The US DoD and the GSA Join the Liberty Project

An anonymous reader writes "The Liberty Alliance Project announced today that the U.S. General Services Administration (GSA) and the U.S. Department of Defense (DoD) have joined the Liberty Alliance in its pursuit to develop open and interoperable standards for electronically managing identity information."

Great!

[asparagus]

The government's going to replace travelocity.com!

My travel worries are over!

Seriously, this stuff scares the crap out of me.

How long until you need to sign up for the Federal Identify Network to get a credit card? A drivers license? A job?

-Brett

Re:Great!

[asparagus]

This allows the fusion of various networks of information.

It's one thing for government agents to have to go through various levels of protocol to get access to all your records. It's another thing for them to have a central database of everywhere you've been and gone.

We've created a system of laws where almost everyone can be procecuted for something. Now, we're creating networks of data that allow much easier manipulation.

Piss off a higher-up?

Database notes: Subject has been to Amsterdam.

Action: Attach a +20% possibility of being able to bust 'citizen' for drug use.

I know, you've never done anything illegal in your life and have nothing to hide. Tell yourself that when they come for you.

-Brett

Re:Great!

[rusty0101]

As Heinlein pointed out through Lazarus Long,

"When a place gets crowded enough to require ID's, social collapse is not far away. It is time to go elsewhere. The best thing about spce travel is that it made it possible to go elsewhere."

Other useful quotes at http://www.musespace.com/musings/quotes/lazaruslon g.html

To be fair

[Raul654]

DARPA has a history of doing things the right way and at light speed for a govn't orginization

Re:The problem with universal standards

[jeffy124]

no, the problem you describe is the problem of everyone using the same implementation of a standard. "standards" go through much more scrutiny than do implementations, especially when that standard is an authentication system.

eg - recall recently one of the root dns servers moved away from bind in case bind were to have some unknown flaw that was exploited and used to shut down all the root servers.

Re:Umm, is this a Good Thing?

[horse_pheathers]

Maybe they're just out to make it easier to implement the DoD's "Total Information Awareness" thingy. Y'know, get the public to do most of the work for 'em by putting all their relevent data into one convenient, easy-to-parse-and-mine linked database.

-- Horse_Pheathers, really looking forward to the day when some government drone can not only easily find out where I work, but by perusing my credit records know how often I buy condoms. "Nice sex life you have there Mr. Pheathers..."

My Identity Dream

[argoff]

I dream that I will be able to get health insurence, open bank accounts, go to college, get a job, and retire without using that *** ** **** social security number. I dream that we get rid of it and the ponzi retirement scheme that comes along with it.

I dream that my license will actually be linked to my prooven ability to drive safely, and not other issues like child support or failure to file state taxes, drinking a beer in the dorms, etc.... And that I won't be tracked and stored in massive centralized gov databases that have almost always prooven to be totally screwed up. (getting rid of frivolous tickets wile you're at it would be nice too)

I dream that I won't be harassed when I try to buy beer, ciggarates, and spray paint (one time I was even carded because I tried to buy a cigarette lighter).

I dream that my right to bear arms won't be nickled and dimed to death by people wanting to register me in govt databases like the Nazi's had before they confiscated all privately owned guns from its citizens.

I dream that my credit will only be checked when I want a loan from the bank, and not when I just want a debit card, not when a bank wants to send me a credit card offer that I half to shred before I throw out, and not when I try to get auto insurance.

Can you think of any others...

Re:My Identity Dream

[argoff]

Uhh, first off, from my history I seem to renember that almost all the federalist papers were written with a nom-de-plum (anonymous), since they are partly responsible for the founding of US society - I think I should be able to do just fine with an anomynous attitude.

Second, almost ALL of the intrusions on privacy I talked about happened in the last 50 years or so. So that begs the question, how come we were able to do fine for the other 150 years of this country's existence. Are you suggesting that as we become more modern we need to intrude into other peoples lives more ... I would propose that just the opposite is true.

Third, I don't think I asked for total anominity or unaccountability to paying for services I use and never suggested that I am or should be an island totally seperate from everybody else. I just don't want the anal probe every single time. I'm tired of it.

complainers

When Microsoft introduced Passport, everyone complained. When Government announced support for a system that is a credible alternative to Passport, everyone complains again.

Idiots.

Would you rather government mandated Microsoft Passport?

A system that allows you to login only once is desired in the market place. A standard is desired. This market demand will be fulfilled whether you like it or not. Which entity do you trust the most to implement this standard? Or are you naive enough to think that we won't have a federated identity on the net in the near future?

Okay, here's the poop

The government has lately become very VERY interested in making itself more accessible to the citizenry (G2C) and to business (G2B) via web services. Lots of federal/state/local government agencies provide certain services to end users, but these services do not work together and you have to deal with each one of them, and their idiosyncracies, separately. In the government this is known as "stovepiping" (each agency maintains its own separate stove pipe). And that's a very bad thing for being an efficient, useful organization to its customers (the citizens).

An example. Let's say you want to register yourself as a sole proprietor sales company. There's a myriad of organizations you will ultimately have to deal with, from OSHA to federal and state income and sales tax agencies to warranting that you're a drug-free employer or a nondiscriminatory one or whatever the latest law is. You'd like a one-stop shopping location, perhaps NewBusiness.gov, which acts a front-end to all these agencies at all levels and pulls it all together for you. Now that'd be nice, wouldn't it? Or how about one-stop location for handling all the stuff that deals with disasters? Or moving to Michigan? Or going to grad school, complete with Pell Grants and checks for available assistantships?

