Slashdot Mirror
Obama Eyeing Internet ID For Americans
Pickens writes "CBS News reports that the Obama administration is currently drafting the National Strategy for Trusted Identities in Cyberspace, which will be released by the president in the next few months. 'We are not talking about a national ID card,' says Commerce Secretary Gary Locke, whose department will be in charge of the program. 'We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.' Although details have not been finalized, the 'trusted identity' may take the form of a smart card or digital certificate that would prove online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions. White House Cybersecurity Coordinator Howard Schmidt says that anonymity and pseudonymity will remain possible on the Internet. 'I don't have to get a credential if I don't want to,' says Schmidt. There's no chance that 'a centralized database will emerge,' and 'we need the private sector to lead the implementation of this.'"
This Internet ID scheme has been floated a couple of times now and it is not going to happen. The Federal Government like big companies and big programs aka Comcast/NBC, Net Control(net neutrality) and National Healthcare. It is about controlling the most people with the least effort. This is no different than requiring me to 'show my papers.' All of this really needs to stop. --If the feds need something to do they could start by implementing IPv6 and getting everyone an IP address.
We will be enhancing your privacy and security.
By making you more uniquely identifiable and creating a single point of failure for the security method.
*HEADDESK*
Chas - The one, the only.
THANK GOD!!!
There is no chance that a centralized database will emerge, unless of course this catches on, in which case a centralized database will be necessary to address abuses.
The truth is that all men having power ought to be mistrusted. James Madison
OK, fine. But you should know that my credit card company are already happy that I am who I claim to be (and that I pay my bill on time, natch) and my bank have already given me a free security token. Oh, and I have no problem with remembering a few different passwords so thanks, but no thanks.
To be honest, I'm more interested in whether this Schmidt fellow even knows what a smartcard or CA is. I doubt he could be more ignorant than that fool in France that started the OO.org is a firewall thing though.
If God forks the Universe every time you roll a die, he'd better have a damned good memory.
Surely if this was a good idea, individuals and companies would create it and administer it on their own. Do we really need the government to tell us how to implement our systems? ...could tax money not be better spent on other things?
We DON"T need the private sector "enhancing" our security. In fact, that's an oxymoron.
I call computer-illiteracy job security
anything that can be read by a computer, can be changed or faked, by another computer. those who commit crimes, will be much more able to do it than ordinary citizens.
Read radical news here
Doesn't this sound a lot like Microsoft's Passport they tried to get traction on a few years ago but failed?
Sometimes the light at the end of the tunnel is the headlight of an oncoming train.
Digital signatures have been legally equivalent to normal ones for some time now, but where is the accountability? Many have long said the USPS should provide certs; I stand by that idea.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
http://www.youtube.com/watch?v=7leq8DldrdY
Which they were constantly telling us, "No, it'll only be for the program!" Don't trust these people farther than you can throw them.
There is no -1 Disagree.
So when can I get a cryptographically secure national ID card with multi-factor authentication? I'm as much a fan of the government tracking and cataloging me as the next guy, but this isn't exactly a slippery slope; we already have national IDs in the form of social security numbers and driver's licenses: Government-issued numbers required for identification and backed by a central database.
It's just that the current system is about as poorly-implemented as it can be (and justifiably so, since it was never meant to be used like it is). Not only are SSNs weak, predictable, and easily-forged; there is no way to protect or limit their usage by authoritzed or unauthorized parties. There also no way to protect how those parties store and safeguard them.
So while I hate the idea of our government issuing IDs, its too late to really change that. But please for the good of every citizen do it right.
I don't have to get a credential if I don't want to,' says Schmidt.
Oh sure. Just like I don't have to get a state-issued ID card if I don't want either, right? Except once these gov-sanctioned IDs come into play, they do become standards (even when it's explicitly against the law, like with SSN).
And they know it. Hey, tell me which candidate it was again who was going to stand up for the little guy?
...outsource it to Facebook.
Bwa ha ha ha ha!
> 'We are not talking about a national ID card,'
Yes you are.
> 'I don't have to get a credential if I don't want to,'
Unless you want want to engage in any sort of non-cash transaction. Of course, if you try to live entirely on cash, you will eventually be accused of "money laundering"...
> 'There's no chance that 'a centralized database will emerge,'
No. It will stay hidden.
> 'we need the private sector to lead the implementation of this.'
Because that way when things go wrong you can blame the "evil corporations".
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I would sincerely like the plethora of stupid paper documents I have to deal with reduced to a single wad of data, cryptographically signed by the appropriate gov. dept for each part -
e.g. - the DMV for the driving license, etc.
On the proviso that there is NOT a giant central DB tracking it all.
I already have an "Internet ID," it's called my GPG public key.
lays out a common strategy for something-you-have authentication that can then be potentially used in a much wider variety of venues than your bank.
You mean, like credit cards?
We already have something-you-have authentication for any situation that NEEDS authentication.
And I'd rather NOT be authenticated in all other situations.
completely unbreakable, unlike every other computer security system that has ever been developed.
There's no chance that 'a centralized database will emerge'
Of course not. What government or business would be so crass as to track what people do on the internet?
Sheesh, evil *and* a jerk. -- Jade
You don't have to have one of these IDs.
