Slashdot Mirror
The US DoD and the GSA Join the Liberty Project
An anonymous reader writes "The Liberty Alliance Project announced today that the U.S. General Services Administration (GSA) and the U.S. Department of Defense (DoD) have joined the Liberty Alliance in its pursuit to develop open and interoperable standards for electronically managing identity information."
U.S. General Services Administration (GSA) and the U.S. Department of Defense (DoD) have joined the Liberty Alliance
Great, that should really speed things up...
The government supporting privacy kinda sounds like silicone implants supporting healthy breasts.
The instant someone finds a security hole in this authentication system, everyone is vulnerable.
The opportunity for fraud in a universal system like this is just waiting to be exploited.
I have been pwned because my
The government's going to replace travelocity.com!
My travel worries are over!
Seriously, this stuff scares the crap out of me.
How long until you need to sign up for the Federal Identify Network to get a credit card? A drivers license? A job?
-Brett
I just watched the flash demo on their website. Their demo was all about being able to link up your data on various websites. Their example was linking your airlines account to a rental car account. This really just sounds like improved data mining couched in convenience to the consumer.
DARPA has a history of doing things the right way and at light speed for a govn't orginization
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
Now we can make sure the all of our information from the government's Total Information Awareness project are available in a compatible format to any corporation who pays enough. Okay, I'm half joking.
Who can't wait to signup? I'm filing this in league with the PATRIOT Act. Everyone needs federally regulated standards on network indentification. I'm envisioning a future where my permanant v6 ip address is on the back of my living/driving/working/eating license, and I can thank the LIBERTY Alliance for that!!! Ahh, I can taste the freedom.
In addition to the information you knowingly provide us, we keep track of the domains and IP numbers from which people visit us. We also collect site usage statistics such as web browser types and page requests and track users' movements. This data is not personally identifiable and is used to more efficiently operate our business, prepare for network load demands, promote the services and administer the site. To the extent this information is associated with a particular user, that information will be considered personally identifiable information and will be protected accordingly.
Aha! a website that actually prepares itself for the slashdot effect!
I'm glad to see the US government supporting an industry consortimum instead of endoring the single vendor solution from Microsoft (Passport). I hope MS' stock gets knocked down on Monday.
about Liberty Alliance as something like it's some sort of individual tagging system? I thought it was some sort of alternative cross-site authentication system to challenge Microsoft's Passport technology?
Please correct me if I'm wrong.
Welley Corporation - SLM Scammers
I dream that I will be able to get health insurence, open bank accounts, go to college, get a job, and retire without using that *** ** **** social security number. I dream that we get rid of it and the ponzi retirement scheme that comes along with it.
I dream that my license will actually be linked to my prooven ability to drive safely, and not other issues like child support or failure to file state taxes, drinking a beer in the dorms, etc.... And that I won't be tracked and stored in massive centralized gov databases that have almost always prooven to be totally screwed up. (getting rid of frivolous tickets wile you're at it would be nice too)
I dream that I won't be harassed when I try to buy beer, ciggarates, and spray paint (one time I was even carded because I tried to buy a cigarette lighter).
I dream that my right to bear arms won't be nickled and dimed to death by people wanting to register me in govt databases like the Nazi's had before they confiscated all privately owned guns from its citizens.
I dream that my credit will only be checked when I want a loan from the bank, and not when I just want a debit card, not when a bank wants to send me a credit card offer that I half to shred before I throw out, and not when I try to get auto insurance.
Can you think of any others...
Ironic that they would call a "tracking system" the "Liberty Project". If anything this REMOVES personal liberty.
Identity information basically means "government tracking".
Stanley Feinbaum, professional journalist and master debater! God bless the USA!
