Slashdot Mirror
Obama Eyeing Internet ID For Americans
Pickens writes "CBS News reports that the Obama administration is currently drafting the National Strategy for Trusted Identities in Cyberspace, which will be released by the president in the next few months. 'We are not talking about a national ID card,' says Commerce Secretary Gary Locke, whose department will be in charge of the program. 'We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.' Although details have not been finalized, the 'trusted identity' may take the form of a smart card or digital certificate that would prove online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions. White House Cybersecurity Coordinator Howard Schmidt says that anonymity and pseudonymity will remain possible on the Internet. 'I don't have to get a credential if I don't want to,' says Schmidt. There's no chance that 'a centralized database will emerge,' and 'we need the private sector to lead the implementation of this.'"
This Internet ID scheme has been floated a couple of times now and it is not going to happen. The Federal Government like big companies and big programs aka Comcast/NBC, Net Control(net neutrality) and National Healthcare. It is about controlling the most people with the least effort. This is no different than requiring me to 'show my papers.' All of this really needs to stop. --If the feds need something to do they could start by implementing IPv6 and getting everyone an IP address.
We will be enhancing your privacy and security.
By making you more uniquely identifiable and creating a single point of failure for the security method.
*HEADDESK*
Chas - The one, the only.
THANK GOD!!!
There is no chance that a centralized database will emerge, unless of course this catches on, in which case a centralized database will be necessary to address abuses.
The truth is that all men having power ought to be mistrusted. James Madison
OK, fine. But you should know that my credit card company are already happy that I am who I claim to be (and that I pay my bill on time, natch) and my bank have already given me a free security token. Oh, and I have no problem with remembering a few different passwords so thanks, but no thanks.
To be honest, I'm more interested in whether this Schmidt fellow even knows what a smartcard or CA is. I doubt he could be more ignorant than that fool in France that started the OO.org is a firewall thing though.
If God forks the Universe every time you roll a die, he'd better have a damned good memory.
'There's no chance that 'a centralized database will emerge,' .....BS
Surely if this was a good idea, individuals and companies would create it and administer it on their own. Do we really need the government to tell us how to implement our systems? ...could tax money not be better spent on other things?
We DON"T need the private sector "enhancing" our security. In fact, that's an oxymoron.
I call computer-illiteracy job security
You don't have to have one of these IDs if you don't want to use the internet.
anything that can be read by a computer, can be changed or faked, by another computer. those who commit crimes, will be much more able to do it than ordinary citizens.
Read radical news here
Doesn't this sound a lot like Microsoft's Passport they tried to get traction on a few years ago but failed?
Sometimes the light at the end of the tunnel is the headlight of an oncoming train.
Digital signatures have been legally equivalent to normal ones for some time now, but where is the accountability? Many have long said the USPS should provide certs; I stand by that idea.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
http://www.youtube.com/watch?v=7leq8DldrdY
Which they were constantly telling us, "No, it'll only be for the program!" Don't trust these people farther than you can throw them.
There is no -1 Disagree.
Looks like they've fallen in love with these cards they stick into the side of their laptops to authenticate themselves for government work.
Users will tell you it's the biggest nuisance.
So when can I get a cryptographically secure national ID card with multi-factor authentication? I'm as much a fan of the government tracking and cataloging me as the next guy, but this isn't exactly a slippery slope; we already have national IDs in the form of social security numbers and driver's licenses: Government-issued numbers required for identification and backed by a central database.
It's just that the current system is about as poorly-implemented as it can be (and justifiably so, since it was never meant to be used like it is). Not only are SSNs weak, predictable, and easily-forged; there is no way to protect or limit their usage by authoritzed or unauthorized parties. There also no way to protect how those parties store and safeguard them.
So while I hate the idea of our government issuing IDs, its too late to really change that. But please for the good of every citizen do it right.
I don't have to get a credential if I don't want to,' says Schmidt.
Oh sure. Just like I don't have to get a state-issued ID card if I don't want either, right? Except once these gov-sanctioned IDs come into play, they do become standards (even when it's explicitly against the law, like with SSN).
And they know it. Hey, tell me which candidate it was again who was going to stand up for the little guy?
Hasn't the government heard of LastPass, or don't they just want to use it?
Can we stop calling it 'cyberspace'?
...outsource it to Facebook.
Bwa ha ha ha ha!
> 'We are not talking about a national ID card,'
Yes you are.
> 'I don't have to get a credential if I don't want to,'
Unless you want want to engage in any sort of non-cash transaction. Of course, if you try to live entirely on cash, you will eventually be accused of "money laundering"...
> 'There's no chance that 'a centralized database will emerge,'
No. It will stay hidden.
> 'we need the private sector to lead the implementation of this.'
Because that way when things go wrong you can blame the "evil corporations".
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
The key issue here is trust. Do people trust the government to not peek at the private data they would be sending them? Lol, do I have to put that in the form of a question? They have already proven themselves several times early as happy to collect data on people when they have no right to at the cost of the integrity of many important agencies.
I would sincerely like the plethora of stupid paper documents I have to deal with reduced to a single wad of data, cryptographically signed by the appropriate gov. dept for each part -
e.g. - the DMV for the driving license, etc.
On the proviso that there is NOT a giant central DB tracking it all.
