The Government Internet ID Proposal

An anonymous reader writes "Is it the beginning of government tracking? An expert on electronic privacy walks through the possibilities and perils of a national online security system run, in part, by the US Department of Homeland Security."

Between this and Apple's location tracking...

[Itesh]

we should have absolutely nothing to fear. Remember, this is all for our protection.

How will this prevent identity theft?

[mschaffer]

How will this prevent identity theft? Seems to me that it will make it potentially easier to steal someone's identity.

Thank god you're reading slashdot

[iluvcapra]

...Where a link to an article about computer credentials can become an 800-count thread where people don't talk about the article, and prefer to spin yarns about Hangar 18 conspiracies all the while claiming the exact opposite of what's actually going on.

“That’s what a lot of people feared — that the government was going to take REAL ID and put it on the Internet and be able to track everybody’s Internet activity,” Stepanovich said.

That is not what’s contained in the NSTIC proposal, to the relief of privacy advocacy groups.

The government has set out principles — chief among them “choice, efficiency, security and privacy” — more than mechanics. But the basic idea is that you could have your offline identity verified online by a company of your choosing. That company would then provide you with a single credential you could then present (when you don’t want to be anonymous online) to Amazon, or VA.gov, instead of having to re-establish that you are who you say you are with every online transaction.

The device carrying your credential — a flash drive, a cellphone, a smart card of some kind — would authenticate itself, rather than referring Amazon to the company that vouches for you. Amazon would know the buyer was secure, and the credential would know it was communicating with a bookseller, but the authentication provider would never learn that you just bought Bob Woodward’s new book.

You can see why private industry would hate this proposal: it robs third parties of the ability to collect advertising and customer data through user authentication. So naturally they'll use scaremongering and useful idiots civil libertarians to claim this isn't what it is, and that we're much better off with a completely private system with no rules as to who can collect what data about what.

Re:Dupe -- yes. Good to repeat often.

[icebike]

More importantly, make sure they read AT LEAST THIS FAR:

The government has set out principles — chief among them “choice, efficiency, security and privacy” — more than mechanics. But the basic idea is that you could have your offline identity verified online by a company of your choosing. That company would then provide you with a single credential you could then present (when you don’t want to be anonymous online) to Amazon, or VA.gov, instead of having to re-establish that you are who you say you are with every online transaction.
The device carrying your credential — a flash drive, a cellphone, a smart card of some kind — would authenticate itself, rather than referring Amazon to the company that vouches for you. Amazon would know the buyer was secure, and the credential would know it was communicating with a bookseller, but the authentication provider would never learn that you just bought Bob Woodward’s new book. In this way, all of the parties involved would never freely communicate with each other, preventing precisely the web of information that you probably don’t want anyone — private company or government agency — to track.

In short it is a strictly voluntary program of obtaining authentication credentials which only YOU say what you share with each. Like your PGP signature with a somewhat more reliable web of trust than some guy in Slovenia that signed your key.

Seriously, you can tell the author simply skimmed, and never read the actual government release on this idea, which can be found in pdf form here: http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf

The biggest problem I see is the mentioned "Mission Creep", where such an ID becomes mandatory in order to purchase anything on line. I could easily see that happening at the insistence of credit card companies.