White House Unveils Plans For "Trusted Identities In Cyberspace" 202
Presto Vivace writes with news that the Obama administration's cyber-security coordinater, Howard Schmidt, yesterday unveiled a national plan for "trusted" online identities. Schmidt wrote,
"The NSTIC, which is in response to one of the near term action items in the President’s Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc.) from a variety of service providers — both public and private — to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.)."
You can read the full draft of the plan (PDF), and the White House is seeking public comments on it as well.
OpenID? (Score:5, Insightful)
One ID you can use anywhere? Sounds a lot like what the OpenID project is already trying to do. It's a nice concept, but I don't like the idea of anything like this being run by the government. Government interference with the internet seems to be the fastest way to dystopia, these days.
Yet another OpenID (Score:4, Insightful)
Trusted? (Score:4, Insightful)
Who do you Serve, and Who do you Trust
-- Galen the Technomage, B5Crusade
A solution looking for a problem (Score:5, Insightful)
The problem of authenticating yourself many times to different websites is solved by OpenID. The problem of having a secure web identity is also solved - anyone can put a public key on their homepage and sign everything they write. The inclusion of credit cards and electronic health records suggests the true motive for this policy: trying to tie people's internet identities to real life identities. Thanks, but given that the opinions I post here have already earned me 3 'foes' I'd rather not have every potential employer take a look at my Slashdot account.
Not to be paranoid but... (Score:2, Insightful)
Why not just tattoo a barcode on the back of my neck and inject and RFID tag into my left wrist and be done with it.
Who says i trust the white house? (Score:0, Insightful)
Really now... Of all the orgs i'd let have anything to do with 'trust'. The whitehouse isnt in the top thousand.
Unless it's more along the lines of ''I trust them to fuckup completely and blame someone else''.
Trust? (Score:3, Insightful)
>where individuals and organizations can complete online transactions with confidence,
>trusting the identities of each other and the identities of the infrastructure that the transaction runs on
I see, so we just hand over the keys to our online identities and trust the Federal Government instead. Right. And what if we would rather not trust them? Some of us might not want the Fed having access to everything we do. And if such a plan gains traction, you can bet that sites will jump on it and consumers won't have any choice but to use such a system or be denied access to more and more online stuff.
Re:OpenID? (Score:5, Insightful)
It's actually a little better and a little worse than what you think. They're proposing setting up a "ecosystem" of identity providers, so commercial organizations will issue identity certs with the gov't just setting the standards they all live by to interoperate, etc. On that front, that isn't as bad as it could have been.
On the other hand, there is an enormous amount of naivete in their "strategy" about how the identity providers will act. Their examples talk about having your cell phone provider be the organization that issues your identity cert for use in this system. What happens when you change providers? When I shift from Verizon to AT&T, can I move the AT&T cert to my Verizon phone? Also, am I forevermore tied to AT&T for my identity verification? What if that company goes bankrupt? What if you *want* to change identity providers? If you can change providers, what happens to the records that provider kept? What about the records that other information providers tied to the old cert? Do they keep the certificate (and therefore the ability to impersonate you online)? What happens if I lose my phone (and therefore lose my cert)?
The effort isn't completely crack-addled, but it is hopelessly naive. I think it'll fail unless it gets a big dose of reality shortly.
Re:Finally an idea from the WH that makes sense. (Score:3, Insightful)
I can think of only one way to make transactions nearly completely secure, so that malware cannot spoof or redirect payments - and I doubt our government is smart enough, or willing to pay enough, for such a system. It would require a security dongle with its own display and a yes/no button at a minimum, with a numeric keypad for PIN entry being a useful addition. Without its own display, even if it requires some sort of physical response on the dongle, malware can make the computer show one payee while telling the dongle to authorize another.
Itsatrap (Score:4, Insightful)
At fist such a system would be opt-in. Then it would gradually become mandatory in the name of fighting pedophilia (think of the children!) Then you can kiss online anonymity goodbye.
GPGAuth + OpenID + Smartcards/E-tokens. (Score:4, Insightful)
http://www.gpgauth.com/ [gpgauth.com] is a good technology. It's open and it's based around GPG. The main thing holding us back is the lack of hardware standards and lack of hardware in general. We should have the hardware in place otherwise a lot of the software will be useless.
We need better smartcards, better e-tokens. The idea of putting identity on our cellphones is stupid. Put it on a card so it can be put in your wallet or hidden if necessary. By putting it in your cellphone it's a huge target for hackers.
