Forgot your password?
typodupeerror
Privacy Government Security United States Your Rights Online

White House To Drop Details of Cyber ID On Tax Day 276

Posted by timothy
from the who-goes-there-seriously-who-goes-there dept.
BeatTheChip writes "Dept. of Commerce Scry. Gary Locke plans to release solidified details of the National Strategy for Trusted Identities in Cyberspace [NSTIC] program starting 11 AM on Tax Day. Technologies and new policies will be demonstrated and discussed to attending press. NSTIC, a federal cyber identity program, drew criticisms earlier this year on initial announcement for similarities to a national identity program. It was deemed 'Real ID for the Internet' by some privacy and civil liberty organizations. NSTIC is a national online authentication program for public use under the oversight of the Dept. of Homeland Security."
This discussion has been archived. No new comments can be posted.

White House To Drop Details of Cyber ID On Tax Day

Comments Filter:
  • Connection Error (Score:5, Insightful)

    by elrous0 (869638) * on Thursday April 14, 2011 @02:49PM (#35821310)

    Sorry citizen, in compliance with U.S. law, Comcast Cable Broadband now requires that all subscribers identify themselves by their U.S. Internet Identification Number before accessing internet content. Please contact your local office of the Federal Bureau of Investigation (FBI) for more information on how to obtain your U.S. Internet Identification Number. And thank you for choosing Comcast as your broadband provider!


    • disclaimer: I am not a US citizen

      What scares me infinitely more than giving my ID to a government institution for obtaining a service (drivers license, Liqour store, etc), is the fact that the public sector will be charged with creating a secure, robust, dependable system. It would seem like an absolute blessing for one with questionable morals to be able to steal identities, obtaining records for advert purposes, etc


      I don't think they could do it successfully....
      • by Toe, The (545098) on Thursday April 14, 2011 @03:03PM (#35821458)

        Sigh. Yeah, let's just use people's Facebook identity as their trusted ID.
        I can't think of a single reason why that might not be a superb idea.

        P.S. Oh, hey! Let's also let the voting machines be designed by the private sector, in closed source on Windows. That can't possibly be a problem, right?

        • Yes, that's not so great either... however,letting DHS be your authentication source for your social networking comments isn't at all chilling.
      • Re: (Score:2, Interesting)

        by blair1q (305137)

        the public sector will be charged with creating a secure, robust, dependable system.

        You think the NSA isn't public sector? CIA? NASA? the Military? DARPA? the FAA?

        The only reason we have anything resembling a concept of "secure, robust, dependable system" is because the government invented it.

        Left to its own devices, private industry doesn't give two shits about your privacy, security, safety, or the reliabiltiy of its products. If I trust anyone not to be hacking the system to give themselves an instant advantage and access to steal my money, it's the government itself. They already hav

      • by WorBlux (1751716)

        disclaimer: I am not a US citizen

        Nobody is really. In fides non ficta.

      • by pla (258480)
        is the fact that the public sector will be charged with creating a secure, robust, dependable system.

        Hah! You did see in the summary where it said this baby comes from the security-geniuses at the TSA?

        I at least trust the private sector to implement it as well as necessary to make a buck; The TSA doesn't even have that requirement.
    • Welcome (Score:5, Insightful)

      by xMrFishx (1956084) on Thursday April 14, 2011 @02:57PM (#35821406)
      Welcome to City 17. You have chosen or been chosen to relocate to one of our finest remaining urban centres...
    • by blair1q (305137)

      From the NIST NSTIC [nist.gov] link in TFA:

      # Private: This new "identity ecosystem" protects your privacy. Credentials share only the amount of personal information necessary for the transaction. You control what personal information is released, and can ensure that your data is not centralized among service providers.
      # Voluntary: The identity ecosystem is voluntary. You will still be able to surf the Web, write a blog, participate in an online discussion, and post comments to a wiki anonymously or using a pseudonym. You would choose when to use your trusted ID. When you want stronger identity protection, you use your credential, enabling higher levels of trust and security.

      • by majestic_twelve (2034368) on Thursday April 14, 2011 @03:19PM (#35821682)
        It will be voluntary until businesses only accept transactions associated with this ID and, like EULA's which are also completely voluntary, people will simply "agree" and go along with it so they can watch their porn, buy their Amazon merchandise, or whatever have you.
      • by penguinman1337 (1792086) on Thursday April 14, 2011 @03:20PM (#35821704)
        Yeah, right. According to Uncle Sam, SSNs are also voluntary. And while it may be voluntary according to the government, what's to prevent ISPs from requiring it for internet access?

        And how is this private? Sure, it might just share enough info to complete a transaction on any specific site, but what's to prevent the administrator of the program (in this case the highly trustworthy US government) from using it to track citizens who happen to be doing things they don't approve of? For example, making a donation to a group that has contrary views to said government (for example, if I decided to donate to the American Communist Party.)
        • by blair1q (305137)

          The government has more than one legal definition of "voluntary". If you literally never want to work a taxable job and never want any SSA benefits, you never need an SSN. But if you want to do those things, you have to "volunteer" your information to get the SSN. They don't solicit you for it.

