The silver lining is that by the time this project goes through study after study, development, testing, and finally deployment 5-10 years will have passed and the Internet will fundamentally change in ways that either makes this instantly irrelevant or impossible to enforce.
We need a publicly-controlled identity infrastructure that's compatible with the Internet. The problem isn't that internet ID is somehow evil, but rather the government.
Remind me again of why we "need" a solution such as this? All this screeching reminds me of the people wanting a centralized solution to spam in the 1990s via government control or micropayments. We don't hear from them anymore because of spam filters and increased storage and bandwidth.
My google account has double authentication now, telephone as well as a second email address, and serves as a central repository for all my other accounts across the web if I happen to forget a password. I can change providers if I want as well. Further, my VISA card is tied to my identity for purchases and donations. But anything that doesn't involve that isn't tied to my identity.
So please just go shove it with your "need". It just makes me furious that this is even being proposed, it's totally unnecessary meddling and we all KNOW it will be abused.
"Remind me again of why we 'need' a solution such as this?"
There are lots of services that people want that are impossible to build without a way to prove that someone is who they say they are. E.g. better reputation systems.
"we all KNOW it will be abused."
Obviously. That doesn't mean there isn't a need though.
Last I checked there is an identity management authentication system you can use, for example Twitter has verified accounts (I don't know how they do it, perhaps by mail) or Bluehost asks for people to fax them a copy of an ID/Passport to get shell access (stupid, considering they have your VISA).
So what you are saying is you are prepared to take the potential abuses because you want it to be more "seamless" than a fax, postcard or a $1 VISA charge. And that further these abuses are better than having a market solution where a commercial ID provider or bank does it themselves?
Sounds like f--- all gain for a lot of risk. And we all know that beyond the abuses the "voluntary" nature of this will swiftly decline after it's implemented, so don't try to argue in that direction either. Just a reminder: the US government is currently illegally sifting through people's email, has wars going which are not authorized by congress, still runs a number of secret prisons across the world in which torture is conducted, is seeking people's private twitter messages in addition to their email because they have contact with Wikileaks, is groping people's genitals with high-school drop-outs in airports as well as taking naked photographs of them and has a "Homeland" tsar who is going to appear on telescreens installed in Walmarts to tell people to be alarmed and suspicous. Further, opposition movements have heated up the rhetoric of your politics to the point where there are open calls for the assassination of Julian Assange (who, like or dislike, is doing journalism) and the domestic rhetoric has been such that mentally ill people are now gunning down politicians. And you think it's advisable we install an ID system on the Internet because, in some unspecified way, it would be easier than a $1 VISA charge or a fax.... You sir, are very shill-like.
> Bluehost asks for people to fax them a copy of an ID/Passport to get shell access (stupid, considering they have your VISA).
It's not stupid. They have A VISA. They want to know that it's your VISA, because people can (and do) use fraudulent cards for hosting.
I'm surprised that they wait until you want shell access to do this. A number of hosting companies do this in different ways, usually before you're even given services. Rackspace Cloud, for example, calls you to verify your identity (last I heard, anyway).
The private sector is already doing a much better job of building reputation systems. It's now a full-fledged area of computing work. There's even a sizable O'Reilly book on the topic.
Right. Because eBay and Paypal have completely eradicated fraud and the gaming of the system. In addition, there are no false-positives in this scheme and people are not thrown under the bus just because they aren't 'internet famous' enough to get their situation resolved...
I'm not agreeing that we need a government system, but don't point to eBay as the solution to fraud.
It isn't sensible to think that any system can eliminate fraud entirely. If you want a system that gets it right most of the time then you can look to ebay.
What system in existence is completely resilient to fraud and false positives, and what evidence shows that the US government can produce such a system?
A better REPUTATION system (??!!??!!) is the best you could come up with? I cannot think of a less important application of a national ID card.
And even in this area, Amazon/Newegg have solved the pretty nicely with the "verified purchaser" tag. How is the national ID card system better?
For Serious Stuff (TM) like opening a stock trading account, laws have already been passed to make an all-electronic signup as binding as a paper signature.
We criticize China when it does something like this, but when America does it's all fine.
Please explain why such a "serious" use cannot be implemented with today's technologies. You can trivially ask people to give you their license number and run a lookup to confirm that they're who they claim to be at signup time. Yes, it's not gratis (see publicdata.com). But you stipulated that this is "serious" use, so that shouldn't be a problem.