The government has proved again and again when it meddles with something, it usually ends up screwing it up. I can see, given the current state of affairs, that this is only a "gateway" for harsher liberty loss. This is simply a give a a little, take a lot mentality. Who says it wont eventually be required for everything? Since they did it to us last time, who says they wont do it again? Leave the fucking internet alone.
I already have an "Internet ID," it's called my GPG public key.
lays out a common strategy for something-you-have authentication that can then be potentially used in a much wider variety of venues than your bank.
You mean, like credit cards?
We already have something-you-have authentication for any situation that NEEDS authentication.
And I'd rather NOT be authenticated in all other situations.
completely unbreakable, unlike every other computer security system that has ever been developed.
There's no chance that 'a centralized database will emerge'
Of course not. What government or business would be so crass as to track what people do on the internet?
Sheesh, evil *and* a jerk. -- Jade
Get used to that word.
No you cannot regulate the Internet. No you cannot create national Internet ID, so you can identify and intimidate your critics.
You cannot do these things because the courts have already said you can't and the new Congress is acting to prevent you from trying.
Not that this will stop him good fascist Soros sockpuppet he is. 2012 will though.
Corporatism != Free Market
Dear Obama,
Thank you for your deep concern of my privacy and security as it relates to my personal financial conduct on "The Internet" and my memory of passwords. I will forever take a rain check to your failed and train wreck attempt to control the public.
Well, certainly someone voted for him, but it was not I !
That McCain was, and still is with the benefit of hindsight, a better choice.
Vote Quimby!
Isn't is just a little bit odd that allegedly, according to everyone who talks about it, in this country the government is the people?
When are we going to graduate from this democracy myth and start calling the US the plutocratic oligarchic republic that it is?
I don't have to get a state-issued ID card if I don't want either, right? Except once these gov-sanctioned IDs come into play, they do become standards
They will do it like they did with driver licenses, they will say "accessing the internet is not a right, it's a privilege".
I wonder which part of "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people" they didn't understand.
Or how about "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people
>"'We are not talking about a national ID card,' says Commerce Secretary Gary Locke"
Oh really. Just like Social Security numbers would never be used for anything but Social Security. This is a HORRIBLE idea.
Comments on this draft closed in July, and it's been changed since. But this should give you a sense of what they're actually proposing. http://www.dhs.gov/xlibrary/assets/ns_tic.pdf
Make sure the runners on your sleds are waxed and hang on tight! Slippery slope ahead!
"We are not talking about a national ID card," says Commerce Secretary Gary.....
But we are talking about a card, that can be used to identify you nation wide, right?
Two words: President Palin.
at least the federal government doesn't have a profit motive for sharing the information it has about me.
Do you really believe this? As Robert Heinlein said in "The Moon is a Harsh Mistress", "My point is that some person is responsible. Always. If H-bombs exist - and they do - some person controls them. In terms of morals there is no such thing as 'state'. Just men. Individuals. Each responsible for his own acts."
The profit motive of the federal government is that of thousands of people who would be without a job if the government didn't have all those agencies controlling every detail in your life.
They told me that if I voted for McCain, that shit like this would happen.
They were right.
"His name was James Damore."
Wow... all of this to stop the internet as a threat from happening. Eliminate anonymity as a possibility on the internet, wait a few years until everyone is complacent, and they use it to mop up any stragglers who don't bend to the will of The Powers That Be.
Good thing they aren't doing anything to fix the security model we all rely on, which would leave viruses and botnets as a plausable denyability... oh... wait... they are.... "The App Store", which means no local filesystems, and no way to propagate information outside of what is allowed by the OS.
And then there is the push towards cloud computing, again no local storage.
We'll be ok... but our kids won't... because they will see local storage as a vulnerability, and shun it at all costs.
I think this will all play out in 10-20 years...at least I hope it takes that long.
Public key crypto is great, but claiming that a digital signature is equivalent to a real signature is asking for trouble. People have convinced CAs to sign certificates that identify them as Bill Gates, and those certificates could be used to generate fraudulent transactions if we moved to such a system. We really should not be reducing the amount of face to face time people spend on finances -- we already reduced it too much.
To put it another way, how many people get away with cheating on their taxes each year? How many times has the USPTO granted a patent on something that was obviously a joke? Do you really want the post office acting as a CA?
Palm trees and 8
something-you-have authentication
You mean, like credit cards?
Credit cards are often used in card-not-present situations such as telephone or online purchases. The account number, expiration date, CVV2 number, and billing address aren't something you have; they're something you know. They're only something you have if a retailer has a policy of no gift shipments, in which all shipments are to the billing address.
'We are not talking about a national ID card,' says Commerce Secretary Gary Locke, whose department will be in charge of the program. 'We are not talking about a government-controlled system'
You Lie.
My point is that some person is responsible.
The problem comes when this person isn't responsible to the people. The responsibility in hiring and firing the responsible person may be diluted several times through appointed officials, and even elected officials are in a way appointed by the media.
I already have an "Internet ID," it's called my GPG public key.
Signed by whom? With the rise of TSA's so-called "gate rape", not everyone is willing to fly to key signing parties in remote locations.
How is this different from the Social security number/database, your passports, your driving licenses and the relevant databases?
What problem(-s) could another id # solve that is not already covered by MAC/IP address, paypal id, credit card+pin, (anything)+pin, social sec #, driver's license #, university ID #, library card #, etc. etc.?