FTFY.
Get used to that word.
No you cannot regulate the Internet. No you cannot create national Internet ID, so you can identify and intimidate your critics.
You cannot do these things because the courts have already said you can't and the new Congress is acting to prevent you from trying.
Not that this will stop him good fascist Soros sockpuppet he is. 2012 will though.
Corporatism != Free Market
Dear Obama,
Thank you for your deep concern of my privacy and security as it relates to my personal financial conduct on "The Internet" and my memory of passwords. I will forever take a rain check to your failed and train wreck attempt to control the public.
I don't have to get a state-issued ID card if I don't want either, right? Except once these gov-sanctioned IDs come into play, they do become standards
They will do it like they did with driver licenses, they will say "accessing the internet is not a right, it's a privilege".
I wonder which part of "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people" they didn't understand.
Or how about "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people
>"'We are not talking about a national ID card,' says Commerce Secretary Gary Locke"
Oh really. Just like Social Security numbers would never be used for anything but Social Security. This is a HORRIBLE idea.
Comments on this draft closed in July, and it's been changed since. But this should give you a sense of what they're actually proposing. http://www.dhs.gov/xlibrary/assets/ns_tic.pdf
You don't have to have one of these IDs if you don't want to use the internet.
Of course not [puts on tin-foil hat] just like you don't need photographic identification if you don't fly or drive.
And that's not a foot in the door - it's our new draft stopper. (sigh)
When are we going to graduate from this democracy myth and start calling the US the plutocratic oligarchic republic that it is?
Never, thanks to an education system that ensures that 99.9% of the population don't even understand what plutocratic oligarchic means and parents too busy watching ESPN or American Idol to compensate for said system's deficit.
Seven puppies were harmed during the making of this post.
Two words: President Palin.
at least the federal government doesn't have a profit motive for sharing the information it has about me.
Do you really believe this? As Robert Heinlein said in "The Moon is a Harsh Mistress", "My point is that some person is responsible. Always. If H-bombs exist - and they do - some person controls them. In terms of morals there is no such thing as 'state'. Just men. Individuals. Each responsible for his own acts."
The profit motive of the federal government is that of thousands of people who would be without a job if the government didn't have all those agencies controlling every detail in your life.
Wow... all of this to stop the internet as a threat from happening. Eliminate anonymity as a possibility on the internet, wait a few years until everyone is complacent, and they use it to mop up any stragglers who don't bend to the will of The Powers That Be.
Good thing they aren't doing anything to fix the security model we all rely on, which would leave viruses and botnets as a plausable denyability... oh... wait... they are.... "The App Store", which means no local filesystems, and no way to propagate information outside of what is allowed by the OS.
And then there is the push towards cloud computing, again no local storage.
We'll be ok... but our kids won't... because they will see local storage as a vulnerability, and shun it at all costs.
I think this will all play out in 10-20 years...at least I hope it takes that long.
Public key crypto is great, but claiming that a digital signature is equivalent to a real signature is asking for trouble. People have convinced CAs to sign certificates that identify them as Bill Gates, and those certificates could be used to generate fraudulent transactions if we moved to such a system. We really should not be reducing the amount of face to face time people spend on finances -- we already reduced it too much.
To put it another way, how many people get away with cheating on their taxes each year? How many times has the USPTO granted a patent on something that was obviously a joke? Do you really want the post office acting as a CA?
Palm trees and 8
something-you-have authentication
You mean, like credit cards?
Credit cards are often used in card-not-present situations such as telephone or online purchases. The account number, expiration date, CVV2 number, and billing address aren't something you have; they're something you know. They're only something you have if a retailer has a policy of no gift shipments, in which all shipments are to the billing address.
'We are not talking about a national ID card,' says Commerce Secretary Gary Locke, whose department will be in charge of the program. 'We are not talking about a government-controlled system'
You Lie.
My point is that some person is responsible.
The problem comes when this person isn't responsible to the people. The responsibility in hiring and firing the responsible person may be diluted several times through appointed officials, and even elected officials are in a way appointed by the media.
I already have an "Internet ID," it's called my GPG public key.
Signed by whom? With the rise of TSA's so-called "gate rape", not everyone is willing to fly to key signing parties in remote locations.
How is this different from the Social security number/database, your passports, your driving licenses and the relevant databases?
Are you wacked? Of course you will have to have one. One by one, sites and services would be denied to you if you didn't have one. Eventually, you couldn't do ANYTHING without complying. Remember Social Security numbers- how they were supposed to be used ONLY for SS and never used for any other purpose. Tell you what, you just try to do anything now without being forced to give your national ID number- credit card, loans, electricity, health care, taxes, driving, ANYTHING useful.
What problem(-s) could another id # solve that is not already covered by MAC/IP address, paypal id, credit card+pin, (anything)+pin, social sec #, driver's license #, university ID #, library card #, etc. etc.?
It certainly won't stop people from lying or creating false identities.
...and will be issued nationally, but it's NOT a National ID Card. Trust us!
BREAKING NEWS: the Obama Administration has noticed that everyone has a Facebook login anyway, so they have decided that Facebook Connect will now be the Official Log In To Everything ID for the United States.
In other news, the Obama Administration has declared Facebook "too big to fail" and nationalized it. Mark Zuckerberg was unavailable for comment.
