Obama Eyeing Internet ID For Americans

Pickens writes "CBS News reports that the Obama administration is currently drafting the National Strategy for Trusted Identities in Cyberspace, which will be released by the president in the next few months. 'We are not talking about a national ID card,' says Commerce Secretary Gary Locke, whose department will be in charge of the program. 'We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.' Although details have not been finalized, the 'trusted identity' may take the form of a smart card or digital certificate that would prove online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions. White House Cybersecurity Coordinator Howard Schmidt says that anonymity and pseudonymity will remain possible on the Internet. 'I don't have to get a credential if I don't want to,' says Schmidt. There's no chance that 'a centralized database will emerge,' and 'we need the private sector to lead the implementation of this.'"

how about no

[trolman]

This Internet ID scheme has been floated a couple of times now and it is not going to happen. The Federal Government like big companies and big programs aka Comcast/NBC, Net Control(net neutrality) and National Healthcare. It is about controlling the most people with the least effort. This is no different than requiring me to 'show my papers.' All of this really needs to stop. --If the feds need something to do they could start by implementing IPv6 and getting everyone an IP address.

Re:how about no

[Lawrence_Bird]

exactly. typical nannystatery, looking to solve a problem that does not exist with a government sponsored effort. And who for a moment doesn't think that this would carry advantages for the 3 letter boys and girls?

Re:how about no

Yeah, typical paranoia. You write: "you cannot do any electronic banking without it any more." "I don't have to get a credential if I don't want to," says Schmidt. Of course the government will not make a central database when it gets tax return files signed by everyone in the country. No, certainly not. How stupid do you and the government think we are?

Re:how about no

[Culture20]

Typical American paranoia.

There may be countries where the government is trustworthy enough to allow this. But the United States isn't one of them.

In fact, the government was set up to not trust itself. The framers of the constitution didn't trust the government they were creating, so they crafted it to be full of gridlock.

Re:how about no

[Sloppy]

Um, yeah, that's why we were all complaining about the Nanny State when Bush had Ashcroft go after the state of California over medical mariju-- wait, were we talking about Democrats?

Re:how about no

[Chapter80]

You mean all Americans are going to end up in concentration camps because of this digital ID? Look-up paranoia.

Naaah, not everyone. Just the bad guys. And the dissidents. Potential terrorists, and neo-nazis, too. And anyone who is on the TSA no-fly list. Really, any foreigners. And those who are against the 2-party system. Those tea-party wackos should really be identified and tracked. Lump the libertarians and green party people in there, too, because you really never know when they might "fringe out on us". What's the harm in "identifying" and "tracking" them. Especially if they're not doing anything wrong. What could they possibly be afraid of?

And if someone is a crack addict, we should track that. We don't want those people in power, or flying our planes. We certainly don't want to give them access to large sums of money. You have to admit, tracking crack addicts is a good idea.

But not a single person has ever *started* with crack. Usually they start with marijuana or alcohol. Don't believe me? Well, we should track that. We can actually predict which people are more prone to become crack addicts, simply by tracking the population, their purchases, and their habits.

Really, we shouldn't let someone behind the wheel, if they have purchased open liquor within the past 2 hours. We should track that.

And the people who are causing our healthcare costs to skyrocket. Especially those with Aids. And a genetic disposition toward expensive illnesses.

This country was founded with a strong religious bias, and God wants it that way. We should identify the atheists too. And the evolutionists. How dare you say I'm part monkey.

Really, the only ones who can be trusted are the ones like me. In thought, actions, beliefs, genetics, and disposition. So we need to classify and identify. No need to tattoo their arms - that's old school. Let's just track them by ID. No harm. If you aren't doing anything wrong, what is there to fear? I know I don't do anything wrong. I'll sign up, and even maintain the database for free.

They came first for the Communists,
and I didn't speak up because I wasn't a Communist.

Then they came for the trade unionists,
and I didn't speak up because I wasn't a trade unionist.

Then they came for the Jews,
and I didn't speak up because I wasn't a Jew.

Then they came for me
and by that time no one was left to speak up.

Re:how about no

[Miamicanes]

> If someone can sign your name on a paper and send it by mail you'd be fucked to. ...

Actually, no. You could legitimately argue (in court, if necessary) that your signature was forged. Forgery is so common, assertions of it in court are almost automatically accepted by juries as credible unless the party claiming it's legitimate can bend over backwards and demonstrate (through supporting evidence, like driver's license data, video surveillance footage showing the individual perform the transaction, etc) overwhelming evidence that it's legitimate.

