Feds Start Small on Smart IDs

jcatcw writes "Some government employees will be getting smart ID cards beginning this week. The unfunded mandate to have all employees and contractors use Personal Identity Verification (PIV) cards is part of Homeland Security Presidential Directive 12. The U.S. General Services Administration is providing enrollment centers that can verify the identities of employees, fingerprint and photograph the workers, and issue PIV cards to them. The deadline for getting cards to all employees and contractors is the end of September 2008."

So what?

[Footix]

As long as these IDs are only being used to keep unauthorized people out of government buildings, there's nothing wrong with that - everybody should have an employee ID card anyways. It's only when Fancy-Schmancy National ID Cards(TM) become mandatory that we need to start worrying.

Re:So what?

[rts008]

Step by step is how it happens- so subtle you don't even realise until it's too late.

It's starting to get late, heading towards too late soon.

Re:So what?

[uffbasse]

That's it. Even if there's no big plan beind it. Your post should have a score of 6

Re:So what?

[suv4x4]

As long as these IDs are only being used ... It's only when Fancy-Schmancy National ID Cards(TM) become mandatory that we need to start worrying.

Maybe you're not familiar with how to enroll a technology/change/law/regulation etc. that is wildly unpopular with the population.

And you do it, by enforcing it gradually. First to the most loyal circle of people, then wider and wider, gradually, quetly, setting a trend and preventing any mass outbreak against it.

As the amount of people with IDs grow, you now have some "passive support" from them when trying to enforce it on the rest. That is: they don't care if they have ID or not, and maybe they in fact would rather not, but if they would, then why the rest would have the privilege to be ID-free?

You don't have to look far to see how this works: see taxes. Noone likes to pay taxes, yet if someone (especially rich) is revealed to have hidden some of his taxes, the whole nation jumps against him, since they have to pay all those taxes, why not he?

Re:So what?

[MightyYar]

But what about this step is alarming? You can't just wave off ALL security measures because they might someday lead to a police state.

Re:So what?

[JimBobJoe]

everybody should have an employee ID card anyways

They should? Why? What exactly is achieved?

The only circumstance I think it's justifiable is hospitals and other situations in which there's a lot of employees mingling with non-employees. Even then, I think I might be justifying that psychologically because I can't find any other logical basis for the card.

I've cautioned against employee ID cards with the name/logo on the card. I believe this presents a major liability problem if the employee (or someone else who looks kinna like the employee) decides to use the card for a nefarious purpose. If you must have an ID card, it's best that the card not indicate the issuer. The human mind processes the photograph to face comparison so quickly that other things can be missed.

Some security types and myself were discussing the odd fetish for employee ID cards. One suggested that if a building insists on having one, it would be better to have the document not contain a photograph, but instead stick with the description information (height, weight, eye color--like a non-photo driver's license.) The reason for this is that security guards would be more likely to give a better look at the person holding the card and might be more likely to pick up something that's amiss.

Re:So what?

[noidentity]

You can if you're a fanatic. Fanaticism on either side of the issue is a danger.

Re:So what?

A police state is when someone can ask the Department of Homeland Security to arrest Democrats. Don't waste time worrying about employee IDs.

Re:So what?

ID cards DO NOT verify identity, and can be forged/duplicated.
Its amazing at how easily wearing a photocopied photoshopped /laminated ID card, can get you inside all sorts of places, just tailgate, and flash your bogus card (People problem remains). There are other tricks to get into G buildings - sandwich platters, flowers, forgetful cleaner, or the side door propped open for sneaky smokers.
In reality nobody wants to go into G buildings, not when there are shopping malls and doughnut shops close by. Passes will not stop a plane or a truck. Just some wanky idea to waste money, and give lazy public workers? a day off when they say 'oops forgot my pass'. Only thing smart about them is the $140 it costs to replace a $2 card.

Re:So what?

[KDR_11k]

Wouldn't the guards start just ignoring that data and let anyone in that has a piece of paper looking roughly like a valid ID?

Re:So what?

Yeah, the water's only like 120 degrees now, they only raised it by 10 degrees in a year, it's not like we're boiling yet!

Re:So what?

[MightyYar]

Nice analogy - basically you've just restated what you said before. How are you answering my question about why I should be alarmed? You are just raising an alarm for no reason - that makes you just as bad as the "other side"... using fear to get what one wants.

