Slashdot Mirror

← Back to Stories (view on slashdot.org)

White House Unveils Plans For "Trusted Identities In Cyberspace"

Posted by Soulskill on from the this-can-only-end-well dept.

Presto Vivace writes with news that the Obama administration's cyber-security coordinater, Howard Schmidt, yesterday unveiled a national plan for "trusted" online identities. Schmidt wrote, "The NSTIC, which is in response to one of the near term action items in the President’s Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc.) from a variety of service providers — both public and private — to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.)." You can read the full draft of the plan (PDF), and the White House is seeking public comments on it as well.

22 of 202 comments (clear)

  1. OpenID? by koreaman · · Score: 5, Insightful

    One ID you can use anywhere? Sounds a lot like what the OpenID project is already trying to do. It's a nice concept, but I don't like the idea of anything like this being run by the government. Government interference with the internet seems to be the fastest way to dystopia, these days.

    --
    Le français vous intéresse?
    1. Re:OpenID? by gclef · · Score: 4, Insightful

      It's actually a little better and a little worse than what you think. They're proposing setting up a "ecosystem" of identity providers, so commercial organizations will issue identity certs with the gov't just setting the standards they all live by to interoperate, etc. On that front, that isn't as bad as it could have been.

      On the other hand, there is an enormous amount of naivete in their "strategy" about how the identity providers will act. Their examples talk about having your cell phone provider be the organization that issues your identity cert for use in this system. What happens when you change providers? When I shift from Verizon to AT&T, can I move the AT&T cert to my Verizon phone? Also, am I forevermore tied to AT&T for my identity verification? What if that company goes bankrupt? What if you *want* to change identity providers? If you can change providers, what happens to the records that provider kept? What about the records that other information providers tied to the old cert? Do they keep the certificate (and therefore the ability to impersonate you online)? What happens if I lose my phone (and therefore lose my cert)?

      The effort isn't completely crack-addled, but it is hopelessly naive. I think it'll fail unless it gets a big dose of reality shortly.

    2. Re:OpenID? by Alsee · · Score: 5, Informative

      It's a lot worse than you think. I just finished reading the draft. This is an effort to impose Trusted Platform Modules - globally. For those not familiar with Trusted Platform Modules, it all boils down to one simple point. Computers and other electronic devices with each have a Master Key locked inside. A master key locking and controlling operation of the device. The owner is forbidden to know or control the key locking and controlling his devices. That leads to many technically complex results, but the simple point is that you are forbidden to know "your own" master security keys. They describe all sorts of supposed benefits of the system, but the inescapable end fact is that the system is designed to secure your computer against you. The simple simple point is that if you are forbidden to know your own keys then the system is locked against you. You are denied ownership and full control of your own computers.

      I made a few very hasty notes from the draft document. Many of these items should scare the shit out of everyone:

      Draft page 4, blue box: Identity card for to "anonymous" bloggers, i.e. no anonymous blogs. Identity card for e-mail.

      page 15 explicitly states this is based upon the Trusted Platform Module.

      Page 19 lists your ELECTRIC COMPANY adopting the system and requiring you to use it to access your account. (Although the DESCRIBED usage is plausibly optional web access)

      Page 22 requires new laws "establishing an enforcement mechanism" for this system. Says government services will be used to drive adoption by the public. Says government buying power will be used to drive adoption in the business sector.

      Page 23 explicitly names Intellectual Property Protection as a purpose of the system.

      Page 24 explicitly states that "the scope of this strategy extends beyond national boundaries". Says the US Federal government must establish programs to execute this strategy. Says the US Federal government is to focus its recourses on influencing national and international standards to carry out this strategy. "Coordinate Federal Government efforts associated with digital identities both domestically and internationally".

      Page 25 "cybersecurity is becoming a matter of diplomacy, activities under the strategy intend to address the increased importance of international policy efforts. The Federal Government, by leading and coordinating national efforts, as well as collaborating on international policy efforts, can drive a unified approach to trusted digital identities". "the creation of a global trusted infrastructure" Says the government should fund research and development of these systems and transfer it to the commercial sector.
      "Todays environment is driven by a global economy, with transactions occurring without regard to physical or political boundaries; the infrastructure developed under this strategy will, to the extent feasible, be interoperable among these environments, while also respecting the laws and policies of different nations."

