Friday, January 28, 2005

UK man arrested for using non standard browser

According to Cory, who doesn't post such stories lightly, a man in the UK has apparently been arrested by armed police for using a non standard browser to make a tsunami aid donation. Misunderstandings about technology can lead to quite scary situations. No details available yet, so it's probably a more complicated story than it appears at first sight.

Funny piracy cartoon

Tony Esteves has a funny cartoon at Cigarro & Cerveja no pirating cookie recipes from the Web. :-)

Ofcom chairman talks about regulating Net content

"The blurring of boundaries between TV and the internet raises questions of regulation, watchdog Ofcom has said." says the BBC.

"Content on TV and the internet is set to move closer this year as TV-quality video online becomes a norm.

At a debate in Westminster, the net industry considered the options.

Lord Currie, chairman of super-regulator Ofcom, told the panel that protecting audiences would always have to be a primary concern for the watchdog.

Despite having no remit for the regulation of net content, disquiet has increased among internet service providers as speeches made by Ofcom in recent months hinted that regulation might be an option.

At the debate, organised by the Internet Service Providers' Association (ISPA), Lord Currie did not rule out the possibility of regulation.

"The challenge will arise when boundaries between TV and the internet truly blur and then there is a balance to be struck between protecting consumers and allowing them to assess the risks themselves," he said. "

There is another gem part way through this article:

"Richard Ayers, portal director at Tiscali, said there was little point trying to regulate the internet because it would be impossible."

I thought this kind of libertarian idealism was well and truly buried now but apparently not. Even John Perry Barlow, author of "A Declaration of the Independence of Cyberspace" has accepted the Lessig 'code is law' message:

"Any time you engage with information, the reality that you extract from that information is shaped by the tools that deliver it. Microsoft’s information presentation is such a monoculture that it edits out a lot of other realities. So you have a new kind of monopoly that affects the way people think in ways that are invisible to them. It’s a very dangerous form of monopoly, especially now that they are talking about the "trusted computing" model, where it will be very difficult for you to save and then pass on documents on systems without identifying yourself.

That system is supposed to be designed to help control digital rights management. By its nature it will be great for political rights management, because it’s an enormously penetrative surveillance tool, and it makes it hard to do anything anonymously involving a computer."

Simply put, the the technology of the Internet is artificially created. It may have started with an open, difficult to regulate "end to end" architecture but this has been changing because it can be changed. Change the technology and centralised regulation becomes possible. The "it's impossible to regulate the Internet" rhetoric no longer holds water.

The head of BT's entertainment division has much more interesting and controversial things to say, than the man from Tiscali:

"If content is on-demand, consumers have pulled it up rather than had pushed to them, then it is the consumers' choice to watch it. There is no watershed on the net"

That could set a few hares running. We're have significant potential for a broadcatching rather than a broadcasting model the technologies continue to merge. The evolution towards that potential will be a fascinating story to watch.

WP Canada and the Balckberry

The Washington Post had a story on Tuesday about the Canadian government objecting to the extra-territorial patent claim implications of the decision in the RIM v NTP patent infringement case.

"RIM claims its BlackBerry relay server - through which all e-mails pass - is based in Waterloo, Ontario, so U.S. patent laws have no jurisdiction, even though most of its 2 million subscribers are below the 49th parallel."

And the Canadian government agree with them.

Thursday, January 27, 2005

The Struggle for Affordable Drugs

News of an incredibly important development from David Bollier, author of the excellent "Silent Theft:the private plunder of our common wealth" and the just published "Brand Name Bullies:the quest to own and control culture", (which I've been waiting for Amazon to deliver for several weeks):

"Big Pharma is such a hard-driving, seemingly invincible player in global markets and policymaking that it often appears impossible to counter its influence. Now comes a fascinating new proposal that could radically change how the nations of the world could finance medical research for new drugs. Jamie Love, the brilliant strategist and director of the Consumer Project on Technology, working with dozens of influential scientists, public health officials and lawyers, has announced a new paradigm for trade policy on medical R&D.

For decades, under the current patent and trade regime, drug companies have ratcheted up the price and scope of their patent protections even though that is precisely what makes it harder to treat AIDS, malaria and many other diseases proliferating around the world, especially in developing countries. But how to get beyond this paradigm? After more than two years of discussion with an impressive list of global players, Love and others have developed a proposed medical R&D treaty that would make it easier to finance medical research on significant health problems. It would also reduce the prices of drugs that ultimately result from that research...

