White House To Drop Details of Cyber ID On Tax Day

BeatTheChip writes "Dept. of Commerce Scry. Gary Locke plans to release solidified details of the National Strategy for Trusted Identities in Cyberspace [NSTIC] program starting 11 AM on Tax Day. Technologies and new policies will be demonstrated and discussed to attending press. NSTIC, a federal cyber identity program, drew criticisms earlier this year on initial announcement for similarities to a national identity program. It was deemed 'Real ID for the Internet' by some privacy and civil liberty organizations. NSTIC is a national online authentication program for public use under the oversight of the Dept. of Homeland Security."

Connection Error

[elrous0]

Sorry citizen, in compliance with U.S. law, Comcast Cable Broadband now requires that all subscribers identify themselves by their U.S. Internet Identification Number before accessing internet content. Please contact your local office of the Federal Bureau of Investigation (FBI) for more information on how to obtain your U.S. Internet Identification Number. And thank you for choosing Comcast as your broadband provider!

Re:Connection Error

[BigJClark]

disclaimer: I am not a US citizen

What scares me infinitely more than giving my ID to a government institution for obtaining a service (drivers license, Liqour store, etc), is the fact that the public sector will be charged with creating a secure, robust, dependable system. It would seem like an absolute blessing for one with questionable morals to be able to steal identities, obtaining records for advert purposes, etc


I don't think they could do it successfully....

Re:Connection Error

[Toe,+The]

Sigh. Yeah, let's just use people's Facebook identity as their trusted ID.
I can't think of a single reason why that might not be a superb idea.

P.S. Oh, hey! Let's also let the voting machines be designed by the private sector, in closed source on Windows. That can't possibly be a problem, right?

Re:Connection Error

[zeroshade]

Actually, it does matter. For something like a voting system, an open source system right down to the OS is the best way to go about it. That way there is a complete paper trail showing precisely how they work. It severely reduces the chances for fraud.

Re:Connection Error

[Toe,+The]

The issue of whether or not a voting machine can be hacked is rather important.

Diebold (and other) voting machines use XP, last I heard. That's about the most hacked/compromised OS ever made. So yeah, it matters, and no, I won't go die.

Re:Connection Error

[ScrewMaster]

I like how you added "On windows" as if it actually mattered what OS you used for a voting machine.

You're a dumb troll. Go die.

Uh, what? It absolutely does matter, given that the likes of Diebold have been caught repeatedly changing the firmware in their voting machines after they were inspected and sealed. I also like the idea of using an operating system that is simple, robust, and doesn't have the layer upon layer of crap that is Windows, where nobody, not even Microsoft, can tell you exactly what is there. Something based around a stripped-down open-source OS, perhaps. One where the code that is running on the machine can be verified to be the exact code that is supposed to be running, down to the last bit, and furthermore is simple enough that one would have a damned hard time hiding anything.

Re:Connection Error

[jesburger]

Actually, eventually you will.

Re:Connection Error

Actually it does not matter. Electronic voting is ripe for fraud with or without source code. There is no way to check that the machine in front of you runs the code that is listed in the documentation. Not for an expert, not for laymen.

It is important that open source advocates understand that having the source does not solve all possible problems. Electronic voting requires that people trust a machine even though they're not the the ones who select the hardware and install the software. This trust can not be achieved properly without violating important aspects of a democratic election (particularly that you must not be able to prove what you voted.)

Re:Connection Error

[WorBlux]

disclaimer: I am not a US citizen

Nobody is really. In fides non ficta.

Re:Connection Error

[h4rr4r]

Lots of people who vote for third party candidates probably would rather not have their neighbors find out they voted for the Communists, Socialists, Fascists, or a racist party other than the republicans.

Re:Connection Error

[lgw]

How many times do we have to discuss this? The answer is computer-assisted voting.

