Slashdot Mirror
US Gov't To Issue Secure Online IDs
Hugh Pickens DOT Com writes "Tom Groenfeldt reports in Forbes that the U.S. Postal Service has awarded a contract to SecureKey to implement the Federal Cloud Credential Exchange (FCXX) designed to enable individuals to securely access online services at multiple federal agencies — such as health benefits, student loan information, and retirement benefit information — without the need to use a different password or other digital identification for each service. SecureKey already operates a trusted identity service in Canada using identification keys provided by one of five participating Canadian banks. It allows Canadians to connect with 120 government programs online with no additional user names or passwords for everything from benefits queries to fishing licenses. The SecureKey program is designed to connect identity providers — such as banks, governments, healthcare organizations, and others — with consumers' favorite online services though a cloud-based broker service. The platform allows identity providers and online services to integrate once, reducing the integration and business complexity otherwise incurred in establishing many-to-many relationships."
The United States government has never had better timing! I'd sign up now, but I figure you guys have got it covered already, OK?
I was all about this until I got to the Canada part, and then...oh well.
And the really wonderful thing is that they have already used your facebook password and profile as well as your google info to prefill in all your forms..
They already have access to the back end servers. No log in needed.
But it won't make it harder for them either. Maybe they can bypass the FISA courts and those pesky opinions if they can just log into the accounts.
n/t
How long until these become mandatory for all websites. Here's how I could see this going down:
...Tinfoil futures are a sure bet....we're losing the internet right in front of our faces.
- First, all major government websites require usage of this.
- As more and more brick-and-mortal government offices close, more and more people start using the id.
- VISA, MasterCard, et al begin requiring these for all online banking.
- Taxable web transactions somehow get tied by law to having to use these.
- Soon, ISPs require you to log in with it periodically, (remember AOL internet 'sessions'?)
- All utilities, bills and such paid online start requiring it.
- Social networks require it for 'think of the children' safety.
'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
What a terrible acronym! How are we supposed to say FCXX anyway?
So, I came up with a better one for them:
Federal User Credential Keyfob (for Your Online Utopia)
WTF are private organizations allowed to issue identities for? Government IDs may be a hassle, but they're the ones with the vested interest in keeping track of people. We don't permit Walmart to issue driver's licenses or passports. We already have a mess with the private CAs on the Internet. Do it once, do it right and keep a monopoly on it. IDs and currency are Government's job! If the Treasury had issued decent ecash, Bitcoin wouldn't have a market and Credit Card Companies wouldn't be adding their 2.9% inflation to every purchase. If the Gov't were to do this right, with closed-loop verification necessary for anybody to do anything with your Identity, and if it were secure it would be a great boon. No more having to notify 42 entities of your change-of-address. Change it once at the Identity agency, and it's changed everywhere. I really doubt they'll manage to get it right though. No, I don't work for the Government. I'm just a guy who hates constantly giving and updating contact info.
[Read as if you're Robert Preston in The Music Man addressing the town]
Now we're all familiar with hot farts here on Slashdot. That sharp exit of heated gas that warms your anus for a few seconds during its escape.
It's a unique sensation, and it's often uncomfortable! But my friends there is another way to fart. Yes, I said another way!
Why just last week I was sittin'. Sittin' in this very chair, browsin' this very site.
Yes I was sittin'. And while I was sittin' I felt that familiar pressure. The pressure we all know all too well. The pressure of a tight little bubble of gas winding it's way through my bowels.
But this time it was different. As I felt that fart knocking on my door I took a look around. I say, I looked around for anyone who would see or smell or hear.
Friends, family, coworkers, even gosh darn strangers. But my friends the coast was clear. Yes I was free and clear to let'r rip!
But I decided to try something a little bit different. I passed on my usual lean and "foof". I opted against the raucous blast. I say I did something just a little bit different that made all the difference in the world.
Oh I leaned to the left. I leaned to the left and raised my right cheek off the chair. I raised it up and I put it back down. Right on the right edge of that chair.
Then I leaned to the right. This time to the right, raising my left cheek up and settin' it down.
Now over there on the left edge of the seat was one ass cheek. And way over there on the right edge was the other.
But right in the middle, free and clear and stretched nice and taught was my anus. And my friends what a glorious, clean pink anus it is. I took that anus and I opened the valve nice and slow. Like openin' a shaken up bottle of pop.