Tired of FB/Google censorship? Visit UNCENSORED!
Puhleeze. If you think this can't be hacked, think again. If you think it can't be forged, think again. If you think it can't be stolen and used to impersonate someone, think again.
Platitude of the Day: Any concept can be used for both good and evil.
For example I have a different name on my social security card then on my passport, both are real and I am a natural born US citizen, then how would any verification work based on that system? Are these self important bureaucrats..... I know the answer. But agerrrrah, I don't want every website knowing for reals exactly who I am. We have already seen a massive increase in "dynamic pricing" and this ID verification will only lead to more greed from advertisers and marketeers.
I do not play in the middle of the road
Seriously. Almost nobody commenting here even took five seconds to even think about what was actually being discussed. It's all just knee-jerk "jack boots are coming" nonsense.
"Internet ID for Americans" - Article title FAIL. This has nothing to do with a government identity of any sort. Nor is it a singular identity, credential, or technology. It's for use in commerce - you know, like OpenID? - but actually standardized so that companies will actually widely accept it. That's why the first sentence of the linked article, the whole point of the news of it, is that the Commerce department would head the effort, not Homeland Security. (Declan McCullagh, I like you, but you should be ashamed.) From the article: "This is not about a national identity card." From these comments: "It's a national identity card!"
"Single point of failure" - Reading comprehension FAIL. The published strategy talks about setting up an identity trust ecosystem where individuals set up any number of identities and credentials, of their own choosing, possibly using different technologies of use as they see fit. Much like the SSL cert ecosystem today provides a means of merchant identification, without there either being a single point of failure or sinister government control.
"Trying to solve a problem that doesn't exist" - Reality-check FAIL. I just don't know what planet you're from. If you're saying that identity theft on the Internet isn't a major concern, then you're seriously misinformed. It costs our economy millions, if not billions, in lost productivity and fraud. That's a valid government concern - making sure that economic activity can take place safely and thrive.
For frack's sake, the same people who were screaming about how Microsoft Passport was a bad idea (and it was, because it was monopoly-controlled) are now saying the free market should solve the problem. Or, you know, that there's actually no problem at all. No wonder it's so hard to get anything done in this country.
Having a national strategy to push towards building a real trust infrastructure is a GOOD idea. Reduces costs, reduces redundancy and waste, IMPROVES security on the Web. Trust infrastructure GOOD. Psycho spasmodic knee-jerk Fox-News "Govmint bad" reactions with no forethought BAD.
And it's another DHS solution seeking a problem brought to you by the ciaBS establishment cow towing fcc approved media (proudly publishing the official journalistic article after it's already too late to do anything about the actual law.)
I don't need an internet password. I don't mind maintaining hundreds of passwords in an encrypted password manager, I don't need any third party to hold my hand to login to my unmanaged server, I don't need any third party to login any apps I develop.
I have to say, it's getting very close to where I might just say screw the web, the telco's, the isp's and pull the ethernet cables up. Such a counter to the actions of this corrupt establishment will in the big picture hurt vendors (and the economy) as we slowly one by one are forced by these nazi's to decide to be slaves or free..
You can laugh this off, but don't call me a kook If there's no more anonymous, there will be no more me.
Correct me if I'm wrong, but Bush has a Republican majority for 6 years, and this never came up. Just like how, even in the abysmal Patriot Act, we didn't have forced strip searches at every airport checkpoint (which is pretty much what you have now). And you're still trying cover up for Obama's malfeasance by equating him to Bush? Weak. Own up and admit that you voted for a statist, knew you were voting for a statist, and you got exactly what you voted for.
And people decided not to use it. Raise your hand if you have an OpenPGP key and it's been signed by a lot of people (i.e. an identity, certified by multiple parties such that non-distributed systems seem like a joke in comparison). Ok, put down your hands; I was asking in the wrong place. Most people don't put up their hand here, so nobody builds upon the system.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It'll be run by companies but we're hearing the idea from the government. I'm reminded of when Frank Zappa was at a Senate hearing getting grilled by the Mothers Against The Arts (MATA) -- no, wait, they went by the initials PMRC -- and a senator explained that they just wanted "private action" by the music labels to keep naughty music out of the hands of kids. Frank, sitting in a senate hearing building, looking around at a group of senators and their wives, having his words recorded on the senate record, said, "This is private action?" Hilarious.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Lots of people pointed out that the whole "Net Neutrality" thing was just an excuse to get the camel's nose into the tent and that once a precendet for the FCC being able to regulate the internet was in place, all sorts of things would be following.
Enjoy your trusted identities, mandatory DRM, broadcast-style content restrictions, etc.
At least I'll get to enjoy all the wailing from the Free Software types when the law mandating only authorized commercial (e.g. closed) operating systems be allowed to connect to the internet, to make sure you're not subeverting all their requirements.
This is not a National ID because you could have unlimited certifications.
You are only allowed one social security number, if having multiple SSN's was an option, it wouldn't be very good at tracking a single person.
This proposed system would allow you to have as many certs as you want.
This would give you the ability to use a unique cert (identity) for each bank or other transaction entity.
Also these certs could still be offered by independent organizations.