Not sure that reality will be very influential (Score:3, Insightful)
Quite a few problems (Score:4, Insightful)
2. I don't trust the government to not abuse this power
The government is perhaps the single most important entity to protect yourself from. If cashflows and internet security are under the government's thumb, then contaband and actions to protect yourself from the government are going to be much harder to come by. I don't want a government ID credit card, I want a closer equivalent to cash, so i can make online purchases with LESS of a paper trail.
Re:OpenID? (Score:2, Insightful)
Re:Doesn't the WH have anything better to do? (Score:3, Insightful)
Then you use your retina along with your fingerprint.
Sure identity theft is always going to be possible but it would be much harder if they had to get your retina than if they just had to memorize your digits and crack a password.
They don't need your retina. They just need whatever big integer your retina digests to.
Re:OpenID? (Score:3, Insightful)
Many people trust private industry a lot less than they trust government. At least governments come up for a public vote every so often.
Re:Envision it! (Score:5, Insightful)
Yeah, it's like having a master key that unlocks your house, your car, your office, your filing cabinet, your pot and porn stash, your firesafe, your safe deposit box, your storage unit, etc... and keeping that key on a chain around your wrist, where you'll always be sure you have it. Until someone copies it while you're sleeping, and suddenly they have access to everything.
Great... (Score:1, Insightful)
Hack once, access all
Re:A solution looking for a problem (Score:5, Insightful)
You are assuming that one of my identities is the "actual" me and that all the others are pseudonyms. I reject this view, and believe that 'selven' is an identity on equal footing with the one on my passport. People call me (insert my so-called 'real name' here) therefore I am that person. People call me 'selven' therefore I am also selven. There is nothing inherently more real about one name than the other. So if I set up a public key and start signing all of my posts, anyone who knows my public key can prove that any of my posts was in fact made by me (or with my permission). People who have an established relationship with and trust 'selven' do not need to know my other identity in order to deal with me.
Fighting the Anonymous Cowards (Score:5, Insightful)
Read this proposal for what it is: a different way to name an attempt of removing anonymity from the web.
The NSTIC, which is in response to one of the near term action items in the President's Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. ...
- I am sure this is going to be made a requirement for a site to operate at some point, add this to the 'Internet kill switch', add the Patriot Act to it, multiply by Home Land Security and don't forget to factor in the rendition, you are going to have an interesting situation.
The President will be able to shut down portions of the Internet, he will be able to identify who was saying what and when, this entire thing reeks of totalitarianism - complete control by the government over the dissemination of information and total knowledge of who was saying what on which topic plus ability to take action - shut down the dissenting portions of the web and then 'taking the necessary care' of those, who dare to oppose the government in any way, be it direct opposition to specific policies or be it simply providing information to the people that government wants to keep quiet and providing a forum to discuss this information.
Voluntary eh? (Score:4, Insightful)
Except you'll probably be required by the states (who are held hostage by federal funding) to have one to get a drivers license or benefits. This is yet another back-door attempt to institute a national ID card, except this would also happen to let the govt decrypt all your transactions.
Re:Yet another OpenID (Score:5, Insightful)
It's not even that. I'm shocked that here on Slashdot the first couple dozen posts actually take this seriously. IT'S A TRAP. This should be blatantly obvious. The entire point of this is to get rid of online anonymity, which government and legal trolls hate.
Read this post a few screens up: http://yro.slashdot.org/comments.pl?sid=1699416&cid=32702330 [slashdot.org]
I know President Obama is popular here, but everything his administration has proposed for the Internet has sinister long-term ramifications.
Eric Holder Advocated Internet "Restrictions" [slashdot.org]
The Internet "Kill Switch" [slashdot.org]
Obama's "Internet Czar" [slashdot.org]
Obama's Version of "Net Neutrality" [slashdot.org]
These plans do not exactly champion freedom and free speech. Rather, they seek to slowly erode the power of the online masses.
Re:Finally an idea from the WH that makes sense. (Score:3, Insightful)
Well, no... The idea is, your computer would open a connection between the dongle and the remote server. The connection would be both encrypted and digitally signed by the dongle, making it "impossible" for software on the computer to interfere with the contents of the connection. The dongle would show, on its built-in display, the payee account name and the payment amount, and prompt for pressing a button on the dongle itself (or PIN entry, or retina scan, or whichever). The dongle would then send a signed certificate authorizing the transaction.
This would be fairly complete security, though there are a few caveats: Strength and hardiness of the encryption and signature algorithms, hardiness of the software on the dongle, and the creation of accounts with the same name as the payee. There would be other methods of attack against the server side, but nothing that would be considered the user's fault.
This is part one of the plan.. (Score:3, Insightful)
..where the common ID is voluntary, reasonable, useful.