You go to the machine with the touch screen and the pictures of the candidates and the assistance for the blind and whatever else, and make your choices. The machine then prints a normal ballot, which you review and drop into a normal ballot box. If the machine wants to count votes for a quick report to the press, fine, but that's unofficial. No more questionably-marked ballots, and no need to trust the machine (just look at the printed ballot before casting it). It's so obviously the best of both worlds, it blew me away at first.

Of course, something so obviously right will never be used, but at least we on Slashdot should all understand it.

Re:Connection Error

[Culture20]

If you can prove how you voted, you can sell your vote. Plus, people are attacked for political beliefs in the most civilized countries. Don't let fantasy dictate cautionary measures.

Re:Connection Error

[clang_jangle]

No, no no! The secret ballot is extremely imortant. People need to be abe to lie about who they vote for. Stupid as it sounds, there are a lot of people who only have the courage of their real convictions in private, when they don't have to answer to family, friends, co-workers, clergy, etc. They need the support, and we need to know that we're doing what we can to limit people not voting their conscience.

Also, while I have no party affiliation I am definitely "left of center" on many issues and candidates. Frankly, the tea party people are scary -- I don't want to be targeted by any group of vindictive, bullying wackos because of how I vote. And the behavior we see today tells me that is not an unreasonable fear -- today from right-wing nuts, maybe next decade from left-wing nuts. The secret ballot is essential to a properly functioning democratic system.

Re:Connection Error

[clang_jangle]

The secret ballot is how you allow only those who count the votes to have all the power to decide the election.

It doesn't have to be set up that way, and it shouldn't be. You're probably just to young to realize this, but the US is an extremist kind of place, and we go through some hard political mood swings. We're in one now. During the McCarthy fiasco people's lives were completely ruined for their political affiliations. It could easily happen again, arguably it is happening again on a smaller scale right now. I know I probably sound like a typical old bat saying this, but you kids who are so willing to dispose of your privacy and deprive others of theirs are making some serious mistakes, and some of you will surely live to regret it.

Requires TPM

[GameboyRMH]

Without TPM this idea is a joke. I think you can see where this is going.

Wrong Day

[kevinNCSU]

Federal Tax filing date is April 18th this year, not the 15th.

Re:Wrong Day

[14erCleaner]

April 15th is Emancipation Day in Washington. Ironic.

Re:Wrong Day

[majestic_twelve]

Indeed. Emancipation from all that is right and embracing all the corrupt practices that defines our day to day existence.

Nobody asked for this

[2bfree]

Nobody asked for, or needs this expect maybe the government wanting track citizens and content companies wanting to track "pirates."

Re:Nobody asked for this

[Toe,+The]

Government and corporations... that's everyone who matters, isn't it?

Re:Nobody asked for this

[Rysc]

Even as an ardent socialist I cannot help but agree. This is the kind of government we don't need. If the federal government wants to propose a standard protocol for identity and authentication, that I would support. Proposing that any one entity, especially the government, be in control of this is insane. Microsoft Passport, anyone? The problem there wasn't the idea, it was one entity in control.

*Puts on tinfoil hat*

[penguinman1337]

I am honestly afraid that this is basically going to turn into an internet driver's license. Imagine if you were required to get government approval in order to read a book? This violates all kinds of freedom of speech provisions. I'll wait to see the details before I make a final judgement, but I much prefer being able to remain effectively anonymous online.

Re:*Puts on tinfoil hat*

[blair1q]

If i want to speak on the internet, it will now require a license?

I was asked to forward this:

Hi. This is the /. TOS speaking. Have you read me lately? I'm your license to speak on the Internet. At least through /.

If you want to speak on the internet unencumbered by a TOS, start your own forum.

Hope this helps.

Re:*Puts on tinfoil hat*

[penguinman1337]

You're right, individual sites have every right to enforce TOS on their individual site. If I don't like it, I can go make my own blog somewhere and say whatever the hell I want. Imagine for a moment if a browser's license was required.

"Hello, this is the Internet Police, you have gotten too many anti-social points on your internet license. It is hereby suspended for the next 6 months."

Re:*Puts on tinfoil hat*

[element-o.p.]