It certainly won't stop people from lying or creating false identities.
The public key cryptography has solved the authenticity problem some 20 years ago.
S/MIME signing has been supported by all mayor (non Web-based) provides for the past 10.
It is easy to prove a document is coming from a trusted party...
it is a pitty very few people use it!
If the government said "we have a super strong, high-bit-count keypair. We'll sign some corporations' keys if they pay a fee and meet our standards. If you'd like, they will then sign your keys, if you so desire." Would you object? If so, why?
let me loose MY passwords.
Where were you when i lost my flat key ?
Today the university mailed an important letter to you. It contained information about the recent theft of a university-owned laptop with a file that contained your name, social security number, address and salary information. In addition to your information, the laptop also contained information for every person employed by Tulane University in 2010.
The letter includes information on a credit monitoring service the university is providing for every affected individual.
If you do not receive the letter by January 14, please call (504) 865-5291 between 9 a.m. and 5 p.m., Monday through Friday. A university employee will help you access the services being provided in response to this incident. In the meantime, for additional information about this incident, we have posted a statement on the University website at http://tulane.edu/wfmo and http://tulane.edu/tsweb.
We sincerely regret that this event occurred and are making every effort to prevent a similar incident in the future.
Charlie McMahon
Vice President of Information Technology and Chief Technology Officer
For those who read this Vinge novel, you might recall the "Internet" of that setting used something similar to this for all network traffic. He never describes the system per se, but there are several times in the novel where it becomes clear that a credential is needed for any network access.
In the fictitious world, it actually seems kind of like a cool idea. In our world, it just seems like another way for governments and corporations to track what *everyone* is doing. I like the idea of accountability for one's actions, but this is like having someone follow you around all day and every day writing down everything you do and say. I don't know anyone who would choose that for themselves.
..."solved" theory, did not "solve" implementing without fuckups.
I wonder if your national ID will have a nice easy to remember 4 digit PIN.
...and will be issued nationally, but it's NOT a National ID Card. Trust us!
BREAKING NEWS: the Obama Administration has noticed that everyone has a Facebook login anyway, so they have decided that Facebook Connect will now be the Official Log In To Everything ID for the United States.
In other news, the Obama Administration has declared Facebook "too big to fail" and nationalized it. Mark Zuckerberg was unavailable for comment.
Tired of FB/Google censorship? Visit UNCENSORED!
Puhleeze. If you think this can't be hacked, think again. If you think it can't be forged, think again. If you think it can't be stolen and used to impersonate someone, think again.
Platitude of the Day: Any concept can be used for both good and evil.
For example I have a different name on my social security card then on my passport, both are real and I am a natural born US citizen, then how would any verification work based on that system? Are these self important bureaucrats..... I know the answer. But agerrrrah, I don't want every website knowing for reals exactly who I am. We have already seen a massive increase in "dynamic pricing" and this ID verification will only lead to more greed from advertisers and marketeers.
I do not play in the middle of the road
Seriously. Almost nobody commenting here even took five seconds to even think about what was actually being discussed. It's all just knee-jerk "jack boots are coming" nonsense.
"Internet ID for Americans" - Article title FAIL. This has nothing to do with a government identity of any sort. Nor is it a singular identity, credential, or technology. It's for use in commerce - you know, like OpenID? - but actually standardized so that companies will actually widely accept it. That's why the first sentence of the linked article, the whole point of the news of it, is that the Commerce department would head the effort, not Homeland Security. (Declan McCullagh, I like you, but you should be ashamed.) From the article: "This is not about a national identity card." From these comments: "It's a national identity card!"
"Single point of failure" - Reading comprehension FAIL. The published strategy talks about setting up an identity trust ecosystem where individuals set up any number of identities and credentials, of their own choosing, possibly using different technologies of use as they see fit. Much like the SSL cert ecosystem today provides a means of merchant identification, without there either being a single point of failure or sinister government control.
"Trying to solve a problem that doesn't exist" - Reality-check FAIL. I just don't know what planet you're from. If you're saying that identity theft on the Internet isn't a major concern, then you're seriously misinformed. It costs our economy millions, if not billions, in lost productivity and fraud. That's a valid government concern - making sure that economic activity can take place safely and thrive.
For frack's sake, the same people who were screaming about how Microsoft Passport was a bad idea (and it was, because it was monopoly-controlled) are now saying the free market should solve the problem. Or, you know, that there's actually no problem at all. No wonder it's so hard to get anything done in this country.
Having a national strategy to push towards building a real trust infrastructure is a GOOD idea. Reduces costs, reduces redundancy and waste, IMPROVES security on the Web. Trust infrastructure GOOD. Psycho spasmodic knee-jerk Fox-News "Govmint bad" reactions with no forethought BAD.
And it's another DHS solution seeking a problem brought to you by the ciaBS establishment cow towing fcc approved media (proudly publishing the official journalistic article after it's already too late to do anything about the actual law.)
I don't need an internet password. I don't mind maintaining hundreds of passwords in an encrypted password manager, I don't need any third party to hold my hand to login to my unmanaged server, I don't need any third party to login any apps I develop.
I have to say, it's getting very close to where I might just say screw the web, the telco's, the isp's and pull the ethernet cables up. Such a counter to the actions of this corrupt establishment will in the big picture hurt vendors (and the economy) as we slowly one by one are forced by these nazi's to decide to be slaves or free..