To all the people who are freaking out about this "evil" technology, please keep in mind, the Liberty Alliance is developing an OPEN alternative to Microsoft's own "Passport" system. So, the gummit getting behind Liberty Alliance is a Good Thing(tm), relatively speaking. They could be getting behind Passport instead. And then, instead of just needing to have your Liberty Alliance ID tatooed on your forehead, you would have to have your MS-Passport ID tatooed on your forehead, and you would be legally forbidden to run anything but MS-Winders, since only MS-Winders would come with the proper drivers to scan and process the information tatooed on your forehead.
Folks like Rosie O'Donnel, Diane Feinstein, Sarah Brady, and the lady who heads up the Million Mom March are all right. They know that guns are the true problem and not the people that illegally use them.
Wait... Rosie O'Donnel has armed guards... Feinstein has a concealed carry permit... Brady bought her son a rifle... what was it with the lady heading up the Million Mom March ? It has nothing to do with making anything safer, geesh, more people die from prescription errors and drowning in swimming pools. It has to do with making only an elite being able to have them. Nice hypocritical, anti-freedom company you want to keep, AC.
"The people have no legitimate need for guns but the various police agencies should be very well armed." -- Yes, this has worked very well in England, Australia, and New Zealand.
Just one quick question - why is it that anti-freedom folks try to put personal responsibility upon inanimate objects?
Mod me down, bad karma can't get much worse.
[Of course it's client-server; it runs on a LAN]
When Microsoft introduced Passport, everyone complained. When Government announced support for a system that is a credible alternative to Passport, everyone complains again.
Idiots.
Would you rather government mandated Microsoft Passport?
A system that allows you to login only once is desired in the market place. A standard is desired. This market demand will be fulfilled whether you like it or not. Which entity do you trust the most to implement this standard? Or are you naive enough to think that we won't have a federated identity on the net in the near future?
Because THEY will be the ones, the corporations, the government and the DOD, who control our indentities. Any digital identity should exist to empower the individual to become a better, more informed customer, not a manipulated consumer.
I highly recommend you read Doc Searles and David Wienbergers views on this to see why any implementation of DigID that is corporate centered rather than individual centered is PURE EVIL, and will be used for all sorts of nefarois things, from total erasure of shopping anonymonity, total profiling, and even BLACKLISTING. This is bad stuff, pure and simple.
Planet P Blog
www.enthea.org
essential security for temporary Liberty deserve neither.
sulli
RTFJ.
Q: What is the Liberty Alliance Project?
A: The vision of the Liberty Alliance Project is to enable a networked world in which individuals and businesses can more easily conduct transactions while protecting the privacy and security of vital identity information. To accomplish its vision, the Liberty Alliance will establish an open standard for federated network identity through open technical specifications that will:
Support a broad range of identity-based products and services
Enable commercial and non-commercial organizations to realize new revenue and cost saving opportunities that economically leverage their relationships with customers, business partners, and employees
Provide consumers with choice of identity provider(s), the ability to link accounts through account federation, and the convenience of single sign-on, when using any network of connected services and devices
Increase ease-of-use for consumers to help stimulate e-commerce
Yeah, yeah. The gub'ment gonna undermine all those goals and blah blah conspiracy blah blah.
This is going to happen, and it's best it emerge as an open standard. Sane citizens of the 21st century want a secure and verifiable identity for e-commerce (which extends past the net, swiping your card for a bag of Doritos at the 7-11 really crosses into e-commerce)
I don't need no instructions to know how to rock!!!!
An example. Let's say you want to register yourself as a sole proprietor sales company. There's a myriad of organizations you will ultimately have to deal with, from OSHA to federal and state income and sales tax agencies to warranting that you're a drug-free employer or a nondiscriminatory one or whatever the latest law is. You'd like a one-stop shopping location, perhaps NewBusiness.gov, which acts a front-end to all these agencies at all levels and pulls it all together for you. Now that'd be nice, wouldn't it? Or how about one-stop location for handling all the stuff that deals with disasters? Or moving to Michigan? Or going to grad school, complete with Pell Grants and checks for available assistantships?
