Over on the ongoing comment thread about
IT Security: Unnatural Industry
(which started on
Schneier on Security
and is also on
Spire Security Viewpoint
and
1 Raindrop),
Pete Lindstrom asked a question I hadn’t yet answered:
Why didn’t people sue their banks for fraud? Why did congress need to write a law about behaviour that is already covered by contract law and fraud?
Well, I think that’s mostly a question about personalities, customs, and precedents.
Continue reading
Fergie
notes that apparently all those
complaints to DHS had some effect:
Senate Judiciary Committee Chairman Patrick J. Leahy (D-Vt.), citing concerns about Americans’ privacy, signaled yesterday that he will push to repeal a provision of a 2005 law aimed at creating new government standards for driver’s licenses.
Leahy, who has co-sponsored bipartisan legislation to repeal the provision, spoke out as the debate intensified over the Real ID Act, which requires states to create new tamper-proof driver’s licenses in line with rules recently issued by the Department of Homeland Security. States must begin to comply by May 2008 but can request more time. After 2013, people whose IDs do not meet those standards will not be allowed to board planes or enter federal buildings.
A similar Democrat-backed bill to repeal the provision is pending in the House. At least seven states have passed laws or resolutions opposing implementation of Real ID. Fourteen states have legislation pending. By yesterday, the DHS had received more than 12,000 public comments in response to the rules.
— Leahy, Others Speak Out Against New ID Standards, By Ellen Nakashima, Washington Post Staff Writer, Wednesday, May 9, 2007; Page D03
You may be wondering why you didn’t hear about this law in 2005, when it was passed.
Continue reading
The U.S. Government is proposing to implement a national identification
scheme, yet the department that is supposed to implement it can’t
get its own advisors to agree:
The Department of Homeland Security’s outside privacy advisors explicitly refused to bless proposed federal rules to standardize states’ driver’s licenses Monday, saying the Department’s proposed rules for standardized driver’s licenses — known as Real IDs — do not adequately address concerns about privacy, price, information security, redress, “mission creep”, and national security protections.The committee says REAL ID is not “workable” or “appropriate”.— Homeland Security’s Own Privacy Panel Declines to Endorse License Rules, Ryan Singel, Threat Level, Wired Blog Network, 7 May 2007
This doesn’t mean DHS won’t implement REAL ID, however, with is approx. $21 billion cost to taxpayers and greatly increased paperwork required of all citizens, increased likelihood of identity theft, not to mention the obvious surveillance state implications.
Today, 8 May 2007, until 5PM EST, is the last chance to comment to DHS about REAL ID.
-jsq
Bruce Schneier says the obvious:
Last week I attended the Infosecurity Europe conference in London. Like at the RSA Conference in February, the show floor was chockablock full of network, computer and information security companies. As I often do, I mused about what it means for the IT industry that there are thousands of dedicated security products on the market: some good, more lousy, many difficult even to describe. Why aren’t IT products and services naturally secure, and what would it mean for the industry if they were?Obvious in an emperor’s new clothes sort of way. Continue reading— Do We Really Need a Security Industry? Bruce Schneier, Schneier on Security, 3 May 2007
It’s that time again:
Do you cringe at the subjectivity applied to security in every manner? If so, MetriCon 2.0 may be your antidote to change security from an artistic “matter of opinion” into an objective, quantifiable science. The time for adjectives and adverbs has gone; the time for hard facts and data has come.Want to quantify a pesky subjective security topic? You’ve got until 11 May 2007 to submit a request to participate.— Second Workshop on Security Metrics (MetriCon 2.0) — Call for Papers, MetriCon 2.0 CFP, August 7, 2007 Boston, MA
-jsq
Well, you go away for the weekend, and
Vista fans have a party on your blog….
While one of the commenters seems to mostly know people who like Vista, so far I haven’t found anybody I know who does; could be it’s who you know. Apparently Dell knows quite a few people who don’t want Vista, and the Houston Chronicle talked to some of them.
The people I talk to think Ubuntu Linux is just as good as Vista, and requires fewer resources. Sort of like this opinion: except for perhaps some Windows-specific applications, why not switch to Ubuntu? Dell is also moving to supply Ubuntu as a native operating system within weeks.
Continue reading