Part two is the law forcing all ecommerce to use the ID for taxation.
Part three is the law forcing all political discourse comment (blogs etc) to use the ID to protect the children and prevent terrorism.
Re:OpenID? (Score:2, Insightful)
Many people trust private industry a lot less than they trust government. At least governments come up for a public vote every so often.
I would trust a car dealer before I would trust a politician and I don't trust car dealers.
Cyber ID's means not having to see the liar's lips move.
"Trust and you will be trusted", said the liar to the fool.
Re:Finally an idea from the WH that makes sense. (Score:1, Insightful)
Im sorry but who pays? The goverment is playing "The Sims" with our real lives and real money. When the goverment pay,we all pay.
Living towards the future (Score:2, Insightful)
Looks like the future is coming. Fast. See this post that appeared in digg TODAY http://digg.com/tech_news/How_to_Access_the_Internet_A_Guide_from_2025 [digg.com]
So this is what the future is going to be like. First step, make this voluntarily. Then a lot of services will use this. I live in Spain, and I see this coming. Here Franco's dictatorship stablished what you're fighting against in many countries right now: a national identity card (called DNI). Our DNI is already an electronic, comes with a chip with all the information and can be read with a card reader, and contains some legally valid certificates with which you can authenticate and sign anything.
For us, this is a normal thing because we've been living having DNI for decades, and if you ask just about ANYONE, it's good. The police have our fingerprints, photos, and all data, and this way they can identify anyone, they can use the fingerprint for crime-scene-techniques like in CSI, etc.
Now the government of Spain is spending a lot of money and time trying to make people use the electronic DNI. They have a nice web page with info for developers (https://zonatic.usatudni.es/). An increasing number of websites are using https (SSL) for authentication via e-DNI (like banks), and Java Applets for signing all kind of things. For example there's a webpage (tractis) in which you can sign electronic and legally valid contracts.
You might be an optimist and think you have two choices: you can either fight against it, or use it. But really, read all above. This is not something you can easily fight against. I am an advocator for liberties, but I'm also used to having DNI, and I've surrendered. I'm helping a new political party called "Partido de Internet" (Internet Party) whose aim is to be able to have a liquid democracy in which our representatives will vote what people vote over the Internet.... using DNI-e. So yes, I'm helping the governmental machinery trying to spread the usage of electronic national identity cards. Welcome our 1984 overlords!
This is the first step. Next step will be to make its usage mandatory for every login. They're requiring everyone to secure their wifi in Germany to prevent unauthorized people from using their Web access to illegally download data. And then, probably much earlier than 2025, we'll be as bad as in the first digg link in this post. We're already living in a distopy worse than 1984 in many ways, but we see it normal because it can always get worse - and it certainly will.
Missing the Point (Score:3, Insightful)
There are two fundamental cases in which identity matters. In the first, identity matters because you want to know with whom you are dealing. For example, the bank really needs to know that the person accessing their systems is who they say they are, so that they can connect the presented identity with the requested resource without placing themselves in legal jeopardy. The ISP needs to be able to associate the incoming line with an account so that the billing is sent to the right place. In this kind of interaction, it is absolutely essential that means of securing the identity exist outside of the Internet and have legal force. But these uses are also relatively few, out of the many cases for use of identity.
In the second, you want to know that the person you are dealing with is the same person you dealt with before, but you don't really care who they are. When I log into Google to read my RSS feeds, Google doesn't really need to know who I am; Google needs to know that I am the same identity that has visited before, so that it can appropriately target ads (from its point of view) and show me the information I've asked for (from my point of view). For the most part, authenticating to computers in a work environment does not really care about who you are, so much as it cares about what you have access to. If the system thinks I'm "John Doe," but gives me access to only those resources I should have and no others, then it has succeeded at its purpose.
Most people would be reasonably happy to have the government involved in the first type of case, for the same reason most people are perfectly happy to have the government issue driver's licenses that are used as identification, or passports used as identification. Yet even in those cases, most people would probably not be happy to have all of their identity documents issued by the same level of government and used for every possible purpose. (For example, try proposing the use of Social Security cards as identification, and see what happens.) This is because people are more worried about promiscuous overuse of irrevocable identity, and the risks that entails, than they are about having multiple forms of identification. Despite the solution of many trust issues, people want the ability to refuse to get a passport, or refuse to get a driver's license, or whatever, should they so choose. The second set of cases is even more evidently none of the government's business. The government should not be involved in what I rent from the video store, what I get from the library, what I buy online and the like. They may need to collect value/volume metrics tied to me, depending on the taxation scheme in use, but that's as far as it goes.
