BACK SHORTLY AFTER 9/11, Bruce Schneier wrote a column that appeared in Info World. At least, that’s how I remember it. At the time, I didn’t have a blog, and by the time I did, I’d lost all of my copies of the article. Now, I can get lots of returns in Bing-ing various keywords relating to Schneier and security, but I can’t find this particular article. (If somebody knows where I can, I’d love to hear about it.)
The article was about airliner security and contained a proposal for a simple security system that would have several unique attributes:
- It could be put together from off-the-shelf parts available at the time.
- It permitted total anonymity.
- It allowed the building of a Federal security database of trust signifiers that would be, as I say, totally anonymous.
- It was virtually unbreakable.
- It seemed (to me) to be totally transparent. I did not see any opportunity for abuse, either by government or the general public.
- It accomplished the twin goals of securing airliners against infiltration and attack by radicalized Islamist terrorists (or any other type of militant) and of permitting the free flow of traffic over the air routes.
And, in retrospect, it did not require a massive, unionized, intrusive, importunate Federal apparatus to accomplish its goals. Correction: it could accomplish its goals whereas the current TSA farrago cannot and will never accomplish its goals.
The system was founded on two bases. First, the recognition of the core fact that the state (or any protective agency) does not need to know the identities of those accessing an object, a vehicle, or a facility. All that needs to be known is whether or not the person(s) gaining that access are worthy of the trust that they would do no harm having gained the access. Second, there must be no way that the system can be gamed by any participants — either the government or the people earning the trust of the system.
The system consisted of three objects — a trust token, say an ID card; a verification method, say a retina or iris scan; and a database that would connect the unique yet anonymous identifier on the card with the verification method — for the most part, a biometric. If you’re familiar with a QR code, that would be your identifier. It would be on a card that the person wishing access would carry. That code would pass to the system a resource locator that would link to a database record containing ONLY the results of a series of tests the bearer of the card has passed and the degree of trust to which these passages would grant the bearer. The same card would be born by an electrical engineering student from Saudi Arabia who has overstayed his student visa and an 80-year-old granny from Vero Beach and a Federal Air Marshall.
The tests, as I recall Schneier proposed, would consist of what Schneier called (and were misidentified as) Farwell Brain Scans. These are specialized EEGs taken while the subject is watching a prepared video or slide show of particular objects. Supposedly, since the responses to the stimuli offered are totally involuntary, there’s no way to beat this. The types of images shown would isolate a person’s experience. It would not necessarily by itself grant or deny access, but might indicate probable cause for further investigation.I tell you that to tell you this:
Monday, the Supreme Court struck down an Arizona law which expanded on the Federal law regarding the requirements for voting. Arizona wanted to require photo IDs, but the Federal law only requires a signature affirming an assertion of citizenship (under penalty of perjury). It seems clear that the Federal specifications are far less intrusive into the privacy of the individual. Of course, it requires that the prospective voter be honest. The Arizona method permits the state to — sort of — keep the voter honest. But, in a sense, that’s not the state’s business. It’s the citizen’s business to keep the government honest, not the other way around.
I tell you THAT to tell you THIS:
Apparently, it’s becoming clear that police agencies are abusing state driver’s license photo databases, degrading personal privacy and anonymity.
So, here’s the story challenge. Imagine a regime or protocol which can tie these three things together and find a story in it.
As before, the first writer to publication (ebook on Amazon will do) wins a No-Prize.