This is what the government wants to do. They know that they are fractured into little beaucracies beyond usefulness to the average citizen. So there is a major MAJOR initiative, fronted by the Bush White House, to make the government work together so it can be more responsive and helpful to you. National Science Foundation, GSA, a bunch of groups are working on this. They want to move the government into the twentieth century at least, much less the twenty-first!
Trouble is, how does the government know it's you who's applying for the Pell grant, as opposed to Joe Fraud who's stolen your identity? They need some kind of potent self-identification. But right now the government is scared spitless about using even cookies on its websites for fear that privacy spooks will start rumors that they're tracking your every move and a congressman will immediately put them out of work.
So the government is also trying to find ways to make it possible for you to manage, distribute in a protected fashion, verify, and guarantee your identity, or even act anonymously in a way you know they can't reasonably crack. Otherwise citizens will never ever use these services. They know this.
Commercial crap like MSN Passport just aint' gonna cut it. Passport has a dismal privacy record. Hence the interest in Liberty Alliance etc.
Yes, the Total Information Awareness project is scary (though anyone who's involved in the project can tell you it basically has no teeth at all -- it's a paper tiger). And various spook agencies are impressive at digging into your private live: well, at least the one in Maryland is anyway. But what's going on in this iniative is, in fact, totally benign. The government wants to really give you your bang for the tax buck, and are trying to figure out how they can do so without scarying you spitless on the privacy side.
There are in fact people in the government who are there because they want to help make the world better, you know! Not many. But they're there.
-- a researcher in the DC area...
They're looking for a "federated" network identity, where "federated" means a level of intrinsic decentralization. To me, that sounds like there is a single "federal" (not to be confused with "federal government") information registry that keeps a bare minimum of information, and websites maintain their own private databases that collect their own information beyond the federated minimum. The central database essentially just makes sure that the private databases don't have redundant entries.
But how "federated" are they thinking here? Federated as in 1803 USA, or federated as in 2003 USA? How centrallized will this whole thing be, and who has a say in who controls how much? Will the central database really keep only a bare minimum of information, allowing most of the data maintenance to be performed by the interested parties, or will it be federated in name only, with the central database controlling everything, giving third parties the ability to collect extraneous BS "if they want to?"
(Ironicly enough, involving the DoD may help keep things relatively decentrallized. They're not all that keen on single points of failure.)
Fortunately, a tinfoil hat will block signals in both directions!
The DoD is very interested in having easy identification for the 1.3 million military personnel in the United States. This means pay information, service records, ratings, training, specializations. Medical records. Retirement information.If it's tracked, they want to have it all referenced to a single identity, cross-referenced on different systems.
They were working for a while on smartcards for all military personnel, and that's actually gone pretty far along.
But they've probably learned that there's too much to stick on a smartcard, and you can't get good enough security to put confidential information on the smartcard that you give to 1.3 million people. Too many will lose them, and then you have problems.
So they want to have the records, and have them easily tied to individuals. And have them available in the different commands, on different servers scattered thoroughout the DoD command structure.
They are very interested in something like the Liberty Alliance, and making sure that they can use it for their purposes. Keeping this diverse array of information for 1.3 million people is just what this project is made for.
Seems good that the DoD became aware of it, and decided to participate. And I'm reassured that they didn't decide to just go with the Microsoft solution without considering the options. (Maybe they learned from the problems the Navy has been having with NMCI.)
This is my sig. There are many like it but this one is... Oops. Frank, I've got your sig again! Where's mine?
Of course, as we all know anyone with concerns about erosion of liberties is just crazy. Luckily it's easy to deal with those crackpots. Just say "Conspiracy". Maybe throw in a litte condescension for kicks. No need to check any facts, question anything, or even produce an argument. Just utter the magic "C" word and the tin foil hat crowd will run for their bunkers. Then you can sit back safe in the knowledge that everything is, and always will be, just peachy.
In many provences, all citizens look somewhat alike (black hair, light build, similar facial feature). This has always been a problem to ID criminal elements and dealing with False Identity.