Not sure if you've heard, but for the last ten years, Commanders-in-Chief from both of the major political parties have been busy stacking that judicial branch with their poster boys/girls (Roberts, Thomas, and Alito courtesy of GWB, and Sotomayer and Kagan courtesy of Obama) while doing everything they can to gut and/or reinterpret the Constitution . I'm not holding out a whole lot of hope that the courts are going to do a whole lot to help out...if you even manage to get to the courts before being dragged off to Gitmo for providing "material aid or support" to "terrorist organizations".

And this is just the @#$!!! we have heard about. Somehow I suspect, no matter how bad you think it is...it's actually much, much worse.

Welcome

[xMrFishx]

Welcome to City 17. You have chosen or been chosen to relocate to one of our finest remaining urban centres...

Privacy and positive ID are incompatible

[Adrian+Lopez]

"NSTIC is a key building block in the national effort to secure cyberspace. According to industry surveys, as many as 8 million Americans are victims of online fraud and identity theft each year and lose an average of $631 out-of-pocket per incident. Through a private sector-led effort facilitated by the government, NSTIC aims to make online transactions more trustworthy and enhance consumers’ privacy, thereby giving businesses and consumers more confidence to conduct business online."

The government wishes to enhance consumers' privacy by attaching a unique identifier to each and every online transaction? What an excellent example of doublespeak.

The internet Tax is here.

[Jackie_Chan_Fan]

You are about to be tagged and taxed. America owns you.

Re:this is very scary

[Jackie_Chan_Fan]

Because CNN and Fox news wont report it...

And thats because their parent companies want it.

Re:Drop?

[mcmonkey]

This is someone looking entirely uncool by trying to look cool.

It's drop, as in a Hip Hop artist referring to an album release date as when it's going to drop.

Unfortunately, it only works in the context of a Hip Hop artist releasing an album. In any other context, it reads as, "I'm only this white because the sun doesn't reach my mom's basement."

That's Not How It Works

[blair1q]

From the NIST NSTIC link in TFA:

# Private: This new "identity ecosystem" protects your privacy. Credentials share only the amount of personal information necessary for the transaction. You control what personal information is released, and can ensure that your data is not centralized among service providers.
# Voluntary: The identity ecosystem is voluntary. You will still be able to surf the Web, write a blog, participate in an online discussion, and post comments to a wiki anonymously or using a pseudonym. You would choose when to use your trusted ID. When you want stronger identity protection, you use your credential, enabling higher levels of trust and security.

Re:That's Not How It Works

[majestic_twelve]

It will be voluntary until businesses only accept transactions associated with this ID and, like EULA's which are also completely voluntary, people will simply "agree" and go along with it so they can watch their porn, buy their Amazon merchandise, or whatever have you.

Re:That's Not How It Works

[penguinman1337]

Yeah, right. According to Uncle Sam, SSNs are also voluntary. And while it may be voluntary according to the government, what's to prevent ISPs from requiring it for internet access?

And how is this private? Sure, it might just share enough info to complete a transaction on any specific site, but what's to prevent the administrator of the program (in this case the highly trustworthy US government) from using it to track citizens who happen to be doing things they don't approve of? For example, making a donation to a group that has contrary views to said government (for example, if I decided to donate to the American Communist Party.)

Re:That's Not How It Works

[penguinman1337]

And if Marie steals my bank account info, she should be prosecuted to the fullest extent of the law. Same with Bob. That doesn't mean I should be required to go register my stereo and tag it with a lojack style system, that incidentally reports on what my stereo happens to be playing, just so it makes the job of the police easier.

Re:That's Not How It Works

[WorBlux]

Lets' see.. ever since cash has been legal tender.

Re:That's Not How It Works

[WorBlux]

You can also order, pay by money order, and send delivery to a drop address.

Re:That's Not How It Works

[pla]

Since when have legitimate businesses allowed transactions with anonymous people?

Very very few businesses care about your actual identity. They care that you provide a valid delivery address and a valid credit card.