You can laugh this off, but don't call me a kook If there's no more anonymous, there will be no more me.
Correct me if I'm wrong, but Bush has a Republican majority for 6 years, and this never came up. Just like how, even in the abysmal Patriot Act, we didn't have forced strip searches at every airport checkpoint (which is pretty much what you have now). And you're still trying cover up for Obama's malfeasance by equating him to Bush? Weak. Own up and admit that you voted for a statist, knew you were voting for a statist, and you got exactly what you voted for.
And people decided not to use it. Raise your hand if you have an OpenPGP key and it's been signed by a lot of people (i.e. an identity, certified by multiple parties such that non-distributed systems seem like a joke in comparison). Ok, put down your hands; I was asking in the wrong place. Most people don't put up their hand here, so nobody builds upon the system.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
You could have voted for anyone. Democracy is dead. These days laws are written by lobbyist, approved by lobbyists, implemented by lobbyists, watched lobbyists, and enforced by lobbyists. What the candidates are called is inconsequential, as is the party they belong to. There is only one party, the lobbyist party, which masquerades with a bunch of different names in order to fool the ignorant.
In Finland, banks were the first ones to map a person's real identity to online credentials. For this reason their services to authenticate people have become the norm when you are dealing with e.g. government services online. Basically how it works is that a service provider redirects you to the bank services and then you authenticate using your bank codes. After that you are then redirected back to the service provider along with your identity details. Seems to work decently...
Oh, and we also have some chip card that you could get a computer chip reader for, but that scheme never worked out... why would anyone want to pay for that?
It'll be run by companies but we're hearing the idea from the government. I'm reminded of when Frank Zappa was at a Senate hearing getting grilled by the Mothers Against The Arts (MATA) -- no, wait, they went by the initials PMRC -- and a senator explained that they just wanted "private action" by the music labels to keep naughty music out of the hands of kids. Frank, sitting in a senate hearing building, looking around at a group of senators and their wives, having his words recorded on the senate record, said, "This is private action?" Hilarious.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Lots of people pointed out that the whole "Net Neutrality" thing was just an excuse to get the camel's nose into the tent and that once a precendet for the FCC being able to regulate the internet was in place, all sorts of things would be following.
Enjoy your trusted identities, mandatory DRM, broadcast-style content restrictions, etc.
At least I'll get to enjoy all the wailing from the Free Software types when the law mandating only authorized commercial (e.g. closed) operating systems be allowed to connect to the internet, to make sure you're not subeverting all their requirements.
This is what happens when you give the government enough power to solve your problems.
Given that spoofing change of address cards are so easily spoofed by identity thieves, I'm not sure I want the USPS managing much more.
This is not a National ID because you could have unlimited certifications.
You are only allowed one social security number, if having multiple SSN's was an option, it wouldn't be very good at tracking a single person.
This proposed system would allow you to have as many certs as you want.
This would give you the ability to use a unique cert (identity) for each bank or other transaction entity.
Also these certs could still be offered by independent organizations.
In reality this system is not about ensuring you are a specific person, but rather the same person for all transactions on that single certificate.
Only criminals will be anonymous.
..and these are not the droids you are looking for.
*waves hand* ...luckily for us it doesnt work on us Hutts*
*a.k.a. - the fat dude living in his moms basement.
There's no chance that 'a centralized database will emerge,' and 'we need the private sector to lead the implementation of this.'"
Uh, no?
Identity one area I would very much love to have in the hands of government.
Why? Because if you put it into the hands of a "private sector" entity, that almost certainly means a commercial entity, which means if it finds a way to make a profit from your data, it will. Or, in other words, it isn't your data anymore, it is theirs. Thank you, but no thanks. I prefer to have an identity instead of renting it.
Sure, there are all kinds of other dangers with the government handling this stuff. But if you are more afraid of the government than of private corporations, you've not been getting the news for the past 20 years, have you?
Assorted stuff I do sometimes: Lemuria.org
There is only one question to ask, and that is... how many will YOU have? aaaaaaaahahahahhahaahaha
How, for example do you know if your 'master password' has been lifted by a trojan? This is a really great idea for credit card fraudsters as merchants can't cancel fraudulent transactions so the banks don't have to bear the risk of refunds.
The reason governments don't need a master internet ID database is because they can just ask google, amazon, twitter, youtube or any large organisation to cough up loads of details about you already.
What I want is a "this is who I am/where I live" object I can give to an on-line merchant which is DISTINCT from the authorisation.
Credible ID's for everyone from the person who has yet to provide a credible birth ID, Ahnold for Preseedant.
The mind conceives, the body achieves, the spirit manifests.
...Obama takes a big stick and jams it in the eye of his Progressive supporters.
When will they learn?
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Do you want the government who has it anyway or do you want Facebook who will sell it. Each has their own advantages and disadvantages. I personally would prefer the government to be in charge of my identification because they already handle it will passports, social security and driver's license. It only hurts me to give all this information to a company like Facebook.
We, Americans envision the they when NORTH AMERICANS realize that we all are AMERICANS and not only the Americans of North, It's like saying that Only English People are Europeans
Every corporation will start to use this system and that will turn what was a "enhancement to security" into a "Standard required to access any internet service"
First they tell you its just to help, then they own you.
Fuck the national ID, internet ID.... how about fucking universal single payer not for profit health care?
