More wisdom from someone who knows things.
“My argument may not be obvious, but it’s not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails.
It doesn’t really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.”