Slashdot Mirror
White House Releases Trusted Internet ID Plan
angry tapir writes "From the Computerworld article: 'the U.S. government will coordinate private-sector efforts to create trusted identification systems for the Internet, with the goal of giving consumers and businesses multiple options for authenticating identity online, according to a plan released by President Barack Obama's administration.'"
Just like a SSN.
Lets give controls of the keys to the Homeland Security.
I'm sure we can trust them with our internet.
Items purchased with trusted ID: Washing machine, PS4, Glycerine, Shower tiles cleaner (flagged combo).
Taxes due on purchases $156.00. Forwarding purchase of glycerine and acid product to FBI for examination.
The format of the Trusted ID will be a nine digit number, separated into three groups by dashes...
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
After reading the document, there really aren't any system requirements, specific technology or any kind of actual implementation, all it really does is set out some goals and establish a certain vocabulary. It's utterly anodyne and will probably die before being considered because it sets out concrete goals for private companies that handle identifying data:
Surely this is the thin end of the wedge of tyranny.
Don't blame me, I voted for Baltar.
This is just another step in the governments plan to control our online lives. John Locke states that the reason for this plan is that 8.1 million people were victims of identity theft in the US last year. What he fails to mention is that only 11% of that 8.1 million were internet or technology related while over 43% were due to theft of purse or wallet, another large chunk were the result of dumpster diving or other unsavory methods.
Since all tyrannies require those tyrranized to still be breathing, oxygen is the thin end of the wedge to tyranny. (In other words, almost anything can be dual-purposed for "good" and "evil", so almost anything can be considered the thin end of some wedge or other. It renders that entire line of reasoning pointless.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Rather than hittin a journalist site, go direct to the source at
http://www.nist.gov/nstic/
You can trust this isn't a rickroll or a goatse because I'm usin' my trusted internet ID of VLM
The headline made me expect a detailed bit level cryptoanalysis of the new protocol complete with flowcharts, etc. Instead it seems to be the tech equivalent of a bunch of hippies high on weed sitting around a campfire and curing all the worlds ills by talking about them.
More like "whitehouse releases a plan to create a plan for a trusted internet ID plan"
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
It completely dispenses with the password. It is your responsibility to protect your username. If anyone from Nigeria to Nantucket know your identification code, it means they are authorized to do any financial transaction on your behalf. This breakthrough technology makes it possible for the people creating new and exciting contracts under 409 clause to not only draw money from your bank, but also from your brokerage account, and also change your network log in id and to rearrange your netflix queue and use ftp to open your garage doors Imagine! The New possibilities!
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
There are, at current best estimate, at least 200 million fully-compromised systems on the Internet. That number has been monotonically increasing for most of a decade, and there is no reason to expect that trend to change. (And many reasons to expect it to continue.) Not all of those are in the US, of course, but a lot of them are. This is turn means that any credentials present on those systems are now the property of their REAL owners, not the people who mistakenly believe they own them. Which means that even if such a universal ID system was properly designed (unlikely) properly built (unlikely) and properly deployed (extremely unlikely) that its first major effect will be handing over a large number of those IDs to The Bad Guys. The second major effect will be providing major incentives to The Bad Guys to compromise more systems, as the value of such increases with both their usefulness and the value of the data stored on them. The third major effect will be providing major incentives to The Bad Guys to go after any system where these IDs are stored or used, since they now have widespread usefulness, not just localized usefulness. They will be successful some of the time, of course, and we will once again get to hear the refrain of the professional liars who call themselves "spokespeople", as they solemnly intone "Nobody could have foreseen..." I think the biggest usefulness of this scheme will be filtering: anyone supporting it is clearly marking themselves as a security imbecile, should be fired on the spot, blacklisted for life, and never permitted to speak in public again on the topic of security. That won't happen of course. They'll get bonuses. That's how we reward sufficiently grandiose failure in this society.
And sadly, this solution wont prevent that from happening in the first place. More tax dollars to waste.
Except there are very little tax dollars involved. The effort is to be largely private.
And if you needed secure credentials to get into your yahoo account, it would certainly go a long way toward preventing it from happening in the first place. Previously all they had to do was guess your (weak) password. With this, they would need certificates/keys stored on your computer AND your password to unlock these.
Even now you can set a switch in Gmail that insists all access to it be via ssl so that your password never travels over the net in cleartext. This might be even better than that option, as one-time keys can be negotiated of any length which would be unique for each session.
However, login is not the focus of this effort. Banking and on-line purchases are.
Sig Battery depleted. Reverting to safe mode.
Yeah well the problem with that my Euro friend is that in case you ain't notice we only have TWO parties here, the far right (dems) and extreme far rights (reps) and they want ALL our emails older than 6 months old (because you have nothing to hide, right?) want to force ACTA down the throats of the planet, never met a corporation or private contractor they didn't like cashing checks from, support one failed enterprise after another as long as the kickbacks keep rolling in...
So excuse me if I don't exactly trust these bozos with one of the last truly free forms of expression we have left,okay? Hell I wouldn't trust either party as far as I can throw their overfed corrupt asses as it is, give them even MORE they can abuse?I wonder how much MSFT and Intel can pay to make sure only the "latest and greatest" trusted computing platforms are allowed? Hell it has been the dream of Intel and MSFT since the days of the fritz Chip so excuse me if I don't exactly see this as all hearts and flowers, kay?
Hell when was the last time a politician around here did ANYTHING that he couldn't either grab more power or get his cronies fat checks for doing,hmmm?
ACs don't waste your time replying, your posts are never seen by me.
Freedom isn't free. If you really want to live a life unfettered by a verifiable identity, that choice has real consequences for the sort of lifestyle you can enjoy, the sort of trust others will be willing to grant you, and the sort of financial transactions people will be willing to make with you.
I currently have a verifiable identity that I can use to do all of those things. And I don't have to be "coordinated" with some government bureaucracy in order to do it.
This isn't about solving a problem, it's about gaining more power and control for the central authorities and global corporations. It's really very transparent. There are much better ways to deal with identity theft than a draconian central planning scheme dreamed up by fascist partnerships.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
No, they cannot require your SSN for school. It is a hassle, but you can ask for an alternative ID number which they generate. Even for Federally funded things, even at college levels, you cannot be required to give your SSN (except for financial aid, but not just for regular admissions).
I sure wouldn't want to give my SSN at a school. It's statistically rather easy to get the first 5 digits, and so many places using the last four as some sort of ID method is ridiculous. I know I've seen plenty of colleges databases cracked and leaked containing student records - not to mention do you really trust the guy in charge of lab sign-ins with your SSN?
Identity fraud is so easy to commit these days. Most have their birthdays for the public to see on Facebook, etc.