Fuck both of these parties. Fuck Obama.. fuck Bhoener... fuck them all.
You already see this with Facebook or Yahoo or Gmail logins to newspaper and other commentary-sites.
It boils down to this:
If I need to be sure you are who you say you are to X degree of certainty, and someone else has issued you and ID that is "good enough for me" then I'll accept that credential. This can be a Facebook account, a signed-by-someone-I-trust or self-signed digital certificate, a driver's license, a passport, a person I trust who vouches for you, a system of such persons such as in the hawala money-transfer system, or one of many other systems.
I don't see a government sponsored "national e-ID card" coming because it isn't needed, but I do see the day when we'll have to let our cell phone photograph our face or finger and that image plus some other data like a passphrase, the time, phone-unique ID, SIM-card-unique ID, phone-GPS data, etc, will all be signed by our phone's unique private key, and encrypted with the bank's public key and its copy of your face or fingerprint and pass-phrase and used to authenticate the person for a given session. The higher the amount of the transaction or the more sensitive the information the customer is trying to access, the "tighter" the match will have to be. If the information isn't a "solid" match the bank may allow you to see your approximate balances and partial account number and allow you to make minor transactions that it doesn't mind eating the loss for, but good luck doing that $10,000 e-transfer to Africa if the bank isn't 100% certain it's you. In such a case the bank may tell you to wait 15 minutes then call and text every number you have and email every email address you have asking you to call their fraud department. If they get more than 1 call or your voice doesn't sound like the voice they have on file, the transaction will fail and your account will be watched even more closely.
If consumers demand it, a notification of the approximate time and place and "fuzzed/low-res" photo used to authenticate the transaction will be sent to the consumer through a different channel or channels, such as an email alert plus a notation on the customer's monthly statement or e-statement. The full set of information will be kept by the bank's anti-fraud department for 30-60 days in case the customer claims the access was unauthorized.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
From TFA... "There's no chance that 'a centralized database will emerge,' and 'we need the private sector to lead the implementation of this."
Really? I guess that's 'cause they already exist. Why reinvent the wheel, right? "We're just adding technology that will help validate all the data we're already collecting, you stupid sheep..."
They don't even have single sign on for their OWN systems, and they think they're the right entity to create it for 300 million people? That's hilarious. This will be a $100 billion project that will never actually meet its goals.
Thanks, but no thanks. I actually WANT different passwords on my accounts. I don't WANT my facebook account to unlock my bank, or my slashdot password to unlock my facebook account.
I'm sorry, but if you really want this, you want someone else to do it. If you're smart, you won't want anyone to do it, or at the least, you want opt out.
The bank knows who I am and is willing to eat most of the loss when they are wrong if I notify them soon enough.
But I don't know who my bank is.
If my bank's computer is hacked or its DNS rerouted and private key compromised, then anyone can pretend to be my bank. Sigh.
Well, I guess I'll just have to accept that risk, or only bank in person and hope it's not a bunch of bank-robbers behind the desk acting like tellers while the real tellers are tied up in the vault.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
A crucial difference between a bank-consumer and a state-citizen transaction is that the bank usually pays if something goes wrong. In this case, the bank or credit card company definitely does not want credit card fraud to happen on its system, and has a vested interest in keeping it secure. It's a good and obvious idea to piggyback government authentication on bank authentication. The administration is merely trying to reinvent what has been used successfully in other countries already. Here in Finland, for example, I can log in to many government services using my online bank credentials, which have been verified by a personal visit to the bank. This is not exactly rocket science, if you think about it. All it needs is political will.
If you have a smart-card that doesn't require something you know or have to active it, stealing your identity is as easy is stealing your card.
If it does require something you know or have to activate it, stealing your identity is as easy as finding out what that thing is. If it's a password cutting off your fingers one at a time until you give me the right password and promising you a slow death if you refuse or you give me so many wrong ones that I get locked out will generally do wonders. At the very least, if it doesn't work on you I will make sure word gets around and it will work on my next victim.
*The above scenario is hopefully completely hypothetical. If you do such a thing and I'm the judge or jury that sentences you for your crime, you won't be happy with the result*
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
It's nothing more than a Big Brother scheme in disguise. So how do illegal aliens fit into this little ol program, eh?
anything that can be read by a computer, can be changed or faked, by another computer.
Ah, but can it be changed or faked in a timely manner?
Suppose you start listening to an encrypted communication after the initial authentication is over with. Your only hope is to either break the encryption and take over one side of the conversation or disrupt the conversation and start over.
Suppose the agreed-upon protocol for starting over is an in-person meeting by two people who know each other well. That means the worst you can do by disrupting the conversation is delaying things and possibly canceling a transaction in progress, which is an outcome the parties have already agreed to accept by virtue of adopting this protocol.
Your only other hope is to intercept the conversation and take it over. Suppose the encryption is strong enough that even with the best quantum devices you will still need 3 hours to break it, but they change keys every 10 minutes and the whole conversation will be finished and terminated in 2 hours. Good luck breaking in.
Yes, your statement "anything that can be read by a computer, can be changed or faked, by another computer" is in principle true but you can construct real-world scenarios where it's irrelevant because it can't be faked or changed by another computer in a timely manner.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Suckers!
Clearly you didn't read the article.
A) You have to get one.
B) It's not your only ID
C) Do you think you can't be found on the internet right now?