The former, for small things, can consist of a PO box; For larger things, you can just pick them up in person from FedEx/UPS. For the latter, prepaid - and effectively anonymous - Visa gift cards have (at least for me) revolutionized the number of semi-sketchy places with which I'll willingly do business (since I can cap my worst-case losses at $50-$100 simply by only having that much on the card).

So yes, you can indeed participate mostly-anonymously in the eMarketplace.

Re:That's Not How It Works

[Em+Adespoton]

Since when have legitimate businesses allowed transactions with anonymous people? If you want my stuff, you have to pay for it, and I have to know to whom to send the stuff, and the banking system has to know whose account to debit before it can credit mine. Illegitimate businesses will continue not to require ID.

Your objection is nonsensical.

This is a bit of a straw man; I have no problem with a legitimate business knowing who I am... I get a little nervous when the government gets to know about every *potential* business transaction I make, however -- which is what this system would do.

See: this ID is virtually identical to the loyalty rewards cards that many businesses use nowadays; they're completely voluntary, but you don't get full access/all the deals/etc. without them, so everyone uses them.

Except in this case, instead of one company having a loyalty card and selling the data to marketing firms, you have the government having the loyalty card, and *all* online businesses using it. It's actually scarily similar to what's happening with FaceBook IDs (I've stumbled across a disturbingly large number of businesses recently that require you to hand over your facebook ID to access some of their site content).

Re:That's Not How It Works

[blair1q]

Hi. This is Cam-bot, your friendly neighborhood grocery store security camera. I've just run facial recognition scanning software on your face and matched it to another camera at Song Lee's House of Happy Endings. Would you like me to tweet this for you?

Re:That's Not How It Works

[blair1q]

I've run into exactly zero entities that require a facebook ID to do anything. You're hanging out in the wrong part of town.

I don't see how this is like loyalty rewards cards at all. This isn't a scam designed to steal money from you for wanting not to participate in a spamming system. This is a means of allowing you to provide your identity to those entities that have a reason to confirm your identity.

I don't understand why people get nervous about imaginary Big Brotherism that isn't going to happen in a democracy, when the real problem is very real plutocratic subversion of democracy that forces government to have no power to regulate the sort of corporations that control your food supply and insist on your accepting their spamming system or paying an extra 40% for a can of Spam.

A little more Big Brother would go a long way towards decoupling the economy from things like the Flash Crash and the Housing Bubble and the Credit-Default Swap collapse.

The trick is to use your democratic power to enable the good things and prevent the bad things about the Big Brotherism. But you'd rather use it not to have the good things because you're just paranoid about any government.

i will call my ISP and cancel

[FudRucker]

and remove my PCs from internet connectivity before i subject myself to such a heavy handed draconian measure.

goodbye internet, it was fun while it lasted, but the government is here to help which always takes the fun out of things.

Re:i will call my ISP and cancel

[Veggiesama]

Don't call your ISP; your phone might be tapped.

And don't write a letter, because--can you believe it?--the government owns the post office too!

I wouldn't dare step outside. CIA spy satellites can track your movements to the nearest meter.

Looks like you might just have to grin and bear it like the rest of us proles.

Re:Now only criminals will be able to post anonymo

[ScrewMaster]

Of course, we will never know how many of the people convicted are the actual criminals, rather than just a victim of a hacker who chose their identity at random.

The real danger is that this is just another form of automated justice. If a log generated by a server somewhere in somebody's cloud says your guilty ... then you're guilty. Period. End of statement. Face it, courts only rarely disregard computer-generated "evidence", although that's likely only because they don't have the mental tools to make a judgement as to the probability of a computer error, so they simply ignore the possibility. I suspect that most people here on Slashdot are like me, in that they certainly would not want their future, their livelihood or their freedom beholden to the reliability and accuracy of somebody's little black box.

What we have here is Man fading in the shadow of the machine. And I don't like it.

Re:Now only criminals will be able to post anonymo

[mlts]

What is ironic is that properly implemented, this system can assure a truly kick-ass privacy ecosystem.