The working draft of the new treaty that the group proposes would try to create a global market in producing public goods -- namely, medically significant new drug research and treatments. Rather than financing such work through patent protection and high prices -- which are palpably not developing the necessary research or end-products at affordable prices -- the treaty would require signatory countries to spend an agreed-upon percentage of their Gross Domestic Product on qualified forms of R&D. Countries could meet their obligations through direct public funding of drug research, tax credits, philanthropic spending, innovation prizes, among other techniques. Strong patent protections would not be the only acceptable approach.

The treaty would serve to diversify the types of research being done; focus it on the most urgent public health problems; and decentralize control of R&D spending. The whole R&D expenditures process would be transparent and subject to independently verifiable measurement."

Copyfight on Grokster amicus briefs

Copyfight, as usual, has some really useful links on the Grokster filings to the Supreme Court.

German library allowed to crack copy protection

From the excellent EDRI-gram:

"The German national library (Deutsche Bibliothek) has negiotated a license with rightholders to legally circumvent copy protection mechanisms on CD-roms, videos, software and E-books. It seems this is the first library in Europe to have managed a voluntary agreement on the strict new anti-circumvention rules prescribed by the EU copyright directive of 2001 (2001/29/EC). Article 6 of the EUCD prohibits acts of circumvention, as well as the distribution of tools and technologies used for circumvention of access control or copy protection measures. Member States could choose between penal or civil sanctions for infringement. Germany has chosen penal sanctions, with large fines or a 3 year prison sentence for circumvention for a commercial purpose...

The German Federation of the Phonographic Industry and the German Booksellers and Publishers Association have agreed to allow the library to fulfil its legal obligation to collect and make available material for long-term archiving purposes. The agreement also allows the library to break digital locks on books and music for scientific purposes of users, for collections for school or educational purposes, for instruction and research as well as on works that are out of print. These duplications are subjected to a fee and possibly a digital watermark. Rightholders may either supply a lock-free copy of a work, but if not, the library may circumvent the protection."

From an education perspective this is a positive step, though I'm not familiar with the small print of the agreement, so there's still a caveat.

The report in the same issue that Rena Tangens from the German privacy-organisation FoeBuD is calling on all fans to boycott the World Championship because "the World Cup is being abused by sponsors and the surveillance industry to introduce snooping-technology and to spy on the fans" is a real concern. Unwelcome though this development is I don't hold out much hope of a boycott. And really that's the crux of the issue. If most of us are prepared to hand over sensitive personal data to anyone who asks for it and allow ourselves to be subject to detailed surveillance without question then we deserve what we get in terms of the consequences of loss of privacy. Not enough people really care. I won't be going to any of the matches in Germany but if Ireland happened to make it to the final...?

'Father of PlayStation' says Sony blew it on media players

'Father of PlayStation' says Sony blew it on media players

"Sony missed out on potential sales from MP3 players and other gadgets because it was overly proprietary about music and entertainment content, the head of Sony Corp.'s video-game unit acknowledged Thursday.

Ken Kutaragi, president of Sony Computer Entertainment Inc., said he and other Sony employees have been frustrated for years with management's reluctance to introduce products like Apple Computer Inc.'s iPod, mainly because the Tokyo company had music and movie units that were worried about content rights."

You don't often see that kind of admission from the senior management of the tech cos but their employees have been bashing their heads against the internal brick wall on this for many years. One told me at a conference last year, when I gave a talk with a similar to message to Cory on drm, (though not nearly as elegant), that I had been saying the kinds of things the engineers in her organisation had been wanting to say for years but were too scared to do so.

Copyfight

Donna has been very busy recently because she's been working at the EFF on an endagered gizmos campaign, where they have generated a list of technologies in three categories - extinct, endangered and saved - and given a background on each. Nice idea. The things that originally got me interested in intellectual property was the RIAA's attempts to get a digital music player called the Rio outlawed in the late 1990s.

I was irritated at the time that the music industry wanted to ban a neat bit of technology and hadn't given any thought to the complexity of the issues surrounding intellectual property and the anxieties induced in the industry by the evolution of digital tehnologies.