And just like that bottle of pop my anus let out a slow "hisssssssss". Yes a hiss! And as I savored the extended release of that one little fart, I felt a sensation. A sensation like none I'd ever felt before on this green Earth.
There was a coolness. A coolness from that escaping gas that refreshed my anus and rectum better than one of ol' Doc Miller's suppositories. It was a coolness that lasted. Stayed with me all day long! It put a skip in my step and a twinkle in my eye and that's why, my friends, I'm here today. Tellin' you about this new great way to fart.
The virtual "tattoo on the wrist" :-)
It will be compulsory to do anything...
“He’s not deformed, he’s just drunk!”
Maybe it's just bad timing or bureaucratic paralysis or they're just trolling everyone but they have absolutely no credibility on this.
Good luck doing without one. Have you ever tried living in a commune with "no government"?
Larry Niven did an interesting fictional account of this in "Cloak of Anarchy", http://www.larryniven.net/stories/cloak_of_anarchy.shtml.
now the government can MORE EASILY track everything you do online!
This is how social security numbers started.
Prove anything by multiplying Huge Number times Tiny Number
Posting AC because I worked on this proposal for one of the seven other candidates for this bid.
The oversight/selection committee for this consisted of people from GSA, NIST, and several other agencies. Speaking as a privacy/security nut myself, I can say their requirements were very privacy-friendly.
This system is intended to allow people to use third-party authentication mechanisms (provided by Equifax, etc.) to access government systems. The kicker is that neither side is allowed to know who the other side is. The FCCX is intended to be an anonymizer-like service to completely disassociate the public information from the federal systems.
Regardless of what some other agencies are doing (illegally, immorally, etc.), these guys were really striving - at least in the RFQ/RFP - to do it the right way.
for virginity!
Then don't vote for politicians that are for securing the country at all cost. Honestly, if the GOP candidates wouldn't be so quick to take away our freedoms, it would be a lot easier to find somebody to vote for that would have more of a spine. But, ultimately, we ended up with Obama who was far less scary than either Romney or McCain in this area, but falls well short of what a reasonable politician should be doing with personal Liberties.
Securekey information passes through a cloud, which in effect means we do not know who could be looking at what services we use. The information could be used to find patterns. Canada had a much more secure method a few years ago, whereby no one knew the real identity of the person, except the individual departments or agencies, and that no amalgamation or correlation of the data was permitted by Law. It also allowed individuals to have multiple anonymous accounts to further protect themselves. This is just another way for Governments to monitor what we do, and for those crooked individuals inside, managing it, to possibly commit crimes. Oh Well, just shows you what kind of world we live in now. Big business just found a new way to ream us more .
Identity verification should be a core function of a national government. This can be done right: by creating an agency that does not aggregate data, and serves no other function than to confirm that you are who you say you are when you ask it to. With proper use of two-factor keys and public cryptography, this agency can make data aggregation very difficult: your bank would know you by a different ID# than your cell phone provider, and neither would need to know your name or social security number.
It's true that a corrupt government can do identity verification very badly, turning it into a panopticon. But corporations don't have the longevity, security, or nationwide reach to be able to do the job well, and a corrupt government can simply force corporations to hand over identity data. So in the worst case scenario, identity verification by corporation is no better than by government. And having no centralized authority at all doesn't work either: the fragmentary system we use now is easy to aggregate, and its resistance to identity theft is only as strong as its weakest link -- which is typically very, very weak.
With identity verification managed by government, we can at least use electoral pressure to hold the identity agency responsible for its actions, and fight corruption within it. If it's managed by anyone else, we have no control over it at all.
Everybody's a comedian...
“He’s not deformed, he’s just drunk!”
Papers please...
Yeah...see, I don't know...as a tech, if I survive any AI that emerges, I stand a fair chance of being employed / living well enough. On the other hand, from a system's standpoint, while integrating several systems together can be magical, it also almost guarantees at least one dooms day in your future (one hour of outage = so much pain, so much bureaucrats complaining, so many developers quitting). Like anything precious / useful, you want to stash several copies around, for safe keeping, and let them be relatively independent (so a failure at one site doesn't take everything down).
Yeah, I plan on being dead if this thing ever comes into being. I just don't "believe" our government has enough trust to do this right now. Gotta mend some fences first.
I am John Hurt.
