Slashdot Mirror
White House Releases Trusted Internet ID Plan
angry tapir writes "From the Computerworld article: 'the U.S. government will coordinate private-sector efforts to create trusted identification systems for the Internet, with the goal of giving consumers and businesses multiple options for authenticating identity online, according to a plan released by President Barack Obama's administration.'"
Just like a SSN.
Requires Windows (tm) 7 (tm) Professional (tm) using an Intel (tm) chipset supporting a Trusted Platform Module (tm) with keys in escrow by the issuing authority.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
Lets give controls of the keys to the Homeland Security.
I'm sure we can trust them with our internet.
Items purchased with trusted ID: Washing machine, PS4, Glycerine, Shower tiles cleaner (flagged combo).
Taxes due on purchases $156.00. Forwarding purchase of glycerine and acid product to FBI for examination.
The format of the Trusted ID will be a nine digit number, separated into three groups by dashes...
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
This is just another step in the governments plan to control our online lives. John Locke states that the reason for this plan is that 8.1 million people were victims of identity theft in the US last year. What he fails to mention is that only 11% of that 8.1 million were internet or technology related while over 43% were due to theft of purse or wallet, another large chunk were the result of dumpster diving or other unsavory methods.
It's going to be "voluntary", but soon enough legislation will be passed that makes it so "questionable websites", such as those associated with porn, will be mandated to require an Internet ID for age verification. And simultaneously the government will know what kind of porn you like to look at and can blackmail you whenever they see fit.
Yes, the Internet has been a pretty big failure so far. :-) What more "full potential" he's talking about?
It must have been something you assimilated. . . .
Rather than hittin a journalist site, go direct to the source at
http://www.nist.gov/nstic/
You can trust this isn't a rickroll or a goatse because I'm usin' my trusted internet ID of VLM
The headline made me expect a detailed bit level cryptoanalysis of the new protocol complete with flowcharts, etc. Instead it seems to be the tech equivalent of a bunch of hippies high on weed sitting around a campfire and curing all the worlds ills by talking about them.
More like "whitehouse releases a plan to create a plan for a trusted internet ID plan"
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
It completely dispenses with the password. It is your responsibility to protect your username. If anyone from Nigeria to Nantucket know your identification code, it means they are authorized to do any financial transaction on your behalf. This breakthrough technology makes it possible for the people creating new and exciting contracts under 409 clause to not only draw money from your bank, but also from your brokerage account, and also change your network log in id and to rearrange your netflix queue and use ftp to open your garage doors Imagine! The New possibilities!
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Sounds about right for liberals. You have to have an ID to use the Internet, but not to vote.
I just RTFA... and the only question that comes to mind is.... HOW IS THIS ANY DIFFERENT THAN OPENID ?!
Let me give you a little analogy here, you know how your average high tech redneck installs drupal with a little apt-get install (more or less) but a govt install of a drupal site costs the govt $50M in consultative fees?
Well, yer average high tech redneck would implement openid with a little "apt-get install libopenid-ruby" and, admittedly, some hours spent running vim, but this here is gonna cost the govt about $50M in consultative fees.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
There are, at current best estimate, at least 200 million fully-compromised systems on the Internet. That number has been monotonically increasing for most of a decade, and there is no reason to expect that trend to change. (And many reasons to expect it to continue.) Not all of those are in the US, of course, but a lot of them are. This is turn means that any credentials present on those systems are now the property of their REAL owners, not the people who mistakenly believe they own them. Which means that even if such a universal ID system was properly designed (unlikely) properly built (unlikely) and properly deployed (extremely unlikely) that its first major effect will be handing over a large number of those IDs to The Bad Guys. The second major effect will be providing major incentives to The Bad Guys to compromise more systems, as the value of such increases with both their usefulness and the value of the data stored on them. The third major effect will be providing major incentives to The Bad Guys to go after any system where these IDs are stored or used, since they now have widespread usefulness, not just localized usefulness. They will be successful some of the time, of course, and we will once again get to hear the refrain of the professional liars who call themselves "spokespeople", as they solemnly intone "Nobody could have foreseen..." I think the biggest usefulness of this scheme will be filtering: anyone supporting it is clearly marking themselves as a security imbecile, should be fired on the spot, blacklisted for life, and never permitted to speak in public again on the topic of security. That won't happen of course. They'll get bonuses. That's how we reward sufficiently grandiose failure in this society.