I started to look into what exactly was going on with that case and nearly 6 years later I'm still absorbed. It's a fascinating and crucially important area for the future of our information society and as an added bonus, you come across all kinds of interesting people and ideas. And just looking at an extract from one of those links, Cory on drm again:

"But counterfeiting gangs who engage in "illegal copying" and
"piracy" -- that is, the sophisticated criminal enterprises that
operate in the former USSR and elsewhere to stamp out billions of
fake CDs and DVDs -- are unfazed by these systems, because they
are, in fact, sophisticated attackers. They are, in fact, not
average users. This commercial piracy is the only activity that
clearly displaces sales to the studios and the labels, and it is
precisely this kind of piracy that DRM cannot prevent.

As to average users engaged in file-sharing, they, too, won't be
foiled by this. Rather, they will be able to avail themselves of
songs, movies and other media that have had their DRM removed by
sophisticated users. They need not know how to hack the DRM
wrappers off their music, they merely need to know how to search
Google for copies where this has already happened.

And that is exactly what they will do: they will bring home
lawfully purchased CDs and DVDs and try to do something normal,
like watch it on their laptop, or move the music to their iPod,
and they will discover that the media that they have bought has
DRM systems in place to prevent exactly this sort of activity,
because the studios and labels perceive an opportunity to sell
you your media again and again -- the iPod version, the auto
version, the American and UK version, the ringtone version, und
zo weiter. Customers who try to buy legitimate media rather than
downloading the unfettered DRM-free versions will be punished for
their commitment to enriching the entertainment companies. That
commitment will falter as a consequence.

Finally, these systems are *never* limited to "illegal copying
and piracy" -- rather, they contain measures to enforce
non-copyright restrictions like region-coding (movies bought in
the US can't be watched on UK DVD players) and restrictions on
backup and format-shifting. These activities are *not* illegal or
piracy, but they are just as readily restricted by these systems
as indiscriminate file-sharing."

Special constable fined

A special constable in Dorset has been fined £1000 for using the police criminal records database to check out people she worked with at a petrol station.

A study by academics at the university of York says that using hands free kits can reduce the radiation exposure from mobile phones to the head by 47%. They're not saying mobiles are unsafe, just that if anyone is concerned then it would be sensible to use the hands free kit, or as they say, take the precautionary approach. This follows the Britain's National Radiological Protection Board (NRPB) recomendation in early January that children should take care when using mobiles, use the phones for as short a time as possible when talking, preferably use them for text rather than speech and use phones with low "specific absorption rates."

There is due to be a conference on 'Children and Young People's Use of Mobile Phones' in London on 8 February.

Wednesday, January 26, 2005

My way , highway and spy way

Ian Kerr feels like he is "standing in the middle of yesterday"

"ten years ago, information studies guru phil agre wrote a series of interesting articles about intelligent transportation systems (ITS) in an online journal called the network observer. the focus of these articles was on privacy. agre wanted to avoid utopian and dystopian extremes, steering readers instead towards what he called "medium-sized concepts that let us make theories about the interaction between technologies and institutions..."

agre warned of transponder disks that would be placed inside vehicles as part of automated toll collection systems on highways. agre worried that these transponders could be used not just to collect tolls but also to track who was traveling where and when. he predicted that automated tolls would commence on a voluntary basis but would become involuntary as toll roads multiply in number alongside public-private sector cost-recovery partnerships. the central aim would be to find an efficient and convenient way to collect tolls automatically, without asking drivers to slow down or pay cash at a gated highway entrance or exit.

ITS, agre noted, threatened the possibility of driving anonymously. in collaboration with world leading privacy expert marc rotenberg, agre raised a number of policy issues essential to ensuring adequate privacy protection on tomorrow's semi-public highways. agre also commended a company called amtech systems for developing a vehicle identification process system that would allow people to pay tolls automatically but with complete privacy, based on the digital cash methods developed by internationally renowned cryptographer david chaum.

the brilliance of chaum's system was its ability to authenticate the driver for the purposes of tracking payments without the need to reveal, collect or disclose personal identifiers that would indicate who was traveling where and when, etc. using crypto to render untraceable the link between drivers' identities and their means of payment, such technologies offered (and indeed continue to offer) the promise of a middle ground in cases where there is a clash between privacy and the public interest.

flash forward ten years.

it turns out that agre was dead right. automation and ITS have indeed come to rule the road on many of the better roadways in north america and europe."

Latest attempt to pass sw directive fails

The latest attempt to sneak the software patent directive through an agriculture and fisheries meeting has failed thanks to another rear-guard action by Polish officials on Monday last.

