Single Government ID Moves Closer to Reality

NewbieV writes "The Washington Post is reporting that "federal officials are developing government-wide identification card standards for federal employees and contractors to prevent terrorists, criminals and other unauthorized people from getting into government buildings and computer systems." The project is known as the Personal Identity Verification Project, and is being managed by the National Institute of Standards and Technology (NIST)."

Oh?

[mythosaz]

Wow, similar IDs for government employees? This might prove as dangerous to our freedom as, say, Military IDs.

Re:Oh?

[Alabama_Man]

Dangerous to our freedom? Our freedom is already in the toilet. Hell, even the future isn't safe anymore,it's being sold! So much for all your plans of a "unified id card".

Re:Oh?

[Staplerh]

Wow, similar IDs for government employees? This might prove as dangerous to our freedom as, say, Military IDs.

Oh, give me a break, who modded this 'Flamebait'. Give me a break, he had a valid point.

If you don't want a Federal ID card for employees/contractors, don't join the Federal government? This is more akin to a Military ID card than a 'national ID card'. I think this is a great analogy, and if I had meta-mod points I'd mod that unfair.

Re:Oh?

[The+Snowman]

Wow, similar IDs for government employees? This might prove as dangerous to our freedom as, say, Military IDs.

Exactly. This is not a federal ID for the masses, it is a combination ID card and access badge for secure facilities. It provides a single ID so checking IDs is easier.

Checking IDs at public places is retarded. Checking IDs at restricted access places like military bases, NASA, NSA, etc. makes a hell of a lot of sense. Joe Blow should not be allowed in the CIA headquarters. As it stands right now, each agency has its own ID card. Let's say the FBI is investigating a military member. The gate guard has to know what an FBI ID looks like if he is to provide effective entry control. By creating a common ID across the government, the gate guard knows where to look on the ID for the relevant information and what should be there.

I have one of the new military IDs. Military, civil service civilians, contractors, everyone uses the same damn ID but certain words are different, color coding is different (e.g. civil servants have a green stripe), etc. It has a microchip built in with RSA keys unlocked by a PIN. I can use it to log in to Windows NT and Solaris boxes with card readers. If this is the future of IDs for government workers, the government finally did something right for once.

I'm against this.. take three guesses why?

[Ckwop]

Oh dear jesus god no. If you're going to put all your eggs in one basket at least guard the basket well! The problem is that by unifying all the ID card systems they don't defend the basket as much as they should.

This point can be illustrated well with Safes. If it costs fifty pounds to break into a safe and only put forty pounds worth of valuables in the safe my safe is secure. If I get ten of these safes, each with forty pounds in them then the total of four hundred pounds worth of valuables is secure. Now let's say I decide to replace my ten safes with a single safe! A safe that only takes three hundred and fifty pounds to break in to is no good; I need a safe that is secure in the face of a four hundred pound attack or more.

The problem with centralising identifications systems is that the new scheme is rarely more secure than numerous schemes it replaces. Except, Except, this time this one ID acts as identification for many types of service and this makes everything less secure. Just for the sake of argument. Let's suppose I choose to attack the system in a certain way. Let say I want to obtain a real "fake"; that is, a card that is authentic but I've paid an employee that produces the cards to put bogus information on to the card. Rather than finding two friends in two different branches of government to supply me with a real card in a fake name I only have to find a single person. This type of weaking isn't just true for this limited type of attack - this weaking is there across the board.

Having different IDs is a simple security mechanism. It's the same reason that Microsoft's Passport technology is dying. Yes it might be more convient to have a single "sign in" but it means that you've produced a single global failure point for the entire system. Such systems are brital so please, I ask these people: hire some security professionals to make these decisions. Silly politicians making "security" decisions is about as helpful as putting a football coach in control of skyscrapper construction.

Simon.

Re:I'm against this.. take three guesses why?

[NoMoreNicksLeft]

Except that this isn't about protection from terrorists at all, its about control-freakism on a rampage.

The terrorist that defeats this, will be one with a valid ID as janitorial staff. Not someone trying to fake an ID as a junior senator. Duh.

