An excellent profile of Bruce Schneier in the September Atlantic , by Charles C. Mann, explains why the current administration’s approach to increasing national security is misguided. Some quotes:
Encrypting transactions on the Internet, the Purdue computer scientist Eugene Spafford has remarked, “is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench.”
Because every security measure in every system can be broken or gotten around, failure must be incorporated into the design. No single failure should compromise the normal functioning of the entire system or, worse, add to the gravity of the initial breach. Finally, and most important, decisions need to be made by people at close range—and the responsibility needs to be given explicitly to people, not computers.
According to the FBI, all the hijackers seem to have been who they said they were; their intentions, not their identities, were the issue.
“Governments have been relying on intelligent, trained guards for centuries,” Schneier says. “They spot people doing bad things and then use laws to arrest them. All in all, I have to say, it’s not a bad system.”
Given the pervasive insecurity of networked computers, it is striking that nearly every proposal for “homeland security” entails the creation of large national databases.