If I trusted the government to stick to the first case, and to make a competent execution of it, then I would not have much problem with limited use of such a system, revocable at any point by the user and completely optional. But I don't trust that execution would be competent, that the government would limit its intrusions, that the government would allow revocation of an identity once issued, or that the government would keep the system optional. So frankly, this strikes me as a very, very bad idea.
Re:OpenID? (Score:3, Insightful)
"Trusted Computing" aka TC/TCG/LaGrande/NGSCB/Longhorn/Palladium/TCPA is one of the greatest threats to freedom and anonymity ever known. Read the FAQ.
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html [cam.ac.uk]
This is what the administration is talking about implementing. This will give the government a frightening amount of control & power over the internet and communications. This isn't some card you carry around, it's built right into the CPU and gives the government total control over your computer *and any information in it*.
It will control what gets published on the 'net and even provides the ability to remove all instances of a document from any computer that connects to the 'net and retroactively "unpublish" anything the government (and it's friends) don't like. No more WikiLeaks.
Once fully implemented, unless the computer you use has this chip enabled & linked to an identity, your ISP's routers won't let you connect. It will allow control over what software may be installed. Forget linux and other F/OSS software and systems getting certified, at least at costs (in both financial terms and in freedom/security) an F/OSS project could reasonably afford or tolerate.
This is a wet-dream for governments wanting to control people & information, and their multinational corporate friends.
Strat
Re:OpenID? (Score:3, Insightful)
Do you have a credit card ...with a chip inside?.
No, actually, I dont. I chose not to, and thats fine because its optional. Big difference.
Re:OpenID? (Score:4, Insightful)
It's not nearly as scary as you make it out to be.
I have studied the technical specifications of this. Yes, it is what I described and more. Either you don't know the Trust system very well or you and I have extremely different ideas about what is good vs what is scary.
The Trusted Platform Module (TPM) has three primary functions. #1 is to hold the master keys locked away specifically secure against the owner himself. #2 is called Sealed Storage, this encrypts files on the computer and again specifically secured against the owner being able to read or modify his own files except under the strict control and permission of the TPM chip. #3 is called Remote Attestation, this means that the TPM chip keeps a spy log of the hardware and software on your computer specifically for the purpose of sending this log out to remote parties over the internet, and again this spy log is specifically designed to be secure against any control or modification by the owner.
The TPM chip prohibits you from being able to read or modify YOUR OWN FILES (Sealed Storage) unless you are running precisely the approved and mandatory software and hardware dictated by other people via Remote Attestation. It turns your computer into an insane ultra-DRM system and worse.
The way Trusted Network Connect works, or any Trust-based software over the internet, the first thing that happens is you get tested for having a TPM chip. If your computer doesn't have a TPM then the connection is denied. If do you have a Trust chip but you didn't "opt-in" and turn it on, again the connection is denied. The next step is the Remote Attestation check. If you are not running a specifically approved operating system you again fail the check and are again denied a connection. This also check that you are running a specifically approved BIOS and an approved bootloader and that all of your drivers are approved. If any of this software has not been specifically approved then you fail the Trust test and again your connection is rejected. If you have attempted to modify any of the system software, or if you are not up to date with all mandatory patches, again you fail the Trust test and again your connection is denied. It then checks exactly what applications you are running (and what you are forbidden to run). For example your ISP could mandate that you be running a specific approved virus scanner and firewall. If you're not, or if you have attempted to modify them, you fail the check and your connection is denied. Or if you are connecting to any sort of music or video site it can enforce that you're running specific uber-DRM software. If you connect to a general website it can check that you have an approved webbrowser and check that you're not doing any sort of ad blocking. And again if you fail the check the connection is denied. And your files get locked under Sealed Storage that enforce all of these same things even when you're offline. If cannot access the Sealed files unless you are not running an exact unmodified approved operating system with the exact unmodified drivers and exact unmodified software (and that you're NOT running any prohibited software).
It is an ultimate remote ownership of your computer. You get locked out of the entire Trust system and get locked out of your own files and nothing works unless you are running an approved unmodified operating system with approved unmodified software. This chip denies you access or control of your own files if you attempt to modify any of the software or if you attempt to use other software of your own design or your own choice.
The way they sell it to the public is as a "security system". Trusted Network Connect is advertised as preventing virus infected (or virus vulnerable) computers from getting onto a network and causing damage. If you aren't running an approved operating system, or if you are running custom software, then Trusted Network Connect cannot validate that your computer is uninfected. If you fail the Trust checks then your computer gets "quarantined", denied network access, until you "fix" your computer to match the specific known approved virus-free configuration.
-