... any browser in BSD and Linux? Or will the government be forcing me to buy another computer since I want things to be secure?
now we need to go OSS in diesel cars
What about foreign nationals, and folks from outside the US who want to use US websites?
When our name is on the back of your car, we're behind you all the way!
Because that's how we can tell if something will work or not - by looking to a made up story about it.
Why can't the just tell us what the IDs that NSA already assigns us are?
In the land of the blind, the one-eyed man is king.
I wouldn't be so sure.
The United States is considered one of the easiest places to purchase and sell real property, along with other jurisdictions sticking to the old Common Law rules. What distinguishes the Common Law system from the Civil Law system is that in Civil Law systems the central database is the definitive authority on ownership. In Common Law systems, ownership is a matter of fact to be determined by a court. There are quasi-centralized registries, but they merely act as optimizations... caches.
You would think a single centralized database would be most efficient, but it's not. Dealing with a change in real property ownership in Civil Law countries is often a nightmare, and it's a focus of study by economists in South America and Africa. The problem is that centralized databases don't cope with errors and anomalies very well, and are easier to game. Whereas decentralized systems handles errors much better, especially when you're allowed to present all the relevant information to a judge regarding title in land, not just what the bureaucrats attest to.
For a system like identification, dealing with the common case is trivial. Instead, you want to optimize for the errors and anomalies--basically cases that break the normal rules. That's a much harder problem, and centralization doesn't buy you very much, and in fact can be a bottleneck.
Oh, of course, it is surely more secure for everyone to have a different password for each site they visit.
now we need to go OSS in diesel cars
Same AC.
Depends on the site and the level of authentication required. INS will have a different requirement than the IRS, for instance. Different identification services will use varying levels of identification for enrollment, and FCCX will pass on the level of assurance to the relying party. It's a complex system. I don't know how the bid winners will handle the back end, but there's a lot of new tech that needs to be developed. (How do you give data to two parties without telling each who the other is, when you're not supposed to know the content of the message? Not an easy problem.)
Trying to go beyond the surrounding paranoia: I understand this to be a federated identity network, probably based on SAML. Is that right?
http://www.gnu.org/philosophy/right-to-read.html
Once your extreme views become fact, you're no longer a crackpot.
"Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick
The best types of objection to this trend include unified-marriage-identification practices and IRC. The worst aspect of this trend is it leads toward nationalized RFID, which is Biblical. Another biblical thing is coming true today: [gaza palestine's only agenda the abolition of israel.] An obvious concern citizens will have is [does the government have enough FLOPS to break its own RSA?]
In other news, HuffPo plans to ban anonymous posting, and phase in a requirement for a secure government-issued ID for all posters...
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
We are the priest class of the new feudalism.
Pie Iesu domine, dona eis requiem...
We don't have a state-run media we have a media-run state.
So which major defense contractor has the multibillion dollar contract to implement this? I won't worry. It'll get over budget and behind schedule so fast (due to no actual work being done) that it will be axed before anywhere near completion.
The only thing worse than a Democrat is a Republican.
I do not question your intentions nor your information.
I question the intentions of those that ordered this system. It's fairly easy to pervert such a system into one of surveillance, and given the recent developments in the US it will be kinda hard to give me reason to believe it won't be.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So Kodos next time around? I thought we did that already last time around.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
ANYTHING as high profile as this will get cracked.
Be realistic. That's going to be for ID theft what Windows was for botnets. THE system to crack if you want to be professional about it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Last time I know was when they started write something beginning with "We, the people".
It was downhill from there.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
We'll just be 30 years late. Well, DUH, when was it ever the case that the government was on time with its projects? Sure, this time it took them QUITE a bit longer, but it ain't something trivial like fixing the road next to your house.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Speaking as a privacy/security nut myself, I can say their requirements were very privacy-friendly.
Possibly, but then within the confines of a corporatist view, where a few centralised "identity providers" essentially own everybody else's identity and can do things others cannot, making everybody else second class citizens within the system. At least NSTIC was warned about this, but apparently nobody saw fit to heed the warning. Because, large corporate or (possibly and) governmental organisations owning other people's identities, eh, those in power just say they're "trusted" and thus they are. Reality? What's that?
This system is intended to allow people to use third-party authentication mechanisms (provided by Equifax, etc.) to access government systems.