In reality this system is not about ensuring you are a specific person, but rather the same person for all transactions on that single certificate.
There's no chance that 'a centralized database will emerge,' and 'we need the private sector to lead the implementation of this.'"
Uh, no?
Identity one area I would very much love to have in the hands of government.
Why? Because if you put it into the hands of a "private sector" entity, that almost certainly means a commercial entity, which means if it finds a way to make a profit from your data, it will. Or, in other words, it isn't your data anymore, it is theirs. Thank you, but no thanks. I prefer to have an identity instead of renting it.
Sure, there are all kinds of other dangers with the government handling this stuff. But if you are more afraid of the government than of private corporations, you've not been getting the news for the past 20 years, have you?
Assorted stuff I do sometimes: Lemuria.org
How, for example do you know if your 'master password' has been lifted by a trojan? This is a really great idea for credit card fraudsters as merchants can't cancel fraudulent transactions so the banks don't have to bear the risk of refunds.
The reason governments don't need a master internet ID database is because they can just ask google, amazon, twitter, youtube or any large organisation to cough up loads of details about you already.
What I want is a "this is who I am/where I live" object I can give to an on-line merchant which is DISTINCT from the authorisation.
You're right of course, but there will be a phase-in period when older ID will be acceptable alongside the new one. Then I'll be like the little old lady at the front of the checkout line writing a check for her groceries while everyone behind taps their foot and groans.
At least it will be fun listening to how this is explained to the public using "fox" analogies, beaten out of any reasonableness by partisan politic-ing and then implemented in a way favorable only to unions, corporations and criminals.
With any luck the phase-in period will overlap with the "crash and burn" period and I can at least hold on until the second implementation.
Not to mention the opportunity to re-create myself as a new human every time the records systems change.
Nullius in verba
Do you want the government who has it anyway or do you want Facebook who will sell it. Each has their own advantages and disadvantages. I personally would prefer the government to be in charge of my identification because they already handle it will passports, social security and driver's license. It only hurts me to give all this information to a company like Facebook.
We, Americans envision the they when NORTH AMERICANS realize that we all are AMERICANS and not only the Americans of North, It's like saying that Only English People are Europeans
Every corporation will start to use this system and that will turn what was a "enhancement to security" into a "Standard required to access any internet service"
First they tell you its just to help, then they own you.
Fuck the national ID, internet ID.... how about fucking universal single payer not for profit health care?
Fuck both of these parties. Fuck Obama.. fuck Bhoener... fuck them all.
Never, thanks to an education system that ensures that 99.9% of the population don't even understand what plutocratic oligarchic means
I always love posts like this...people who get all high and mighty because some people are too stupid to know the meaning of a word which has absolutely no bearing on their everyday life. I'm a college graduate (graduated from a major university with a 4.0 GPA), and I'll admit that I don't even know what the definitions of plutocracy or oligarchy are. I'm sure I learned them in middle school or high school, and in the 20 years since then, I've probably read them a mere handful of times, though I think I've never found the need to use them. I know how to look them up in a dictionary when I see them and need to understand what I'm reading. I just did so and said "oh yeah, ok, that's right", but I can guarantee you that in 2 weeks I'll have forgotten what it means (ok, so since I participated in this discussion, it'll stick in my head a bit more and I'll probably remember for 6 or 8 weeks).
You know what? Between all the crap I have to remember for my job, for my hobbies, all the stuff I've had to learn when I had my child and over the last 6 months (and everything else I'll learn about children over the next 18 years), all the laws I have to remember, everything I need to know for financial and tax purposes, all the stuff I need to know about automobiles, stuff I had to learn about choosing new carpet or a new kitchen appliances, about electrical repair, about plumbing, taking care of my swimming pool, maintaining my yard equipment, taking care of my garden, and a billion other things......remembering the definition of a couple of words I'll most likely never use really isn't something I give a shit about. I suspect the next time the words will be important to me is when my daughter is learning about them in middle/high school. So I guess that makes me stupid, and probably nothing but one of the sheep, or whatever else makes you feel good about yourself. Whatever. Baaaaaaaaaaaaaa
You already see this with Facebook or Yahoo or Gmail logins to newspaper and other commentary-sites.
It boils down to this:
If I need to be sure you are who you say you are to X degree of certainty, and someone else has issued you and ID that is "good enough for me" then I'll accept that credential. This can be a Facebook account, a signed-by-someone-I-trust or self-signed digital certificate, a driver's license, a passport, a person I trust who vouches for you, a system of such persons such as in the hawala money-transfer system, or one of many other systems.
I don't see a government sponsored "national e-ID card" coming because it isn't needed, but I do see the day when we'll have to let our cell phone photograph our face or finger and that image plus some other data like a passphrase, the time, phone-unique ID, SIM-card-unique ID, phone-GPS data, etc, will all be signed by our phone's unique private key, and encrypted with the bank's public key and its copy of your face or fingerprint and pass-phrase and used to authenticate the person for a given session. The higher the amount of the transaction or the more sensitive the information the customer is trying to access, the "tighter" the match will have to be. If the information isn't a "solid" match the bank may allow you to see your approximate balances and partial account number and allow you to make minor transactions that it doesn't mind eating the loss for, but good luck doing that $10,000 e-transfer to Africa if the bank isn't 100% certain it's you. In such a case the bank may tell you to wait 15 minutes then call and text every number you have and email every email address you have asking you to call their fraud department. If they get more than 1 call or your voice doesn't sound like the voice they have on file, the transaction will fail and your account will be watched even more closely.