Isenberg's freedom to connect

David S. Isenberg has a wonderful short essay in his latest Smart Letter, reproduced in full below, with David's permission via a creative commons license

THE LIMITS OF FREEDOM TO CONNECT
Confessions of a Customer
by David S. Isenberg

Recently, Verizon blacklisted whole ranges of IP
addresses in Europe, denying mail delivery to their
U.S. customers. The problem, Verizon said, was that
spammers were using some of these IP addresses.

This might be framed in several ways, one of which
is as an attack on customers' Freedom to Connect.

One might suggest that if you don't like Verizon's
policy, you can opt out! That is, thanks to the End-
to-End property of the Internet, Verizon's customers
can use Verizon as an access provider only and get
their email services from other providers.

Here's a true story. I am a Verizon DSL customer.
I do this. I connect to the Internet via Verizon
DSL, but Earthlink runs my incoming mail server and
Fastmail runs my outgoing server.
However, I am not your average DSL customer. Other
people might not know that alternative mail services
are possible. Setting up alternative mail services
could be intimidating and non-transparent. Thank
goodness I have network-savvy friends to help me
understand things like POP and SMTP.

One could perhaps use a right-to-vote as an analogy
to explore this further. During the 2004 campaign,
there were reports from Philadelphia of men in suits
and official looking cars appearing in poor
neighborhoods telling people that if they voted they
might be arrested for overdue child support or
unpaid traffic tickets. If true, were these men
violating peoples' right to vote? Perhaps you could
say they weren't. Almost certainly they were wrong
in a technical sense; there probably were not
"outstanding warrant inspectors" at the polls. Lets
assume that the reported vague threats were simply
vague threats. Were these men violating peoples'
right to vote?

Back to Verizon. The main reason I went to Verizon
was that Cablevision (Optimum Online) began limiting
my ability to send email. First it somehow capped
the number of emails I could send in a certain time
period. I am not sure exactly how the cap worked,
but I could only send 150 SMART Letters at a time
(from my list of about 3000) before the cap kicked
in. This could be viewed -- in isolation -- as
reasonable, e.g., to control spam sent by zombies in
peoples' Windows PCs.

Then I switched my Cablevision-connected client to
the Fastmail SMTP server. For a while this worked,
then it didn't. Cablevision was blocking Port 25.
People smarter than I pointed out that I could use
Fastmail with other ports. Sure, but maybe
Cablevision would block those ports too. And
Cablevision itself offered a workaround, pay $109
instead of $45 for the "business service" and Port
25 comes unblocked. I asked the service rep what
else the $109 bought me and he said, "That's about
it."

Was Cablevision violating my Freedom to Connect? I
am "free" to find workarounds if I know enough to
hack them. I am still "free" to connect at $109 if I
can afford it. I am still "free" to use other ports
besides Port 25 to send out email -- until these are
also blocked. And I am still "free" to switch from
one of two (count 'em, two) providers to the other.

Again, please permit me an analogy. This is kind of
like telling the protesters they are "free" to speak
over there in some isolated barbed wire cage where
nobody is likely to hear or notice what they are
saying.

What happens to my "Freedom to Connect" when both
providers clamp down on it in the same ways, and
there is no third provider?

Borrowing liberally from Pastor Niemoller, first
they came to limit my email server, but I was not a
heavy email user so I did nothing, then they came
for Port 25, but I didn't need to use Port 25, so I
did nothing, then . . . and soon I realized that the
Internet had become a walled garden where the only
content I could see was Cablevision-approved
content, and the only sites I could access were
Verizon-approved sites . . .

"These examples are just hypothetical, of course.
It can't happen here," said the frog in the pot of
lukewarm water.

Tuesday, January 25, 2005

Legal Challenge to the Children Act

Action on Rights for Children (ARCH) are considering a legal challenge to the information sharing provisions of the Children Act, passed in November last year.

The Information Commissioner and parliament's human rights committee have both cited concerns about the then bill, prior to its approval by parliament, on a slim margin of about a dozen votes.

