Slashdot Mirror

← Back to Stories (view on slashdot.org)

White House Unveils Plans For "Trusted Identities In Cyberspace"

Posted by Soulskill on from the this-can-only-end-well dept.

Presto Vivace writes with news that the Obama administration's cyber-security coordinater, Howard Schmidt, yesterday unveiled a national plan for "trusted" online identities. Schmidt wrote, "The NSTIC, which is in response to one of the near term action items in the President’s Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc.) from a variety of service providers — both public and private — to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.)." You can read the full draft of the plan (PDF), and the White House is seeking public comments on it as well.

6 of 202 comments (clear)

  1. OpenID? by koreaman · · Score: 5, Insightful

    One ID you can use anywhere? Sounds a lot like what the OpenID project is already trying to do. It's a nice concept, but I don't like the idea of anything like this being run by the government. Government interference with the internet seems to be the fastest way to dystopia, these days.

    --
    Le français vous intéresse?
    1. Re:OpenID? by Alsee · · Score: 5, Informative

      It's a lot worse than you think. I just finished reading the draft. This is an effort to impose Trusted Platform Modules - globally. For those not familiar with Trusted Platform Modules, it all boils down to one simple point. Computers and other electronic devices with each have a Master Key locked inside. A master key locking and controlling operation of the device. The owner is forbidden to know or control the key locking and controlling his devices. That leads to many technically complex results, but the simple point is that you are forbidden to know "your own" master security keys. They describe all sorts of supposed benefits of the system, but the inescapable end fact is that the system is designed to secure your computer against you. The simple simple point is that if you are forbidden to know your own keys then the system is locked against you. You are denied ownership and full control of your own computers.

      I made a few very hasty notes from the draft document. Many of these items should scare the shit out of everyone:

      Draft page 4, blue box: Identity card for to "anonymous" bloggers, i.e. no anonymous blogs. Identity card for e-mail.

      page 15 explicitly states this is based upon the Trusted Platform Module.

      Page 19 lists your ELECTRIC COMPANY adopting the system and requiring you to use it to access your account. (Although the DESCRIBED usage is plausibly optional web access)

      Page 22 requires new laws "establishing an enforcement mechanism" for this system. Says government services will be used to drive adoption by the public. Says government buying power will be used to drive adoption in the business sector.

      Page 23 explicitly names Intellectual Property Protection as a purpose of the system.

      Page 24 explicitly states that "the scope of this strategy extends beyond national boundaries". Says the US Federal government must establish programs to execute this strategy. Says the US Federal government is to focus its recourses on influencing national and international standards to carry out this strategy. "Coordinate Federal Government efforts associated with digital identities both domestically and internationally".

      Page 25 "cybersecurity is becoming a matter of diplomacy, activities under the strategy intend to address the increased importance of international policy efforts. The Federal Government, by leading and coordinating national efforts, as well as collaborating on international policy efforts, can drive a unified approach to trusted digital identities". "the creation of a global trusted infrastructure" Says the government should fund research and development of these systems and transfer it to the commercial sector.
      "Todays environment is driven by a global economy, with transactions occurring without regard to physical or political boundaries; the infrastructure developed under this strategy will, to the extent feasible, be interoperable among these environments, while also respecting the laws and policies of different nations."

      Page 26 "The Federal Government is committed to the actions herein and will move forward as a leader, first adopter, and enabler" "The White House will select an agency and hold it accountable for coordinating the processes and organizations that will implement the Strategy".

      Page 27 "All levels of Government will play a part in the adoption of the Identity Ecosystem for government services. As a major provider of services spanning individuals, private sector, and other governments, the Federal Government is positioned to enable high impact, high penetration Identity Ecosystem services."

      Page 29 says the Federal Government will engage in media campaign activities to persuade the public to accept the system. (I would call it propaganda, though I have no doubt others would disagree with the use of that word.) "Success of the Identity Ecosystem depends on participation from multi-national corporations and global providers in the use of federated identities and that interoperable and scalable to internet lev

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  2. A solution looking for a problem by selven · · Score: 5, Insightful

    The problem of authenticating yourself many times to different websites is solved by OpenID. The problem of having a secure web identity is also solved - anyone can put a public key on their homepage and sign everything they write. The inclusion of credit cards and electronic health records suggests the true motive for this policy: trying to tie people's internet identities to real life identities. Thanks, but given that the opinions I post here have already earned me 3 'foes' I'd rather not have every potential employer take a look at my Slashdot account.

  3. Got a link? by paiute · · Score: 5, Funny

    I need to download a German accented voice so when my computer says, "Your papers, please." it will sound authentic.

    --
    If Slashdot were chemistry it would look like this:Cadaverine
  4. Fighting the Anonymous Cowards by roman_mir · · Score: 5, Insightful

    Read this proposal for what it is: a different way to name an attempt of removing anonymity from the web.

    The NSTIC, which is in response to one of the near term action items in the President's Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. ...

    - I am sure this is going to be made a requirement for a site to operate at some point, add this to the 'Internet kill switch', add the Patriot Act to it, multiply by Home Land Security and don't forget to factor in the rendition, you are going to have an interesting situation.

    The President will be able to shut down portions of the Internet, he will be able to identify who was saying what and when, this entire thing reeks of totalitarianism - complete control by the government over the dissemination of information and total knowledge of who was saying what on which topic plus ability to take action - shut down the dissenting portions of the web and then 'taking the necessary care' of those, who dare to oppose the government in any way, be it direct opposition to specific policies or be it simply providing information to the people that government wants to keep quiet and providing a forum to discuss this information.

    --
    You can't handle the truth.
  5. Re:Yet another OpenID by bendodge · · Score: 5, Insightful

    It's not even that. I'm shocked that here on Slashdot the first couple dozen posts actually take this seriously. IT'S A TRAP. This should be blatantly obvious. The entire point of this is to get rid of online anonymity, which government and legal trolls hate.

    Read this post a few screens up: http://yro.slashdot.org/comments.pl?sid=1699416&cid=32702330

    I know President Obama is popular here, but everything his administration has proposed for the Internet has sinister long-term ramifications.

    Eric Holder Advocated Internet "Restrictions"
    The Internet "Kill Switch"
    Obama's "Internet Czar"
    Obama's Version of "Net Neutrality"

    These plans do not exactly champion freedom and free speech. Rather, they seek to slowly erode the power of the online masses.

    --
    The government can't save you.