Re:So what?

[MightyYar]

So you think that our elected representatives should be able to shirk their duties without repercussion? They did the equivalent of taking their ball and going home because they didn't like how the game was going. They could have abstained from voting if they wanted. Shutting down the government is not acting on the will of the people, and the Senate rule allowing for arrest of quorum-busters was pre-existing - not some recent invention of the Texas Republicans.

In any event, they were not arresting "Democrats" as if they were Jews in Nazi Germany or political dissidents in the Soviet Union. You are still safe to espouse whatever beliefs you have about anybody with only social consequences.

Re:So what?

[dwandy]

When it comes to security (of all kinds) the question isn't "what's the harm if we do this?" but "what's the reward for doing this?"

So what exactly is the purpose of finger printing gvt employees? are they criminals now? they've already (presumably) done a background check and it was obviously ok (else they would not be there, right?)

First off every action has some potential risk, and every action that erodes rights and freedoms does increase the risk (by increasing the acceptance) of a police state.
Secondly, every action costs money, which increasing taxes.
Thirdly, every system (including fingerprinting) has some chance of error or false positives or other manner of being abused intentionally.

So, I'm back to: what does security fingerprinting provide, that isn't already being provided? If it's providing a redundant service then either it shouldn't be introduced, or the other service should be eliminated...

Re:So what?

HSPD12 is an executive directive affecting federal agencies. Such a requirement for the general populace could not simply be done by the President signing an executive order, it would take an act of Congress. So I don't see the slippery slope here.

Re:So what?

[MightyYar]

First, I want to compliment you on your well-crafted reply. I think that your points are valid - though it may be necessary to have SOME kind of biometric entry system. I think that recording an iris-print, for instance, is probably less of an invasion of privacy for the employees, and less prone to abuse since they are pretty useless for anything except security. They also do not carry the "criminal" stigma of fingerprints, and couldn't be spoofed as easily.

I think that biometric entry is SUPPOSED to improve the odds that the person that is holding the ID is actually who they say they are. In truth, this probably has little benefit to security. You can talk your way into almost any building, or simply enter the same door immediately after a real employee. That said, I don't think that this is much of an invasion of privacy, since AFAIK federal employees are already fingerprinted as part of their background check.

Re:So what?

[dwandy]

since AFAIK federal employees are already fingerprinted as part of their background check

aaah ... not here in Canada ... this explains why everyone is talking about the ID card, and not the fingerprinting...

Thanks!

Re:So what?

[sowth]

Shutting down the government is not acting on the will of the people

How can you be so sure about that? It will not always be true. Maybe this bill wasn't serious enough--though "redistricting" can be a tool for those in power to manipulate the voting system. What if congress or the president was about to sign a law/order requiring all non-politicans be made into slave labor?

Re:So what?

[MightyYar]

What if congress or the president was about to sign a law/order requiring all non-politicans be made into slave labor?

Then they'd have a lot more moral high ground to stand on. As it was, all they were doing was protecting a few of their congressional seats. That's no more or less noble than the Republicans trying to take the seats. Personally, I'm anti-gerrymandering so I appreciate what the Democrats were trying to do. However, I also recognize that the Republicans were doing was completely illegitimate. Remember, the Democrats controlled Texas until the 1990's, and they were just as bad or worse than the Republicans. From Wikipedia:

Despite increasing Republican strength in national elections, after the 1990 census, Texas Democrats still controlled both houses of the State Legislature and most statewide offices. As a result, they were able to direct the redistricting process. They drew what some Republicans have charged was the most effective partisan gerrymander in the country. Although Congressional Texas Democrats only received an average of 40 percent of the votes received by Congressional Texas Republicans, Democrats consistently had a majority in the state delegation.

In 1994, popular Democratic Governor Ann Richards lost her bid for re-election against Republican George W. Bush. In 1998, Bush won re-election in a landslide victory, with Republicans sweeping to victory in all the statewide races.

After the 2000 census, Republicans sought to re-draw the district lines to support a GOP majority in the congressional delegation, while Democrats desired to retain a plan similar to the existing lines. The two parties reached an impasse in the Texas Legislature, where Republicans controlled the Senate and Democrats controlled the House. With the Legislature unable to reach a compromise, the matter was settled by a panel of federal court judges, who ruled in favor of a district map that largely retained the status quo.