The Children Act 2004, Section 12 requires that the Secretary of State "establish and operate, or make arrangements for the operation and establishment of, one or more databases" and "require children's services authorities in England to establish and operate databases containing information" on all the children in the country. The databases will include the following details on each child:

" (a) his name, address, gender and date of birth;

(b) a number identifying him;

(c) the name and contact details of any person with parental responsibility for him (within the meaning of section 3 of the Children Act 1989 (c. 41)) or who has care of him at any time;

(d) details of any education being received by him (including the name and contact details of any educational institution attended by him);

(e) the name and contact details of any person providing primary medical services in relation to him under Part 1 of the National Health Service Act 1977 (c. 49);

(f) the name and contact details of any person providing to him services of such description as the Secretary of State may by regulations specify;

(g) information as to the existence of any cause for concern in relation to him;

(h) information of such other description, not including medical records or other personal records, as the Secretary of State may by regulations specify."

In addition, "Any person or body establishing or operating a database under this section must in the establishment or operation of the database have regard to any guidance, and comply with any direction, given to that person or body by the Secretary of State" and that direction may relate to "the transfer and comparison of information between databases."

The usual questions come right back:

What problem are they trying to solve?
What is the technical architecture of the system they are building to solve the problem?
How well does it solve the problem?
How can it fail and what other problems does it cause?
How much does it cost both monetarily and in respective of other personal, societal, economic and environmental trade offs?
Is it worth it?

What was that quote I vaguely remember but don't have the time to look up - "If you want to create a big brother/surveillance state/society, then start with the children and let them grow up knowing nothing else" or words to that effect. No doubt someone will email me with the correct quote.

French IP Code

I found the first few paragraph's of the French intellectual property code really interesting:

"Chapter I: Nature of Copyright

Article L111-1.

The author of a work of the mind shall enjoy in that work, by the mere fact of its creation, an exclusive incorporeal property right which shall be enforceable against all persons.

This right shall include attributes of an intellectual and moral nature as well as attributes of an economic nature, as determined by Books I and III of this Code.

The existence or conclusion of a contract for hire or of service by the author of a work of the mind shall in no way derogate from the enjoyment of the right afforded by the first paragraph above."

It clearly shows the different ethos compared to the US constitution's Article 1, Section 8, Clause 8 gaurantee

"To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries"

The French focus is on "exclusive incorporeal property right which shall be enforceable against all persons" and the on US the function of intellectual property as an incentive to "promote the Progress of Science and useful Arts."

Monday, January 24, 2005

International Journal of Communications Law and Policy

The Autumn 2004 edition of the International Journal of Communications Law and Policy is decicated to the subject of cybercrime and authors tackle the problems of fighting digital technology facilitated crime and the potential civil liberties implications of this.

A rich set of articles includes:

Architectural Regulation and the Evolution of Social Norms
BY LEE TIEN
Reference: IJCLP Web-Doc 1-Cy-2004

Transborder Search: A new perspective in law enforcement?
BY NICOLAI SEITZ
Reference: IJCLP Web-Doc 2-Cy-2004

The Fourth Amendment Unplugged: Electronic Evidence Issues & Wireless Defenses -
Wireless Crooks & the Wireless Internet Users Who Enable Them

BY TARA McGRAW SWAMINATHA
Reference: IJCLP Web-Doc 3-Cy-2004

Launch on Warning: Aggressive Defense of Computer Systems
BY CURTIS E. A. KARNOW
Reference: IJCLP Web-Doc 4-Cy-2004

Real World Problems of Virtual Crime
BY BERYL A. HOWELL
Reference: IJCLP Web-Doc 5-Cy-2004

Privacy vs. Piracy
BY SONIA K. KATYAL
Reference: IJCLP Web-Doc 7-Cy-2004

Technology, Security and Privacy:
The Fear of Frankenstein, the Mythology of Privacy and the Lessons of King Ludd

BY KIM A. TAIPALE
Reference: IJCLP Web-Doc 8-Cy-2004

Characteristics of a Fictitious Child Victim: Turning a Sex Offender’s Dreams Into His Worst Nightmare
BY JAMES F. MCLAUGHLIN
Reference: IJCLP Web-Doc 6-Cy-2004


For example, Beryl A. Howell's article on "Real World Problems of Virtual Crime" abstract:

"Theoretical debates about how best to address cybercrime have their place, but, in the real world, companies and individuals face harmful new criminal activity that poses unique technical and investigatory challenges. One of the greatest challenges posed by this new technology is how to combat wrongdoing effectively without netting innocent actors. This Article will present three case studies drawn from recent high-profile news stories to illustrate the pitfalls of legislating in the e-crimes arena."


How a fake doctor took £1½m and helped 1,000 people to get asylum from the Times and

UK gov ready to u-turn on passport-ID card link? at the Register.

