized identity database or any entity that issues ID that everyone carries. A majority of Americans are against it.

So why do we have an $11 billion program for a national ID card? Because congressman James Sensenbrenner, chairman of a powerful committee, attached it to a bill that no one was willing to vote against. So it became law.
With no debate.

An ID card is personalized storage; the database behind it a horrorshow
But what does an ID card have to do with security? The theory is that if we know who everyone is, we can keep the bad guys from acting bad. As Schneier points out, this theory has no support in real life:

A reliance on ID cards is based on a dangerous security myth, that if only we knew who everyone was, we could pick the bad guys out of the crowd.

In an ideal world, what we would want is some kind of ID that denoted intention. We’d want all terrorists to carry a card that said “evildoer” and everyone else to carry a card that said “honest person who won’t try to hijack or blow up anything.” Then security would be easy. . . .

This is, of course, ridiculous; so we rely on identity as a substitute. . . .

Even worse, as soon as you divide people into two categories — more trusted and less trusted people — you create a third, and very dangerous, category: untrustworthy people whom we have no reason to mistrust. Oklahoma City bomber Timothy McVeigh; the Washington, DC, snipers; the London subway bombers; and many of the 9/11 terrorists had no previous links to terrorism. . . .

There’s another, even more dangerous, failure mode for these systems: honest people who fit the evildoer profile. Because evildoers are so rare, almost everyone who fits the profile will turn out to be a false alarm. Think of all the problems with the government’s no-fly list. That list, which is what Real IDs will be checked against, not only wastes investigative resources that might be better spent elsewhere, but it also causes grave harm to those innocents who fit the profile.

That last item, the no-fly list, points to all the problems with the databases behind the Real-ID programs: loaded with errors; accessed by hundreds of thousands of mostly-honest but not-all-that-well-paid public employees; and no standards among the 50 state databases. Fake Real-ID cards and real Real-ID cards with fake info won’t take long to proliferate. So what is the point?

The StorageMojo take
Massive storage is a wonderful thing – used correctly (see Massive Storage In Our Brave New World one of the funniest things I’ve written). But if there one thing the founding fathers would warn: government will use it to restrict our freedom. Any security improvements will be incidental.

Along with our silly new passports (see Stupid Gov’t Trick: Wireless Passport Storage) the Real-ID program shows that our post-9/11 government knows as little about security as it does about Iraq.

Only constant vigilance will preserve our freedom in the age of massive storage. Just like every other age.