US Gov't To Issue Secure Online IDs

Hugh Pickens DOT Com writes "Tom Groenfeldt reports in Forbes that the U.S. Postal Service has awarded a contract to SecureKey to implement the Federal Cloud Credential Exchange (FCXX) designed to enable individuals to securely access online services at multiple federal agencies — such as health benefits, student loan information, and retirement benefit information — without the need to use a different password or other digital identification for each service. SecureKey already operates a trusted identity service in Canada using identification keys provided by one of five participating Canadian banks. It allows Canadians to connect with 120 government programs online with no additional user names or passwords for everything from benefits queries to fishing licenses. The SecureKey program is designed to connect identity providers — such as banks, governments, healthcare organizations, and others — with consumers' favorite online services though a cloud-based broker service. The platform allows identity providers and online services to integrate once, reducing the integration and business complexity otherwise incurred in establishing many-to-many relationships."

Super Timing

[mtrachtenberg]

The United States government has never had better timing! I'd sign up now, but I figure you guys have got it covered already, OK?

Re:Super Timing

[Jeremiah+Cornelius]

Read as: "License to use the Internet".

Pretty fucking clever. Soon, you won't be able to get a stock-quote or the latest XKCD without this thing - much less, send an email.

Re:Super Timing

[drakaan]

Plus, it makes identity theft that much more convenient!~

Re:Super Timing

[RelaxedTension]

The NSA wants to streamline it's work with a single foreign key...

Re:Super Timing

[Nrrqshrr]

A single key for the Lord Obama, in the land of the NSA where the shadows lie. One Key to rule them all, one Key to find them. One Key to bring them all, and in the darkness bind them.

Re:Super Timing

at least if it were a sign on we could end trolls

We'll all miss you.

Re:Super Timing

[FuzzNugget]

I was just thinking... a single set of credentials for every online service, what could possibly go wrong?

Re:Super Timing

[Beardo+the+Bearded]

I was just thinking... a single set of credentials for every online service, what could possibly go wrong?

... created by the government and sent to the lowest bidder on a system with no accountability for failure.

We'll be lucky if the oxygen tanks work properly.

Re:Super Timing

[Jeremiah+Cornelius]

As a partial Briton, TV licences are a bad analogy. They subsidise state-funded production and broadcasts.

This is more like a public-speaking licence, or a printing-press licence.

Re:Super Timing

why would we read it as that?

Because of past history, the government has been trying to force a national ID on everyone since at least the early 2000's. Remember the Real ID Act?

coming up for a single sign in is good efficiency, and cost savings.

It might be good efficiency, but having a single log in for everything is the absolute worst security model you can have. It would only take one web site infected by malware to compromised your entire online presence. Even us old timers know that you don't put all your eggs in one basket.

Re:Super Timing

[lightknight]

It's cool, they're going to beta it with a key with a chip in it, but by the time the public uses it, it'll just be a barcode that they stamp on your forehead or right hand.

Kind of looks like three sixes, but I'm sure that's just a coincidence.

Re:Super Timing

[tlambert]

why would we read it as that?

Because of past history, the government has been trying to force a national ID on everyone since at least the early 2000's. Remember the Real ID Act?

FWIW, This is precisely how I read the idea that you'd have a single ID card that would be used with all online services.

Re:Super Timing

[alexgieg]

It's for Government Programs, and it's free to the user.

In that I (will) envy you. Here in Brazil a single sign-on smart card for government services valid for 3 years costs between $100 and $200...

Re:Super Timing

[Curunir_wolf]

...and it's free to the user.

Nothing is ever "free". Don't ever forget that.

Since the NSA grabs everything anyways, at least if it were a sign on we could end trolls and harassment online.

So does active moderation. In this case, it will be government doing the moderation. You trust your government, don't you? Don't call it "censorship" - it's "moderation".

Re:Super Timing

[Opportunist]

Dude, you can't expect the NSA to grab every different set of creds you use somewhere, they have other things to do, too, ya know?

Re:Super Timing

[Opportunist]

We'll stamp a 1638 to your forehead if it comforts you in any way.

Hey, we're flexible with our bases!

Government Efficiency

[rijrunner]

And the really wonderful thing is that they have already used your facebook password and profile as well as your google info to prefill in all your forms..

Future Mandatory Requirement

[cosm]

How long until these become mandatory for all websites. Here's how I could see this going down:

- First, all major government websites require usage of this.
- As more and more brick-and-mortal government offices close, more and more people start using the id.
- VISA, MasterCard, et al begin requiring these for all online banking.
- Taxable web transactions somehow get tied by law to having to use these.
- Soon, ISPs require you to log in with it periodically, (remember AOL internet 'sessions'?)
- All utilities, bills and such paid online start requiring it.
- Social networks require it for 'think of the children' safety.

...Tinfoil futures are a sure bet....we're losing the internet right in front of our faces.

Re:Future Mandatory Requirement

[TheNarrator]

You just have to send your id in the bottom 64 bits of your ipv6 address to access the internet. Why make the address space so large unless you were going to stuff authentication credentials into every packet? Then they could easily just turn you off whenever necessary.

Better Acronym

[PincushionMan]

What a terrible acronym! How are we supposed to say FCXX anyway?

So, I came up with a better one for them:
Federal User Credential Keyfob (for Your Online Utopia)

Re:Better Acronym

[Em+Adespoton]

What a terrible acronym! How are we supposed to say FCXX anyway?

So, I came up with a better one for them:

Federal User Credential Keyfob (for Your Online Utopia)

In Capitalist America, government FCXX you?

Why banks and healthcare providers?

[jdigriz]

WTF are private organizations allowed to issue identities for? Government IDs may be a hassle, but they're the ones with the vested interest in keeping track of people. We don't permit Walmart to issue driver's licenses or passports. We already have a mess with the private CAs on the Internet. Do it once, do it right and keep a monopoly on it. IDs and currency are Government's job! If the Treasury had issued decent ecash, Bitcoin wouldn't have a market and Credit Card Companies wouldn't be adding their 2.9% inflation to every purchase. If the Gov't were to do this right, with closed-loop verification necessary for anybody to do anything with your Identity, and if it were secure it would be a great boon. No more having to notify 42 entities of your change-of-address. Change it once at the Identity agency, and it's changed everywhere. I really doubt they'll manage to get it right though. No, I don't work for the Government. I'm just a guy who hates constantly giving and updating contact info.

SSN, please

[Tokolosh]

This is how social security numbers started.

Re:Brilliant!

Posting AC because I worked on this proposal for one of the seven other candidates for this bid.

The oversight/selection committee for this consisted of people from GSA, NIST, and several other agencies. Speaking as a privacy/security nut myself, I can say their requirements were very privacy-friendly.

This system is intended to allow people to use third-party authentication mechanisms (provided by Equifax, etc.) to access government systems. The kicker is that neither side is allowed to know who the other side is. The FCCX is intended to be an anonymizer-like service to completely disassociate the public information from the federal systems.

Regardless of what some other agencies are doing (illegally, immorally, etc.), these guys were really striving - at least in the RFQ/RFP - to do it the right way.

Yes.

[goodmanj]

Identity verification should be a core function of a national government. This can be done right: by creating an agency that does not aggregate data, and serves no other function than to confirm that you are who you say you are when you ask it to. With proper use of two-factor keys and public cryptography, this agency can make data aggregation very difficult: your bank would know you by a different ID# than your cell phone provider, and neither would need to know your name or social security number.

It's true that a corrupt government can do identity verification very badly, turning it into a panopticon. But corporations don't have the longevity, security, or nationwide reach to be able to do the job well, and a corrupt government can simply force corporations to hand over identity data. So in the worst case scenario, identity verification by corporation is no better than by government. And having no centralized authority at all doesn't work either: the fragmentary system we use now is easy to aggregate, and its resistance to identity theft is only as strong as its weakest link -- which is typically very, very weak.