John Lettice's piece at the Rgister requires a little concentration on the part of the reader but is well worth the effort, particularly if you're concerned about the proposed national ID card scheme.

Tony Blair against ID cards

By the way, who do you think might have said this:

"Instead of wasting hundreds of millions of pounds on compulsory ID cards...let that money provide thousands more police offiers on the beat."

It was Tony Blair! It was in 1995, however, two years before he became prime minister.

Barriers to ID card suppliers

The draft legislation for the national ID card is being rushed through the committee stage in parliament, despite there being nearly 200 amendments already proposed. And Spyblog has pointed out a potentially interesting disincentive to organisations tempted to supply the technical infrastructure. They are stretching a point but Section 31 Tampering with the Register etc, could be interpreted to mean that anyone who supplies technology for the system which does not work perfectly could go to jail for 10 years.

Maybe someone should point that out to the many vendors scrambling for a piece of the ID card action.

On ID cards, the No2ID campaign have issued their latest newsletter, which as usual is very informative. The campaign are paticularly vexed about the government's response to their 3230-signature petition against ID cards.

Though I guess it is necessary, I'm not sure an irritated response to a re-hashed empty public relations statement is going to help progress their cause, which I wholeheartedly agree with.

Essentially they need to get the newspapers, all the established civil liberties groups (who essentially agree with them anyway)and commerce and industry on their side to build up a head of steam. Pointing out the clear negative technical and economic effects of the ID card scheme and the industries which are going to be affected (all of them), would help get the trade associations and multinational companies on board. If major commerce were convinced to start rallying against the cards then New Labour would fold on the scheme overnight (probably to Gordon Brown's relief and Tony Blair's chagrin).

As to the government's notion that the ID card will help prevent ID fraud as a basis for making us more secure, any security specialist who knows their job will tell you that either the government are being economical with truth or they really don't understand what they are dealing with. As Bruce Schneier says,in the context of a possible ID card scheme in the US:

"In fact, everything I've learned about security over the last 20 years tells me that once it is put in place, a national ID card program will actually make us less secure.

My argument may not be obvious, but it's not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails.

It doesn't really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.

The first problem is the card itself. No matter how unforgeable we make it, it will be forged. And even worse, people will get legitimate cards in fraudulent names.

Two of the 9/11 terrorists had valid Virginia driver's licenses in fake names. And even if we could guarantee that everyone who issued national ID cards couldn't be bribed, initial cardholder identity would be determined by other identity documents ... all of which would be easier to forge.

Not that there would ever be such thing as a single ID card. Currently about 20 percent of all identity documents are lost per year. An entirely separate security system would have to be developed for people who lost their card, a system that itself is capable of abuse.

Additionally, any ID system involves people... people who regularly make mistakes. We all have stories of bartenders falling for obviously fake IDs, or sloppy ID checks at airports and government buildings. It's not simply a matter of training; checking IDs is a mind-numbingly boring task, one that is guaranteed to have failures. Biometrics such as thumbprints show some promise here, but bring with them their own set of exploitable failure modes.

But the main problem with any ID system is that it requires the existence of a database. In this case it would have to be an immense database of private and sensitive information on every American -- one widely and instantaneously accessible from airline check-in stations, police cars, schools, and so on.

The security risks are enormous. Such a database would be a kludge of existing databases; databases that are incompatible, full of erroneous data, and unreliable. As computer scientists, we do not know how to keep a database of this magnitude secure, whether from outside hackers or the thousands of insiders authorized to access it.

And when the inevitable worms, viruses, or random failures happen and the database goes down, what then? Is America supposed to shut down until it's restored?

Proponents of national ID cards want us to assume all these problems, and the tens of billions of dollars such a system would cost -- for what? For the promise of being able to identify someone?

What good would it have been to know the names of Timothy McVeigh, the Unabomber, or the DC snipers before they were arrested? Palestinian suicide bombers generally have no history of terrorism. The goal is here is to know someone's intentions, and their identity has very little to do with that.

And there are security benefits in having a variety of different ID documents. A single national ID is an exceedingly valuable document, and accordingly there's greater incentive to forge it. There is more security in alert guards paying attention to subtle social cues than bored minimum-wage guards blindly checking IDs.

That's why, when someone asks me to rate the security of a national ID card on a scale of one to 10, I can't give an answer. It doesn't even belong on a scale."