You backward canucks still get your slurpees in stores? In America we order and enjoy them online! No need to leave the sofa and no mess.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
I'm not sure if it works for personal checks, though, but who uses those any more?
People who have been paying utility bills for decades by mailing a paper check. I've got a couple in my family.
And how else does one person pay another person through the mail, such as money included with a birthday card? Most individuals don't take credit cards. Or have gifts included with birthday cards moved to Walmart gift cards? Or have people stopped celebrating birthdays where you live?
Any time a business or utility charges a fee for electronic payment, you can bet they are going to get a check from me. .44 cents beats the $5 or so they charge for electronic payments. Same thing with efiling state taxes. If the state wants me to efile, make it cheaper than .44 cents. Right now, it's between $10 and $20 to efile depending on who does it.
"He's lost in a 'floyd hole"
Having a way to authenticate a person as unique is a missing brick in many web applications, especially all the voting applications. I see it as a good thing and I have a hard time seeing how such a tech makes bad scenarios more likely.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
The only people I've seen complain about identity theft were on TV in a commercial for the company selling identity theft protection.
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
And sadly, this solution wont prevent that from happening in the first place. More tax dollars to waste.
Except there are very little tax dollars involved. The effort is to be largely private.
And if you needed secure credentials to get into your yahoo account, it would certainly go a long way toward preventing it from happening in the first place. Previously all they had to do was guess your (weak) password. With this, they would need certificates/keys stored on your computer AND your password to unlock these.
Even now you can set a switch in Gmail that insists all access to it be via ssl so that your password never travels over the net in cleartext. This might be even better than that option, as one-time keys can be negotiated of any length which would be unique for each session.
However, login is not the focus of this effort. Banking and on-line purchases are.
Sig Battery depleted. Reverting to safe mode.
I trust VISA and my bank more than I trust my government. I will keep voting my conscience and hopefully one day that will work out.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Freedom isn't free. If you really want to live a life unfettered by a verifiable identity, that choice has real consequences for the sort of lifestyle you can enjoy, the sort of trust others will be willing to grant you, and the sort of financial transactions people will be willing to make with you.
I currently have a verifiable identity that I can use to do all of those things. And I don't have to be "coordinated" with some government bureaucracy in order to do it.
This isn't about solving a problem, it's about gaining more power and control for the central authorities and global corporations. It's really very transparent. There are much better ways to deal with identity theft than a draconian central planning scheme dreamed up by fascist partnerships.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
No, they cannot require your SSN for school. It is a hassle, but you can ask for an alternative ID number which they generate. Even for Federally funded things, even at college levels, you cannot be required to give your SSN (except for financial aid, but not just for regular admissions).
I sure wouldn't want to give my SSN at a school. It's statistically rather easy to get the first 5 digits, and so many places using the last four as some sort of ID method is ridiculous. I know I've seen plenty of colleges databases cracked and leaked containing student records - not to mention do you really trust the guy in charge of lab sign-ins with your SSN?
Identity fraud is so easy to commit these days. Most have their birthdays for the public to see on Facebook, etc.
What I like about the current mess of different usernames and passwords for different sites, entrust card, RSA tokens etc is that any identity theft is likely to be rather limited. With a Internet ID plan it makes it possible for someone to take an entire identity in one hit, along with all your money and likely better lock you out of getting it back.
This is going become prime target for identity theft, I can tell by the lack of language even acknoledging security issues let alone addressing how it may be kept safe.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Never heard of a money order except on those cheesy TV informericals.
Money orders are quite simple and straightforward. They're like checks, except you pay a (small) fee to actually use them. My mom still refuses to get on the online payment bandwagon and pays our power bill and whatnot thusly. Example:
1) Go to a store that doles out money orders. Most supermarkets that have Western Union and the like can also process money orders.
2) Tell them the amount and the recipient, i.e. "Power Company" for $56.83.
3) A money order, along with a receipt, is printed up.
4) Detach the receipt, mail money order. The part that is superior to checks (IMO) is that you have a receipt showing it was created. There have been one or two times in my childhood where we were late with a bill and power was about to be shut off, and the money order receipt was proof enough that the cash was on the way.
Money orders (much like checks) can have a STOP order placed on them (i.e. cancel it, and get a refund on the cash with said receipt). They cost anywhere from $0.50 to $1.00 as a flat fee to have them made up, and again, unlike checks you actually get a receipt. They're quite wonderful and sending a money order makes you far less susceptible to potential fraud.
Random Thoughts From A Diseased Mind (Not For Dummies)