National identity cards, wicked problems, and tough thinking

Let me also put in a plug for Bruce Schneier’s analysis on this and other security related topics. These are critically important issues in their own right.

They are also examples of what Horst Rittel termed “wicked problems.” What I think particularly important about wicked problems is that they require much more subtle and nuanced thinking. Schneier provides excellent examples of just that kind of thinking.

If this general topic interests you, another place you might want to look is the work of Jeff Conklin who’s built some very interesting systems and process thinking on top of Rittel’s work. His work is available at CogNexus Institute. Be sure to take a look at “Wicked Problems and Social Complexity” (pdf file) and “Issues as Elements of Information Systems” (pdf file) which is Rittel’s original paper on the topic.

Identity cards considered harmful.

In the week after David Blunkett came out in favour of issuing a national ID card in the UK — and making it compulsory by 2010 — Bruce Schneier, who has forgotten more about security than Blunkett and his idiots ever knew in the first place — does a memorable take-down of the idea that ID cards contribute to security. It makes for sobering reading:

My objection to the national ID card, at least for the purposes of this essay, is much simpler.

It won’t work. It won’t make us more secure.

In fact, everything I’ve learned about security over the last 20 years tells me that once it is put in place, a national ID card program will actually make us less secure.

My argument may not be obvious, but it’s not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails.

It doesn’t really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.

Read the rest if you want the gory details. Basically, it’s not good. And that’s before you factor in the stupendous price of the scheme ( 70 per person? You gotta be kidding!) and the security apparat to administer it and the headaches when it goes wrong or is incorrectly trusted, never mind the civil liberties implications.

The authoritarian weakness is to assume a sweeping solution to a perceived problem will, in fact, solve it — rather than introducing new loop-holes. And this looks to be a classic case of shoot-self-in-jackboot.

(Have I plugged Bruce’s book Beyond Fear: Thinking Sensibly About Security in an Uncertain World yet? If not, consider it plugged. Go. Read it. Open your eyes and see how we’re screwing up. It’s seminal.)

[Discuss ID Cards]

[Charlie’s Diary]