If 'The Government' want to watch and control you they wouldn't need to change a thing. In fact, in those conditions changing anything increases the risk to 'them'.
The Kruger Dunning explains most post on
Actually, as it's currently implemented, the SSL cert ecosystem today provides many points of failure and sinister government control that compromise the whole system. Count the number of "trusted" root CAs in your web browser -- any one of them can be evil, compromised by crackers, or agree to government intrusion in order to compromise any your web-based communications. Here's a more in-depth analysis of the problem. Even worse, these "trusted" roots can create subordinate CAs, which can in turn compromise all of your X.509-secured communications. You might also be interested in the EFF's SSL Observatory, along with their analysis of the abysmal state of today's X.509 certificate infrastructure.
To solve this properly, we'll probably need to do at least the following:
I agree that we need work on distributed trust infrastructure. That's why i contribute to the monkeysphere project -- we're pushing OpenPGP-style multi-party, user-centric certification into SSH, the web, and everywhere else we can.
I'm just not convinced that the US Government is likely do this the right way. It seems probable that they'll be happy with centrally-controlled, single-trust-path certification. Or that they'll botch it in the same way that X.509 is currently botched.
Stasi operations
Stasi quiet camera that could take pictures through a 1mm hole in a wallFurther information: Eastern Bloc politics
Between 1950 and 1989, the Stasi employed a total of 274,000 persons in an effort to root out the class enemy.[5][6] In 1989, the Stasi employed 91,015 persons full time, including 2,000 fully employed unofficial collaborators, 13,073 soldiers and 2,232 officers of GDR army,[7] along with 173,081 unofficial informants inside GDR[8] and 1,553 informants in West Germany.[9] In terms of the identity of inoffizielle Mitarbeiter (IMs) Stasi informants, by 1995, 174,000 had been identified, which approximated 2.5% of East Germany's population between the ages of 18 and 60.[5] 10,000 IMs were under 18 years of age.[5]
Obama legacy, same paragraph as above just a different day different number of adopting the new ID.
Wonder if th Stazi will be remember longer than the reign of O
Well, i guess not technically a 'card' but ill still pass. I don't wish to be tracked to that level, so take your draconian ideas and shove it.
---- Booth was a patriot ----
Since when is that a requirement for daily life? Why do i have to prove anything if i want to read some free content on a web page? Do i have to prove who i am to read a book at the library? No. Do i have to prove who i am when i buy a news paper and read it on the side walk? No. They why this?
All this is for is to track what we all do, to look for 'signs'..
---- Booth was a patriot ----
Some people might even call this SSL.
I'm hoping this is akin to OpenID. Seriously, I dont want to be using the same login info that I would use on ICHC as I do for my bank lest an lolcat obtain my information and make a bank transfer to his account in Nigeria. If I could have separate ones for untrusted sites, online stores and financial sites, then count me in. However, if it's all or nothing, forget it.
Anons need not reply. Questions end with a question mark.
Eh, try what you want Obama, 95% of America is too incompetent to use this or "Don't have anything to hide"... it's pointless. The need to get rid of various passwords only decreases security, instead of enhancing it... and still doesn't prevent identify theft and social engineering (nothing does).
"Instant gratification takes too long." - Carrie Fisher
simply the foreign xor corporate agendas of aipac, cfr, un, unep, imf, rothchilds, bilderbergs, oath breakers, etc.
we are one false flag germ outbreak away from selected, listed fema concentration camps.
security clearance vs oath, it's the disrespect for life from psychopaths using monetry system, politics, media, elections, psychiatry, law enforcement, physics, germs (dear /.: a plethora of dead scientists), physics, electronics.
if you vote, do you UNDERSTAND what jury nullification is!
- imo in a nutshell. Yeah you voted great, now it's time to scrub the toilets.
1. be agreeable. but know there's no oath like the judge might claim. PERIOD. now shut ur trap up.
2. if it's a bad law nullify the law (clarify it, and force the issue to be dealt with if possible)
3. if the target is under a good law used badly == not guilty, vote your conscious, can you sleep knowing you didn't just fsck someone? After all this is the issue, someone's life might depend on your decision, it's serious.
4. don't get confused by PSYOP crap questions, try to keep a smile, and keep your body language under control, don't talk to other neophyte jurors about what you know.
5. If it's beyond your comprehension, then maybe your not your bag. Pass the torch, but re-volunteer to be a juror for a case you can handle.
On the other hand, if they are just guilty, and your conscious says, damn they just are bad, and your totally convinced then go that way
I welcome anyone to straighten me out.
But be aware I have jury duty soon
I won't be able to say anything at that chronological time.
$VALUE INPUT UNTIL THEN
but remember I have a brain, your not going to dictate crap to over-ride my conscious. We may very well agree to dis-agree.
Korea has been doing this forever. People use the equivalent of a social security number to register with most websites over a certain size. Most sites have you first provide your name/number and then a second verification method (bank cert generated for this purpose, cell phone registered with the same name/number, fax a copy of the card, etc) to prove you have control of that identity. The government recently allowed some private companies to create a new layer in this though where you sign-up using your name/number on their site, then use a username/pass on the new site you wish to sign-up on so that your number is no longer passed around. Only a verification comes from the security company saying yes, this is that person.