If consumers demand it, a notification of the approximate time and place and "fuzzed/low-res" photo used to authenticate the transaction will be sent to the consumer through a different channel or channels, such as an email alert plus a notation on the customer's monthly statement or e-statement. The full set of information will be kept by the bank's anti-fraud department for 30-60 days in case the customer claims the access was unauthorized.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
From TFA... "There's no chance that 'a centralized database will emerge,' and 'we need the private sector to lead the implementation of this."
Really? I guess that's 'cause they already exist. Why reinvent the wheel, right? "We're just adding technology that will help validate all the data we're already collecting, you stupid sheep..."
They don't even have single sign on for their OWN systems, and they think they're the right entity to create it for 300 million people? That's hilarious. This will be a $100 billion project that will never actually meet its goals.
Thanks, but no thanks. I actually WANT different passwords on my accounts. I don't WANT my facebook account to unlock my bank, or my slashdot password to unlock my facebook account.
I'm sorry, but if you really want this, you want someone else to do it. If you're smart, you won't want anyone to do it, or at the least, you want opt out.
The bank knows who I am and is willing to eat most of the loss when they are wrong if I notify them soon enough.
But I don't know who my bank is.
If my bank's computer is hacked or its DNS rerouted and private key compromised, then anyone can pretend to be my bank. Sigh.
Well, I guess I'll just have to accept that risk, or only bank in person and hope it's not a bunch of bank-robbers behind the desk acting like tellers while the real tellers are tied up in the vault.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
A crucial difference between a bank-consumer and a state-citizen transaction is that the bank usually pays if something goes wrong. In this case, the bank or credit card company definitely does not want credit card fraud to happen on its system, and has a vested interest in keeping it secure. It's a good and obvious idea to piggyback government authentication on bank authentication. The administration is merely trying to reinvent what has been used successfully in other countries already. Here in Finland, for example, I can log in to many government services using my online bank credentials, which have been verified by a personal visit to the bank. This is not exactly rocket science, if you think about it. All it needs is political will.
If you have a smart-card that doesn't require something you know or have to active it, stealing your identity is as easy is stealing your card.
If it does require something you know or have to activate it, stealing your identity is as easy as finding out what that thing is. If it's a password cutting off your fingers one at a time until you give me the right password and promising you a slow death if you refuse or you give me so many wrong ones that I get locked out will generally do wonders. At the very least, if it doesn't work on you I will make sure word gets around and it will work on my next victim.
*The above scenario is hopefully completely hypothetical. If you do such a thing and I'm the judge or jury that sentences you for your crime, you won't be happy with the result*
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
anything that can be read by a computer, can be changed or faked, by another computer.
Ah, but can it be changed or faked in a timely manner?
Suppose you start listening to an encrypted communication after the initial authentication is over with. Your only hope is to either break the encryption and take over one side of the conversation or disrupt the conversation and start over.
Suppose the agreed-upon protocol for starting over is an in-person meeting by two people who know each other well. That means the worst you can do by disrupting the conversation is delaying things and possibly canceling a transaction in progress, which is an outcome the parties have already agreed to accept by virtue of adopting this protocol.
Your only other hope is to intercept the conversation and take it over. Suppose the encryption is strong enough that even with the best quantum devices you will still need 3 hours to break it, but they change keys every 10 minutes and the whole conversation will be finished and terminated in 2 hours. Good luck breaking in.
Yes, your statement "anything that can be read by a computer, can be changed or faked, by another computer" is in principle true but you can construct real-world scenarios where it's irrelevant because it can't be faked or changed by another computer in a timely manner.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Clearly you didn't read the article.
A) You have to get one.
B) It's not your only ID
C) Do you think you can't be found on the internet right now?
If 'The Government' want to watch and control you they wouldn't need to change a thing. In fact, in those conditions changing anything increases the risk to 'them'.
The Kruger Dunning explains most post on
Actually, as it's currently implemented, the SSL cert ecosystem today provides many points of failure and sinister government control that compromise the whole system. Count the number of "trusted" root CAs in your web browser -- any one of them can be evil, compromised by crackers, or agree to government intrusion in order to compromise any your web-based communications. Here's a more in-depth analysis of the problem. Even worse, these "trusted" roots can create subordinate CAs, which can in turn compromise all of your X.509-secured communications. You might also be interested in the EFF's SSL Observatory, along with their analysis of the abysmal state of today's X.509 certificate infrastructure.
To solve this properly, we'll probably need to do at least the following:
I agree that we need work on distributed trust infrastructure. That's why i contribute to the monkeysphere project -- we're pushing OpenPGP-style multi-party, user-centric certification into SSH, the web, and everywhere else we can.
I'm just not convinced that the US Government is likely do this the right way. It seems probable that they'll be happy with centrally-controlled, single-trust-path certification. Or that they'll botch it in the same way that X.509 is currently botched.
Well, i guess not technically a 'card' but ill still pass. I don't wish to be tracked to that level, so take your draconian ideas and shove it.