One could base it around a smart card. The private key is stored, and a certificate from a trusted CA (county courthouse) states that this key belongs to this individual.

Then start sticking certificates on the key. The user can determine who gets to see the certificates, and who doesn't.

Carded at the bar? The bar doesn't need to know the DOB. The bar finds a certificate stating that this person is over 21 years of age, signed by the state. That is good enough evidence for legal purposes to start slinging the drinks. The bar is legally covered, and the patron does not have to show when they were born.

Criminal record? The potential employer sees a certificate from NCIC stating the bearer has zero crimes on his/her rap sheet. The employer checks to see if this cert was revoked, and it hasn't been. So, even without looking up the user in a database, there is legal proof of no felonies present.

Degree from accredited institution? The employer finds a cert from Miskatonic University stating the person has graduated and has a B. S. Going up the cert chain, the university has a certificate from an accreditor stating that they are in good standing.

Credit report? Vinny's Used Cars gets a certificate from Experion that the person is in the top tier of credit, and no other details are handed out.

Of course, with keys and an active CRL mechanism, if someone was convicted, the criminal record cert stating there is no record would be revoked, or it can be a SLC that is pulled from a certificate server, with an expiration duration of minutes to hours.

I have hopes... if done right, a good smart card would help privacy and security. However, if done wrong, it would rain down hell on anyone in the US.

Doing it Wrong

[Jah-Wren+Ryel]

What we don't need is a centralized ID system - that's a recipe for all kinds of fraud of other sorts of abuse (like the recent story about how DVR commercial viewing records are correlated with grocery purchases in order to better target you for advertising).

If the government insists on getting involved in ID infrastructure, then they ought to be providing a means for distributed identification. Define a standardized system that promotes multiple, independent IDs that are domain specific. For example, one ID for facebook, another ID for your bank, another ID for your car registration, a different ID for the tax records on property like your house.

Go ahead and define a protocol for handling the identification and authentication transactions, but require taht each party (both users and service providers) keep the database of IDs on their own systems - not off in some massive cross-referenced database, federal or otherwise.

Re:Drop?

[biek]

It's slang, much like your awful use of "fail."

Re:Democracy

[amiga3D]

You're absolutely wrong. It is a Republic, a representational government. If you look at the US congress you see the US citizenry. Weak, corrupt, dishonest, self centered, exactly like the people they represent. Don't leave out ignorant and greedy either. I guess you could call it an idiocracy. I looked at the last presidential election with despair. Obama and Biden vs. McCain and Palin. It makes me sick to think about it even now. This is the best either party has to offer us. The best they have. Think on that. Then turn on the TV and watch all the mental drivel that passes for entertainment. People actually watch that stuff. It's depressing.

Re:this is very scary

[element-o.p.]

why aren't citizens revolting over this?

Because our government is revolting enough?

Re:Lack of Leftwing Outrage

[Mashiki]

That's because only republicans and "right-wingers" and people belonging to the "tea party" can be targeted for this. Remember, Obama ... better than Bush. Hahaha right...you guys are fucked. You bought into the whole Trudeau style charm and are taking it like a champ now.

Re:Now only criminals will be able to post anonymo

[Em+Adespoton]

Have you ever worked in the Smart Card or Cert industries? This has never been done right, and never will be, due to a reliance on people.

You have to trust that everyone has the certs they're supposed to have, and that no errors in cert deployment happened (wrong cert revoked, inappropriate cert given out, etc). Then there's theft of smart cards, cracking of cards for the private key, control over the card readers (how does the user determine who sees what certs when the person can't even read the data on their card without a reaader -- and not all readers are created equal).

Think of the recent news items where a CA was issuing certificates to an untrusted party, and where MOST CAs were issuing certs for inappropriate zones.

Personally, having dealt with this technology in-depth for over 10 years, I'd rather trust a web of trust (real people) than a CA chain. The CA chain can augment, but it should NEVER replace.