This is what the government wants to do. They know that they are fractured into little beaucracies beyond usefulness to the average citizen. So there is a major MAJOR initiative, fronted by the Bush White House, to make the government work together so it can be more responsive and helpful to you. National Science Foundation, GSA, a bunch of groups are working on this. They want to move the government into the twentieth century at least, much less the twenty-first!

Trouble is, how does the government know it's you who's applying for the Pell grant, as opposed to Joe Fraud who's stolen your identity? They need some kind of potent self-identification. But right now the government is scared spitless about using even cookies on its websites for fear that privacy spooks will start rumors that they're tracking your every move and a congressman will immediately put them out of work.

So the government is also trying to find ways to make it possible for you to manage, distribute in a protected fashion, verify, and guarantee your identity, or even act anonymously in a way you know they can't reasonably crack. Otherwise citizens will never ever use these services. They know this.

Commercial crap like MSN Passport just aint' gonna cut it. Passport has a dismal privacy record. Hence the interest in Liberty Alliance etc.

Yes, the Total Information Awareness project is scary (though anyone who's involved in the project can tell you it basically has no teeth at all -- it's a paper tiger). And various spook agencies are impressive at digging into your private live: well, at least the one in Maryland is anyway. But what's going on in this iniative is, in fact, totally benign. The government wants to really give you your bang for the tax buck, and are trying to figure out how they can do so without scarying you spitless on the privacy side.

There are in fact people in the government who are there because they want to help make the world better, you know! Not many. But they're there.

-- a researcher in the DC area...

Here's the rub...

[Guppy06]

They're looking for a "federated" network identity, where "federated" means a level of intrinsic decentralization. To me, that sounds like there is a single "federal" (not to be confused with "federal government") information registry that keeps a bare minimum of information, and websites maintain their own private databases that collect their own information beyond the federated minimum. The central database essentially just makes sure that the private databases don't have redundant entries.

But how "federated" are they thinking here? Federated as in 1803 USA, or federated as in 2003 USA? How centrallized will this whole thing be, and who has a say in who controls how much? Will the central database really keep only a bare minimum of information, allowing most of the data maintenance to be performed by the interested parties, or will it be federated in name only, with the central database controlling everything, giving third parties the ability to collect extraneous BS "if they want to?"

(Ironicly enough, involving the DoD may help keep things relatively decentrallized. They're not all that keen on single points of failure.)

DoD soldier information

[TFloore]

The DoD is very interested in having easy identification for the 1.3 million military personnel in the United States. This means pay information, service records, ratings, training, specializations. Medical records. Retirement information.If it's tracked, they want to have it all referenced to a single identity, cross-referenced on different systems.

They were working for a while on smartcards for all military personnel, and that's actually gone pretty far along.

But they've probably learned that there's too much to stick on a smartcard, and you can't get good enough security to put confidential information on the smartcard that you give to 1.3 million people. Too many will lose them, and then you have problems.

So they want to have the records, and have them easily tied to individuals. And have them available in the different commands, on different servers scattered thoroughout the DoD command structure.

They are very interested in something like the Liberty Alliance, and making sure that they can use it for their purposes. Keeping this diverse array of information for 1.3 million people is just what this project is made for.

Seems good that the DoD became aware of it, and decided to participate. And I'm reassured that they didn't decide to just go with the Microsoft solution without considering the options. (Maybe they learned from the problems the Navy has been having with NMCI.)

China has this same problem

[Hao+Wu]

In many provences, all citizens look somewhat alike (black hair, light build, similar facial feature). This has always been a problem to ID criminal elements and dealing with False Identity.

There is a huge market for this overseas, representing some 1 billion peoples.

Re:The problem with universal standards

[j3110]

I thought the liberty alliance system was hardened to this by several independant implementations. Also I think they are supposed to have security inherent in the system. You create pseudo accounts that are only chargeable by certain other accounts. No middle man attacks should work because of the encryption.

Worst case scenerio, provided that the protocol is secure, is we get one of the root sites info (like a bank) and all the bank's accounts get screwed up. But we know how anal banks are about security.

I haven't looked at the information that much, but I thought it was supposed to be pretty much PGP for online forms and accounts. It will make those things that you fear, harder to do.

As much as I liked the project, it worries me when the government gets involved. The presence of the DoD always sends my paranoia up about 5 points on a scale of 1 to 10. They have no real need for this system except to track people.

If it weren't for the Liberty Alliance Project though, you would have to trust your private information to MS(Passport), because sites in the future will require one or the other kind of verification.

Which is less evil... DoD or MS? ... tough question. MS only wants money. DoD could want an Orwellian society. I guess I would have to go with Liberty Alliance still... if Passport became popular, MS would sell information and give it the government without a fight.

Finally, a poster with some sense!!

[SuperKendall]

This is exactly why the government is interested in using this standard - all of the people that want government to support open source, this is how to make that happen, by making good open standard that can have a number of good open source implementations.

From what I've read so far here, a number people who would normally be all excited about the government supporting open standards and open source turn ultra-luddite when the words "government" and "identity" come together!