---- Booth was a patriot ----
Since when is that a requirement for daily life? Why do i have to prove anything if i want to read some free content on a web page? Do i have to prove who i am to read a book at the library? No. Do i have to prove who i am when i buy a news paper and read it on the side walk? No. They why this?
All this is for is to track what we all do, to look for 'signs'..
---- Booth was a patriot ----
...Obama takes a big stick and jams it in the eye of his Progressive supporters.
When will they learn?
You mean the Progressives, or Obama? Obama was never called Martin Luther, he just looks like it and sounds like it. Does it darn good though. The progressives will go to their grave thinking they have a party to vote for, and that it's the Democrats. Sometimes I actually root for the Tea Party wack gang. They're fake and funded my billionaires, but hell, they're the only ones I've seen starting to break a dent into the patterned thinking of the redeblicrats duopoly to-and-fro, swing back-and-forth non-democracy eternal repetitive show.
Build your own energy sources from scratch. http://otherpower.com/
He obviously said the meaning, not the definition. We all use words we don't know the exact definition to, or all the definitions to. Nobody disagrees with what you're saying. But not understanding what plutocratic oligarchic means as opposed to just a strict definition of the terms is what he's getting at. Education enlightens the mind and reveals truth. If you pick up a text book teaching "history" and govt. in your kid's highschool and read through it, then go read a classic, you'll be shocked at how much is left out because it's questionable, revealing, and otherwise exemplifying the bad things that can happen if you don't stop it soon enough. The cool thing about that the overused but completely correct quote "Those who fail to learn from the mistakes of their predecessors are destined to repeat them" sums the problem up. Don't teach people about these things and the failures of man, and they won't know to recognize them. The fault of this is most definitely lying squarely on the shoulders of our education system, not the stupidity of people. You got a 4.0 from college (which doesn't mean a lot really, I don't understand why that metric is so holy to people) but you still don't know what you haven't learned. You may have an IQ of 150 (again a stupid metric) and have incredibly in-depth knowledge of a few areas of some field of study but you still don't know what you don't know. Not understanding that what you know is pathetically small to the sum of human knowledge and experience and assuming you're infallible because of it is the epitome of ignorance. Back inside the fence, Sheep.
Eh, try what you want Obama, 95% of America is too incompetent to use this or "Don't have anything to hide"... it's pointless. The need to get rid of various passwords only decreases security, instead of enhancing it... and still doesn't prevent identify theft and social engineering (nothing does).
"Instant gratification takes too long." - Carrie Fisher
Korea has been doing this forever. People use the equivalent of a social security number to register with most websites over a certain size. Most sites have you first provide your name/number and then a second verification method (bank cert generated for this purpose, cell phone registered with the same name/number, fax a copy of the card, etc) to prove you have control of that identity. The government recently allowed some private companies to create a new layer in this though where you sign-up using your name/number on their site, then use a username/pass on the new site you wish to sign-up on so that your number is no longer passed around. Only a verification comes from the security company saying yes, this is that person.
The only major issue I have is that the IDs issued to foreigners is in a different database than those issued to citizens, at least as far as I can find out, and not all sites subscribe to the database for foreigners, especially shopping sites. So foreigners here do sometimes have an issues signing up for certain sites, mainly shopping sites. However, that has been changing and more and more sites are opening up.
Overall I like the system, but then again I'm not a paranoid nutter.
by Gravis Zero (934156) writes: Re:allowed to have multiple ids? OMG I wish I could mod you up, you actually get it! in a funky kind of way.
For all Americans?, I'm from Argentina, lol.
We can already do single password signons, without delegating our identity to provider like OpenID does, while not sharing the same password between multiple providers. A keyring feature in the browser, with one master password, is all it really takes. When the user accesses a site they have signed up for, the site is recognized as such based on the list in the keyring, and the credentials can then be exchanged. By creating different credentials for each site to visit, that won't be a means for the site operators to correlate identities for cross tracking purposes. Sites, like your bank, will, of course, need to establish some connection between your internet credentials and your account, at some point (set up a first time password when you first sign up for an account).
The one exception I can see are for sites that want to be certain the same person is not signing up for two or more accounts. Most sites don't need this. But it might be good to have if they start doing online voting (which, of course, will eventually undergo some extreme, but not necessarily apparent, attacks). For that kind of thing, you get the credentials by another means where they only give you one set (at a time), and deposit them in the keyring, possibly flagged for additional security prompts to make use of.
now we need to go OSS in diesel cars
I'd prefer if you called it a Plutarchy please.
"Plutocracy is rule by the wealthy, or power provided by wealth. The combination of both plutocracy and oligarchy is called plutarchy"
http://en.wikipedia.org/wiki/Plutocracy :-)
Nuff said.
every single fucking conservative who's bitching about this now would be all in favor of it and calling anyone who opposed it a traitor.
cheap labor conservatives - they want to keep you hungry enough to be thankful for minimum wage.
When are we going to graduate from this democracy myth and start calling the US the plutocratic oligarchic republic that it is?
At least it's a more accurate name than the Democratic People's Republic of Korea...
~Warning!~ The above is encrypted using rot676!
In the 90s, I refused to do business with Budget because they required my SSN. Fuck them, I went to Alamo instead.
