Schneier.com: Crypto-Gram: February 15, 2004:
"Identification and Security

In recent years there has been an increased use of identification checks as a security measure. Airlines always demand photo IDs, and hotels increasingly do so. They're often required for admittance into government buildings, and sometimes even hospitals. Everywhere, it seems, someone is checking IDs. The ostensible reason is that ID checks make us all safer, but that's just not so. In most cases, identification has very little to do with security.

Let's debunk the myths one by one. First, verifying that someone has a photo ID is a completely useless security measure. All the 9/11 terrorists had photo IDs. Some of the IDs were real. Some were fake. Some were real IDs in fake names, bought from a crooked DMV employee in Virginia for $1,000 each. Fake driver's licenses for all fifty states, good enough to fool anyone who isn't paying close attention, are available on the Internet. Or if you don't want to buy IDs online, just ask any teenager where to get a fake ID.

Harder-to-forge IDs only help marginally, because the problem is not making sure the ID is valid. This is the second myth of ID checks: that identification combined with profiling can be an indicator of intention.… "

Profiling has two very dangerous failure modes. The first one is obvious. The intent of profiling is to divide people into two categories: people who may be evildoers and need to be screened more carefully, and people who are less likely to be evildoers and can be screened less carefully. But any such system will create a third, and very dangerous, category: evildoers who don't fit the profile.

Oklahoma City bomber Timothy McVeigh, DC sniper John Allen Muhammed, and many of the 9/11 terrorists had no previous links to terrorism. The Unabomber taught mathematics at Berkeley. The Palestinians have demonstrated that they can recruit suicide bombers with no previous record of anti-Israeli activities. Even the 9/11 hijackers went out of their way to establish a normal-looking profile; frequent-flier numbers, a history of first-class travel, etc. Evildoers can also engage in identity theft, and steal the identity-and profile-of an honest person. Profiling can actually result in less security by giving certain people an easy way to skirt security.

There's another, even more dangerous, failure mode for these systems: honest people who fit the evildoer profile. Because actual evildoers are so rare, almost everyone who fits the profile will turn out to be a false alarm. This not only wastes investigative resources that might be better spent elsewhere, but it causes grave harm to those innocents who fit the profile. Whether it's something as simple as "driving while black" or "flying while Arab," or something more complicated like taking scuba lessons or protesting the current administration, profiling harms society because it causes us all to live in fear...not from the evildoers, but from the police.…

http://www.schneier.com/crypto-gram-0402.html#6