The only major issue I have is that the IDs issued to foreigners is in a different database than those issued to citizens, at least as far as I can find out, and not all sites subscribe to the database for foreigners, especially shopping sites. So foreigners here do sometimes have an issues signing up for certain sites, mainly shopping sites. However, that has been changing and more and more sites are opening up.
Overall I like the system, but then again I'm not a paranoid nutter.
For all Americans?, I'm from Argentina, lol.
We can already do single password signons, without delegating our identity to provider like OpenID does, while not sharing the same password between multiple providers. A keyring feature in the browser, with one master password, is all it really takes. When the user accesses a site they have signed up for, the site is recognized as such based on the list in the keyring, and the credentials can then be exchanged. By creating different credentials for each site to visit, that won't be a means for the site operators to correlate identities for cross tracking purposes. Sites, like your bank, will, of course, need to establish some connection between your internet credentials and your account, at some point (set up a first time password when you first sign up for an account).
The one exception I can see are for sites that want to be certain the same person is not signing up for two or more accounts. Most sites don't need this. But it might be good to have if they start doing online voting (which, of course, will eventually undergo some extreme, but not necessarily apparent, attacks). For that kind of thing, you get the credentials by another means where they only give you one set (at a time), and deposit them in the keyring, possibly flagged for additional security prompts to make use of.
now we need to go OSS in diesel cars
Nuff said.
every single fucking conservative who's bitching about this now would be all in favor of it and calling anyone who opposed it a traitor.
cheap labor conservatives - they want to keep you hungry enough to be thankful for minimum wage.
When your child downloads a dozen films or mp3s you have the burden of proof that it wasn't you. The internet has become indispensable. Legislators have started the ball rolling and now they have no plausible denial that network traffic shouldn't be controlled, shaped and taxed. Without campaign finance reform the network is about to become just another symptom of a bigger problem.
15TW = 15,000 Nuclear Reactors. (Approx. one accident a month.)
+1 Funny please.
Its actually in the law that SS#s can't be used as a UID outside of the social security admin. So again we have an example of a law not followed by private or public sectors.
Democracy Now! - uncensored, anti-establishment news
"(no one would have ever known about Monica Lewinsky had it not been for Matt Drudge and the Internet)"
Reality: The Drudge report was framed along the lines of "Newsweek is sitting on a story" about Kenneth Star's office investigation and possible perjury charges against Clinton and Lewinsky for denying an affair.
Newsweek was sitting on a story: Newsweek was doing the normal mainstream procedure of fact checking and seeking second sources. At the time Newsweek only had one source, Literary agent and former Nixon dirty tricks operative Lucianne Goldberg. It used to be the reputable news outlets did not like to be used by people with a political ax to grind. So Newsweek was letting the story 'cook.'
When the story broke, Star's office was already investigating Clinton and Lewinsky for possible perjury charges. Clinton had testified in the Paula Jones case Linda Tripp was feeding information to Goldberg, Goldberg had advised Tripp to (illegally) record her phone conversations with Lewinsky, Lewinsky had saved the dress with, um, physical evidence stains, Tripp was giving the tapes to Star's office.....
Drudge only speeded up the public reporting by a few days or weeks. The Washington Post reported it 4 days after Drudge. They may have published earlier after the Drudge reported it. Where the Washington Post got their info from, I'll let anyone interested look up. Leaks from Star's office? Whatever. The info was bound to come out.
A little bit about newspapers, news magazines, and timelines. Pre-internet, and this was early internet, it was common for stories, even stories like this, to come out on the media entity (magazine, newspaper, TV show) own time-line. Holding back stories to time it during slow periods to bump circulation, for example, was a 'normal' way of doing things.
Nowadays, what with Slashdot and Drudge, holding back a story for a media entities own own needs exposes them to a greater risk they will be scooped.
Oh, Drudge trackers have pointed out that Drudge, being a rumor mill, has a high rate of false reports.
That's my rant, and I'm sticking to it.
No one said you are stupid for not knowing what those terms mean.
Stupidity is not the issue.
The issue is lack of education. (Not schooling, education.)
The terms themselves are not the important thing.
Why do you think the meaning of those term has no bearing on your life?
Probably for the same reason you think being kept ignorant is the same as being stupid.
No one is accusing you, so why so butthurt?
Dear Administration,
Please, spread your anal cavity as much as possible.
Because, we intend to suck and lick your crap hole till all your juicy shit and intestines are firmly rooted between our teeth.
Yours, the brave people of America.
The government in this case is saying "we want to be progressive and give people a new tool that hasn't just yet been broken somehow, someway for a little while" And once its 'security' has been defeated several dozen times, the first few of which will most certainly make news somewhere, it will be like credit cards, bank cards and passports all over again.
Then perhaps they will bring out a new version, so something else to memorize and the cycle will go on its merry way.
Smart cards require readers, I'm sure personal readers via USB will be quite cheap..digital certificates are lovely, until your system crashes..at which point the potential for problems begins increasing at an alarming rate..back-ups, installs and so on. Even the USB copies can be mis-placed, lost, stolen etc.
As for 'Net Neutrality" I'm of the opinion we lost that fight. We're merely arguing about the terms of surrender.
Once a fully wireless world is in place, some neutrality I think will be won back depending on how fanatical on the issue a given person is. But thats another story
When are we going to graduate from this democracy myth and start calling the US the plutocratic oligarchic republic that it is?