I feel fantastic, and I'm still alive.
When your child downloads a dozen films or mp3s you have the burden of proof that it wasn't you. The internet has become indispensable. Legislators have started the ball rolling and now they have no plausible denial that network traffic shouldn't be controlled, shaped and taxed. Without campaign finance reform the network is about to become just another symptom of a bigger problem.
15TW = 15,000 Nuclear Reactors. (Approx. one accident a month.)
Its actually in the law that SS#s can't be used as a UID outside of the social security admin. So again we have an example of a law not followed by private or public sectors.
Democracy Now! - uncensored, anti-establishment news
...Obama takes a big stick and jams it in the eye of his Progressive supporters.
When will they learn?
You mean the Progressives, or Obama? Obama was never called Martin Luther, he just looks like it and sounds like it. Does it darn good though. The progressives will go to their grave thinking they have a party to vote for, and that it's the Democrats. Sometimes I actually root for the Tea Party wack gang. They're fake and funded my billionaires, but hell, they're the only ones I've seen starting to break a dent into the patterned thinking of the redeblicrats duopoly to-and-fro, swing back-and-forth non-democracy eternal repetitive show.
I am a self-avowed left-wing anarchist, and I am inclined to agree with you. After decades of Democratic & Republican regimes both bent upon the very same consolidation of power into the Federal government and especially into the Executive Branch, it may well take the destructive force of the Tea Party like Samson pulling down the walls of the Temple before some better form of government can be erected. Of course, there is the USA Green Party, but they don't seem to have all that much traction with the citizenry, yet ...
Social security numbers were created for tax purposes so it is not surprising to see it required there. Employers pay your social security taxes so they need it as well. In the 1990s congress passed a law mandating that banks get your social security number before they do business with you so that applies to credit cards and loans. Existing customers were grandfather in.
Health care definitely does not require a social security number but they will whine and complain about how hard it is to work with your insurance company if you don't provide it. Health insurance companies will have your social security number because your employer will happily hand it to them even if you object. My auto and home insurance company does not have my social security number (although they have repeatedly asked for it).
None of my utility companies has my social security number.
I don't recall handing over a social security number to get my driver's license.
When are we going to graduate from this democracy myth and start calling the US the plutocratic oligarchic republic that it is?
Translation: When are we going to realize that our current government is not run by the people for the people. Our government is run by the wealthy and powerful for the wealthy and powerful.
Big apple, new Yorik, undig it, something's unrotting in Edenmark.
No one said you are stupid for not knowing what those terms mean.
Stupidity is not the issue.
The issue is lack of education. (Not schooling, education.)
The terms themselves are not the important thing.
Why do you think the meaning of those term has no bearing on your life?
Probably for the same reason you think being kept ignorant is the same as being stupid.
No one is accusing you, so why so butthurt?
I don't know where you live, but it isn't where I do.
1) If you don't provide your SSN to a utility company, cable, cell phone, or other company, they will require a huge "security deposit"- which for many people is the same as denying service.
2) If you don't think the DMV doesn't HAVE your SSN, whether you gave it to them or not, you are on another planet. DMV in THIS state used to even USE IT AS THE DRIVER'S LICENSE NUMBER.
3) You are just lucky with healthcare. I have been *DENIED* healthcare by refusing to disclose my SSN. And once, my employer gave it to them despite my instructions not to. And once disclosed, it is impossible to remove.
4) You can't get *ANY* kind of loan, credit card, bank account, etc, without disclosing your SSN- and that has *NOTHING* to do with taxes or Social Security.
I had a similar experience at Target. I had some compressed air (dusting stuff) that I was giving as a present. They demanded my ID. So I showed it to her. She tried to take it from me to "scan" it. I said "absolutely not!!!! If you want to verify my age, you may LOOK at my ID. You have no right to record information about who I am, where I live, my driver's license number, or anything else about me".
I had to wait 10 minutes for a "manager" to come over and override their policy. It wasted my time, irritated me, and inconvenienced every one else in line.
And this is going to be the norm within a couple of years and legitimized by law. It already has been in some states. I don't want some master database storing such information about me in ways I cannot control and don't know. Any information that is collected can be abused, lost, stolen, etc.
By the way- the first thing I do when I get my license is to "accidentally damage" the 2D and 3D barcodes so that it cannot be "scanned". When driver's licenses used to be SSN, I accidentally damaged one of the digits too- if it is needed, *I* will supply it, on *my* terms.
This wouldn't be a National ID (but it would) and with something like a National ID (or whatever they want to call it) it would be maintained by the government and require less passwords (Great, like I want to rely on the government to manage any kind of passwords for me) and with something like that being in ANY branch of the government, it would EASILY be accessible by any other government agency.
Anyone want to be on how long AFTER this gets passed (if it were to get passed) that it would be required to log in to ANY computer?
"Be polite, be professional, but have a plan to kill everybody you meet." General James Mattis
The GP didn't refer to remembering the oligarchy and plutocracy definitions, he referred to *understanding what they mean*. There is a subtle, but quite important difference that I am sure you with your 4.0 GPA average will understand. As for me, I am Greek, so get off my lawn.