There is a huge market for this overseas, representing some 1 billion peoples.
I suggest you read Slashdot
An AC wrote:
..."
> The government needs to monitor the people to make
> sure they are obeying the law to prevent terrorism.
1) Monitoring an ordinary citizen's breaches of the law (downloading copyrighted media without permission/paying, speeding, and more serious crimes) is not going to prevent any terrorism, because most US citizens are not terrorists, but are rather the people you want to protect from terrorism.
2) Monitoring known terrorists (while meeting the requirements of the Fourth Amendment for those few who are US citizens) would help prevent terrorism. Pity the government, if it followed your advice, would not have the manpower to watch the terrorists if they were busy watching the citizens.
3) Most importantly, monitoring US citizens without warrants and such is against the Fourth Amendment, and therefore a crime. You don't want all those Revolutionary War heroes to have died in vain, do you?
> Of course this is all silly when they don't do the most
> common sense thing and ban the private ownership of
> guns.
Yeah, that would really help. Not only are guns not usually used in terrorism (they like bombs which private citizens do not own), but an armed citizen might be able to stop a terrorist before more people are hurt.
> The people have no legitimate need for guns but the
> various police agencies should be very well armed.
The people, not the police, are generally the ones present during a terrorist attack. All the arms of the police (who are very well armed, some in Florida with military hardware they have no training in how to use) are no good, if they are not present to stop an attack.
Anyway, the important thing is that the Second Amendment says that people have the right to bear arms.
You might want to read the Constitution and the Bill of Rights again. The USA you purpose bears no resemblance to the the one defined by those documents.
Databases (government or things like the Liberty Alliance), monitoring, disarming and stripping away the rights of US citizens are not going to solve the problem of terrorism. To stop terrorism for good, you have to look for its source: hatred and anger toward US foreign policy.
It's pretty simple. Pull the troops out of Saudi Arabia (and any other place in the Middle East where they are not wanted), and quit showing favoritism toward Israel (be chummy with Israel, but be just as chummy with everyone else), and you will have taken away Al Qaeda's main recruitment issues. Invade Iraq, and stir up a hornets' nest of angry terrorists.
Heck, being fair, impartial, and not sticking our troops where they aren't welcome would do wonders for our image worldwide. As for preemptive invasion, the last one to pull that was Hitler invading Poland. Boy did his foreign policy land him in a mess of trouble!
"Lola, kindness is not enough, look for the reason of hatred and anger.
When you find and understand that, love becomes the strongest power
Belabera, "Mothra 3: King Ghidora Attacks"
some good reading here
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
This is exactly why the government is interested in using this standard - all of the people that want government to support open source, this is how to make that happen, by making good open standard that can have a number of good open source implementations.
From what I've read so far here, a number people who would normally be all excited about the government supporting open standards and open source turn ultra-luddite when the words "government" and "identity" come together!
"There is more worth loving than we have strength to love." - Brian Jay Stanley
...ask what you can do for your government, to paraphrase a well known Fed. The US Government is not a monolithic block of Poindexters committed to stealing our personal liberties. Only a few want that and they are often just implimenting misguided legislation from the boneheads you and I elect. There are many more policy makers and technologists within Government who believe in the openess and freedom designed into the Internet. But if we don't find simple, effective ways to authenticate and secure our communications when they need to be secure, the open nature of the Internet is in jeopardy. That is because there are those in the Government (and a heck of a lot more in some of your corporations) who will point to the insecurity of their particular communications as an indictment of the Net in general. And from that point of view comes the increasing call for building structural controls into the fiber of the network - including the monitoring and oversight many of us dread.
The contingents from GSA and DoD participating in the Liberty ALliance are among the good guys. They believe in an open Internet and in open standards. They released their Certificate Arbitrator Module (CAM) under an open source license. They want to see the Internet work for everyone so it isn't hijacked for a few.