Obama Eyeing Internet ID For Americans 487
Pickens writes "CBS News reports that the Obama administration is currently drafting the National Strategy for Trusted Identities in Cyberspace, which will be released by the president in the next few months. 'We are not talking about a national ID card,' says Commerce Secretary Gary Locke, whose department will be in charge of the program. 'We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.' Although details have not been finalized, the 'trusted identity' may take the form of a smart card or digital certificate that would prove online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions. White House Cybersecurity Coordinator Howard Schmidt says that anonymity and pseudonymity will remain possible on the Internet. 'I don't have to get a credential if I don't want to,' says Schmidt. There's no chance that 'a centralized database will emerge,' and 'we need the private sector to lead the implementation of this.'"
Same as Social Security (Score:3, Interesting)
National ID Please! (Score:5, Interesting)
So when can I get a cryptographically secure national ID card with multi-factor authentication? I'm as much a fan of the government tracking and cataloging me as the next guy, but this isn't exactly a slippery slope; we already have national IDs in the form of social security numbers and driver's licenses: Government-issued numbers required for identification and backed by a central database.
It's just that the current system is about as poorly-implemented as it can be (and justifiably so, since it was never meant to be used like it is). Not only are SSNs weak, predictable, and easily-forged; there is no way to protect or limit their usage by authoritzed or unauthorized parties. There also no way to protect how those parties store and safeguard them.
So while I hate the idea of our government issuing IDs, its too late to really change that. But please for the good of every citizen do it right.
Re:how about no (Score:5, Interesting)
"If the feds need something to do they could start by implementing IPv6 and getting everyone an IP address."
+1 (x 2^128)
Re:Security and profits? (Score:5, Interesting)
It's NOT the private sector. It's the government, which is worse.
I'll be honest here: *If* we do something like this, I'd rather have the federal government managing it directly. Large corporations are just as cooperative with the cops as your average branch of government, and at least the federal government doesn't have a profit motive for sharing the information it has about me.
Re:how about no (Score:5, Interesting)
Typical American paranoia. Not that UK is much better.
Anyway, I have had a Bulgarian digital ID for nearly 4 years now. It is privately run - there are several companies which have been licensed to issue the certificates and they issue certs/smartcards to individuals and businesses. The govmint has nothing to do with it besides being obliged by law to accept a smartcard signed electronic document as a valid signature in any form of communication. I can sign a contract, sign my tax return, sell/buy stuff that requires a signed contract, give instructions to my bank and all of these are _EQUALLY_ legally binding to me showing up with a passport/ID and signing it in person. On top of that most cert authorities and smartcards fully support Linux at least on x86 so you do not even need to pay MSFT tax to use it.
On the negative side, banks, etc have been pretty quick on the uptake that this is an acknowledged and transactions are legally binding so you cannot do any electronic banking without it any more.
In any case - an example where "technological backwater" "undeveloped" "fifth world economy" and "third rate democracy" (all are labels which BG has had in USA press at various times) shows how this _CAN_ be run as a useful tool for individuals and companies to do business without the govmint having anything to do with it besides collecting some license revenue.
Re:how about no (Score:2, Interesting)
There may be countries where the government is trustworthy enough to allow this. But the United States isn't one of them.
Re:how about no (Score:5, Interesting)
I'm sure Bulgaria has absolutely no political corruption and that everyone in the government is absolutely trustworthy and that there is and was absolutely nothing shady about the selection of the private entity (yay, another government utility monopoly!) to provide the services and that there are absolutely no questionable connections between government officials and the selected company, just like there are no relations in America between officials and the selection of companies like Haliburton, L-3, and various FDA fast-tracks, either.
I don't know a lot about Bulgaria, but Americans and Brits tend not to like to be identified and monitored, though their government and the stupider sheep among the population constantly do everything they can to undermine this desire. It's abhorrent enough that our SS# has gone from being something you ONLY provide to your employer to set aside SS tax in your account and to the government when you're ready to withdraw and has instead come to be used to get a driver's license, create a cell phone account, cable account, internet account, bank account, blockbuster rental account, etc.