The best part of the Internet is its lack of censorship and the freedom of speech it fosters. I am against any type of Internet ID. If we're not careful only certain websites and certain content will be allowed and individual freedoms will be further eroded.
99.9% is a figure of speech. I'm surprised you take it literally since the expression is quite common. But then again you are trying to refute my argument by implying I am arguing from authority, which is false, and by using sarcasm which in itself is not a counter argument.
You seem to have taken personal offense to what I have said, which speaks volumes about your own insecurities. Interesting.
Seven puppies were harmed during the making of this post.
It's always funny when people insult those, and their backhanded insults in looking down on others overlook their own deficiencies.
Yes, it is:
plutocratic /plutkrætk/ Show Spelled[ploo-tuh-krat-ik]
–adjective
of, pertaining to, or characterized by a plutocracy or plutocrats.
Also, plutocratical.
Origin:
1865–70; plutocrat + -ic
And oligarchy does not necessarily mean corporate ties. It actually means rule by the few (oligo). Like Bush Sr. and Jr., Clinton husband and wife, almost anyone with the last name of Kennedy, etc.
Seven puppies were harmed during the making of this post.
Perhaps if you stop memorizing definitions and start understanding what the actual roots of a word mean, it will be easier for you.
Seven puppies were harmed during the making of this post.
"Or what"?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
...we just need to standardize and simplify usage of digital certificates. I've been signing my email with a trusted certificate for nearly 10 years, and pgp for 10 years before that. Browsers already support client certificates. You just need to tie in user controls on when the client certificates are presented with sites actually using them. There are a variety of trusted certificate issuers, so you don't have a single government id, and more importantly, you don't have another government bureaucracy (though, actually, it would make sense for the passport office to issue certs --- they're already a "national id" and certs are a logical extension).
The biggest problem is simplifiying *getting* and using the certs. That has been the roadblock every time I've pushed to get people to sign their email --- using and maintaining them is non-trivial. Some of that is inherent in assuring the identity, but a lot of it crappy user interfaces on both the CA websites and the software using the certs. If (and, admittedly, a *big* if) this initiative solves that problem, it will be a good thing.
You can find the draft version PDF here.
From the draft, page 4:
Envision It!
An individual voluntarily requests a smart identity card from
her home state. The individual chooses to use the card to
authenticate herself for a variety of online services, including:
Credit card purchases,
Online banking,
Accessing electronic health care records,
Securely accessing her personal laptop computer,
Anonymously posting blog entries, and
Logging onto Internet email services using a pseudonym.
Anyone who envisions people using Identity Cards to authenticate "anonymous" posting on the internet is dangerous, either evil and dangerous or stupid and dangerous or both.
Many parts of the draft make it implicit that this Identity System is built on top of Trusted Computing, and page 15 explicitly says that hardware and software "also require rigorous identification, authentication, and authorization" and provides an example explicitly naming the Trusted Platform Module (TPM) in this role. For those not familiar with Trusted Computing and Trusted Platform Modules, it means that each computer or other device is embedded with a unique identifier number (the PUBEK). Each computer or other device is also given a pair of master keys, the PRIVEK and RSK. The core idea of Trusted Computing is that the owner is FORBIDDEN to know or fully control these master keys locking down his computer. These keys are used to secure the computer AGAINST THE OWNER. That is the meaning of "Trust" in Trusted Computing and in the Trust chip - they mean that other people can "Trust" that you do not know your own master security keys and therefore other people can "Trust" that your computer is secure AGAINST YOU. They can "Trust" that you cannot alter or override the security on your computer because you do not know your own master security keys.
Page 22 says the Federal government must establish new laws to enforce this system.
Page 23 explicitly names Intellectual Property protection as a purpose of the system.
Page 24 says "the scope of this strategy extends beyond national boundaries" and that Governance is required at the international level to create this Identity system. It complains that the Federal Government has not focused sufficient resources pushing this sort of system through international standards bodies. Continuing into page 25 is says this policy "is becoming a matter of diplomacy".
The Federal government is already giving away many tens of millions of dollars a year in grants to develop this stuff, and still page 25 calls for more aggressive focused R&D to promote this system and "promote the transfer of the government's sponsored R&D results related to the Identity Ecosystem to the commercial sector".
All throughout the draft are listed all sorts of ways to force this Identity system upon us, from implementing it in government services to your electric company requiring it to access your account. However page 29-30 is particularly notable in how it identifies "Other Means to Drive Adoption of the Identity Ecosystem Across the Nation". It suggests tax breaks for those who adopt the system, which is inherently a shift of the tax burden onto those who who refuse or decline to adopt the Identity system. But I think the really fun part is where it suggests regulatory changes to critical infrastructure sectors to drive adoption. In particular it proposes new regulations be placed upon all credit card transactions as a means to drive this Identity system down our throats.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
But if you are more afraid of the government than of private corporations, you've not been getting the news for the past 20 years, have you?
Yes, but if you think that between 1/4 and 1/3 of Americans don't fall into that category, you've not been getting the news for the past 10 or 11.
More or less the entire platform of the Republican party these days is convincing the American people that companies will do everything for them better than the government (except for protecting them from the dirty gays, of course). And, moreover, that anything the government tries to do is inherently wrong by first principle, because government services are socialism.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.