So if your credit rating is shot...? Perfectly alright, just make sure you always have perfect credit, citizen. And it doesn't stop there, of course.
The kicker is that neither side is allowed to know who the other side is. The FCCX is intended to be an anonymizer-like service to completely disassociate the public information from the federal systems.
What mathematical proofs do they have to back up that rule? I won't settle for anything else, sorry. And even so, it won't be enough; it's just the beginning.
Regardless of what some other agencies are doing (illegally, immorally, etc.), these guys were really striving - at least in the RFQ/RFP - to do it the right way.
Within the limits of their understanding and their influence filtered through the rules of the procurement process. Which both isn't very much at all, for various reasons. The old lowest bidder and all that, but it goes beyond that, far beyond.
Obama must be jerking off in front of a poster of Richard M. Nixon while reading this news.
You think so? I find it more probable that Obama is jerking off in front of a poster of Erich Mielke.
The kicker is that neither side is allowed to know who the other side is. The FCCX is intended to be an anonymizer-like service to completely disassociate the public information from the federal systems.
At least that's what they say in the non-classified meetings...
0 1 - just my two bits
I could not help but think....
Three Master Keys for the Agencies under the Executive
Seven for the Security Council in the Congress Hall
Nine for the Justice supporting no warrants
One for the President on his Dark Throne
In the Land of States where Freedom dies
One Key to Rule rule them all, One Key to silence them
One Key to subject them all and in subjugation bind them
In the Land of States where Freedom dies
they would still be able to do normal voting, the online voting would just be extra
No, that would be the intellectuals. Not the techs. They're more like the altar-boys that sweep the church floor. And us programmers are more like the scribes, but I don't think this analogy is going quite right.
Either way, you need to look at the intellectuals. The ones that give "intellectual" sanction to the things government imposes on us.
Government-issue id already is compulsory for lots of things. The time to rebel against this kind of thing, was about a century ago. For whatever reason, we didn't.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
You missed his point. He's saying people did vote for Democrats and now we are totally fucked, because there are never any serious Republican candidates. If only someone would run against the Democrats, things could (maybe possibly if we're both really lucky and really try hard) get better. But since the Republicans have abandoned the country, the kind of people who limit themselves to voting R-or-D (users of the "lesser of two evils" strategy) have no choice but to vote Democrat. (Now, we might not respect people who use that strategy, but you can't deny they are a majority of voters, hold most of the power, and that political campaigns must take them into account as pretty much the prime consideration.)
The Democrats are withdrawing their support for America too, just not as rapidly as the Republicans, so the Democrats win by default.
And that's exactly what happened in the 2008 and 2012 presidential elections. (Also 2004, but the situation was reversed.) Take a look. Who ran against Obama? Nobody serious, that's who. The R's whole crop was just a bunch of characters written by The Daily Show for comedic value, rather than being actual people. The Republicans gave the office to Obama, by not putting forth any candidates (well, they did put forth two of them (Paul and Johnson in 2012, for example), but then the registered Republican voters squashed them both in the primaries).
Maybe it's not a matter of "vote Democrat." Maybe it's a matter of every single American needing to register as a Republican, and fucking voting in the primaries so that we can have a real presidential election some day. Because until American becomes willing to vote third party, we're going to continue to have R or D people. So why not get some real politicians onto those two ballot slots?
"Believe me!" -- Donald Trump
You're a fool if you think, even for one second, there's any measurable difference between democrats or republicans. They both pander to the same electoral base, and the culture prevalent among them. The current political scene in the US is what Americans want - pretending that some change is just round the corner if only the right guy could step up is hoping for a miracle that will never happen. America has earned its current situation.
Fantastic, just another way for the government to track our every move and leaves our personal information vulnerable for hackers to access. Sure it would be extremely convenient, but is that worth your privacy?
Last time I know was when they started write something beginning with "We, the people".
It was downhill from there.
Good point. About the only time our government was helpful was when they had been oppressed. When they were actually trying to protect themselves. Since then they have been the oppressors.
Good luck doing without one. Have you ever tried living in a commune with "no government"?
Larry Niven did an interesting fictional account of this in "Cloak of Anarchy", http://www.larryniven.net/stories/cloak_of_anarchy.shtml.
Living in a commune? Isn't that about the same as living with our current "gov". I think that is how Thomas Jefferson or Benjamin Franklin would see are current system. Everybody working for the state doing nothing useful.