ID cards are a waste, says security guru

Bruce Schneier tells Computer Weekly why ID cards could exacerbate crime and why the only way to beat ID theft is to make banks...

Bruce Schneier tells Computer Weekly why ID cards could exacerbate crime and why the only way to beat ID theft is to make banks responsible for its prevention.

The UK's plans for biometric identity cards are a waste of money, one of the world's leading experts on computer security said this week.

In an interview with Computer Weekly, Bruce Schneier, security author and chief technology officer of internet security group Counterpane, said the programme could do more harm than good.

"ID cards are a waste of money. The amount of good they will do is not nearly worth the cost. They will not reduce crime, fraud or illegal immigration," he said.

The adoption of ID cards would encourage criminals to attempt forgeries, he said, potentially exacerbating crime rather than reducing it.

"Every credential has been forged. As you make a credential more valuable, there is more impetus to forge it. The reason identity theft is so nasty now is that your identity is so much more valuable than it used to be. By putting in the infrastructure, we have made the crime more common. That's scary."

He said the UK government, like other governments around the world, was investing in the technology as a form of control but marketing it as better security.

"We are living in a world where governments are looking for more control. They are looking for measures that increase control. It is being sold as security but it is really control," he said.

Schneier said that the US plans to spend £10bn on a programme to build checkpoints at airports to prevent terrorists boarding planes are a similar waste of money.

"If you had a list of people that were so dangerous you would never let them on an aircraft and £10bn, would you build a series of checkpoints at airports just in case they happened to walk through them, or hire FBI agents to investigate those people?" he said.

"We are building a security system that only works if the terrorist happens to choose the tactic of going on an aircraft, yet we are affecting the privacy of every airline passenger."

Schneier said ID theft will only be solved when banks are given responsibility to prevent it. "As soon as it becomes the banks' problem, it will be solved. The entity that is responsible for the risk will mitigate the risk."

Credit card fraud in the US fell dramatically after the banks become responsible for refunding customers with losses of more than £25 caused by fraud, he said.

Schneier's CV

Security technologist and author Bruce Schneier is a founder and chief technical officer of Counterpane Internet Security.

Schneier is the author of eight books including Beyond fear: thinking sensibly about security in an uncertain world. Secrets and lies: digital security in a networked world has sold 100,000 copies. Applied cryptography, now in its second edition, has sold more than 150,000 copies and has been translated into five languages.

He writes the e-mail newsletter Crypto-Gram, which has over 100,000 readers. He is a frequent writer and lecturer on cryptography, computer security and privacy.

Schneier designed the Blowfish and Twofish encryption algorithms, the latter a finalist for the new Federal Advanced Encryption Standard. He holds a masters degree in computer science from American University and a degree in physics from the University of Rochester.

Read more on Identity and access management products