      Page 26 "The Federal Government is committed to the actions herein and will move forward as a leader, first adopter, and enabler" "The White House will select an agency and hold it accountable for coordinating the processes and organizations that will implement the Strategy".

      Page 27 "All levels of Government will play a part in the adoption of the Identity Ecosystem for government services. As a major provider of services spanning individuals, private sector, and other governments, the Federal Government is positioned to enable high impact, high penetration Identity Ecosystem services."

      Page 29 says the Federal Government will engage in media campaign activities to persuade the public to accept the system. (I would call it propaganda, though I have no doubt others would disagree with the use of that word.) "Success of the Identity Ecosystem depends on participation from multi-national corporations and global providers in the use of federated identities and that interoperable and scalable to internet lev

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
    3. Re:OpenID? by Alsee · · Score: 4, Informative

      Yesterday's story Senate Panel Approves Cybersecurity Bill would give the president an emergency 'kill switch' over the Internet, but added some restrictions to the bill. The president may no longer simply assert that the threat remains indefinitely, he must now seek Congressional approval after 120 days.

      There is an important connection between these two stories. The "Trusted Identities in Cyberspace" system includes something called Trusted Network Connect. Technical PDF on Trusted Network Connect. Once the Trusted Identities in Cyberspace system is in place (lets call it ten years as a nice round number) Trusted Network Connect is designed to selectively ban noncompliant computers from getting internet access. In the event of an "cyber attack" or internet virus the U.S. government would have the power to shut down any or all internet connections for 120 days, and then asking Congress to extend it indefinitely. The Trusted Network Connect feature means that this shutdown can, and would, be limited to locking out computers that are not secured by the Trusted Identities system. Any computer that lacked a Trusted Platform Module would be unable to connect to the internet. The effect would be a global internet lockout against noncompliant computers. Anyone who declined to "voluntarily" opt-in to the Global Trusted Identities system would be denied internet access. Any nation that declined to comply would be locked out of the internet.

      If the Trusted Identities system goes forward is is only a question of how many years it will take before noncompliant computers can and will be denied access to the Global Trusted Internet.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
    4. Re:OpenID? by Alsee · · Score: 3, Insightful

      It's not nearly as scary as you make it out to be.

      I have studied the technical specifications of this. Yes, it is what I described and more. Either you don't know the Trust system very well or you and I have extremely different ideas about what is good vs what is scary.

      The Trusted Platform Module (TPM) has three primary functions. #1 is to hold the master keys locked away specifically secure against the owner himself. #2 is called Sealed Storage, this encrypts files on the computer and again specifically secured against the owner being able to read or modify his own files except under the strict control and permission of the TPM chip. #3 is called Remote Attestation, this means that the TPM chip keeps a spy log of the hardware and software on your computer specifically for the purpose of sending this log out to remote parties over the internet, and again this spy log is specifically designed to be secure against any control or modification by the owner.

      The TPM chip prohibits you from being able to read or modify YOUR OWN FILES (Sealed Storage) unless you are running precisely the approved and mandatory software and hardware dictated by other people via Remote Attestation. It turns your computer into an insane ultra-DRM system and worse.