Smart card-based certificates upset that delicate balance of power. They don't prove that it was signed by you, but they do prove (almost beyond doubt) that something was signed by someone with physical possession of your card/cert and knowledge of its security code. Thus, they instantly shift the issue from claims by the victim that his signature was forged (something that's happened throughout human history, is commonplace, and an easy defense for consumers to successfully raise in court) to claims by the banks that you were negligent in your handling of the certificate and/or its security code. As a consumer, you have basically no duty to prevent someone else from forging your signature, because you can't. And the scenarios where banks could claim you were negligent would be almost impossible for them to prove. In contrast, with the cert/card, if anything goes wrong, banks have a MUCH easier time of shifting liability to you, the consumer.

You could argue that a similar situation exists with ATM cards, but ATMs have an advantage (for consumers) that internet transactions don't -- pervasive video surveillance. If a criminal coerces you to give up your PIN code, it's likely to be pretty easy to prove his involvement and demonstrate coercion. If the criminal is out of view, but the victim claims otherwise, the bank's in an awkward position. If the bank were to push the issue, a jury would probably sympathize with a victim complaining that the ATM offered no way for the coerced user to summon the police. If the bank were to argue that it doesn't provide that capability because it doesn't want to risk a lawsuit from somebody shot by the criminal for attempting to exercise the duty to notify the police implied by the existence of such a feature, the jury would STILL be unsympathetic because at that point, the bank has effectively admitted that to them, the amount withdrawn by the victim at gunpoint is pocket change compared to all possible alternatives. In contrast, there aren't surveillance cameras recording internet purchases. If a cert gets stolen, the instant presumption is that you, the cert's owner, are the one who engaged in fraud, and the burden is on YOU to prove that it was stolen, or your cooperation was coerced, and that you weren't negligent in safeguarding it.

Legislation to enable smart card signatures is nothing new -- I think it's been part of the UCC in the US for almost a decade (or at least, was proposed a decade ago). The problem is, the legislation was so completely lopsided in favor of banks against consumers that you would have had to be financially suicidal and have an economic deathwish to voluntarily participate in it. Even the banks were slightly embarrassed by it, and recognized that it was dead on arrival because no sane consumer would have ever agreed to it.

Re:how about no

[element-o.p.]

I have a friend who says, "Democrats want to be your mommy. Republicans want to be your daddy. Libertarians just wish the government would treat us all like adults." I think he's right, by the way, so I'd agree that "Nanny state" and "Democratic lead (sic) government" are pretty much synonymous. However, Republicans certainly don't get a free pass from me, since IMHO, they are largely closet fascists looking to extend the government-led power grab of the last decade+. Unfortunately, the Dems seem to be following along in that tradition quite nicely, too.

Slight conundrum?

[Chas]

We will be enhancing your privacy and security.
  By making you more uniquely identifiable and creating a single point of failure for the security method.

*HEADDESK*

no centralized database, for now

[Attila+Dimedici]

There is no chance that a centralized database will emerge, unless of course this catches on, in which case a centralized database will be necessary to address abuses.

Offered for financial transactions?

[newcastlejon]

OK, fine. But you should know that my credit card company are already happy that I am who I claim to be (and that I pay my bill on time, natch) and my bank have already given me a free security token. Oh, and I have no problem with remembering a few different passwords so thanks, but no thanks.

To be honest, I'm more interested in whether this Schmidt fellow even knows what a smartcard or CA is. I doubt he could be more ignorant than that fool in France that started the OO.org is a firewall thing though.

Morons.

[unity100]

anything that can be read by a computer, can be changed or faked, by another computer. those who commit crimes, will be much more able to do it than ordinary citizens.

A great idea

[drinkypoo]

Digital signatures have been legally equivalent to normal ones for some time now, but where is the accountability? Many have long said the USPS should provide certs; I stand by that idea.

Riiiiiight.

[Mr.+Underbridge]

I don't have to get a credential if I don't want to,' says Schmidt.

Oh sure. Just like I don't have to get a state-issued ID card if I don't want either, right? Except once these gov-sanctioned IDs come into play, they do become standards (even when it's explicitly against the law, like with SSN).

And they know it. Hey, tell me which candidate it was again who was going to stand up for the little guy?

Re:Ahem, democracy?

[Dunbal]

When are we going to graduate from this democracy myth and start calling the US the plutocratic oligarchic republic that it is?

      Never, thanks to an education system that ensures that 99.9% of the population don't even understand what plutocratic oligarchic means and parents too busy watching ESPN or American Idol to compensate for said system's deficit.