No call it what it is in a simple word people understand. Fascism The US is the new Nazi Empire.
Fascism (pronounced /fæzm/) is a radical and authoritarian nationalist political ideology.[1][2][3][4] Fascists seek to organize a nation according to corporatist perspectives, values, and systems, including the political system and the economy.
Please read http://en.wikipedia.org/wiki/Fascism and tell me this isn't our government today.
all this goes right along with the article posted http://yro.slashdot.org/firehose.pl?op=view&type=story&sid=11/01/08/091225 about Twitter accounts and WikiLeaks.
Where are the REAL worlds terrorist? Washington DC.
Yes there was a time when I posted with my name. Now I am afraid.... Very afraid.
This wouldn't be a National ID (but it would) and with something like a National ID (or whatever they want to call it) it would be maintained by the government and require less passwords (Great, like I want to rely on the government to manage any kind of passwords for me) and with something like that being in ANY branch of the government, it would EASILY be accessible by any other government agency.
Anyone want to be on how long AFTER this gets passed (if it were to get passed) that it would be required to log in to ANY computer?
"Be polite, be professional, but have a plan to kill everybody you meet." General James Mattis
The best part of the Internet is its lack of censorship and the freedom of speech it fosters. I am against any type of Internet ID. If we're not careful only certain websites and certain content will be allowed and individual freedoms will be further eroded.
"Or what"?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
...we just need to standardize and simplify usage of digital certificates. I've been signing my email with a trusted certificate for nearly 10 years, and pgp for 10 years before that. Browsers already support client certificates. You just need to tie in user controls on when the client certificates are presented with sites actually using them. There are a variety of trusted certificate issuers, so you don't have a single government id, and more importantly, you don't have another government bureaucracy (though, actually, it would make sense for the passport office to issue certs --- they're already a "national id" and certs are a logical extension).
The biggest problem is simplifiying *getting* and using the certs. That has been the roadblock every time I've pushed to get people to sign their email --- using and maintaining them is non-trivial. Some of that is inherent in assuring the identity, but a lot of it crappy user interfaces on both the CA websites and the software using the certs. If (and, admittedly, a *big* if) this initiative solves that problem, it will be a good thing.
You can find the draft version PDF here.
From the draft, page 4:
Envision It!
An individual voluntarily requests a smart identity card from
her home state. The individual chooses to use the card to
authenticate herself for a variety of online services, including:
Credit card purchases,
Online banking,
Accessing electronic health care records,
Securely accessing her personal laptop computer,
Anonymously posting blog entries, and
Logging onto Internet email services using a pseudonym.
Anyone who envisions people using Identity Cards to authenticate "anonymous" posting on the internet is dangerous, either evil and dangerous or stupid and dangerous or both.
Many parts of the draft make it implicit that this Identity System is built on top of Trusted Computing, and page 15 explicitly says that hardware and software "also require rigorous identification, authentication, and authorization" and provides an example explicitly naming the Trusted Platform Module (TPM) in this role. For those not familiar with Trusted Computing and Trusted Platform Modules, it means that each computer or other device is embedded with a unique identifier number (the PUBEK). Each computer or other device is also given a pair of master keys, the PRIVEK and RSK. The core idea of Trusted Computing is that the owner is FORBIDDEN to know or fully control these master keys locking down his computer. These keys are used to secure the computer AGAINST THE OWNER. That is the meaning of "Trust" in Trusted Computing and in the Trust chip - they mean that other people can "Trust" that you do not know your own master security keys and therefore other people can "Trust" that your computer is secure AGAINST YOU. They can "Trust" that you cannot alter or override the security on your computer because you do not know your own master security keys.
Page 22 says the Federal government must establish new laws to enforce this system.
Page 23 explicitly names Intellectual Property protection as a purpose of the system.
Page 24 says "the scope of this strategy extends beyond national boundaries" and that Governance is required at the international level to create this Identity system. It complains that the Federal Government has not focused sufficient resources pushing this sort of system through international standards bodies. Continuing into page 25 is says this policy "is becoming a matter of diplomacy".
The Federal government is already giving away many tens of millions of dollars a year in grants to develop this stuff, and still page 25 calls for more aggressive focused R&D to promote this system and "promote the transfer of the government's sponsored R&D results related to the Identity Ecosystem to the commercial sector".
All throughout the draft are listed all sorts of ways to force this Identity system upon us, from implementing it in government services to your electric company requiring it to access your account. However page 29-30 is particularly notable in how it identifies "Other Means to Drive Adoption of the Identity Ecosystem Across the Nation". It suggests tax breaks for those who adopt the system, which is inherently a shift of the tax burden onto those who who refuse or decline to adopt the Identity system. But I think the really fun part is where it suggests regulatory changes to critical infrastructure sectors to drive adoption. In particular it proposes new regulations be placed upon all credit card transactions as a means to drive this Identity system down our throats.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I'm in if I can use my Blizzard Authenticator.
But if you are more afraid of the government than of private corporations, you've not been getting the news for the past 20 years, have you?
Yes, but if you think that between 1/4 and 1/3 of Americans don't fall into that category, you've not been getting the news for the past 10 or 11.
More or less the entire platform of the Republican party these days is convincing the American people that companies will do everything for them better than the government (except for protecting them from the dirty gays, of course). And, moreover, that anything the government tries to do is inherently wrong by first principle, because government services are socialism.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.