However, the Republicans dominated the Legislative Redistricting Board, which draws the lines for the state legislative districts, by a majority of four to one. The Republicans on this board used their voting strength to adopt a map for the state Senate that was even more favorable to the Republicans and a map for the state House of Representatives that would help to overturn the Democratic majority in that house.

In 2002, Texas Republicans gained control of the Texas House of Representatives for the first time since Reconstruction; investigations into possible illegal campaign fundraising by the Republicans are ongoing and lead to the 2005 indictment of Rep. Tom DeLay. The newly elected Republican legislature engaged in an unprecedented mid-decade redistricting plan. Democrats said that the redistricting was blatantly partisan, while Republicans argued that it was a much-needed correction of the partisan lines drawn after the 1990 census. The result was a gain of six seats by the Republicans, finally overturning the Democratic majority in Texas's delegation to the U.S. House of Representatives in the 2004 election. In December 2005, the US Supreme Court agreed to hear an appeal that challenged the legality of this redistricting plan.

So where were these noble Democrats when they were getting a majority with only 40% of the popular votes? :)

RF

[TheSHAD0W]

I have no problem with smart IDs themselves; but if they're RFIDs there's going to be trouble. Hopefully a few exploits will be tried while the system is being rolled out so our wonderful government regulators will realize there's a problem.

What's the alternative to RFIDs? Well, the alternative to contactless is non-contactless. You may remember the original American Express Blue cards with the little copper pads on one side. Similar "smartcard" technology has been used by other card makers, especially in Europe.

So what's the difference? The difference is that RFIDs can be accessed without one's notice, and it's difficult to determine whether or not you're safe. The RFIDs in US passports, meant to be accessed at a distance of no more than a few inches, has been read at distances of a few feet and detected from dozens of feet away. Do you want to advertise you're carrying around your valuable passport? I don't.

Re:RF

[CosmeticLobotamy]

Hopefully a few exploits will be tried while the system is being rolled out so our wonderful government regulators will realize there's a problem.

When has proof that a system doesn't work and is dangerous ever convinced a large group of politicians not to scale it up?

Re:RF

[LiquidCoooled]

I agree with this and hoped that these would be smart cards as we currently use in the uk for bank cards (contact based connection to an embedded chip), but alas, they are using a multifunction card with RFID built in.

They are leaving it open for additional uses later.

The DHS is using ID One Cosmo smart cards made by Nanterre, France-based Oberthur Card Systems SA. Like all PIV cards, Oberthur's feature both a contact interface, such as a magnetic stripe, and a contactless radio frequency interface to make it easier to integrate the cards with both building access and IT security systems. At the DHS, though, the cards initially will be used only for physical access, Orluskie said.

Re:RF

[stunt_penguin]

http://www.diebold.com/.......... actually, on second thoughts, that's not such a good example.

Re:RF

RTFA, they have nothing to do with RFID, they are simply PKI combined access cards used for identification, and workstation login/encryption/digital signature. RFID access is only used on a per installation basis, and is a always a seperate FOB.

Re:RF

[TheSHAD0W]

Even if it's not being used by that person, if the RFID portion hasn't been hard-disabled, it's potentially detectable. Even if the chip has been set not to respond, reflections from the antenna can be detected.

Re:RF

[EtherealStrife]

Um...HELLO? A relative of mine works at the local city hall (which adjoins the police department) and she's had an rfid card for the entire time she's worked there (over 15 years). The RFID battle is over for state/govt employees, it happened a LONG time ago.

In California a huge chunk of the population (myself included) has FasTrak. It allows automated toll processing for FasTrak lanes on freeways (carpool for the socially challenged) and for access to dedicated toll roads.

As much as I hate Bush, this is technology that has been in *use* for longer than he's been in office. Worry when they're mandatory for Average Joe, but until then this is old news.

Re:RF

[suv4x4]

So I visited their site. Right on top I see their logo and slogan:

"Diebold: We won't rest (tm)"

That's quite a slogan to pick for people in their situation...

