Identity As the Great Enabler

New submitter steve_torquay writes: Last week, President Obama signed a new Executive Order calling for "all agencies making personal data accessible to citizens through digital applications" to "require the use of multiple factors of authentication and an effective identity proofing process." This does not necessarily imply that the government will issue online credentials to all U.S. residents.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is working towards a distributed identity ecosystem that facilitates authentication and authorization without compromising privacy. NSTIC points out that this is a great opportunity to leverage the technology to enable a wide array of new citizen-facing digital services while reducing costs and hassles for individuals and government agencies alike.

Done right it's a great idea...

[NicBenjamin]

It would be great if you could more easily and securely access more of your tax records, or your Social Security benefits statement. This would also greatly improve things like government contracting.

OTOH, if the system is hackable then you could easily lose all your data to some guy on another continent.

Which would be a bad thing.

Re:Done right it's a great idea...

[Weirsbaski]

OTOH, if the system is hackable then you could easily lose all your data to some guy on another continent.

I resent that- they're perfectly capable of losing our data to some guy on this continent, too.

Let me guess, it will be based on your SSN

[schwit1]

Any solution that comes from bureaucrats should be immediately discounted.

I suspect it will be too easy to compromise, inflexible and require antiquated, proprietary technology.

first four words

[raymorris]

Done right,

Didn't read the first four words of the summary, eh?

My career has been in internet security. I now work for a government agency where we teach cyber security to other government workers. I can assure you, it won't be done right.

Re:first four words

[sumdumass]

Is that because you are the instructor? I jest.. seriously I was joking because it was wide open with the wording you used.

However, you are probably 100% correct. I did the networking and IT for a local county government for a number of years in the past. It was unbelievable that you could give instructions and before the day was out, have them completely ignored by people who thought they knew better.

For instance, we had a server in another location connected to the main building by T1. The T1 line was scheduled to go down due to something in the nightly backups causing it to disconnect. It didn't actually disconnect but something threw a switch on one of the line cards that caused it to go into a monitor mode which halted communications. Taking it offline was to monitor what was actually being sent when it happened and check the commands the backup process was using to see exactly what and where it was happening with Ethereal (yes before it became wireshark). From the telecom point of view, when they tapped in to monitor the status of the link, it started working. Turns out, a flaky line card started interpreting traffic as commands after it was in constant use for a certain amount of time and it went into this monitor mode sort of by default after if was issues invalid commands enough to fill the buffer.

Well, long story short, both offices used servers in each other office so we told them they would not be accessible, what drives they couldn't save to instead, and so on. One office got their entire internet through the T1 from the other office. Not more than 30 minutes after the meeting and informing everyone and 10 minutes after taking the T1 off line, I started getting calls that things were blowing up all over both offices. Stopping what I was doing to check it out, it was all shit that they couldn't access on the other servers that we just told them they couldn't access. One of the more persistent calls was about not having internet access after just being told they would lose internet access for about an hour. We had to run our tests twice because someone in the other building decided to unplug and "reset" the Adtran DSU/CSU unit because it works when their internet at home goes out (someone thought it was a cable modem or something).

Granted these were county employees. But I do not expect it to be much different with any other government entity. Nice people, but their day was pretty much drone work and they couldn't seem to deviate even after being told they would have to. It would have been nice if the county would have approved the overtime to do this after hours but for some reason it was cheaper to pay an entire workforce to do nothing for a few hours than a few telecom employees and one IT contract employee overtime.

Re:Oh'Bummer

[sumdumass]

You obviously weren't around for Carter or capable of reading about history.

Nixon was better than Carter- even on liberal policies implemented ffs. And I think we can all agree that both shrubs and the actor was better than Nixon.

Re:Executive Orders

[CaptQuark]

The USA is a representative democracy, run by politicians who were voted into office by people who slept through civics class. {/sarcasm}

What are all these 'Executive Orders'?

That question could have been answered faster with a Google search than it took you to type it.

Is the USA a dictatorship run by the President, or a democracy run by Congress, or a schizophrenic mixup?

That is a much more open-ended question and you will find all sorts of theories on the inter-tubes that will attempt to sway you to their particular world view. Good luck making sense of the cacophony of opinions you will find.


The short answer: This Executive Order is instructions to the executive branch (people that work for him) to ask for more secure forms of ID before giving them money or personal information.