Let's either value privacy and autonomy or throw up our hands and quit this charade and go full bore into fully complying with all wishes and desire of the motherland.
Re:how about no (Score:2, Interesting)
Sure trying to improve the lousiest health care system of any western democracy fits like a glove with authoritarian privacy concerns. You have to make up your mind are mega corporations benevolent benefactors, while the government is an authoritarian nightmare, or it the other way around. You can't have it both ways. Personally I think each is a little bit of both, but when it comes to my health, I'd rather my insurance be run by a bureaucrat tasked with initiatives to improve the standards of living on a regional, state, or national level than an corporate accountant tasked with increasing the bottom line everywhere possible. You get one or the other with whichever system you choose.
Playing the long game.. (Score:4, Interesting)
Wow... all of this to stop the internet as a threat from happening. Eliminate anonymity as a possibility on the internet, wait a few years until everyone is complacent, and they use it to mop up any stragglers who don't bend to the will of The Powers That Be.
Good thing they aren't doing anything to fix the security model we all rely on, which would leave viruses and botnets as a plausable denyability... oh... wait... they are.... "The App Store", which means no local filesystems, and no way to propagate information outside of what is allowed by the OS.
And then there is the push towards cloud computing, again no local storage.
We'll be ok... but our kids won't... because they will see local storage as a vulnerability, and shun it at all costs.
I think this will all play out in 10-20 years...at least I hope it takes that long.
Re:how about no (Score:2, Interesting)
I stopped reading when I encountered "govmint".
Unlimited Certs Natiional ID (Score:2, Interesting)
This is not a National ID because you could have unlimited certifications.
You are only allowed one social security number, if having multiple SSN's was an option, it wouldn't be very good at tracking a single person.
This proposed system would allow you to have as many certs as you want.
This would give you the ability to use a unique cert (identity) for each bank or other transaction entity.
Also these certs could still be offered by independent organizations.
In reality this system is not about ensuring you are a specific person, but rather the same person for all transactions on that single certificate.
Re:how about no (Score:5, Interesting)
Which brings to mind the current catch-22 I am stuck in. My driver's license expired on my birthday about 3 weeks ago. You have 60 days grace period to get it renewed. I went down to the office to get it renewed, but was rejected because the date of birth didn't match Social Security's. I actually noticed that several years ago, when I first e-filed my income taxes. It wasn't hard to figure out what they wanted. They either transcribed a 1 as a 7 or their OCR software did. I just remember to make that change when I file and everything was fine.
I had to take off work an hour an a half early to go down to Social Security with my certified birth certificate and wait around for a drone to make the change. I give them the birth certificate and then the ask for my drivers license. They say, we can't use that, it's expired! We need a passport instead. Being like most Americans, I don't have one. So here I am, I can't get my license renewed because of Social Security, and I can't get Social Security renewed because of my drivers license. Eventually the drone shuffled off to sector 7G for a long time and returned with a piece of paper saying that I have to get a signed medical record from my doctor. What that has to do with my identity, I have no idea.
Hahahahahaha!!!! (Score:4, Interesting)
They don't even have single sign on for their OWN systems, and they think they're the right entity to create it for 300 million people? That's hilarious. This will be a $100 billion project that will never actually meet its goals.
Thanks, but no thanks. I actually WANT different passwords on my accounts. I don't WANT my facebook account to unlock my bank, or my slashdot password to unlock my facebook account.
I'm sorry, but if you really want this, you want someone else to do it. If you're smart, you won't want anyone to do it, or at the least, you want opt out.
Re:how about no (Score:4, Interesting)
I would propose that only those with a valid picture ID can vote.
Driver's License, Military ID, Student ID Card,etc.
Actually, I'd prefer only those who PAY income taxes be allowed to vote in Federal elections.