Re:RF

[fintler]

I work for the Dept of Veteran Affairs. The only change that happened (about 2 weeks ago) was the replacement of my picture id card and a hid card (rfid) with a single picture id card and rfid card combo. The only news here is that the government is making it harder for federal employees to loose their card. Now we only have one card instead of two. In addition to having an rfid card, we also have a 6-8+ digit number that we need to type into a keypad to get into more secure areas (data center, pbx room, etc). On top of all of that, you pass by about 5 or 6 cameras (that are positioned to be nearly impossible to avoid) to get anywhere near the areas in question. Finally, you'd have to have some sort of inside knowlege of the layout of the building, as all of the secured areas look less important than a dirty janitor's closet from the outside. It's not some conspiracy, it's just the government protecting people's info. I doubt any Veteran would appreciate someone stealing their personal info (as was proved recently with the laptop thing).

Re:RF

[duerra]

Does FasTrak allow you to use the system anonymously? In other words, can you credit your account without having to associate your transponder or whatever with your identity?

Re:RF

[EtherealStrife]

You have to have a cc on file.

can you feel the sarcasm?

[macadamia_harold]

The U.S. General Services Administration is providing enrollment centers that can verify the identities of employees, fingerprint and photograph the workers, and issue PIV cards to them.

And as they have proven without a doubt, once they roll this out to the general population, it will be completely impossible for anyone with bad intentions to obtain fraudulent ID, and terrorism will be defeated.

Re:can you feel the sarcasm?

[flyingfsck]

Yup, obviously there will be registration centres for illegal immigrants along the Mexican border as well. I'm sure the whole national ID system will work just as well as the Canadian long gun registry.

Re:can you feel the sarcasm?

[MightyYar]

Just because you can't defeat "terrorism" doesn't mean that you shouldn't take common-sense security precautions. If these cards can be used to demonstrably increase security, then why not use them? No one expects these cards to stop Timothy McVeigh from rolling up in his Ryder truck and blowing up the whole building, but that doesn't mean you want God-knows-who wandering around the building with some ID he made in his garage or found on the street.

Server being slashdotted?

[Jarjarthejedi]

Either that site is running a pathetic site, way too much code, or it's being slashdotted because it's running really slow...

No info on how the cards are "smart" I see...would've been nice to have something like that thrown in there, but it is an intreging article. Personally I think it's a great idea how they're starting the implementation, giving the cards to government employees pretty well eliminates the majority of the complaints as they'll get tested on people who work for the people doing the testing. Much better than making everyone get Smart ID's and it also removes the tricky issue of identifying people in order to give them their ID because the majority of these people will have already had at least a minor background search.

It would be nice to have more information, but I'm sure that'll follow soon enough. Nice plan and implementation by the government though.

Re:Server being slashdotted?

[TheStonepedo]

No worries. /. itself seems /.'d now. I for one welcome our 503 new overlords.

Tin Foil Hat Brigade

[x_MeRLiN_x]

"from the small-start-leads-to-big-ending dept." How unusual is it for an employer to have some sort of an identity card scheme and why is it that this will no doubt inspire all sorts of comments about government privacy violations?

Homeland Security Presidential Directive 12?

[daeg]

Homeland Security Presidential Directive 12

Did they run out of ironic program and directive names? I mean, come on. Homeland Security Presidential Directive 12? What about Security Initiative for the Protection and Valid Identification of Selected Individuals for the Protection of Families and Children of America? No one could say no to that!

Re:Homeland Security Presidential Directive 12?

[CosmeticLobotamy]

Just laying the groundwork, making sure things all blur together so it's hard to oppose them. Presidential Directive 12: ID cards. Presidential Directive 13: Hugging Puppies Initiative. ... Presidential Directive 41: "I am Emperor of Earth." Presidential Directive 42: Increase fines for littering by 3%.

On a related note, George W. has ridden the mighty moon worm.

And note to self: "The Mighty Moon Worm" is a great name for both an amusement park ride and a marital aid.

Re:Homeland Security Presidential Directive 12?

[m0rph3us0]

Directive 12, we've got a long way to go 'til we get to Directive 10-289, but I have a feeling it's not far off.

Re:Homeland Security Presidential Directive 12?

[sideswipe76]

PD12 is about getting all federal agencies down to 1 process of identification -- a unified system -- so that you don't have 7 cards for 4 agencies, with 3 pictures and 5 different finger prints taken by different agencies. I am strongly anti-bush, but you are just way barking up the wrong tree. I actually work on the project for NIST.