Huh? I never said it couldn't be I said it wasn't.
But again it's not simply a question about identification as in per the right username/password/license plate.
I can log in and pretend to be anyone, in fact I can have multiple different accounts and be multiple different people.
But when you add social proofing on top of it you have created a verification mechanism that is much stronger since it includes my very existence, my friends, what I do etc. Things that can't as easily be faked.
> But when you add social proofing on top of it you have created a verification mechanism that is much stronger since it includes my very existence, my friends, what I do etc. Things that can't as easily be faked.
The point many of the critics here are making is that anonymity and privacy is required for a functioning democracy.
Why does it matter WHO is saying something. Shouldn't the most important thing be WHAT is being said?
Even in today's "everything goes" situation, libel/slander etc hasn't reached epidemic proportions to require policing everything people say.
And even then, I would much rather have a central clearinghouse where aggreived parties can register to have their names etc not be displayed by web sites (think of it as a robots.txt for humans). Note that this can be implemented without an online ID and is different from the current proposal.
I still haven't understood what is your problem with today's situation where people can create as many alter egos as they wish.
I'm guessing your comment was downvoted because people didn't appreciate the verbal irony (where both common meanings of appreciate apply). Or, if you were actually serious, then never mind.
This could be useful for allowing various levels of government to provide more services online. For instance, I wouldn't have to provide my social security number to a third party if I wanted to pay my taxes online. Or better yet, maybe they could allow voting online like Estonia does. Imagine what that would do for voter turnout.
Fine. But you're missing my point. My point is that this would be useful for providing government services online. If you feel that online voting is a bad example then so be it.
No we don't. Currently messy systems ensure that caveat emptor is alive and well. Buying, selling and all the other activities on the internet may be easier to implement from a computer point of view with a centralised ID, but it's a very good thing that people employ caution in online activities.
You cannot eliminate fraud, deceit and risk. You cannot create a utopia. These things are impossible, and all the best intentions in the world usually have bad unforeseen outcomes. Natural growth of systems is the best way forwards. A company like PayPal tries verification by depositing small amounts, it works, the consumers don't mind, so it stays. Another company tries something else, consumers don't like it, it goes. At no point is a central committee involved. This is the way it should be.
We are going to end up with something sooner or later.
The fact is that we want (and can) enter into contracts on the Internet. In order to enforce contracts we must have identities. Since the Government (specifically the judiciary) enforces contracts, this means that we must be entering into these contracts under Government-managed identities.
Currently we acquire and prove this Government-managed identity using an ad-hoc, decentralised, system with much duplication. I can use a passport or my driver's license or my birth certificate or perhaps some utility bills or some combination. This causes various problems, including fraud and waste.
If two parties mutually choose to enter into a contract over the Internet, and this contract is to be enforced by the judiciary, then it would be ideal for them to be able to verify each others' legal entities and authorisation. I think that properly implemented this could eliminate a large amount of online fraud.
Nothing about the principle of such a system inherently creates privacy problems, since when parties enter into a contract they already expect to reveal their identities to each other, and nothing would necessarily be forcing people to reveal their identities in any other situation, just the same as is the case at the moment.T here is a risk of a slippery slope of course; I can't deny that.
There's no reason such a system has to be centralised, though. X.509 certificates would work fine, for example, issued at the same time as a birth certificate, with each local office as a CA.
Unfortunately, the problem is with implementation. I don't think that any government is competent enough to put a system together that does meet privacy requirements, and there are too many self-interested parties who would influence and corrupt the design of such a system.
Sorry the Engadget piece is full of FUD and light on details. I was at the event and covered it for Wired.com.
This initiative is coming out of NIST inside the Commerce department, with smart folks there who know this 1) a tough problem, 2) needs to be an open standard and 3) that the feds role here is best as being the ones who convene the people in the room.
There's got to be a better way to prove you are real and legit, than giving some company the right to pull a sub-one dollar sum of money from your bank account and then confirming that to them online.
OpenID is fine, so far as it has gone, but right now it looks like Facebook is winning the war for identity and authentication. Having the feds behind an open standard hardly means you are getting the Real ID of the internet.
