Slashdot Mirror
Single Government ID Moves Closer to Reality
NewbieV writes "The Washington Post is reporting that "federal officials are developing government-wide identification card standards for federal employees and contractors to prevent terrorists, criminals and other unauthorized people from getting into government buildings and computer systems."
The project is known as the Personal Identity Verification Project, and is being managed by the National Institute of Standards and Technology (NIST)."
Wow, similar IDs for government employees? This might prove as dangerous to our freedom as, say, Military IDs.
Oh dear jesus god no. If you're going to put all your eggs in one basket at least guard the basket well! The problem is that by unifying all the ID card systems they don't defend the basket as much as they should.
This point can be illustrated well with Safes. If it costs fifty pounds to break into a safe and only put forty pounds worth of valuables in the safe my safe is secure. If I get ten of these safes, each with forty pounds in them then the total of four hundred pounds worth of valuables is secure. Now let's say I decide to replace my ten safes with a single safe! A safe that only takes three hundred and fifty pounds to break in to is no good; I need a safe that is secure in the face of a four hundred pound attack or more.
The problem with centralising identifications systems is that the new scheme is rarely more secure than numerous schemes it replaces. Except, Except, this time this one ID acts as identification for many types of service and this makes everything less secure. Just for the sake of argument. Let's suppose I choose to attack the system in a certain way. Let say I want to obtain a real "fake"; that is, a card that is authentic but I've paid an employee that produces the cards to put bogus information on to the card. Rather than finding two friends in two different branches of government to supply me with a real card in a fake name I only have to find a single person. This type of weaking isn't just true for this limited type of attack - this weaking is there across the board.
Having different IDs is a simple security mechanism. It's the same reason that Microsoft's Passport technology is dying. Yes it might be more convient to have a single "sign in" but it means that you've produced a single global failure point for the entire system. Such systems are brital so please, I ask these people: hire some security professionals to make these decisions. Silly politicians making "security" decisions is about as helpful as putting a football coach in control of skyscrapper construction.
Simon.
Doesn't sound too bad - a single ID card for federal employees would be very handy - you just need one key to get into everything you have access to, instead of fumbling around with multiple keys and passcards.
Until the gov't starts implanting RFID tags in our skulls to track our every move, I don't really see the danger.
A single ID can be forged and used by terrorists for access to any government building! Brilliant!
So will the "patriots" take over and remove all rights in the name of nationalism? Rights are an integral part of american society and at the moment too many people are willing to throw them away for empty promises and pointless crusades.
This is a ways away from a "single government ID". That makes it sound like we are all going to get barcodes on our necks, this is simply a way to streamline the process of verifying federal employees, just as corporations have for years...this is not a problem. It becomes an issue when the ID starts to become mandatory for the non-governmental public, where the potential for abuse is.
Does anyone really think that you should have a single sign on name and password for every online service, site, e-mail account? Would you want that single sign on to be linked with all of your bank accounts? Why is it bad to have everything linked together? What makes identity theft easier?
Forget trolling about tin-foil hats or paranoid people who have nothing to hide. Let's get back to the nuts and bolts of why, from the very beginnings of nature, squirrels put nuts in many different places.
fast as fast can be. you'll never catch me.
I suspect the government will continue floating these id schemes until its ready to introduce the real system its got waiting in the wings whatever that is.
I'm assuming that with the incredibly intelligent slashdot editors we have here, that the part we should be paying attention to is "contractors." Well, no, i still don't see why this is important news, let alone have anything to do with my rights online.
I'm not a government employee, and I don't plan on sneaking in to any government building that i'm not supposed to be in. Are you trying to say that we have a right to have illegal access to all government property?
Typical American Response to Insightful Comment:
Did you just add your valuables in Pounds?
OH!
He's English, disregard him.
It seems innocent the way it's being presented now. Yeah, this does run the risk of making it easier for terrorists to forge the ID because there's only one kind instead fo many, but I could see how it can be convienent. The only problem is that if this is suscessful, who's to say they aren't beyond a National ID for everyone, like some people were reading into it?
recent ID technology which goes into how this is going be implemented.
Given the recent articles today, do they put in a GPS transponder and a personal laser defense system on each of these?
Online backup with Mozy, sounds like Ozzie, but more!
As a government employee I have to say this would be kinda nice.
You have the right to remain silent, you have the right to stay in gitmo, you had the right to an attourney but should you be able to afford one tough luck. Anything we think you said can and will be used against you to beat the shit out of you.
Drivers' licenses are ubiquitous and necessary. They are marked with identifying data and a unique number. They have your picture. Authorities are allowed to ask for it, and in general citizens are expected to cough it up. They must be checked by private parties in certain circumstances (to prove your age, for example), and in other circumstance private parties insist on checking your drivers' license as a prerequisite to doing business with you (Blockbuster, e.g.)
Granted, each state keeps track of its own citizens' licenses, so I suppose that's one difference between the status quo and the ballyhooed National ID Card. But really, what else are we afraid of? Why don't we just bite the bullet and make citizens' identification cards necessary? The states can take care of issuing them and tracking the relevant data, and we can have laws about when authorities are not allowed to ask for identification, or when a citizen is not obligated to identify himself, just like we do with licenses. But not arbitrarily tying our ID cards to driving would be much more efficient. Why should it be harder for a blind man to identify himself at will simply because he cannot drive?
So to everyone terrified of national ID cards, wake up: that reality arrived long ago.
C-Net says something different, that it's been implemented for over a year now.
As it is being worked by NIST, there will be no need for changes, cost effective, and implemented perfectly. Too bad it'll take 10 years to get to reality.
provide a Coral Cache link, read more about it at the NYUD Info page.
I am a current military ID card harder. I don't see a problem with one ID card standard for all governmen't employees. Our new cards have a chip in them as well as a magnetic strip. They make chow hall lines quicker because we don't have to sign, just put the card in and out. Saves on paperwork too. Our ID cards are also used when leaving and entering kuwait, to keep track of all the soldiers and other gov't workers over here. Accountability of people can be a good thing.
Wait a minute! Are you saying that the federal government is instituting a standardized system for identifying people who work for the federal government?
Oh, no, what's next? Will this spread to privfate companies? Will I have to hold a little magnetic badge up to a card reader in order for it to unlock the door to my office building? The horror!
Read all about it at this site where you can request information from the government regarding what your rights (and obligations) are.
Im pretty sure most break-ins come from things like "can you swipe me in? i left my card in the car" or "i work for bob but they havnt put me on the system yet" and "hey can i just use your computer for a minute to print this?"
This comment does not represent the views or opinions of the user.
That's why I'm eargerly awaiting the forthcoming release of data by the politicians pushing for ID:their funding, their horse trading, why they voted on every particular issue, how much money each lobbyist gave them and what they wanted for it, which election promises they actually plan to keep, etc etc
Slashdot: News for Nerds, Stuff that matters only to them
I work for the VA, and one of my duties is to make ID cards...Somehow I doubt this is gonna happen anytime soon. I mean, heck, IDs aren't even standardized throughout the VA, each medical center has its own format. About a year ago they told us we'd have a new system in place "soon." Still don't have it.
Ebay just jumping Passport, so why would we want a simular thing in goverment?
One ID means only one thing to conterfiet. Look at how well it is to get any corpate office wuth the same badge.
Let's say you're a terrorist. And, further, let's say you want to hurt Americans. What will you do?
Cheers,
b&
All but God can prove this sentence true.
Comment removed based on user account deletion
Oh wait, I AM to blame.
I believe this will fail for the following reasons:
1. Because this is Slashdot, and I'm supposed to hate big brother and fight the man and stuff.
2. Because I hate big brother and I fight the man... (but I'm supposed to get counseling for it)
3. Because "PIVP" isn't s scazzy acronym.
The problem with this scheme is it also introduces a single point of failure. If "evildoers" (other than cheney, bush, rove, rummy & company) figure out a hole, the entire system is in jeopardy--like that whole problem with a homogenous computing environment. If the system is unmanageable for the government as it is, imagine how difficult it is for the "evildoers" to "do evil" with it.
Comment removed based on user account deletion
How is this different from the current CAC card (government version of standard smart card) currently issued to soldiers, civilians and contractors?
The fact that no Christians squealed when the FDA approved subcutaneous implantable ID chips in humans makes me think that in real life if we ever get a "Mark Of The Beast" most Christians will take it along with the rest of the sheeple.
Then again, did the Dems take advantage of the info? Nope. Such a shame, because if this had been approved by Clinton Karl Rove would have been all over this in 2000.
Knowledge is power. Knowledge shared is power multiplied.
Umm... Why do you think most Christians support Isreal fervently? Its because all of Isreal needs to be controlled by Jews, and Jerusalem needs to be occupied completely by Jews.
Once this occurs, its ready for Jesus, since in Revelations, Isreal and Jerusalem must be ready before Jesus comes back to Earth to save the Christians. This of course means the slaughter of the Jews.
So the dogma regarding the murders of millions apparently sits well with Christians before The End. Why would national ids bother them? If its a step closer to the Beast, they would embrace as fervently as they support Isreal. Christians want the Rapture to happen, and they want it to happen in their lifetime. Why? Because that means they don't have to die. (The analog to the Rapture is that if you stood next to a Christian in an open field and Rapture happened, they would disappear if you looked the other way for a second while it occurs.)
Part of my reply is flamebait since most Christians simply want to be saved, and don't want any part of a massive slaughter, but this is what the Rapture of the Church is all about, so I will leave my post at that.
Well said. I agree 100%.
...with generic numbered cards letting you into all the enemy's buildings! Maybe they'll be named "Card 1", "Card 2" etc.
The truck have started to move!
Oh, and this story is a duplicate.
How am I supposed to fit a pithy, relevant quote into 120 characters?
Largely correct, except that you must replace "Christian" with "fundamentalist Christian" in every instance.
The Rapture also has little to do with not dying. Christ's appearance on Earth ca. 2000 years ago meant that none of us will 'die', but will live forever through Christ.
Not sure why the fundies can't grasp that.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
we should have had a national ID long ago,but no doubt business lobbies have impeded its development. The longer they can keep importing and exploiting cheap illegal labor, the more money for them, and the more wages are driven down for citizens.
It's criminal, IMHO.
eat shiat and bark at the moon
if they also implement a system where you have to step into a giant glass tube (a la The Jetsons or Futurama) and if your ID is incorrect it tubes you off to the nearest holding cell.
That would be kinda neat.
Direct away from face when opening.
This is WAY better than the ID card article.
I, for one, welcome our new ID-issuing overlords.
One ID means only one thing to conterfiet.
Not really. First of all, IDs with biometrics and RSA key signatures (like my military ID) provide a level of security that protects against counterfeiting. Keys are issued at approved facilities and locked down with a PIN. To counterfeit such a card you would need to recreate the card, embed the smart chip, enter a key on it, and hack the central database with the same key.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
First it was the Federal Employee Identity Verification Project and suddenly it has mutated to the Personal Identity Verification Project. This and some some other changes that have been introduced very quietly and without any oversight in order to broaden the scope of this and other projects are extremely creepy. These types of projects are paid for by all of us and are about to get out of hand and become a serious threat to our privacy if there are no strict oversight and clear limits. Its time to write our representatives again...
holy crap man. you're like my fucking hero. keep up the good work, everybody here is way too mature. you're keeping the balance.
Badges...We don't need no stinkin badges!
Yeah. I'm sure that this new ID card will "prevent terrorists, criminals and other unauthorized people from getting into government buildings and computer systems."
I smell someone trying to convince people that security can be had in a product, rather than requiring constant vigilance, like it really does.
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
http://www.libertydollar.org
Or I can just hor my body.
http://www.biolifeplasma.com
I feel obligated to point out that a thief does not normally know what is in such a safe before attempting to crack it open
Where did you learn this again? A survey conducted at the Robbers-R-US convention?
Maroons (and, no, I am not neXus_umr).
Just for the sake of nitpicking as theologians are inclined to do....
Even the phrase "fundamentalist Christian" is not an accurate title in this case. It is actually the classic or "old school" dispensationalists like Tim LaHaye - the author behind the popular books of the Left Behind series. In fact many fundamentalist christians (which is normally synonymous with the word evangelical, in the US) do not seem to be adequately represented by the craze created by the Left Behind series.
Not only is classic dispensationalism dead (hence the rise of neo-dispensationalism) but even the new view is not as widely held in the theological circles as many other views (hell, how do we even know Revelation is a linear book aaaaand how can we take one verse from Daniel and interpret the rest of the Bible from that? - that's how it was with classic dispensationalism, in a general sense, though that probably does injustice to many off shoots of dispensationalism).
Its a shame that christianity is characterized by one opinion per issue. There is a wide variety of thought concerning these matters in christendom and *gasp* each person is still a Bible believing christian, after all they do conform to the creeds developed by the early church councils. Its like saying all christians support the crusades or for a relevant example, George W. Bush.
I think I am a bit of a fundy, but apparently by many standards not a very good one. I don't like killing people, I support social programs and I'm not a Republican... then again nor am I much of a Democrat either. But now I am getting tangential...
Basically what I am saying in summary is that dispensationalists are not even a majority. I am not yelling to say, "Hey, look me - a minority." What I am saying, is that this view that many people see christianity as does not even enjoy the position of majority in a grand sense.
- David
Bible/Theology Major
History Major
I hereby predict that if this system works (or is made to work) then the next proposal will be for all US citizens to have once.
It's happening in Britain. Consider us a trial for the US.
The government needs a way to ID people who work for it. That makes sense to me. But there is an effort under way to sell microchip ID's that will require a reader for all departments and hospitals. The spin-masters are pushing this with letters to the editor in various papers and with their subtle "it is for the children" crap that they always use when they are trying to push their shit through.
Make no mistake that there is an effort that will be to tag everyone. It is going on right now. They say "oh, my poor grandmother could have been identified" or "if only my child had the chip in his neck . . "
I find it sickning and very disturbing. This is not the government doing this, but private companies. And they will stop at nothing.
I have said for a long time that if we want national health care then why waste money on national health ID cards. The money can be better spent on health care than on pieces of plastic.
They will try to spend billions on an ID system to make themselves rich at our expense. So we need to be vigilent.
And they will present anecdotal evidence of someone getting a double prescriptoin as an excuse as to why we need this intrusion. It is a sad comment on the creed and cupity of folks who want to sell these ID systems. The money should be spent on health care, not on health cards.
OK, apart from the fact that all of you who drive are already carrying a form of government-issued ID, the Department of Defense is already using something like this. It's called a CAC card. It's a combination identification and smartcard. It gets me onto the base, into the PX and helps decrypt my email. It's a straw-man argument to say that "the terrorists" are going to mass producing these and getting in and out of Ft. Meade at will. Just as it is not with my CAC card, I get get to every place on post. The level of effort is going to be far too difficult when there's so many other software targets to hit.
Can anyone address what the government gets out of tracking everybody?
Flamebait aside, this has a good chance at increasing security, if done right. NIST is the right agency to handle this. It's not intended to be a centralized national ID, but a standard way of defining what IDs look and act like. Basically, a guard doesn't have to remember all the different agency and vendor ID cards no matter what door he gets transferred to.
Since every dorm has a kid that "can make it look real" verifying that ID is the key. Here's where the folks at NIST and the rest of the Feds really need to earn their pay. If you can't verify who issued the ID and how, it doesn't have much security. The Smart Card Alliance sponsored a good white paper on the "Chain of Trust" concept, http://www.smartcardalliance.org/alliance_activiti es/secure_id_systems_report.cfm
These IDs can't be issued by one entity so unless the effort includes a easy, fast and secure method to verify both the identity and how it was issued, they are just setting up a beauty contest between the forgers.
Chapter 2: Al Qaeda's Strategy and Operational Principles
r ies.html/
Al Qaeda's greatest asset is its ability to wage covert operations on a global scale. Its goal is not random violence. Its goal is to recreate the ancient Muslim empire, the Caliphate, by creating a mass Islamic uprising against corrupt regimes. It has no interest in the United States except that attacking it helps it move toward its goal.
http://www.americassecretwar.com/about_book_summa
UK Parliamentary Committee Releases Report Damning ID System http://www.privacyinternational.org/article.shtml? cmd%5B347%5D=x-347-63601
Spain has ID cards, but that didn't prevent the Madrid train bomb: http://news.bbc.co.uk/2/hi/europe/3500452.stm
The British Parliament has abandoned their new ID cards for the Houses of Parliament despite the recent security breaches, as some hundreds have 'gone missing'.
Reasons against ID cards: http://www.bbc.co.uk/dna/ican/A2319176
------------
ID cards might well:
* Worsen harassment of ethnic minorities: They'll provide another pretext for stop-and-search, often directed at ethnic minorities
* Have little impact on counter-terrorism: Sophisticated terror networks would soon be able to produce counterfeit cards or papers enabling people to get legitimate cards
* Have little effect on illegal working: Employers who are already willing to break the law won't be put off by identity cards
* Lead to 'function creep': The functions of the card will grow over time as it stores more personal information. More people could demand to see it, effectively making it compulsory to carry one
* Lead to loss of privacy: There will be a massive database containing an unprecedented amount of personal information on people
* Be costly and impractical: There is scepticism about the cost and operability of the scheme, as well as the government's ability to manage the technology
----------------
Doubts over ID card scheme http://news.bbc.co.uk/1/hi/technology/2688697.stm
Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
What proponents of high-tech IDs tend to overlook is the importance of having people involved. A few years ago, I worked in a hospital/research center in NYC that had very tight security (for example, everyone was finger-printed before being issued an ID). The ID itself would presumably not be impossible for someone--especially someone motivated--to fake, but the security guards were another matter. They lived at the entrance to the building, and they pretty much recognized everyone who worked there. If they didn't recognize you, they stopped you, checked your ID, and called up to wherever you said you were going. This isn't a system that would work for a bulding accessible to the general public, but the majority of government buildings are only frequented by the people who work there ... for these buildings, attentive security guards are at least as important as fancy IDs.
Now that is just unfair! If The recent history of lucrative government contracts *cough* EDS *cough* is anything to go by, the government will pay hundreds of millions to a company to develop something which will never work and be scrapped before it reaches roll-out. The most secure code is that which is never run (failure rate 0%). Any bureaucrat can see the logic of this.
Seriously, there will be a national ID in britain soon, probably implanted rfid. It fits so well with government policy of hugely inconveniencing everyone who isn't in power (If you are in power you can erase all that troubling data that have acculmulated in the huge Database of Everything and Everyone."David? Hi, it's Tony. Listen, the wife is going ballistic because the nanny can't take the boys shopping in manhatten . Could you have a word with records about her clearance? Thanks").
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
In my country we have ID cards. We have social security IDs. We use the IDs to prove we are who we claim to be, when such a need arises. For example, at a doctor's, at a store when purchasing large amounts with a plastic card.
You can get a dedicated card, or you can use your driver's license which contains the same ID. The net result is the same: you prove to be who you claim to be.
All buildings will need a guest system so that's one obvious attack vector.
Alternatively, you attack the card issuing system or the people who run it. That way you get a valid card and gain access as needed.
There will have to be a system to deal with lost cards, that's another good way to attack the scheme.
Why not? Most of the contractors are foriegners, and they all look alike anyway. Maybe with ID they'll stop bombing us and just fucking do their jobs...
THATS BECAUSE THE TOWN IS MUSLIM.
Text of a completely different, unrelated article.
Timothy McVeigh had ID, too.
IDs do nothing for security at all, except lure gullible people into believing they do something to promote security. The proposed Federal IDs can tell you if a known terrorist is trying to get a job in the government. If a person is a "known terrorist" why in god's green earth hasn't she/he been picked up yet? Oh wait...
Yeah, right.
See how that homeland security act get used for blanket coverage of just about anything? Besides, what's stopping Terrorist Habib from "Give me your card or I cut off your nutsack"
" difficult to use by anyone other than the rightful card-holder if lost or stolen." -- however it does not say impossible.
Join the Slashcott! Feb 10 thru Feb 17!
When will govts stop just saying that it will prevent terrorism and start saying how exactly?
Recently the UK government discussed returning motorbikes to having front number plates, which were removed because they were mounted on the front wheel sideways and in collisions with pedestrians the latter ended up with bits sliced off. The basis for the discussion was that it would stop terrorists and drug barons (and of course had nothing to do with the fact that front facing cash, er, safety cameras cannot identify motorbikes).
Now I don't know about anyone else but I really can't see how returning front number plates to motorbikes will do anything about drugs and terrorism. Perhaps they're hoping that drug barons and terrorists won't think to put front number plates on their motorbikes, and that therefore anyone without one must be one of these people?
It will of course make the whole policy completely ineffective when terrorists and drug barons start putting front plates back on their bikes. After all, it was a real bummer when they stopped going around in sandwich boards that had printed front and back I AM A DRUG DEALER, GET YOUR DRUGS HERE, and I HAVE A BOMB, PLEASE DON'T RUN AWAY.
Unless everyone is carring a reader you have one thing to conterfit. That is the problem.
Now copying a card is generally easy. I worked in hotels for years, once you have a inside source or phone tap, the informarion is avaialble and a CRcard can be dupilicaed in less than 1hr. Remember the cards MUST BE readable.
Here we are talking about adding a picture id. Yes it is alot harder, not.
Your view should be obvious to anyone who regularly reads /. The same idea applies to security wrt OS monoculture.
- If you only want central control, the singular id is desired.
- If you don't want to risk total collapse, don't tie everything together. Texas had no real worries during the 2003 blackout.
Dewey, what part of this looks like authorities should be involved?
So how will Bush-appointed felons like John Poindexter get into their offices?
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
I came across this in metamoderation. I don't think it's a troll and metamoderated it that way. However, that doesn't change the comment moderation, just effects the moderator.