Re:Homeland Security Presidential Directive 12?

[CosmeticLobotamy]

I'm actually as mildly anti-Bush as any anti-Bush person could possibly be. I was just jokin' 'round.

I've had mine for a year

[superid]

I'm DoD and got my mandated Common Access Card over a year ago. We PKI enabled almost everything. Besides a few inevitable rollout inconveniences (ran out of blanks once, way more people forgot their PINs than they expected, end user training and confusion) it was actually a VERY smooth transition. I'm glad they did it, I honestly think we are more secure because of it (server side, not client side)

Re:I've had mine for a year

[MysticOne]

I was going to say the same thing. I'm a contractor and just started working with the DoD in April, and I have a Common Access Card as well. I don't know if other bases are using them in the same manner, but we even use them for base access now (unless you're somebody who, for some reason, doesn't get one).

Re:I've had mine for a year

[Zackbass]

I worked at a base this summer and had to get one for physical and computer access and was pretty impressed with how they were handled. They were taken very seriously from a security standpoint and had few technical problems.

Re:I've had mine for a year

[wvitXpert]

The only problem is that when you enter the wrong PIN 3 times your card locks. With the normal login they can call to have it unlocked, or just wait to have it unlock itself. With these card they have to go to a PIN reset station. For some sites this means traveling 2-3 hours.

Re:I've had mine for a year

I got mine over a year ago, and although CAC support on Windows was implemented ages ago, CAC support on Linux is horrendous. I finally got some test packages out of Red Hat. They are alpha packages, and while they do work, the LDAP support still isn't implemented at all. I haven't even heard anything out of Sun for Solaris support, but I'm not hopeful.

This lack of support makes using Linux desktops very painful as most DoD sites are starting to require CAC login. We were promised CAC support from Red Hat about 2 1/2 years ago, and they are just now cranking out test packages. I love Linux, but sometimes I despise it.

Posting anon for obvious reasons.

Unfunded Mandate?

[R2.0]

So a Federal agency is paying for these with Federal dollars - what's unfunded about this?

You may be thinking about the REAL-ID program, which is indeed an unfunded mandate. But this isn't it.

Thanks for the flamebait anyway.

Re:Unfunded Mandate?

[_Sprocket_]

Pots of money. Sure - its Federal dollars. But because of the oddities of Federal spending and budgets, one Fed dollar isn't the same as another Fed dollar. It's one thing to say "you will implement this program at whatever cost" and an entirely different matter to say "you will implement this program with this extra pot of money we're allocating to your organization."

The right solution for the wrong problem

[thesandbender]

I've worked as a contractor for the Federal Government and the City of New York (which considers themselves a Federal Government). Most of the agencies I worked at had security that was an absolute joke. I'll give the guys at the DoE/Forrestal Building some credit as well as the Department of Juvenile Justice in NYC , they actually asked questions and took their jobs seriously. (The DoJJ guys in New York are the only ones who have flat-out denied me entry... no matter how much smooth talking I did. For whatever reason, the guards I came across took protecting the identities and lives of the children in overseen by the agency very, very seriously and I have the utmost respect for them because of it.) Most of the other security guards were too concerned about talking about the caboose of the last woman to walk through the metal detector.

The point is, no amount of technological or physical security is going to do any good if the people entrusted with its implementation are not trained to do their job properly or take it seriously. The only "serious" contracts I worked were at DoE but at the rest of the agencies I had access to enough information to financially ruin a good number of the people in the United States. Thankfully I worked with people who took that responsibility as seriously as I did but I can't help but feel that was through luck of the draw and not the success of the system.

Smartcards/RFID make sense if they going to be used and implemented properly (e.g. you picture is on the card and encrypted with a public key system so that the agency can verify that it's authentic and not a clever forgery... and the people at the desk care enough to actually check)... otherwise it's just another way for contractors/etc to make money and a waste of everyone else's time. /looking for the black helicopters

Re:The right solution for the wrong problem

[thesandbender]

Wow... vodka does horrible, horrible things to the grammatical functions of the brain. People under the age of 21 take note... 60% of the time, vodka screws you up all of the time. I felt I had to comment though. Please excuse me.

Smash

[chiph]

Mr PIV, meet Mr Hammer.

Certainty

The government is saying that they can do things that are impossible. Have we forgotten the philosophical works of the past few hundred years? Certainty! There is no certainty in any of this.

UNfunded = Un Done

[gelfling]

IT's meaningless nonsense.

Yup

[everphilski]

The same. We have a competent IT staff, haven't had any major snafus really. Mostly problems between the keyboard and the chair :)

Slick system, login via CAC card (common access card) with a PIN. Emails can be encrypted with a digital signature. When online training is completed it is automatically added to your record and signed with your key. Very slick system.

Re:Yup

[sideswipe76]

Actually, you encrypt with THEIR public key and not your signature. Your signature is a Private Key operation. The PIV Card is a huge improvement over the CAC cards.

I thought that

[joeflies]

PIV and CAC aren't the same thing? Isn't the PIV FIPS 201 standard used to define a card that can be used across federal government and contractors? The Common Access Card, if I'm not mistaken, is only used by the department of defense.

Re:I thought that

[Cherita+Chen]

My understanding is that the PIV clause in the HSPD was inspired by the DOD CAC card, and most federal organizations are aiming at the same functionality.

Re:I thought that

[hawaiian717]

No, they're not the same. CAC is a smart card, but no RFID.

The Actual Program Information (imagine that)

[dnadig]

In case anyone cares to actually LEARN what it is rather than just ramble on about how horrible the world is:

http://csrc.nist.gov/piv-program/index.html

It's a very sensible document (and HSPD12 is just the mandate, FIPS201 is the implementation). All it does (ALL) is say "agencies need to have a process in place to make sure Joe is Joe, and they need to give him a card that says he's Joe, and it needs to look like this."

It doesn't actually go further than that. It outlines an interoperable infrastructure based on dirt simple, well understood, highly tested smart card stock, lays out minimum requirements for readers, and puts a system certification process in place. The "tech" part of this is really quite simple and boring for anyone who's spent more than 10 minutes thinking about PKI or smartcards.

The much much more important part of this is the credentialling part (PIV-1) which has been in place for a year. This establishes clear lines of responsibility and clear processes for actually establishing that Joe is Joe, and at least an attempt to make sure that, say, the Defense Manpower Data Center is using the same process as the Janitor's closet in the Department of Education. This is a GOOD THING people. It's about breaking down silos and creating (gasp) an open standard for strong(er) authentication.

That's right folks, an open interoperability standard sponsored by the US of A. Wanna make sure your corporate ID is just a wee bit futureproof? Read the FIPS201 docs and mimic the data model and tech requirements.

OK, back to the sarcasm laced punditry. Thank's for playing.

Re:The Actual Program Information (imagine that)

Thanks for playing.

Oh, such a dick-pumper are you. How superior. You're actually up to three years ago on the smartmouth repartee. By 2008, you'll probably saying stuff like OMG!?!?!

This is a test program for National IDs

You deploy them first to government employees, desensitize the public to them, then roll them out to the entire nation. Note they said "and contractors". Contractors are civilians.

We already have a National ID system, through various coordinated data through Drivers Licences, tax filings, SSN cards, Credit Cards, Voter Registration, and the like. Mainly Drivers Licences. Have you tried to get one renewed in the last 4 years? They require your fingerprint, even though you are not a criminal. Once they get your fingerprint, or DNA, or both, they pwn you.

The NAZIs implimented their campaign of extermination of the Jews in the same method. First you go after a subset, not rocking the boat, and then you after another, and expand your campaign and momentum as you meet little or no resistance along the way. Once most of the population has become desensitized to the idea, and it becomes commonplace to arrest Jews and ship them off, nobody cares anymore. Its the same with Drivers Licnences. They did it gradually... and nobody is pissed about being fingerprinted like a criminal now and having all your vital information stored with your fingerprint and picture in an FBI database.

The Real Diebold

[Kadin2048]

Some enterprising person came up with a series of far better ones:

http://homepage.mac.com/rcareaga/diebold/adworks.h tm

Re:The Real Diebold

[alphax45]

That is some of the funniest stuff I have seen all day

Question, then comment

[Descalzo]

Sooooooo, are you saying I should get rid of my ID badge I wear at work?

No, seriously I understand you are frightened of the government getting too big for its britches, I just wonder if you really think that ID badges at work are a bad idea, or just for the government.

I hope you are three times as frightened at the idea of the government taking over health care (I mean even more than it already is).

Re:Question, then comment

[Maclir]

I hope you are three times as frightened at the idea of the government taking over health care (I mean even more than it already is).

Yes - that is something to be very afraid of - just think, all of those in the health care "business" might no longer make their robber baron profits. And the country's health care quality and affordability for everyone (not just the fortunate few that can afford if) may improve towards that which people in most other developed countries enjoy.

Re:Question, then comment

[Descalzo]

Are you intentionally ignoring my point (and the direction the discussion was taking), or is this simply a knee-jerk reaction to any skepticism about whether or not socialized health care is a good idea?

Re:Question, then comment

[everphilski]

And the country's health care quality and affordability for everyone (not just the fortunate few that can afford if) may improve towards that which people in most other developed countries enjoy.

very few government regulated things (there are exceptions but they are exceedingly rare) are more efficient and cost-effective than things run by the private sector. This includes health care. You get what you pay for, and guess how much taxes will go up to subsidize this new health care?

No thanks, I'm very happy with my very low (relative to other costs of living) copay for insurance and the ability to see a doctor on a whim. I have canadian friends and they tell me about waiting in line to see a doctor. No thank you.

Re:Question, then comment

[Jeff+DeMaagd]

I suggest that you actually ask what tax rate individuals in most other developed countries enjoy. When ever they complain about their sales tax/VAT/customs fees, I point out the services they have in return, though I don't think is much with respect to the taxes they pay.

If you don't mind not having half of your paycheck taken in various taxes AND you don't mind paying 17% in VAT on the things you buy, then you would be at home in the EU.

Re:Question, then comment

[KDR_11k]

Depends on what you want the health care to be efficient at, do you want it to be efficient at making a profit for itself or effective at providing medical coverage?

Re:Question, then comment

[billcopc]

Yes how sad it would be for all these healthcare raping gluttons to become bracketed and their skills evaluated. Don't you just dread the notion of having unionized, managed, disciplined healthcare workers that actually charge you less money for better services ?

I will tell you one thing: Canadian-style healthcare is great for health, yes, because it lets anyone from the bottom to the top of the social ladder receive equal service and live equally long lives.

That is also the worst thing about it. Simple: what's the worst thing about community college ? Any freaking idiot in the community can go. Canadian hospitals are particularly affected by overpopulation because well, all the lazy ass welfare bottom-feeders hang out there to get their work exemption forms or to claim invalidity.. I don't know how the hell someone can get a crippling back injury when all they ever do is watch TV and smoke indian cigarettes 8 days a week, but hey what the hell do I know, I'm just a genius with a paper degree :P

I don't have a good solution for it, you can't just deny service to the unemployed (well, I would, but I'm not exactly the most ethical guy). I don't think the true solution lies halfway like that, it's going to be a tangential divergence. Something that's not as easily forged or corrupted. It's a case where if you trim off the bottom 5%, the other 95% of patients will greatly benefit

Re:Question, then comment

[toddhisattva]

+4 Interesting?

How about "-10 Way Off-Topic"

And full of shit, too.

Salty dicks

Could be used in a biometric environment, instead of various national ID schemes...

Re:It's a smart card people..

[mpapet]

PIV is a NIST standard. Not set in stone, but they are pretty far along.

Contactless was out because they wanted to use proper PKI. Cryptographic functions over contactless card is too slow.

The Government Printing Office was supposed to subcontract the entire print/perso process to be run in one of their facilities.

I wonder who's software they are using? Anyone have any info?

Bearing Point "handles" the CAC card. I would be very interested to see how much of the whole project was awarded their contracts without any bid process whatsoever. Mind you, Bearing Point doesn't -do- anything. The actual work is subcontracted out.

Keep Moving

[WillRobinson]

Your being assimilated into the Borg, you don't have to worry about me, the next guy has the cattle prod.

DoD has used them for several years...

[Frosty+Piss]

The Department of Defense has been issueing these "smart cards" for several years now. The various branches of the military have used them exclusivly for a few years.

Re:This is a test program for National IDs (RE:ac)

[everphilski]

Have you tried to get one renewed in the last 4 years?

Yup. 2 years ago. No fingerprinting.

Other means of tracking

[Guitarhero1000]

I hate to say it but anyone who carries a cell phone is trackable. In fact, were using the internet right now. Trackable. It's all possible, and no one is safe from wrong-doings. But we can't phase out technology just because it's "Trackable". History tells us that in fact that this WILL be used for wrongdoings by government. It's a matter of WHEN it gets out of hand. And it will. Stay alert and cautious.

your post falters in the second sentence.

[macadamia_harold]

If these cards can be used to demonstrably increase security, then why not use them?

Which is the breakdown of logic on this entire issue: Nobody has demontrated that ID increases security. The 9/11 hijackers, after all, did have proper identification, and were allowed on the planes.

Re:your post falters in the second sentence.

[MightyYar]

Two VERY different circumstances. An airplane is public - of course ID provides little security. In the case of an access-controlled building, it's only common sense that better ID would increase security.

Re:your post falters in the second sentence.

[TommydCat]

The only reason the airlines (NOT the TSA!) require ID is to keep their profit margins on business passengers. They require the ticket to be issued for a particular person and validate that that person is flying to prevent bulk resale of lower priced economy tickets by travel agencies - which used to be the business model before the airlines started doing this (something in the late 70s? I remember there being a time this was not required).

Neither the TSA or the airlines care about security so much as cost effectiveness, price gouging and maintaining the status quo with the appearance of saving our lives on a continual basis.

Re:This is a test program for National IDs (RE:ac)

[kongit]

yup a little over a year ago, and I didn't even have to go anywhere they mailed it to me. I found this disturbing but convenient.

Access control

A big use is access control. There are many areas of federal facilities that you only want authorized personnel. They are ultimately intended to be usable for logical (computer) access as well.

Rampant misunderstanding

[sideswipe76]

Let me start by saying: I am working on the NIST PKCS11 implementation (it will be public domain). THE PD12 is meant to unify identification and processing of government employees. So that you don't end up with several badges with different pictures and fingers prints, from numerous agencies. It's a simplification process and one that's long overdue. I am no bush fan, but people are barking up the wrong tree here. As far as national id cards go, it's just a matter of time. I see resonance here that might label me a troll but I will say it just the same: The slashdot crowd loves to howl about how the RIAA/MPAA is clinging to old and dying bussiness models when they should embrace new ones and stop fighting the inevitable. I completely agree. I also see that the slashdot crowd has a tendency to cling to the more anonymous days before national id's and smart cards. Come to grips with the fact that it will become harder and harder to fake your identity (as it should be) and learn to embrace it. Did anyone ever think that smart cards could come damn close to wiping out identity theft (if used correctly)? Why should I have to get a different drivers license for a new state? Did I forget how to drive? Am I a different person now that I moved? A national id can put an end to the hodge-podge nature of governing in this enormous country. Now, I have always said that "Everyone has something to hide" and I still hold to that for those who say they don't. Don't forget though: Your smart card can encrypt everything you do online and depending on the encryption used, can't be cracked in our lifetime. It is for this very reason that the NSA and FBI desperately attempted (and still do) to prevent the export of RSA encryption abroad -- classifying it as a munition on the same scale as a nuclear weapon. Slashdot is definately a democratic leaning site: It was Bill Clinton who wanted a "clipper chip" back door (read the book Crypto). And, if you want a secret identity, your smart card can support multiple identities. You can have an alternative that only you and your friends in a web-of-trust know about and accept. In real-life I am XXX but on slashdot I am sideswipe76. Freedom of speech has never meant freedom from all consequences of that speech. Look at Martin Luther King -- the man excercised his freedom of speech and brought revolution to the US against the wishes of many of those high-up in government. He also paid with his life not to the government but to James Earl Ray.

This was tried...

[milette]

In a society where there is no freedom -- there is no crime.

Actually, it works pretty well -- the Nazi's did it, the Communists did (and do) it. When everyone is scared shitless to do anything wrong because no matter what you do, or where you do it, big brother is watching -- it works great!

Right now, the USA is going through the first phase -- FUD. The president is trying to scare everyone so much with terrorists lurking behind every tree that you'll GLADLY give up what little freedom you have left just to be 'safe' from the foreign menace.

Nothing new -- the Communists had the same agenda with people fed the same threat stories about the Americans back during the cold war. Guess Mr. Bush figures if it worked for them, it'll work for him. He's not smart enough to come up with his own plan I suppose.