William Jackson | Not too late to debate
Cybereye'commentary: Taking a second look at the Real ID Act<@VM>Coda: Free MP3 player! Warning: You get what you pay for
- By William Jackson
- May 21, 2008
A BIPARTISAN BLAST was launched against the Real ID Act earlier this month at a forum the Cato Institute called the beginning of a long-overdue debate on the law establishing mandatory national standards for state driver's licenses and identity cards.
'Invasive, expensive and an affront to all of those who cherish privacy rights' was the way Sen. Jon Tester (D-Mont.) described the act. 'It will not deliver a real security benefit.'
On the other side of the aisle, South Carolina Gov. Mark Sanford said Real ID was not merely an unfunded mandate but the mother of all unfunded mandates. He said the massive, interconnected databases of identity documents, which the law would create, would constitute 'one-stop shopping for every computer hacker around the world.'
The forum did not represent a balanced discussion. It was difficult to find anyone in the room willing to defend the three-year-old law that establishes what amounts to a national ID. 'Unconstitutional' was the kindest thing anyone had to say about it. But the participants were absolutely right in saying it is time to begin what Sanford called an incredibly important debate.
The law was passed without hearings and without an up-or-down vote in the Senate. The estimated cost of implementing it is between $9 billion and $23 billion, most of which states must fund. Federal funding for the program will come primarily from homeland security grants, which will divert money from other projects. Money and effort spent on implementing Real ID will hinder states' efforts to improve their licensing and credentialing programs.
And no one in authority has been paying serious attention to securing the vast amounts of digitized data that the law requires.
Serious debate on the law has started at the state level. According to the Cato Institute, 18 states have passed resolutions or laws objecting to or refusing to implement the law, and legislation is pending in several other states. Although most states are in technical compliance with a May deadline for signaling their intention to obey the law, they met the deadline only because of blanket extensions granted by the Homeland Security Department, often whether states wanted them or not. Sanford said that when South Carolina notified DHS of its intention not to comply with the law, DHS responded by issuing an extension that had not been requested.
Whether or not you like the law, it is clear that Real ID is not well-thoughtout, and its impact on 50 states and millions of people was ignored when it was imposed on the country. The law should be suspended or repealed outright until a proper debate can be held and real concerns addressed.
'The states have led the charge on this, and I think that the federal government is starting to pay attention,' Tester said.
Let's hope so.
The focus in malware lately has been on the theft of personal data, but adware still is out there ' and the bad guys are coming up with better ways to deliver it to your desktop PC.
McAfee Avert Labs reported a rapidly spreading Trojan downloader disguised as an MP3 file that installs a pop-up ad delivery program on victims' computers. More than 360,000 infections were found within days of development of the signature, prompting a medium severity ranking from McAfee.
Users clicking on a supposed MP3 file instead download a file that will install the adware, which is bundled with a cheesy MP3 player. The download includes a user license agreement warning the user of the adware bundled with the player.
What is clever about this Trojan is the number and variety of names attached to the supposed MP3 file, said Dave Marcus, security researcher and communications manager at McAfee Avert Labs. 'Somebody did a lot of homework' on keywords that would get maximum distribution, he said. The file also is padded. 'The download itself is dinky,' Marcus said. 'That would be a tip-off it was a fake MP3 file.'
When anybody offers you something for nothing, just consider for a moment who might really benefit.
William Jackson is freelance writer and the author of the CyberEye blog.