Profit motive of public servants

[mangu]

at least the federal government doesn't have a profit motive for sharing the information it has about me.

Do you really believe this? As Robert Heinlein said in "The Moon is a Harsh Mistress", "My point is that some person is responsible. Always. If H-bombs exist - and they do - some person controls them. In terms of morals there is no such thing as 'state'. Just men. Individuals. Each responsible for his own acts."

The profit motive of the federal government is that of thousands of people who would be without a job if the government didn't have all those agencies controlling every detail in your life.

Re:You don't have to have one!

[markdavis]

Are you wacked? Of course you will have to have one. One by one, sites and services would be denied to you if you didn't have one. Eventually, you couldn't do ANYTHING without complying. Remember Social Security numbers- how they were supposed to be used ONLY for SS and never used for any other purpose. Tell you what, you just try to do anything now without being forced to give your national ID number- credit card, loans, electricity, health care, taxes, driving, ANYTHING useful.

Nobody here even knows what the story is about.

[BobGregg]

Seriously. Almost nobody commenting here even took five seconds to even think about what was actually being discussed. It's all just knee-jerk "jack boots are coming" nonsense.

"Internet ID for Americans" - Article title FAIL. This has nothing to do with a government identity of any sort. Nor is it a singular identity, credential, or technology. It's for use in commerce - you know, like OpenID? - but actually standardized so that companies will actually widely accept it. That's why the first sentence of the linked article, the whole point of the news of it, is that the Commerce department would head the effort, not Homeland Security. (Declan McCullagh, I like you, but you should be ashamed.) From the article: "This is not about a national identity card." From these comments: "It's a national identity card!"

"Single point of failure" - Reading comprehension FAIL. The published strategy talks about setting up an identity trust ecosystem where individuals set up any number of identities and credentials, of their own choosing, possibly using different technologies of use as they see fit. Much like the SSL cert ecosystem today provides a means of merchant identification, without there either being a single point of failure or sinister government control.

"Trying to solve a problem that doesn't exist" - Reality-check FAIL. I just don't know what planet you're from. If you're saying that identity theft on the Internet isn't a major concern, then you're seriously misinformed. It costs our economy millions, if not billions, in lost productivity and fraud. That's a valid government concern - making sure that economic activity can take place safely and thrive.

For frack's sake, the same people who were screaming about how Microsoft Passport was a bad idea (and it was, because it was monopoly-controlled) are now saying the free market should solve the problem. Or, you know, that there's actually no problem at all. No wonder it's so hard to get anything done in this country.

Having a national strategy to push towards building a real trust infrastructure is a GOOD idea. Reduces costs, reduces redundancy and waste, IMPROVES security on the Web. Trust infrastructure GOOD. Psycho spasmodic knee-jerk Fox-News "Govmint bad" reactions with no forethought BAD.

Re:Ahem, democracy?

[LordKronos]

Never, thanks to an education system that ensures that 99.9% of the population don't even understand what plutocratic oligarchic means

I always love posts like this...people who get all high and mighty because some people are too stupid to know the meaning of a word which has absolutely no bearing on their everyday life. I'm a college graduate (graduated from a major university with a 4.0 GPA), and I'll admit that I don't even know what the definitions of plutocracy or oligarchy are. I'm sure I learned them in middle school or high school, and in the 20 years since then, I've probably read them a mere handful of times, though I think I've never found the need to use them. I know how to look them up in a dictionary when I see them and need to understand what I'm reading. I just did so and said "oh yeah, ok, that's right", but I can guarantee you that in 2 weeks I'll have forgotten what it means (ok, so since I participated in this discussion, it'll stick in my head a bit more and I'll probably remember for 6 or 8 weeks).

You know what? Between all the crap I have to remember for my job, for my hobbies, all the stuff I've had to learn when I had my child and over the last 6 months (and everything else I'll learn about children over the next 18 years), all the laws I have to remember, everything I need to know for financial and tax purposes, all the stuff I need to know about automobiles, stuff I had to learn about choosing new carpet or a new kitchen appliances, about electrical repair, about plumbing, taking care of my swimming pool, maintaining my yard equipment, taking care of my garden, and a billion other things......remembering the definition of a couple of words I'll most likely never use really isn't something I give a shit about. I suspect the next time the words will be important to me is when my daughter is learning about them in middle/high school. So I guess that makes me stupid, and probably nothing but one of the sheep, or whatever else makes you feel good about yourself. Whatever. Baaaaaaaaaaaaaa