You've got a few choices of who's going to do this in the future. The feds, your bank, Facebook, PayPal or your mobile phone carrier. Personally, I'd prefer an open system where I have my choice of 10 providers all using open standards, than having to rely on multiple closed systems like giant bank or Facebook or Paypal.
>"There's got to be a better way to prove you are real and legit, than giving some company the right to pull a sub-one dollar sum of money from your bank account and then confirming that to them online"
I've never had any problem with this method, what are your objective quantifications for why a 'internet id' from the Commerce Department would solve this better? Why does taxpayer money need to be spent on a problem that is already solved to a sufficient degree by commercial forces?
There's literally nothing in the proposal about an internet ID from the Commerce Department. While I'm not thoroughly convinced we need better identification on the net, the proposal here is about creating standards for stronger identification -- something like OpenID with the weight of the federal government trying to get industry, privacy and security groups in the same room. The alternative, it seems to me, is to watch Facebook corner the market on consumer identity, while defense contractors or the banking industry wins government contracts, and the latter eventually create some very badly designed system for citizens to log in to government agency websites.
While I'm also deeply opposed to any government-run program, that's not what's happening here.
I'm also a bit disappointed here with Hacker News. Folks here could easily imagine an internet that is easier and safer with a better way for users to manage their identities, while retaining both privacy and the possibility of pseudonimity and anonymity. Instead, mostly what's shown up in the border here is a Reddit thread with people saying, "You can take my anonymous internet but you'll have to pry the keyboard out of my cold dead hands." HN is usually much better than this.
"I'm also a bit disappointed here with Hacker News. Folks here could easily imagine an internet that is easier and safer with a better way for users to manage their identities"
I'm disappointed with you. Why do your values for a "safer and better" internet have to be imposed on me? Where is your objective data showing this will be a "safer and better" internet? Is internet use in Australia "safer and better" because they choose to govern and censor it? To me this sounds like the marketing-speak of the war on drugs and terror.
Furthermore, why do I need a federal program to do this? There are already identity management solutions and standards widely available, namely Shibboleth http://shibboleth.internet2.edu/, which is deployed across California State Universities and universities across the U.S. There is no reason it could not be leveraged for federated identity.
>"While I'm also deeply opposed to any government-run program, that's not what's happening here."
Pardon? Just because it is a private-public partnership does not exclude the government from ownership, but don't trust me, go read the source yourself: http://www.dhs.gov/xlibrary/assets/ns_tic.pdf That is the draft from when it was proposed for DHS. You can see in the document itself the references to "accountability" of these private partners to the government in their "Identity Ecosystem".
I'm saying that the principle is a good idea, makes sense and that's why it'll happen eventually. The problem is the implementation. I'm happy to fight bad ideas. Here in the UK we managed to fight off the first bad implementation they tried to push on us.
The current system is full of waste and inefficiency, and the possibility of fraud.
As such people using it take great care and don't trust it.
This is actually a hidden benefit of the system.
If you introduce an ID that everyone 'trusts' implicitly (esp. relating to online commerce) then the scope for fraud widens greatly. You can assume the system will get corrupted because of the great benefits accruing to those who can breach it.
The vast majority of contracts entered don't need much; if it does go wrong, usually little damage is done. As the risk profile increases, then so does the amount of verification, purchasing a business requires reams of documentation, an iPhone cover shipped out of hong kong can stay anonymous.
As IT people, we all naturally love a world that fits into a relational model, one where all people have a unique ID. As citizens, however, we have to resist this because of the lopsided risk/reward profile for individuals. In cases if centralised ID, you gain a little but lose a lot.
> In order to enforce contracts we must have identities.
In theory - no, we don't, except for ephemeral one-time identities which are actually anonymous.
In real world - yes, (un)?fortunately we must. Still, there's no reason to require that anyone must have one and only one identity, and this identity must be state-issued.
Profile: Sebastian Marshall. Internet ID 353-808-A331. Known aliases: "lionhearted". Primary contact info: sebastian@sebastianmarshall.com
Political positions: A believer in liberty, pro-international travel and open borders, tends towards mild hostility towards regulation. Generally law-abiding.
Friendliness to American Interests Rating (FAIR): 72/100
That 353-808-A331 is the lower 64 bits of your ipv6 address anytime you do anything online. You won't have to login anywhere! If you need to do something important you'll just sign with your private key and the gov will graciously provide the public key keyserver. I've been trying to tell that to everybody for years.