      The way Trusted Network Connect works, or any Trust-based software over the internet, the first thing that happens is you get tested for having a TPM chip. If your computer doesn't have a TPM then the connection is denied. If do you have a Trust chip but you didn't "opt-in" and turn it on, again the connection is denied. The next step is the Remote Attestation check. If you are not running a specifically approved operating system you again fail the check and are again denied a connection. This also check that you are running a specifically approved BIOS and an approved bootloader and that all of your drivers are approved. If any of this software has not been specifically approved then you fail the Trust test and again your connection is rejected. If you have attempted to modify any of the system software, or if you are not up to date with all mandatory patches, again you fail the Trust test and again your connection is denied. It then checks exactly what applications you are running (and what you are forbidden to run). For example your ISP could mandate that you be running a specific approved virus scanner and firewall. If you're not, or if you have attempted to modify them, you fail the check and your connection is denied. Or if you are connecting to any sort of music or video site it can enforce that you're running specific uber-DRM software. If you connect to a general website it can check that you have an approved webbrowser and check that you're not doing any sort of ad blocking. And again if you fail the check the connection is denied. And your files get locked under Sealed Storage that enforce all of these same things even when you're offline. If cannot access the Sealed files unless you are not running an exact unmodified approved operating system with the exact unmodified drivers and exact unmodified software (and that you're NOT running any prohibited software).

      It is an ultimate remote ownership of your computer. You get locked out of the entire Trust system and get locked out of your own files and nothing works unless you are running an approved unmodified operating system with approved unmodified software. This chip denies you access or control of your own files if you attempt to modify any of the software or if you attempt to use other software of your own design or your own choice.

      The way they sell it to the public is as a "security system". Trusted Network Connect is advertised as preventing virus infected (or virus vulnerable) computers from getting onto a network and causing damage. If you aren't running an approved operating system, or if you are running custom software, then Trusted Network Connect cannot validate that your computer is uninfected. If you fail the Trust checks then your computer gets "quarantined", denied network access, until you "fix" your computer to match the specific known approved virus-free configuration.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
    5. Re:OpenID? by Alsee · · Score: 3, Informative

      Nonsense. The TPM includes a function to create public/private key pairs and store the private key on-chip with no ability to retrieve it, but this is done under the control of the owner.

      False. The highest level key is the PrivEK, the Private Endorsement key. According to the TPM technical specifications this key MUST be generated my the manufacturer. The manufacture then cryptographically signs the matching PubEK (Public Endorsement key) in order to authenticate the key and the chip.

      >Sealed Storage
      This, too, is nonsense.

      You are absolutely right that the chip has limited power. And yes, the chip does need to interact with the rest of the computer in order to implement Sealed Storage. However I was completely correct in my point that Sealed Storage is one of the primary design functions of the chip.

      >Remote Attestation
      Once again, this is a thing which a TPM chip simply cannot do on its own

      Again, of course the chip needs to interact with the rest of the system in order to preform Remote Attestation. And again, yes, this absolutely is an explicit core design function of the chip.

      >The TPM chip prohibits you from being able to read or modify YOUR OWN FILES (Sealed Storage) unless you are running precisely the approved and mandatory software and hardware dictated by other people via Remote Attestation. It turns your computer into an insane ultra-DRM system and worse.

      No. No, it doesn't.

      And in your logic speakers don't produce sound and hard drives don't store any files. Yes, you are "correct" in that if you don't use the speakers they don't make sound, and if you don't use a hard drive it doesn't store any files, and if you don't use a TPM it doesn't do any of the things I listed. However the primary design purpose of speakers is to produce sound, and in the most common expected operation they do produce sound. The primary design purpose of hard drives is to store files, and in the most common expected operation they do store files. The primary design purpose of TPMs is to do the things I listed, and in the most common expected operation they do the things I listed.

      And all of your theoreticals about how it's possible for a TPM not to do the things I listed, your argument is moo and just plain wrong. We are discussing the article White House Unveils Plans For "Trusted Identities In Cyberspace", and the system does operate as I explained.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  2. Yet another OpenID by iamapizza · · Score: 3, Insightful

    So isn't this just another one of those open/secure authentication mechanisms, which means that we're now going to have to remember an ever expanding and potentially insecure methods, instead of passwords, of identifying ourselves to various entities on teh internetz?

    --
    Always proofread carefully to see if you any words out.
    1. Re:Yet another OpenID by bendodge · · Score: 5, Insightful

      It's not even that. I'm shocked that here on Slashdot the first couple dozen posts actually take this seriously. IT'S A TRAP. This should be blatantly obvious. The entire point of this is to get rid of online anonymity, which government and legal trolls hate.