Don't you wonder a little bit, that they're rushing to protect all the official buildings, when people like you and I will still be unsafe in public buildings? Do they think this will have protected us at the airport prior to 9/11, or in the towers? Even the pentagon, that was attacked, wasn't infiltrated with a fake ID, but with a 757 hellbent for the ground. Duh.

Centralization is a fetish for the elected nazi wannabees. It won't do a damn bit of good for you and me, and only a fool can't dream up at least one way for it to be abused...

Re:I'm against this.. take three guesses why?

[mcg1969]

The terrorist that defeats this, will be one with a valid ID as janitorial staff. Not someone trying to fake an ID as a junior senator. Duh.

Umm, I never said someone needed to impersonate a senator. In fact, a janitor is exactly the kind of thing I'd imagine, too. And yet, even janitors don't have access to every building in the government. My comment still applies.

Don't you wonder a little bit, that they're rushing to protect all the official buildings, when people like you and I will still be unsafe in public buildings?

Umm, no, I don't think they believe this would have stopped 9/11. In fact I'm hoping they go on the assumption that the terrorists are exploring different ideas as well. Besides, you sure do have some interesting logic: don't bother to protect anything because you're not protecting everything.

Or...

A single ID can be forged and used by terrorists for access to any government building! Brilliant!

Re:Or...

[mcg1969]

Let's forget terrorists for a moment, do you really believe these badges would be designed so that an employee of the Department of Agriculture can gain access to an NSA building?

Re:Or...

[Zocalo]

Exactly. These things will almost certainly be like swipe cards on steroids with multiple levels of validation as to what and what isn't permitted. In a typical swipe card system you divide your secured areas into zones, then assign each swipe card access on a zone by zone basis. That covers the "something you have" aspect of security, and you can still add in the "something you know" (keypad or other password system) and "something you are" (biometic) if you wish. Hell, you can even keep the people standing around with guns too if the situation merits it.

I've been at large multi-building, multi-location sites that have implemented this kind of thing using smartcards. The obvious gains of increased convenience, cost savings through having a common system and ease of management are all there, but a loss in operational security isn't. It's not that such systems are invulnerable (they're not by a long shot), but they are no more vulnerable than individual systems and it's *much* easier to be sure ex-employees are completely locked out.

reaching?

[sailforsingapore]

This is a ways away from a "single government ID". That makes it sound like we are all going to get barcodes on our necks, this is simply a way to streamline the process of verifying federal employees, just as corporations have for years...this is not a problem. It becomes an issue when the ID starts to become mandatory for the non-governmental public, where the potential for abuse is.

Online single sign on

[SilverspurG]

Does anyone really think that you should have a single sign on name and password for every online service, site, e-mail account? Would you want that single sign on to be linked with all of your bank accounts? Why is it bad to have everything linked together? What makes identity theft easier?

Forget trolling about tin-foil hats or paranoid people who have nothing to hide. Let's get back to the nuts and bolts of why, from the very beginnings of nature, squirrels put nuts in many different places.

Government-issued IDs are already here.

[Pendersempai]

Drivers' licenses are ubiquitous and necessary. They are marked with identifying data and a unique number. They have your picture. Authorities are allowed to ask for it, and in general citizens are expected to cough it up. They must be checked by private parties in certain circumstances (to prove your age, for example), and in other circumstance private parties insist on checking your drivers' license as a prerequisite to doing business with you (Blockbuster, e.g.)

Granted, each state keeps track of its own citizens' licenses, so I suppose that's one difference between the status quo and the ballyhooed National ID Card. But really, what else are we afraid of? Why don't we just bite the bullet and make citizens' identification cards necessary? The states can take care of issuing them and tracking the relevant data, and we can have laws about when authorities are not allowed to ask for identification, or when a citizen is not obligated to identify himself, just like we do with licenses. But not arbitrarily tying our ID cards to driving would be much more efficient. Why should it be harder for a blind man to identify himself at will simply because he cannot drive?

So to everyone terrified of national ID cards, wake up: that reality arrived long ago.