          Same deal with the entire tax system being "voluntary" not because you can choose not to pay, but because you are on your own recognizance to do the reporting of what you earned and spent, and for making up any sho

          • That's not exactly true. If you have a kid, and you want to count them as a deduction, they have to have a SSN. At that point, the kid in question has no say in things. May not even be able to say things, yet. So, if this kid grows up and wants to opt out, it's too late.
      • This new "identity ecosystem" protects your privacy...tee hee
        Credentials share only the amount of personal information necessary for the transaction...hahaha
        You control what personal information is released...lolololol
        and can ensure that your data is not centralized among service providers...HAHAHAHAHAHAHA
        The identity ecosystem is voluntary (FOR NOW)...lolhahalolhahalol!!1!

        From the article:

        People and institutions could have more trust online because all participating service providers will have agreed to consistent standards for identification, authentication, security, and privacy.

        I think I just passed out. I mean seriously, when does this stuff ever stop where it is supposed to? How long

        • I guess I am just getting jaded in my old age.

          But you're happy. That's all that matters....

      • And how long will it take every website on the net to require the highest level of security to allow you access? 6 months? a year? Are you really so naive to think that and ID that is this easy to obtain, with a value that's almost incalculable when it comes to tracking isn't going to become a universal requirement as soon as it's available?
        • by blair1q (305137)

          How many of them require positive ID now?

          Only banking sites have anything like security processes, generally consisting of testing another bank account which you presumably opened in person, or recursively so. Any other type of site just checks that you have an email address you personally access, to ensure you're not a bot (that's too simple to receive email and click on a link in it).

          Why would "every" site suddenly start requiring an advanced form of identity checking?

          And why wouldn't some sites expressl

      • From the NIST NSTIC [nist.gov] link in TFA:

        # Voluntary: The identity ecosystem is voluntary. You will still be able to surf the Web, write a blog, participate in an online discussion, and post comments to a wiki anonymously or using a pseudonym. You would choose when to use your trusted ID. When you want stronger identity protection, you use your credential, enabling higher levels of trust and security.

        Yeah...I trust the government's statements about privacy and security just about as much as I trust anything Blogger Bob [tsa.gov] says: not at all.

  • Requires TPM (Score:5, Interesting)

    by GameboyRMH (1153867) <gameboyrmh@gmail. c o m> on Thursday April 14, 2011 @02:54PM (#35821364) Journal

    Without TPM this idea is a joke. I think you can see where this is going.

    • by scourfish (573542)
      I'm pretty sure that a national internet ID system would be a joke even if it included some sort of tire pressure monitoring
  • by kevinNCSU (1531307) on Thursday April 14, 2011 @02:55PM (#35821372)
    Federal Tax filing date is April 18th this year, not the 15th.
  • Nobody asked for, or needs this expect maybe the government wanting track citizens and content companies wanting to track "pirates."

    • by Toe, The (545098)

      Government and corporations... that's everyone who matters, isn't it?

  • by penguinman1337 (1792086) on Thursday April 14, 2011 @02:56PM (#35821394)
    I am honestly afraid that this is basically going to turn into an internet driver's license. Imagine if you were required to get government approval in order to read a book? This violates all kinds of freedom of speech provisions. I'll wait to see the details before I make a final judgement, but I much prefer being able to remain effectively anonymous online.
  • Drop? As in get rid of, lose, no longer keep?

    Is this another US/Everyone else language fail, like "Let's table this idea"?

    • by mcmonkey (96054)

      This is someone looking entirely uncool by trying to look cool.

      It's drop, as in a Hip Hop artist referring to an album release date as when it's going to drop.

      Unfortunately, it only works in the context of a Hip Hop artist releasing an album. In any other context, it reads as, "I'm only this white because the sun doesn't reach my mom's basement."

      • by gfreeman (456642)

        It's drop, as in a Hip Hop artist referring to an album release date as when it's going to drop.

        Thank you. I can now look cool if I ever become a Hip Hop artist and decide to release^H^H^H^H^H^H^H drop an album.

    • by biek (1946790)
      It's slang, much like your awful use of "fail."
  • With this system in place, they will know the identity of everyone who posts online, except of course those who have hacked the system so as to appear as someone else. Once this system is in place it will be much easier for the government to gain convictions when crimes are commited. Of course, we will never know how many of the people convicted are the actual criminals, rather than just a victim of a hacker who chose their identity at random.
    • by blair1q (305137)

      Of course, we will never know how many of the people convicted are the actual criminals, rather than just a victim of a hacker who chose their identity at random.

      If it's possible to hack an identity, and it's possible to show that it's possible to hack an identity, then the system is mooted and the conviction based on the system is invalid.

      • It will be possible to hack an identity. Whether it will be possible to convince a jury that your identity was hacked is another matter altogether.
        There are other problems with this system as well. What happens when the system says that you are not you? Not that someone else is you, just that you are not you?
      • Of course, we will never know how many of the people convicted are the actual criminals, rather than just a victim of a hacker who chose their identity at random.