      Read this post a few screens up: http://yro.slashdot.org/comments.pl?sid=1699416&cid=32702330

      I know President Obama is popular here, but everything his administration has proposed for the Internet has sinister long-term ramifications.

      Eric Holder Advocated Internet "Restrictions"
      The Internet "Kill Switch"
      Obama's "Internet Czar"
      Obama's Version of "Net Neutrality"

      These plans do not exactly champion freedom and free speech. Rather, they seek to slowly erode the power of the online masses.

      --
      The government can't save you.
  3. Trusted? by rossdee · · Score: 3, Insightful

    Who do you Serve, and Who do you Trust

    -- Galen the Technomage, B5Crusade

  4. A solution looking for a problem by selven · · Score: 5, Insightful

    The problem of authenticating yourself many times to different websites is solved by OpenID. The problem of having a secure web identity is also solved - anyone can put a public key on their homepage and sign everything they write. The inclusion of credit cards and electronic health records suggests the true motive for this policy: trying to tie people's internet identities to real life identities. Thanks, but given that the opinions I post here have already earned me 3 'foes' I'd rather not have every potential employer take a look at my Slashdot account.

    1. Re:A solution looking for a problem by drinkypoo · · Score: 4, Informative

      The problem of authenticating yourself many times to different websites is solved by OpenID.

      No, it is not. If the OpenID host is compromised then the ID can be used without your permission. That's not "solved".

      The inclusion of credit cards and electronic health records suggests the true motive for this policy: trying to tie people's internet identities to real life identities. Thanks, but given that the opinions I post here have already earned me 3 'foes' I'd rather not have every potential employer take a look at my Slashdot account.

      There is really no good way to handle this problem because all cryptography is based on trust. Do you trust your government with the ability to forge your identity? Me neither.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:A solution looking for a problem by selven · · Score: 4, Insightful

      You are assuming that one of my identities is the "actual" me and that all the others are pseudonyms. I reject this view, and believe that 'selven' is an identity on equal footing with the one on my passport. People call me (insert my so-called 'real name' here) therefore I am that person. People call me 'selven' therefore I am also selven. There is nothing inherently more real about one name than the other. So if I set up a public key and start signing all of my posts, anyone who knows my public key can prove that any of my posts was in fact made by me (or with my permission). People who have an established relationship with and trust 'selven' do not need to know my other identity in order to deal with me.

  5. Got a link? by paiute · · Score: 5, Funny

    I need to download a German accented voice so when my computer says, "Your papers, please." it will sound authentic.

    --
    If Slashdot were chemistry it would look like this:Cadaverine
  6. Itsatrap by davegravy · · Score: 3, Insightful

    At fist such a system would be opt-in. Then it would gradually become mandatory in the name of fighting pedophilia (think of the children!) Then you can kiss online anonymity goodbye.

  7. GPGAuth + OpenID + Smartcards/E-tokens. by elucido · · Score: 3, Insightful

    http://www.gpgauth.com/ is a good technology. It's open and it's based around GPG. The main thing holding us back is the lack of hardware standards and lack of hardware in general. We should have the hardware in place otherwise a lot of the software will be useless.

    We need better smartcards, better e-tokens. The idea of putting identity on our cellphones is stupid. Put it on a card so it can be put in your wallet or hidden if necessary. By putting it in your cellphone it's a huge target for hackers.

  8. Quite a few problems by king+neckbeard · · Score: 4, Insightful

    1. I don't trust the government to be competent with this
    2. I don't trust the government to not abuse this power
    The government is perhaps the single most important entity to protect yourself from. If cashflows and internet security are under the government's thumb, then contaband and actions to protect yourself from the government are going to be much harder to come by. I don't want a government ID credit card, I want a closer equivalent to cash, so i can make online purchases with LESS of a paper trail.

    --
    This is my signature. There are many like it, but this one is mine.
  9. Envision it! by neoshroom · · Score: 4, Interesting

    From the Document Itself:

    "Envision It!