Your Fair Score is actually your TerrorScore. Would you like to sort social media profiles by TerrorScore? They will undoubtedly use Google PageRank like Eigenvectors to calculate it based on who you're linked to and your ipv6 traffic profile.
I hate to be an Ipv6 cynic but after all, Ipv4 NAT is the best thing that ever happened to online anonymity.
There were several papers over the past few years about using traffic analysis to figure out what's going on behind a NAT. I'm sure that the US government could manage to do this with all of the ISP-level snooping gear.
NAT just adds a port number to your identity. And port number changes more frequently.
Anyway, if you're talking about governments (so ISPs are required to cooperate, by law), 3-tuple (IP, port, timestamp) is enough to identify you. Even more traditional (IP, timestamp) pair is enough for low-to-medium-trafficked ISPs or sites.
I would like to see more local (at the town level) shared networks. Something like cheap wi-fi base stations (really cheap!) that could link up a local area and have a good directory of what material people host to be shared, local bulletin boards, etc.
I live in a rural area and several of my friends are going the self sufficient route and my wife and I are at least putting in enough solar panels to generate about 3/4 of the electricity that we currently use.
The country I live in (USA) is in rapid decline and it would be naive to believe that all utilities and infrastructure will stay online 100% of the time. Having a useful local "localnet" would be a good idea, and could be fun also as a community activity. Perhaps libraires would be good hubs and meeting places to set this up. Even better to also get the local police, fire department and city government involved: something to bring the whole community together.
I would like to see more local (at the town level) shared networks. Something like cheap wi-fi base stations [...]
Here in Germany, we have an initiative that is devoted to exactly that problem. It is called "Freifunk" and has been deployed successfully to other countries.
The Freifunk hackers did some amazing work to provide the needed firmware for many of the cheap standard wi-fi routers, as well as other hardware.
They are also doing good scientific work regarding mesh networks. Since they are working with real-world networks, their work usually surpasses the quality of university research. That's why nowadays many German universities are working together with Freifunk. For instance, they use Freifunk routers for their field tests.
If you want to build something like that in your town, you should definitely have a look at what those guys are doing, and I'm sure they'll be happy to assist you.
The USA is in rapid decline? Let me guess, because teenagers use Facebook, spell "you" as "u" and house prices are not increasing as quickly as 5 years ago?
Not quite. Both political parties represent corporate interests, not the publics. Our infrastructure has suffered as a result of this and too much profit goes not to producers of goods and services but to wall street and other special interests. We can agree to disagree on this, but this is the way I see it.
You're on the right track, actually. Academic motivation is virtually nonexistent in the States, whereas in China kids go to school on Saturdays and go to private cram schools until nighttime. A nation is made or broken by its education systems since after all, knowledge is power.
Academic motivation is virtually nonexistent in the States, whereas in China kids go to school on Saturdays and go to private cram schools until nighttime. A nation is made or broken by its education systems since after all, knowledge is power.
Well, the OP said "rapid decline". This is a gradual non-improvement, which is not the same thing.
Also, does going to school 7 days a week increase learning? I can sit in front of my computer and type stuff for 24 hours straight. Doesn't mean the result is any good.
Knowledge is leverage. Leverage works as interest upon interest. Therefore gradual non-improvement is the same as rapid decline. Loosing 3 percent a year where everybody is standing still is not that different as standing still in a world where everybody is accumulating interest.
Also what I have noticed with myself ( I had a decadent phase in life, moved on and now look on "friends" who stayed where they were) - decadent consumerism might not look as bad when you start doing it. But it erodes your soul it makes you weak and timid. Arm the lumpenproletariat with high tech - and you won't get "a little bit weaker" society - you get idiocracy.
A human to be happy must play hard, work hard and love hard. This is a virtue that most everybody is abandoning these days. I'm not advocating for repression (like China, India or western world of old), I'm advocating that we don't forget a passion in our lives and that we do not fail to show it to our children. Else everything is in vain.
That's not necessarily a bad thing. I've always been rather fond of pg's quote which says something to the effect that "if I had to choose between bad high schools and good universities, like the US, and good high schools and bad universities, like most other industrialized countries, I'd take the US system. Better to make everyone feel like a late bloomer than a failed child prodigy."