        If it's possible to hack an identity, and it's possible to show that it's possible to hack an identity, then the system is mooted and the conviction based on the system is invalid.

        Possibly. Of course, if you take the situation with regards to DUIs, it's illegal in some states (California, I believe) for a defense attorney to even bring up the subject that a breathalyzer is anything but one hundred percent accurate. Said attorney can be up on contempt of court charges if he does. So yeah, it's pretty easy to imagine that the government will prevent any demonstration in court of the fallibility of their system.

      • see: keyloggers
    • Just get a cheap VPS in another country and route everything through that.

    • Of course, we will never know how many of the people convicted are the actual criminals, rather than just a victim of a hacker who chose their identity at random.

      The real danger is that this is just another form of automated justice. If a log generated by a server somewhere in somebody's cloud says your guilty ... then you're guilty. Period. End of statement. Face it, courts only rarely disregard computer-generated "evidence", although that's likely only because they don't have the mental tools to make a judgement as to the probability of a computer error, so they simply ignore the possibility. I suspect that most people here on Slashdot are like me, in that they ce

      • That is exactly the point I was trying to make. I knew when I finished the post that I had failed to say it as clearly as I would have liked (but I didn't feel like taking the time to fix it).
        Actually, a bigger problem with this sort of government centralized identity database is when the data about who you are becomes corrupted. When one database becomes the central arbiter of who you are, how do you get it corrected when it is wrong?
    • by mlts (1038732) *

      What is ironic is that properly implemented, this system can assure a truly kick-ass privacy ecosystem.

      One could base it around a smart card. The private key is stored, and a certificate from a trusted CA (county courthouse) states that this key belongs to this individual.

      Then start sticking certificates on the key. The user can determine who gets to see the certificates, and who doesn't.

      Carded at the bar? The bar doesn't need to know the DOB. The bar finds a certificate stating that this person is over

      • And what if you dont have a smart card?

        You have no right to live?

      • And the malware that "bad guy" has on your computer could *never* do something maliciously and permanently corrupting your "profile" ... not to mention the government would *never* violate your civil liberties or impersonate your identity with this system.
  • by Adrian Lopez (2615) on Thursday April 14, 2011 @03:03PM (#35821456) Homepage

    "NSTIC is a key building block in the national effort to secure cyberspace. According to industry surveys, as many as 8 million Americans are victims of online fraud and identity theft each year and lose an average of $631 out-of-pocket per incident. Through a private sector-led effort facilitated by the government, NSTIC aims to make online transactions more trustworthy and enhance consumers’ privacy, thereby giving businesses and consumers more confidence to conduct business online."

    The government wishes to enhance consumers' privacy by attaching a unique identifier to each and every online transaction? What an excellent example of doublespeak.

  • by Jackie_Chan_Fan (730745) on Thursday April 14, 2011 @03:04PM (#35821476)

    You are about to be tagged and taxed. America owns you.

  • by FudRucker (866063) on Thursday April 14, 2011 @03:15PM (#35821614)
    and remove my PCs from internet connectivity before i subject myself to such a heavy handed draconian measure.

    goodbye internet, it was fun while it lasted, but the government is here to help which always takes the fun out of things.
    • Don't call your ISP; your phone might be tapped.

      And don't write a letter, because--can you believe it?--the government owns the post office too!

      I wouldn't dare step outside. CIA spy satellites can track your movements to the nearest meter.

      Looks like you might just have to grin and bear it like the rest of us proles.

  • Am I the only one here flashing back to "True Names"?

    • by monk (1958)

      As usual, Vinge saw it coming. We can hope it's more like Rainbow's End, but I wouldn't count on it.

      Sam Landstrom had an interesting alternative in Metagame.

  • That IIN has already been registered. You do not exist, access denied.
  • by Jah-Wren Ryel (80510) on Thursday April 14, 2011 @03:59PM (#35822172)

    What we don't need is a centralized ID system - that's a recipe for all kinds of fraud of other sorts of abuse (like the recent story about how DVR commercial viewing records are correlated with grocery purchases in order to better target you for advertising).

    If the government insists on getting involved in ID infrastructure, then they ought to be providing a means for distributed identification. Define a standardized system that promotes multiple, independent IDs that are domain specific. For example, one ID for facebook, another ID for your bank, another ID for your car registration, a different ID for the tax records on property like your house.

    Go ahead and define a protocol for handling the identification and authentication transactions, but require taht each party (both users and service providers) keep the database of IDs on their own systems - not off in some massive cross-referenced database, federal or otherwise.

  • This said it was to be unveiled on April 15th -- which this year is *not* tax day.

    Due April 16th being a Saturday, Washington DC is celebrating Emancipation Day on April 15th ... making it a holiday ... so tax day got moved. With the 16th and 17th being a weekend, you have an extra 3 days this year to do your taxes, as they're not due 'til the 18th.

  • The more you tighten your grip Tarken, the more star systems will slip through your fingers.

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...