Slashdot Mirror

← Back to Stories (view on slashdot.org)

Single Government ID Moves Closer to Reality

Posted by samzenpus on from the papers-please dept.

NewbieV writes "The Washington Post is reporting that "federal officials are developing government-wide identification card standards for federal employees and contractors to prevent terrorists, criminals and other unauthorized people from getting into government buildings and computer systems." The project is known as the Personal Identity Verification Project, and is being managed by the National Institute of Standards and Technology (NIST)."

3 of 239 comments (clear)

  1. Oh? by mythosaz · · Score: 5, Insightful

    Wow, similar IDs for government employees? This might prove as dangerous to our freedom as, say, Military IDs.

  2. I'm against this.. take three guesses why? by Ckwop · · Score: 5, Insightful

    Oh dear jesus god no. If you're going to put all your eggs in one basket at least guard the basket well! The problem is that by unifying all the ID card systems they don't defend the basket as much as they should.

    This point can be illustrated well with Safes. If it costs fifty pounds to break into a safe and only put forty pounds worth of valuables in the safe my safe is secure. If I get ten of these safes, each with forty pounds in them then the total of four hundred pounds worth of valuables is secure. Now let's say I decide to replace my ten safes with a single safe! A safe that only takes three hundred and fifty pounds to break in to is no good; I need a safe that is secure in the face of a four hundred pound attack or more.

    The problem with centralising identifications systems is that the new scheme is rarely more secure than numerous schemes it replaces. Except, Except, this time this one ID acts as identification for many types of service and this makes everything less secure. Just for the sake of argument. Let's suppose I choose to attack the system in a certain way. Let say I want to obtain a real "fake"; that is, a card that is authentic but I've paid an employee that produces the cards to put bogus information on to the card. Rather than finding two friends in two different branches of government to supply me with a real card in a fake name I only have to find a single person. This type of weaking isn't just true for this limited type of attack - this weaking is there across the board.

    Having different IDs is a simple security mechanism. It's the same reason that Microsoft's Passport technology is dying. Yes it might be more convient to have a single "sign in" but it means that you've produced a single global failure point for the entire system. Such systems are brital so please, I ask these people: hire some security professionals to make these decisions. Silly politicians making "security" decisions is about as helpful as putting a football coach in control of skyscrapper construction.

    Simon.

  3. Or... by Anonymous Coward · · Score: 5, Insightful

    A single ID can be forged and used by terrorists for access to any government building! Brilliant!