    An individual voluntarily requests a smart identity card from
    her home state. The individual chooses to use the card to
    authenticate herself for a variety of online services, including:
            Credit card purchases,
            Online banking,
            Accessing electronic health care records,
            Securely accessing her personal laptop computer,
            Anonymously posting blog entries, and
            Logging onto Internet email services using a
    pseudonym."

    I always want to use a self-identifying card when anonymously posting blog entries. Seems like this also could be easily abused by a government who conducts warrantless wiretaps and other illicit snooping.

    "Imagine a world where individuals can seamlessly access information and services online from a variety of sources - the government, the private sector, other individuals, and even across national borders - with reduced fear of identity theft or fraud, lower probability of losing access to critical services and data, and without the need to manage many accounts and passwords."

    Honestly, this doesn't seem like a good idea from a security standpoint either. Let's say I wanted to commit fraud or identity theft or any of the other things this card is supposed to prevent. Now, originally, I would have to compromise your 30 passwords. If I hacked your blog, I wouldn't be able to access your bank account because they have different passwords. Now, if a blackhat hacker hacks this universal access method they get universal access. Scary.

    --
    Big apple, new Yorik, undig it, something's unrotting in Edenmark.
    1. Re:Envision it! by tverbeek · · Score: 4, Insightful

      Yeah, it's like having a master key that unlocks your house, your car, your office, your filing cabinet, your pot and porn stash, your firesafe, your safe deposit box, your storage unit, etc... and keeping that key on a chain around your wrist, where you'll always be sure you have it. Until someone copies it while you're sleeping, and suddenly they have access to everything.

      --
      http://alternatives.rzero.com/
  10. Re:Doesn't the WH have anything better to do? by emt377 · · Score: 3, Insightful

    Then you use your retina along with your fingerprint.

    Sure identity theft is always going to be possible but it would be much harder if they had to get your retina than if they just had to memorize your digits and crack a password.

    They don't need your retina. They just need whatever big integer your retina digests to.

  11. Fighting the Anonymous Cowards by roman_mir · · Score: 5, Insightful

    Read this proposal for what it is: a different way to name an attempt of removing anonymity from the web.

    The NSTIC, which is in response to one of the near term action items in the President's Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. ...

    - I am sure this is going to be made a requirement for a site to operate at some point, add this to the 'Internet kill switch', add the Patriot Act to it, multiply by Home Land Security and don't forget to factor in the rendition, you are going to have an interesting situation.

    The President will be able to shut down portions of the Internet, he will be able to identify who was saying what and when, this entire thing reeks of totalitarianism - complete control by the government over the dissemination of information and total knowledge of who was saying what on which topic plus ability to take action - shut down the dissenting portions of the web and then 'taking the necessary care' of those, who dare to oppose the government in any way, be it direct opposition to specific policies or be it simply providing information to the people that government wants to keep quiet and providing a forum to discuss this information.

    --
    You can't handle the truth.
  12. Voluntary eh? by fluffy99 · · Score: 3, Insightful

    Except you'll probably be required by the states (who are held hostage by federal funding) to have one to get a drivers license or benefits. This is yet another back-door attempt to institute a national ID card, except this would also happen to let the govt decrypt all your transactions.

  13. NOBODY WANTS THIS... by Panaflex · · Score: 4, Interesting

    I should know, we spent 3 years building the most secure commercial internet authentication system, with a 5 site redundant cloud of authentication services. 3 of 5 sites were necessary to pass an authentication, so we could handle two complete site thefts, or two complete site disasters and still authenticate safely (auth material was split utilizing a secret sharing algorithm). Each of our data sites were military-grade EMI/Faraday cages, under separate corporate ownerships.

    In other words we spend millions on building the easiest & safest way to authenticate a user on the 'net, with most of that on auditing, code reviews, facility buildout etc...

    And nobody wanted it!! Not for any price... not even for 50 cents/user a year!! Banks said users would NEVER type in two passwords,... HA!

    --
    I said no... but I missed and it came out yes.