Shostack + Friends Blog Archive


The Security/Security Tradeoff

People trying to infringe our privacy often claim that they’re making a tradeoff between security and privacy. Sometimes they’re even right. But I think today, we’re trading security for “security,” giving up real protection for an illusion.

For example, the TSA is spending lots of money to build and connect databases all about travelers. For example, some reports on CAPPSII have suggested that airlines would collect passenger names, home addresses, dates of birth and social security numbers, and hand them over to TSA.

With your name, address, date of birth and social security number, I can get credit cards in your name. I can take out loans in your name. It’s scary. And if the TSA has its way, your data will be in the databases of every airline you fly.

There’s a long article in yesterday’s New York Times on identity theft. It says that almost 10 million cases were reported to the FTC in the last 12 months.

Pushing for identity cards everywhere, social security numbers everywhere, and no liability for those who collect the data, is going to make the problem worse.

So here we have a tradeoff between the very real threat of terrorism, and the very real threat of identity theft. I’m not claiming that the damage done by id theft is worse than being killed. But the security theater that TSA is engaging in won’t prevent terrorist attacks. It will put millions of Americans at greater risk of having their identities stolen and credit ruined.