Via Schneier, we have this clever and funny observation about the House of Lords debate on the effectiveness of the airline liquids ban:

“We continuously monitor the effectiveness of, in particular, the liquid security measures…”

How, one might ask? But hold on:

“The fact that there has not been a serious incident involving liquid explosives indicates, I would have thought, that the measures that we have put in place so far have been very effective.”

Ah, that’s how. On which basis the measures against asteroid strike, alien invasion and unexplained nationwide floods of deadly boiling custard have also been remarkably effective.

Proving a negative is always a fun logical quandary to get into.

RSA is announcing their own single sign on (SSO) solution for web sites. They’re launching with several financial services companies, including E-Trade. In light of all the Identity 2.0 stuff, how does RSA’s entry match up?

One good thing will be that RSA will run into the same business roadblocks that a smaller company would’ve run into. It will be interesting to see if having a better reputation/more money will help them get a company with a large userbase like Amazon.com or Disney/ESPN to join into the fray. (I don’t work on the registration stuff, so I don’t have any special insight into that business).

I don’t have too much time right now to comment on this, but I wanted to pass it on.

Having just been on an airplane trip, I can relate to this. Course, my security experience was far less painful. And less funny.

(by way of the Volokh Conspiracy)

A new research paper finds that it would only take 165 SMS messages per second in one cell to disrupt voice communication in that cell. Bruce Schneier and Prof. Ed Felten have good summaries.

Lots of stuff going on today about a bill coming to a vote in the Senate tomorrow called the REAL ID act. A number of geeky outlets are carrying information about the bill and their reasoning as to why this bill is a bad idea. The gist of the bill is to create common standards for driver’s licenses across all states. The bill proposes a number of things, including common machine readable formats on the cards, uniform issuing standards, and some data sharing requirements. The effect of this, according to folks like the EFF and EPIC, would be a de-facto national ID card.

Someone has set up a site where you can fax your Senators. Read more about this at that site, or read this very good rundown of the bill by Bruce Schneier, a security expert and author of some of the standard texts on cryptography and security. This is a pretty important bill. For one thing, it foists costs onto the states without funding them. More importantly, it offers little to nothing in the way of safeguards for folks like you and I. Already, commercial companies copy and keep some parallel databases of license data (what you enter in forms when renting a car, for example). With a common format, they can now build/buy card readers that can grab it all. A security breach now leaks that much more data.