Slashdot Mirror

← Back to Stories (view on slashdot.org)

White House Releases Trusted Internet ID Plan

Posted by samzenpus on from the I-feel-safer-already dept.

angry tapir writes "From the Computerworld article: 'the U.S. government will coordinate private-sector efforts to create trusted identification systems for the Internet, with the goal of giving consumers and businesses multiple options for authenticating identity online, according to a plan released by President Barack Obama's administration.'"

5 of 229 comments (clear)

  1. They need to use the right statistics by chimerafun · · Score: 3, Informative

    This is just another step in the governments plan to control our online lives. John Locke states that the reason for this plan is that 8.1 million people were victims of identity theft in the US last year. What he fails to mention is that only 11% of that 8.1 million were internet or technology related while over 43% were due to theft of purse or wallet, another large chunk were the result of dumpster diving or other unsavory methods.

    1. Re:They need to use the right statistics by iluvcapra · · Score: 3, Informative

      What he fails to mention is that only 11% of that 8.1 million were internet or technology related while over 43% were due to theft of purse or wallet, another large chunk were the result of dumpster diving or other unsavory methods.

      It works both ways though: you can create an online account or forge the identity of someone else with nothing more than what is in a wallet. People dumpster dive or steal wallets, and then use the Internet to create false accounts with the information in a wallet or discarded credit application. The problems with validating identity allow a thief to turn a stolen wallet into a stolen identity, this shouldn't be possible and regulation is a good way of addressing this, for example by forbidding businesses from using SSNs as record identifiers, or requiring three-factor auth for credit transactions.

      The document in the TFA proposes no central repository or government database, and proposes a private system that's only regulated by the government to prevent fraud and set minimum standards. Your characterization of the proposal is a strawman.

      --
      Don't blame me, I voted for Baltar.
  2. Direct link by vlm · · Score: 5, Informative

    Rather than hittin a journalist site, go direct to the source at

    http://www.nist.gov/nstic/

    You can trust this isn't a rickroll or a goatse because I'm usin' my trusted internet ID of VLM

    The headline made me expect a detailed bit level cryptoanalysis of the new protocol complete with flowcharts, etc. Instead it seems to be the tech equivalent of a bunch of hippies high on weed sitting around a campfire and curing all the worlds ills by talking about them.

    More like "whitehouse releases a plan to create a plan for a trusted internet ID plan"

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  3. Re:Trusted ID by icebike · · Score: 3, Informative

    And sadly, this solution wont prevent that from happening in the first place. More tax dollars to waste.

    Except there are very little tax dollars involved. The effort is to be largely private.

    And if you needed secure credentials to get into your yahoo account, it would certainly go a long way toward preventing it from happening in the first place. Previously all they had to do was guess your (weak) password. With this, they would need certificates/keys stored on your computer AND your password to unlock these.

    Even now you can set a switch in Gmail that insists all access to it be via ssl so that your password never travels over the net in cleartext. This might be even better than that option, as one-time keys can be negotiated of any length which would be unique for each session.

    However, login is not the focus of this effort. Banking and on-line purchases are.

    --
    Sig Battery depleted. Reverting to safe mode.
  4. Re:SSN is not voluntary by jroysdon · · Score: 3, Informative

    No, they cannot require your SSN for school. It is a hassle, but you can ask for an alternative ID number which they generate. Even for Federally funded things, even at college levels, you cannot be required to give your SSN (except for financial aid, but not just for regular admissions).

    I sure wouldn't want to give my SSN at a school. It's statistically rather easy to get the first 5 digits, and so many places using the last four as some sort of ID method is ridiculous. I know I've seen plenty of colleges databases cracked and leaked containing student records - not to mention do you really trust the guy in charge of lab sign-ins with your SSN?

    Identity fraud is so easy to commit these days. Most have their birthdays for the public to see on Facebook, etc.