Ben Laurie blathering

Identification Is Not Security

The New York Times have an article about the Stanford Clean Slate project. It concludes

Proving identity is likely to remain remarkably difficult in a world where it is trivial to take over someone’s computer from half a world away and operate it as your own. As long as that remains true, building a completely trustable system will remain virtually impossible.

As far as I can tell, Clean Slate itself doesn’t make this stupid claim, the NYT decided to add it for themselves. But why do they think identification is relevant? Possibly because we are surrounded by the same spurious claim. For example…

  • We need ID cards because they will prevent terrorism.
  • We shouldn’t run software on our Windows box that isn’t signed because that’ll prevent malware.
  • We should only connect to web servers that have certificates from well-known CAs because only they can be trusted.


  • The guys who crashed the planes were all carrying ID. Didn’t help.
  • The guys who blew up the train in Spain were all carrying ID. Didn’t help.
  • People get hacked via their browser all the time. Did signing it help?
  • What does it take to sign code? A certificate, issued by a CA…
  • What does it take to get a certificate? Not much … proof that you own a domain, in fact. So, I can trust the server because the guy that owns it can afford to pay Joker $10? And I can trust the code he signed? Why?

Nope. Security is not about knowing who gave you the code that ate your lunch – security is about having a system that is robust against code that you don’t trust. The identity of the author of that code should be irrelevant.


  1. […] The truth is that there is so much about this article to criticize, I really can’t do it all myself. So, I’m going to start with the concept of anonymity and direct you to Links. […]

    Pingback by Safety, Freedom, and the New York Times « The_Geek_Whisperer — 16 Feb 2009 @ 20:28

  2. Aye. Newspapers are clearly not to be trusted, for a start.

    Comment by Micky — 17 Feb 2009 @ 15:34

  3. It’s interesting to try and understand this irrational leap that many people make. Maybe it stems from the idea that if you know who did something bad you can punish them. In olden days dying for your cause didn’t stop them sticking your head on a spike as a deterrent (but I digress).

    Security in the technological world can’t be enforced by waving a stick, but it’s an old instinct, and fear sells.

    It’s not just identity that’s being (or trying to be) tracked, it’s movement, assets (and I hear trash cans). Call me a conspiracy nut but I think it’s all about money, not security. They want to live in a world where you can do naughty things, but they can bill you for it. Got nothing to do with trust.

    Comment by Robert Nice — 18 Feb 2009 @ 4:36

  4. Knowing the identity of parties you are dealing with is one crucial part of security.

    Comment by A Reader — 6 Apr 2009 @ 19:03

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress