Slashdot Mirror
Single Government ID Moves Closer to Reality
NewbieV writes "The Washington Post is reporting that "federal officials are developing government-wide identification card standards for federal employees and contractors to prevent terrorists, criminals and other unauthorized people from getting into government buildings and computer systems."
The project is known as the Personal Identity Verification Project, and is being managed by the National Institute of Standards and Technology (NIST)."
Wow, similar IDs for government employees? This might prove as dangerous to our freedom as, say, Military IDs.
Oh dear jesus god no. If you're going to put all your eggs in one basket at least guard the basket well! The problem is that by unifying all the ID card systems they don't defend the basket as much as they should.
This point can be illustrated well with Safes. If it costs fifty pounds to break into a safe and only put forty pounds worth of valuables in the safe my safe is secure. If I get ten of these safes, each with forty pounds in them then the total of four hundred pounds worth of valuables is secure. Now let's say I decide to replace my ten safes with a single safe! A safe that only takes three hundred and fifty pounds to break in to is no good; I need a safe that is secure in the face of a four hundred pound attack or more.
The problem with centralising identifications systems is that the new scheme is rarely more secure than numerous schemes it replaces. Except, Except, this time this one ID acts as identification for many types of service and this makes everything less secure. Just for the sake of argument. Let's suppose I choose to attack the system in a certain way. Let say I want to obtain a real "fake"; that is, a card that is authentic but I've paid an employee that produces the cards to put bogus information on to the card. Rather than finding two friends in two different branches of government to supply me with a real card in a fake name I only have to find a single person. This type of weaking isn't just true for this limited type of attack - this weaking is there across the board.
Having different IDs is a simple security mechanism. It's the same reason that Microsoft's Passport technology is dying. Yes it might be more convient to have a single "sign in" but it means that you've produced a single global failure point for the entire system. Such systems are brital so please, I ask these people: hire some security professionals to make these decisions. Silly politicians making "security" decisions is about as helpful as putting a football coach in control of skyscrapper construction.
Simon.
Doesn't sound too bad - a single ID card for federal employees would be very handy - you just need one key to get into everything you have access to, instead of fumbling around with multiple keys and passcards.
Until the gov't starts implanting RFID tags in our skulls to track our every move, I don't really see the danger.
A single ID can be forged and used by terrorists for access to any government building! Brilliant!
This is a ways away from a "single government ID". That makes it sound like we are all going to get barcodes on our necks, this is simply a way to streamline the process of verifying federal employees, just as corporations have for years...this is not a problem. It becomes an issue when the ID starts to become mandatory for the non-governmental public, where the potential for abuse is.
Does anyone really think that you should have a single sign on name and password for every online service, site, e-mail account? Would you want that single sign on to be linked with all of your bank accounts? Why is it bad to have everything linked together? What makes identity theft easier?
Forget trolling about tin-foil hats or paranoid people who have nothing to hide. Let's get back to the nuts and bolts of why, from the very beginnings of nature, squirrels put nuts in many different places.
fast as fast can be. you'll never catch me.
I suspect the government will continue floating these id schemes until its ready to introduce the real system its got waiting in the wings whatever that is.
I'm assuming that with the incredibly intelligent slashdot editors we have here, that the part we should be paying attention to is "contractors." Well, no, i still don't see why this is important news, let alone have anything to do with my rights online.
I'm not a government employee, and I don't plan on sneaking in to any government building that i'm not supposed to be in. Are you trying to say that we have a right to have illegal access to all government property?
It seems innocent the way it's being presented now. Yeah, this does run the risk of making it easier for terrorists to forge the ID because there's only one kind instead fo many, but I could see how it can be convienent. The only problem is that if this is suscessful, who's to say they aren't beyond a National ID for everyone, like some people were reading into it?
Given the recent articles today, do they put in a GPS transponder and a personal laser defense system on each of these?
Online backup with Mozy, sounds like Ozzie, but more!
As a government employee I have to say this would be kinda nice.
Drivers' licenses are ubiquitous and necessary. They are marked with identifying data and a unique number. They have your picture. Authorities are allowed to ask for it, and in general citizens are expected to cough it up. They must be checked by private parties in certain circumstances (to prove your age, for example), and in other circumstance private parties insist on checking your drivers' license as a prerequisite to doing business with you (Blockbuster, e.g.)
Granted, each state keeps track of its own citizens' licenses, so I suppose that's one difference between the status quo and the ballyhooed National ID Card. But really, what else are we afraid of? Why don't we just bite the bullet and make citizens' identification cards necessary? The states can take care of issuing them and tracking the relevant data, and we can have laws about when authorities are not allowed to ask for identification, or when a citizen is not obligated to identify himself, just like we do with licenses. But not arbitrarily tying our ID cards to driving would be much more efficient. Why should it be harder for a blind man to identify himself at will simply because he cannot drive?
So to everyone terrified of national ID cards, wake up: that reality arrived long ago.
As it is being worked by NIST, there will be no need for changes, cost effective, and implemented perfectly. Too bad it'll take 10 years to get to reality.
Wait a minute! Are you saying that the federal government is instituting a standardized system for identifying people who work for the federal government?
Oh, no, what's next? Will this spread to privfate companies? Will I have to hold a little magnetic badge up to a card reader in order for it to unlock the door to my office building? The horror!
Im pretty sure most break-ins come from things like "can you swipe me in? i left my card in the car" or "i work for bob but they havnt put me on the system yet" and "hey can i just use your computer for a minute to print this?"
This comment does not represent the views or opinions of the user.
That's why I'm eargerly awaiting the forthcoming release of data by the politicians pushing for ID:their funding, their horse trading, why they voted on every particular issue, how much money each lobbyist gave them and what they wanted for it, which election promises they actually plan to keep, etc etc
Slashdot: News for Nerds, Stuff that matters only to them
They make chow hall lines quicker because we don't have to sign
What a wonderful justification. As an addendum, college cafeterias had this problem licked years ago without the need for a chip or a magnetic strip--just a bar code.
I'm not going to put on a tin-foil hat and try to point out potential abuses. I'm just going to say that unified tracking sounds both suspicious and exploitable. I'm sure you guys know how to get your girlfriends through the chow line. As a private citizen I'm allowed to be suspicious of an entity that acknowledges that I exist only when they want my vote once every few years. Too bad I'm not allowed to vote with my paycheck during the interim.
fast as fast can be. you'll never catch me.
I work for the VA, and one of my duties is to make ID cards...Somehow I doubt this is gonna happen anytime soon. I mean, heck, IDs aren't even standardized throughout the VA, each medical center has its own format. About a year ago they told us we'd have a new system in place "soon." Still don't have it.
Ebay just jumping Passport, so why would we want a simular thing in goverment?
One ID means only one thing to conterfiet. Look at how well it is to get any corpate office wuth the same badge.
Let's say you're a terrorist. And, further, let's say you want to hurt Americans. What will you do?
Cheers,
b&
All but God can prove this sentence true.
Comment removed based on user account deletion
The problem with this scheme is it also introduces a single point of failure. If "evildoers" (other than cheney, bush, rove, rummy & company) figure out a hole, the entire system is in jeopardy--like that whole problem with a homogenous computing environment. If the system is unmanageable for the government as it is, imagine how difficult it is for the "evildoers" to "do evil" with it.
Comment removed based on user account deletion
How is this different from the current CAC card (government version of standard smart card) currently issued to soldiers, civilians and contractors?
The fact that no Christians squealed when the FDA approved subcutaneous implantable ID chips in humans makes me think that in real life if we ever get a "Mark Of The Beast" most Christians will take it along with the rest of the sheeple.
Then again, did the Dems take advantage of the info? Nope. Such a shame, because if this had been approved by Clinton Karl Rove would have been all over this in 2000.
Knowledge is power. Knowledge shared is power multiplied.
...with generic numbered cards letting you into all the enemy's buildings! Maybe they'll be named "Card 1", "Card 2" etc.
The truck have started to move!
It's not. They're worse, if you ask me.
And my University used mag stripes, which were readable by vending machines on campus.
You'd have to custom design your own vending machine if you wanted it to read barcodes.
I don't need no instructions to know how to rock!!!!
Oh, and this story is a duplicate.
How am I supposed to fit a pithy, relevant quote into 120 characters?
Largely correct, except that you must replace "Christian" with "fundamentalist Christian" in every instance.
The Rapture also has little to do with not dying. Christ's appearance on Earth ca. 2000 years ago meant that none of us will 'die', but will live forever through Christ.
Not sure why the fundies can't grasp that.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
we should have had a national ID long ago,but no doubt business lobbies have impeded its development. The longer they can keep importing and exploiting cheap illegal labor, the more money for them, and the more wages are driven down for citizens.
It's criminal, IMHO.
eat shiat and bark at the moon
if they also implement a system where you have to step into a giant glass tube (a la The Jetsons or Futurama) and if your ID is incorrect it tubes you off to the nearest holding cell.
That would be kinda neat.
Direct away from face when opening.
One ID means only one thing to conterfiet.
Not really. First of all, IDs with biometrics and RSA key signatures (like my military ID) provide a level of security that protects against counterfeiting. Keys are issued at approved facilities and locked down with a PIN. To counterfeit such a card you would need to recreate the card, embed the smart chip, enter a key on it, and hack the central database with the same key.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
Badges...We don't need no stinkin badges!
Yeah. I'm sure that this new ID card will "prevent terrorists, criminals and other unauthorized people from getting into government buildings and computer systems."
I smell someone trying to convince people that security can be had in a product, rather than requiring constant vigilance, like it really does.
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
http://www.libertydollar.org
Or I can just hor my body.
http://www.biolifeplasma.com
Just for the sake of nitpicking as theologians are inclined to do....
Even the phrase "fundamentalist Christian" is not an accurate title in this case. It is actually the classic or "old school" dispensationalists like Tim LaHaye - the author behind the popular books of the Left Behind series. In fact many fundamentalist christians (which is normally synonymous with the word evangelical, in the US) do not seem to be adequately represented by the craze created by the Left Behind series.
Not only is classic dispensationalism dead (hence the rise of neo-dispensationalism) but even the new view is not as widely held in the theological circles as many other views (hell, how do we even know Revelation is a linear book aaaaand how can we take one verse from Daniel and interpret the rest of the Bible from that? - that's how it was with classic dispensationalism, in a general sense, though that probably does injustice to many off shoots of dispensationalism).
Its a shame that christianity is characterized by one opinion per issue. There is a wide variety of thought concerning these matters in christendom and *gasp* each person is still a Bible believing christian, after all they do conform to the creeds developed by the early church councils. Its like saying all christians support the crusades or for a relevant example, George W. Bush.
I think I am a bit of a fundy, but apparently by many standards not a very good one. I don't like killing people, I support social programs and I'm not a Republican... then again nor am I much of a Democrat either. But now I am getting tangential...
Basically what I am saying in summary is that dispensationalists are not even a majority. I am not yelling to say, "Hey, look me - a minority." What I am saying, is that this view that many people see christianity as does not even enjoy the position of majority in a grand sense.
- David
Bible/Theology Major
History Major
OK, apart from the fact that all of you who drive are already carrying a form of government-issued ID, the Department of Defense is already using something like this. It's called a CAC card. It's a combination identification and smartcard. It gets me onto the base, into the PX and helps decrypt my email. It's a straw-man argument to say that "the terrorists" are going to mass producing these and getting in and out of Ft. Meade at will. Just as it is not with my CAC card, I get get to every place on post. The level of effort is going to be far too difficult when there's so many other software targets to hit.
Flamebait aside, this has a good chance at increasing security, if done right. NIST is the right agency to handle this. It's not intended to be a centralized national ID, but a standard way of defining what IDs look and act like. Basically, a guard doesn't have to remember all the different agency and vendor ID cards no matter what door he gets transferred to.
Since every dorm has a kid that "can make it look real" verifying that ID is the key. Here's where the folks at NIST and the rest of the Feds really need to earn their pay. If you can't verify who issued the ID and how, it doesn't have much security. The Smart Card Alliance sponsored a good white paper on the "Chain of Trust" concept, http://www.smartcardalliance.org/alliance_activiti es/secure_id_systems_report.cfm
These IDs can't be issued by one entity so unless the effort includes a easy, fast and secure method to verify both the identity and how it was issued, they are just setting up a beauty contest between the forgers.
Control, extorsion et cetera. "Citizen, your papers please?" The same with standardized testing -- identify strenghts and weaknesses, assign occupations thusly. You can't get away with any of that subversive crap if they know where you are. Like Santa Clause only far less dastardly.
UK Parliamentary Committee Releases Report Damning ID System http://www.privacyinternational.org/article.shtml? cmd%5B347%5D=x-347-63601
Spain has ID cards, but that didn't prevent the Madrid train bomb: http://news.bbc.co.uk/2/hi/europe/3500452.stm
The British Parliament has abandoned their new ID cards for the Houses of Parliament despite the recent security breaches, as some hundreds have 'gone missing'.
Reasons against ID cards: http://www.bbc.co.uk/dna/ican/A2319176
------------
ID cards might well:
* Worsen harassment of ethnic minorities: They'll provide another pretext for stop-and-search, often directed at ethnic minorities
* Have little impact on counter-terrorism: Sophisticated terror networks would soon be able to produce counterfeit cards or papers enabling people to get legitimate cards
* Have little effect on illegal working: Employers who are already willing to break the law won't be put off by identity cards
* Lead to 'function creep': The functions of the card will grow over time as it stores more personal information. More people could demand to see it, effectively making it compulsory to carry one
* Lead to loss of privacy: There will be a massive database containing an unprecedented amount of personal information on people
* Be costly and impractical: There is scepticism about the cost and operability of the scheme, as well as the government's ability to manage the technology
----------------
Doubts over ID card scheme http://news.bbc.co.uk/1/hi/technology/2688697.stm
Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
What proponents of high-tech IDs tend to overlook is the importance of having people involved. A few years ago, I worked in a hospital/research center in NYC that had very tight security (for example, everyone was finger-printed before being issued an ID). The ID itself would presumably not be impossible for someone--especially someone motivated--to fake, but the security guards were another matter. They lived at the entrance to the building, and they pretty much recognized everyone who worked there. If they didn't recognize you, they stopped you, checked your ID, and called up to wherever you said you were going. This isn't a system that would work for a bulding accessible to the general public, but the majority of government buildings are only frequented by the people who work there ... for these buildings, attentive security guards are at least as important as fancy IDs.
Now that is just unfair! If The recent history of lucrative government contracts *cough* EDS *cough* is anything to go by, the government will pay hundreds of millions to a company to develop something which will never work and be scrapped before it reaches roll-out. The most secure code is that which is never run (failure rate 0%). Any bureaucrat can see the logic of this.
Seriously, there will be a national ID in britain soon, probably implanted rfid. It fits so well with government policy of hugely inconveniencing everyone who isn't in power (If you are in power you can erase all that troubling data that have acculmulated in the huge Database of Everything and Everyone."David? Hi, it's Tony. Listen, the wife is going ballistic because the nanny can't take the boys shopping in manhatten . Could you have a word with records about her clearance? Thanks").
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
All buildings will need a guest system so that's one obvious attack vector.
Alternatively, you attack the card issuing system or the people who run it. That way you get a valid card and gain access as needed.
There will have to be a system to deal with lost cards, that's another good way to attack the scheme.
Why not? Most of the contractors are foriegners, and they all look alike anyway. Maybe with ID they'll stop bombing us and just fucking do their jobs...
Timothy McVeigh had ID, too.
IDs do nothing for security at all, except lure gullible people into believing they do something to promote security. The proposed Federal IDs can tell you if a known terrorist is trying to get a job in the government. If a person is a "known terrorist" why in god's green earth hasn't she/he been picked up yet? Oh wait...
Yeah, right.
See how that homeland security act get used for blanket coverage of just about anything? Besides, what's stopping Terrorist Habib from "Give me your card or I cut off your nutsack"
" difficult to use by anyone other than the rightful card-holder if lost or stolen." -- however it does not say impossible.
Join the Slashcott! Feb 10 thru Feb 17!
When will govts stop just saying that it will prevent terrorism and start saying how exactly?
Recently the UK government discussed returning motorbikes to having front number plates, which were removed because they were mounted on the front wheel sideways and in collisions with pedestrians the latter ended up with bits sliced off. The basis for the discussion was that it would stop terrorists and drug barons (and of course had nothing to do with the fact that front facing cash, er, safety cameras cannot identify motorbikes).
Now I don't know about anyone else but I really can't see how returning front number plates to motorbikes will do anything about drugs and terrorism. Perhaps they're hoping that drug barons and terrorists won't think to put front number plates on their motorbikes, and that therefore anyone without one must be one of these people?
It will of course make the whole policy completely ineffective when terrorists and drug barons start putting front plates back on their bikes. After all, it was a real bummer when they stopped going around in sandwich boards that had printed front and back I AM A DRUG DEALER, GET YOUR DRUGS HERE, and I HAVE A BOMB, PLEASE DON'T RUN AWAY.
Unless everyone is carring a reader you have one thing to conterfit. That is the problem.
Now copying a card is generally easy. I worked in hotels for years, once you have a inside source or phone tap, the informarion is avaialble and a CRcard can be dupilicaed in less than 1hr. Remember the cards MUST BE readable.
Here we are talking about adding a picture id. Yes it is alot harder, not.
Dewey, what part of this looks like authorities should be involved?
So how will Bush-appointed felons like John Poindexter get into their offices?
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak