White House Unveils Plans For "Trusted Identities In Cyberspace"

Presto Vivace writes with news that the Obama administration's cyber-security coordinater, Howard Schmidt, yesterday unveiled a national plan for "trusted" online identities. Schmidt wrote, "The NSTIC, which is in response to one of the near term action items in the President’s Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc.) from a variety of service providers — both public and private — to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.)." You can read the full draft of the plan (PDF), and the White House is seeking public comments on it as well.

Re:A solution looking for a problem

[drinkypoo]

The problem of authenticating yourself many times to different websites is solved by OpenID.

No, it is not. If the OpenID host is compromised then the ID can be used without your permission. That's not "solved".

The inclusion of credit cards and electronic health records suggests the true motive for this policy: trying to tie people's internet identities to real life identities. Thanks, but given that the opinions I post here have already earned me 3 'foes' I'd rather not have every potential employer take a look at my Slashdot account.

There is really no good way to handle this problem because all cryptography is based on trust. Do you trust your government with the ability to forge your identity? Me neither.

Re:OpenID?

[noidentity]

I can refuse to have any dealings with a private company. The government achieves everything by the use of force. I'd much rather have the former.

Re:OpenID?

[Alsee]

It's a lot worse than you think. I just finished reading the draft. This is an effort to impose Trusted Platform Modules - globally. For those not familiar with Trusted Platform Modules, it all boils down to one simple point. Computers and other electronic devices with each have a Master Key locked inside. A master key locking and controlling operation of the device. The owner is forbidden to know or control the key locking and controlling his devices. That leads to many technically complex results, but the simple point is that you are forbidden to know "your own" master security keys. They describe all sorts of supposed benefits of the system, but the inescapable end fact is that the system is designed to secure your computer against you. The simple simple point is that if you are forbidden to know your own keys then the system is locked against you. You are denied ownership and full control of your own computers.

I made a few very hasty notes from the draft document. Many of these items should scare the shit out of everyone:

Draft page 4, blue box: Identity card for to "anonymous" bloggers, i.e. no anonymous blogs. Identity card for e-mail.

page 15 explicitly states this is based upon the Trusted Platform Module.

Page 19 lists your ELECTRIC COMPANY adopting the system and requiring you to use it to access your account. (Although the DESCRIBED usage is plausibly optional web access)

Page 22 requires new laws "establishing an enforcement mechanism" for this system. Says government services will be used to drive adoption by the public. Says government buying power will be used to drive adoption in the business sector.

Page 23 explicitly names Intellectual Property Protection as a purpose of the system.

Page 24 explicitly states that "the scope of this strategy extends beyond national boundaries". Says the US Federal government must establish programs to execute this strategy. Says the US Federal government is to focus its recourses on influencing national and international standards to carry out this strategy. "Coordinate Federal Government efforts associated with digital identities both domestically and internationally".

Page 25 "cybersecurity is becoming a matter of diplomacy, activities under the strategy intend to address the increased importance of international policy efforts. The Federal Government, by leading and coordinating national efforts, as well as collaborating on international policy efforts, can drive a unified approach to trusted digital identities". "the creation of a global trusted infrastructure" Says the government should fund research and development of these systems and transfer it to the commercial sector.
"Todays environment is driven by a global economy, with transactions occurring without regard to physical or political boundaries; the infrastructure developed under this strategy will, to the extent feasible, be interoperable among these environments, while also respecting the laws and policies of different nations."

Page 26 "The Federal Government is committed to the actions herein and will move forward as a leader, first adopter, and enabler" "The White House will select an agency and hold it accountable for coordinating the processes and organizations that will implement the Strategy".

Page 27 "All levels of Government will play a part in the adoption of the Identity Ecosystem for government services. As a major provider of services spanning individuals, private sector, and other governments, the Federal Government is positioned to enable high impact, high penetration Identity Ecosystem services."

Page 29 says the Federal Government will engage in media campaign activities to persuade the public to accept the system. (I would call it propaganda, though I have no doubt others would disagree with the use of that word.) "Success of the Identity Ecosystem depends on participation from multi-national corporations and global providers in the use of federated identities and that interoperable and scalable to internet lev

Re:OpenID?

[Alsee]

Yesterday's story Senate Panel Approves Cybersecurity Bill [slashdot.org] would give the president an emergency 'kill switch' over the Internet, but added some restrictions to the bill. The president may no longer simply assert that the threat remains indefinitely, he must now seek Congressional approval after 120 days.

There is an important connection between these two stories. The "Trusted Identities in Cyberspace" system includes something called Trusted Network Connect. Technical PDF on Trusted Network Connect. [trustedcom...ggroup.org] Once the Trusted Identities in Cyberspace system is in place (lets call it ten years as a nice round number) Trusted Network Connect is designed to selectively ban noncompliant computers from getting internet access. In the event of an "cyber attack" or internet virus the U.S. government would have the power to shut down any or all internet connections for 120 days, and then asking Congress to extend it indefinitely. The Trusted Network Connect feature means that this shutdown can, and would, be limited to locking out computers that are not secured by the Trusted Identities system. Any computer that lacked a Trusted Platform Module would be unable to connect to the internet. The effect would be a global internet lockout against noncompliant computers. Anyone who declined to "voluntarily" opt-in to the Global Trusted Identities system would be denied internet access. Any nation that declined to comply would be locked out of the internet.

If the Trusted Identities system goes forward is is only a question of how many years it will take before noncompliant computers can and will be denied access to the Global Trusted Internet.

-

Re:OpenID?

[Alsee]

Nonsense. The TPM includes a function to create public/private key pairs and store the private key on-chip with no ability to retrieve it, but this is done under the control of the owner.

False. The highest level key is the PrivEK, the Private Endorsement key. According to the TPM technical specifications this key MUST be generated my the manufacturer. The manufacture then cryptographically signs the matching PubEK (Public Endorsement key) in order to authenticate the key and the chip.

>Sealed Storage
This, too, is nonsense.

You are absolutely right that the chip has limited power. And yes, the chip does need to interact with the rest of the computer in order to implement Sealed Storage. However I was completely correct in my point that Sealed Storage is one of the primary design functions of the chip.

>Remote Attestation
Once again, this is a thing which a TPM chip simply cannot do on its own

Again, of course the chip needs to interact with the rest of the system in order to preform Remote Attestation. And again, yes, this absolutely is an explicit core design function of the chip.

>The TPM chip prohibits you from being able to read or modify YOUR OWN FILES (Sealed Storage) unless you are running precisely the approved and mandatory software and hardware dictated by other people via Remote Attestation. It turns your computer into an insane ultra-DRM system and worse.

No. No, it doesn't.

And in your logic speakers don't produce sound and hard drives don't store any files. Yes, you are "correct" in that if you don't use the speakers they don't make sound, and if you don't use a hard drive it doesn't store any files, and if you don't use a TPM it doesn't do any of the things I listed. However the primary design purpose of speakers is to produce sound, and in the most common expected operation they do produce sound. The primary design purpose of hard drives is to store files, and in the most common expected operation they do store files. The primary design purpose of TPMs is to do the things I listed, and in the most common expected operation they do the things I listed.

And all of your theoreticals about how it's possible for a TPM not to do the things I listed, your argument is moo and just plain wrong. We are discussing the article White House Unveils Plans For "Trusted Identities In Cyberspace", and the system does operate as I explained.

-