With identity verification managed by government, we can at least use electoral pressure to hold the identity agency responsible for its actions, and fight corruption within it. If it's managed by anyone else, we have no control over it at all.

Re:Yes.

[bitingduck]

The best you can ever really do with a piece of ID is verify that the person carrying it is the person you gave it to. That's not the same thing at all as confirmation that "you are who you say you are".

People go on these kicks over ID thinking "if only we know who everyone is, nothing bad can happen, and we can trace it if it does". There will always be ways around the system where people can end up with multiple IDs, or where people's ID can be corrupted. Then you end up with good people with bad papers, bad people with good papers, and a bureaucracy in denial that such things can happen. Thinking national ID that you have to use for everything will fix anything is about like demanding that malicious software set the evil bit on malicious packets.

Letting government be responsible for all ID verification and proliferating it nearly universally is a bad thing. Anonymity is a good thing for democracy, despite its many down sides.

Re:Yes.

[EmperorArthur]

Agreed. I would love it if my drivers license was a smart card. Provided that it's initialized properly so the private key never leaves the card. The corporation could then act as a gpg keyserver. If everyone had easy to use public key cryptography, I'd call that a win.

For people who keep talking about all businesses requiring it, have you looked at how the US does SSN. For non US readers, every American citizen is assigned a number at birth, or trying to work, etc.... Congress practically shouted that this number was not to be used for anything else. Take a guess how well that worked out. Identity theft in the US basically boils down to knowing someones name and SSN. The problem is EVERYONE NEEDS YOUR SSN. Hell, a Social Security card can be used in conjunction with a drivers license to prove US citizenship. I kid you not, since most people in the US don't have passports that's what they use. The card just has a name and a number on it. It never expires. Hell, because it's normally issued at birth there isn't even a photo.

Now, back on topic. There are quite a few ways for this electronic ID to go bad. The most obvious is if the government or corporation has copies of the private keys. If so, then the system is useless. Another is if the government logged every authentication request. That's pretty easy for them to do.

Re:Yes.

[bitingduck]

This is getting a little existential, but I don't see the difference. The bank needs to verify that the person standing before them is the same as the person who deposited $500 yesterday, Visa needs to verify that the person buying these new shoes is the same as the person who's faithfully paid their bill every month. And when it comes down to it, that's *all* they need to know.

Which is fine when it's just your bank trying to validate that you're the person that gave them the $500. They give you an ID, you show them the ID when you give them the money, then when you show them the ID again you get the money back. I prefer to have my bank supply the ID there.

But the federal government has already been trying to go way beyond that with ID. HSPD-12 was a directive signed by Bush II to issue a common secure ID to all gov't employees and contractors. If you read it that's all it says. By the time it was implemented it included significant background investigations - for employees in "low risk" positions it's about the same as a confidential clearance, but for many people (many of whom are not gov't employees, and had already been checked by their own employers to reasoable standards) it amounts to a secret clearance. When first imposed, the background check could look at things like sexual orientation, medical history, and all sorts of other things irrelevant to determining ID. One thing it *didn't* do effectively is verify that the person whose background was being investigated was the person getting the ID-- it isn't that hard to spoof. There were some cases that got a lot of publicity a few years before it was imposed where some people in Detroit spoofed the system and got a Top Secret clearance for someone who had fraudulantly become a citizen and based on a whole bunch of scam. That's an example of bad people with good papers. And no matter how good your system is, you'll still get them. But the more complicated and obfuscated it is, the more the bureaucrats will think the system is infallible.

Good lord, that's not my goal. I just want to reduce the number of people who can access, collate, and steal my identity data by giving the keys to it to an institution with the power and expertise to keep them safe, and powerful enough that it could take my information from anyone else anyway. If you've got to lend your lunch money to somebody, give it to the biggest bully in school: maybe he'll return it, maybe not, but nobody else is going to take it from him.

That's not *your* goal, but it is the goal of many of the people pushing for a universal federally issued ID. It's a means of controlling access, not in the sense that you want of "verify me so only I can get into my things", but in the sense of "we can track you anywhere and deny you anything we want by invalidating your ID". And giving your money to the biggest bully isn't a good idea-- you want to set up a system where whoever you gave your money to has just as much (or more) to lose by losing your money or visibly refusing to give it back to you as you do by losing the money.

Re:Yes.

[goodmanj]

If the bank where I keep a small account for local bills is compromised, I have a hassle with that account until it's sorted out.

That's not what happens, though. More likely, the attackers clean out that account, then use the SS#, birthdate, mother's maiden name and address info the bank was storing to compromise your Gmail, your credit card, your mutual fund account, and worst of all your Slashdot ID. Then you spend $10,000 proving to each of these organization that you're really you. And the problems can go on for months, since that identifying data's still out there and you can't change any of it.

With a well-designed 2-factor national ID system, an attack on my bank can't spread beyond the bank. To get everything I have, the bad guys need to attack either me or the ID agency. If they mug me, take my RSA token and beat me up until I hand over my PIN, I immediately haul my bruised ass down to the post office and go through an annoyingly throrough identity test, and the post office gives me a new token and PIN. The ID agency revokes my compromised key and informs my bank, credit card, and Slashdot that the account was compromised.

If the attackers successfully compromise the ID agency, it's a national emergency, and *everyone's* ID needs to be replaced. You won't have to spend time and money convincing your bank that you're you, because everyone's in the same boat. And since ID compromise is a national disaster, we as a nation can spend a *LOT* of money to ensure sure that never happens. Much more effective than trying to lock down every bank and news for nerds website in the country.

Re:Yes.

[bitingduck]

then use the SS#, birthdate, mother's maiden name and address info the bank was storing to compromise your

The federal government already lost control of that information, and more, for me and tens of thousands of others when a laptop (that should have never had that information on it) was stolen from a car in DC. I don't expect them to do a whole lot better with authentication keys.

And what's included in that annoyingly thorough identity test at the post office? SSN, birthdate, mothers maiden name, last 3 addresses, etc. All the information that gets stolen already anyway-- so the TFA is a convenience, but it's subject to the same sort of attacks that ID is already subject to. You can go on a two month european vacation and I can go to the post office, pretend to be you with all the information I stole, get your key revoked (leaving you kind of SOL when it comes to paying for your hotel and food, and making your re-entry into the country really fun), and get a new token and clean out your accounts. You can mitigate it to some extent with biometrics like fingerprints on the token, but I could limit my attacks to people like potters and bricklayers who wear theirs off and go in with the same blank fingers they have. And if I'm a mugger taking your token and know you need prints for authentication to revoke it, I just have to mangle your fingers. That gives me more time to clean you out while you try to prove you're really you.

These are just a few random attacks that took a few seconds to think of- someone clever with a lot of time can do much better. Things like this always seem to work great when you plan them out, but there are always exceptional cases that you have to deal with that nobody anticipated. An example of another hole in many of the ID systems is the US Passport-- when it comes down to it, all you need is another US citizen to vouch for you to get one. I know someone who grew up in NYC, never had a drivers license, no birth certificate, parents dead, had very little paper trail despite being a visible small business owner for decades, and he ended up having to get someone who'd known him for most of those decades to vouch for him when he finally needed a passport in his 40's. At the end of the day, any system comes down to the weakest link, and it will likely end up being some gaping hole like that.

And suppose I build a quantum computer and start factoring big numbers easily? Now we have your national emergency because we put all our eggs in one basket and created an awesome single point failure for authentication.

Re:Yes.

[bitingduck]

Identity theft in the US basically boils down to knowing someones name and SSN. The problem is EVERYONE NEEDS YOUR SSN. Hell, a Social Security card can be used in conjunction with a drivers license to prove US citizenship. I kid you not, since most people in the US don't have passports that's what they use.

And fortunately everyone pretty has pretty much accepted that the SSN as ID is compromised and acts more or less accordingly. You need to at least go down to MacArthur Park and get a fake driver's license or green card in addition.

I still laugh at people when they as for the SS card-- when I got mine decades ago it was a cheap piece of heavy paper, not difficult to forge even then, with a number and a place for my signature. It said explicitly on it something like "this is not identification". As you point out, it doesn't have any of the characteristics of a piece of identification-- there's no way to verify that the person using it is the person it was issued to, and it was easily faked. It also either had printed on it or came with a piece of paper that said something like "this card is useless for pretty much anything. remember the number and stick the card in a safe place in case you forget". I stuck it somewhere safe and no longer remember where it is, though I think it's intact. Colleges used SSN as your ID number up until at least the 80's (my undergrad ID number was my SSN plus an extra check digit, I think my grad school switched when I was in grad school in the 90's). It's a relatively recent phenomenon that people started treated knowledge of SSN as verification that you're the person it belonged with, and accelerated with the post 9/11 ID craze.

Re:Probably not for NSA

[AHuxley]

Re: bypass the FISA courts.
Thats the idea of the 'cloud' vision - every system on the same network with an understanding of how to get the data out in realtime.
Where the NSA seemed to have problems is the need for some legal domestic front cover e.g. FBI to be the name on their pipe.
With a system like this, so many groups get legal data, the NSA will never have to wait, be dependant on one stream again.
ie privacy will work both ways - nobody will really know who is getting the data 'out' just that the "credential management" worked. It seems to be a new vision of an older idea https://en.wikipedia.org/wiki/Prosecutor's_Management_Information_System
More at http://www.wired.com/wired/archive/1.01/inslaw.html?topic=&topic_set=
http://consortiumnews.com/2013/07/11/prisms-controversial-forerunner/
Welcome to a very legal https://en.wikipedia.org/wiki/Main_Core

Re:Brilliant!

Same AC.

Depends on the site and the level of authentication required. INS will have a different requirement than the IRS, for instance. Different identification services will use varying levels of identification for enrollment, and FCCX will pass on the level of assurance to the relying party. It's a complex system. I don't know how the bid winners will handle the back end, but there's a lot of new tech that needs to be developed. (How do you give data to two parties without telling each who the other is, when you're not supposed to know the content of the message? Not an easy problem.)

Looks like RMS was right...

[karlandtanya]

http://www.gnu.org/philosophy/right-to-read.html

Once your extreme views become fact, you're no longer a crackpot.

Pork

[Princeofcups]

So which major defense contractor has the multibillion dollar contract to implement this? I won't worry. It'll get over budget and behind schedule so fast (due to no actual work being done) that it will be axed before anywhere near completion.

Re:Two words

[Cajun+Hell]

You missed his point. He's saying people did vote for Democrats and now we are totally fucked, because there are never any serious Republican candidates. If only someone would run against the Democrats, things could (maybe possibly if we're both really lucky and really try hard) get better. But since the Republicans have abandoned the country, the kind of people who limit themselves to voting R-or-D (users of the "lesser of two evils" strategy) have no choice but to vote Democrat. (Now, we might not respect people who use that strategy, but you can't deny they are a majority of voters, hold most of the power, and that political campaigns must take them into account as pretty much the prime consideration.)

The Democrats are withdrawing their support for America too, just not as rapidly as the Republicans, so the Democrats win by default.

And that's exactly what happened in the 2008 and 2012 presidential elections. (Also 2004, but the situation was reversed.) Take a look. Who ran against Obama? Nobody serious, that's who. The R's whole crop was just a bunch of characters written by The Daily Show for comedic value, rather than being actual people. The Republicans gave the office to Obama, by not putting forth any candidates (well, they did put forth two of them (Paul and Johnson in 2012, for example), but then the registered Republican voters squashed them both in the primaries).

Maybe it's not a matter of "vote Democrat." Maybe it's a matter of every single American needing to register as a Republican, and fucking voting in the primaries so that we can have a real presidential election some day. Because until American becomes willing to vote third party, we're going to continue to have R or D people. So why not get some real politicians onto those two ballot slots?