I'm pretty sure our children will be talking about how pg was thoroughly proven wrong in this. What percentage of americans go to college? pg's quote seems to assume most will but I suspect it's the exact opposite. This means you are getting a small percentage of "late bloomers" and a lot of people who's only education was appallingly bad. Your late bloomers aren't going to do you much good when the majority of all people who vote are ignorant.
How about because ppl prefer religion over science. And security over freedom. Federal government getting more corrupt and more powerful with each year.
Uh what? I'd prefer that most Americans sat and watched sitcoms and left the mental lifting to the rest of us. Sadly, the religious folk think they have a seat at the intellectual table as well.
No their function is not to divine when did Noah leave the ark and how did all those animals and humans repopulate the earth in 4k and something years.
Their job is to ask "stupid" questions. Their job is to analyse the results of science through spiritual and theological lens. In short role of religion in society is same as role of CEO in a company - to provide strategy, vision and guidance. Sadly both are increasingly failing us.
True problem of religions nowadays is not that there is no place for them - but that they outright refuse to re evaluate their positions, instead demanding their rights of old. Just like RIAA, MPAA, etc..,
But indeed that would mean they had to work and be creative - maybe even expose themselves to some risk, but that would be too hard. Better to cling to old birthrights and refuse to cooperate.
LOL. I love that I get downvoted and the child comment gets upvoted. ITT Religious people are sad that their ilk are ignorant and are holding back social progress.
It's all about the tone. If you'd expressed concern that religious powers are holding us back in terms of scientific progress (stem cells, attempts at creationism in schools, etc), I think you'd have wide agreement. Instead, you said it in a more "reddit" mocking way, which rarely goes over well here.
I guess I just assumed it was implied. I generally don't like typing out my dissertation on how religion has held back social progress since the birth of America and the fact that that includes everything from cutting funding for scientific research, education, grants, etc to telling gay people they can't get married. It's all fundamentally anti-intellectual. Expressing it usually just gets me in a fit of rage.
I guess " religious folk think they have a seat at the intellectual table as well" is mocking, but I still stand by it. It's a succinct indictment of people who by definition don't adhere to reason having way too much power over those of us with the intelligence and ideas to do REAL GOOD in politics and science and society.
Now my moaning reply was just silly, but I was annoyed. Probably because I spent a lot of yesterday arguing with a Baptist.
> How about because ppl prefer religion over science. And security over freedom. Federal government getting more corrupt and more powerful with each year.
When do you think that each of those became true?
Or is it that they've finally crossed a tipping point?
I agree that they're all true, but they've been true since before 1776. And, as bad as the US is on an absolute scale, I'm having trouble finding some place better. Suggestions?
>And, as bad as the US is on an absolute scale, I'm having trouble finding some place better.
Then you're either putting impossible requirements on the new place (e.g. "and my friends have to all live there") or you're simply not looking. Throw a dart at western Europe. Any of those places will provide a better quality of living for most people.
Irrelevant. Look at any standard of living study. They'll all have most of western Europe above the US for the average person. Most western European countries have more incoming migration than they are comfortable with.
I also think you'll find that migration pressure to the US has started to slow. You may still have a large amount from Mexico but that is about opportunity, not a testament of the US being the place to be.
> Irrelevant. Look at any standard of living study.
Hmm. You don't think that people's preferences tell us anything?
> They'll all have most of western Europe above the US for the average person.
American poor people are stereotypically obese and have multiple cars and big screen TVs. While those things are bad for them....
Oh, and they have free healthcare too. (Never confuse insurance with healthcare.)
It is true that the gap between the poor and the rich is greater in the US, but by that measure, hunter-gatherers were better off than modern europeans.
> Most western European countries have more incoming migration than they are comfortable with.
As does the US. However, immigration pressure comes from everywhere.
Why is comparing the pressure between {your favorite western European country} and the US irrelevant?
> I also think you'll find that migration pressure to the US has started to slow. You may still have a large amount from Mexico but that is about opportunity, not a testament of the US being the place to be.
Huh? Opportunity is surely one factor in "place to be".
That said, I agree Mexico vs the US doesn't tell us anything about US vs western Europe, just as Turkey vs Germany doesn't tell us anything about US vs Germany.
>Hmm. You don't think that people's preferences tell us anything?
It's irrelevant because it's an incredibly over-simplistic metric and it's subject to manipulation (i.e. everyone hearing 2nd and 3rd hand the US is the greatest country in the world, which in some ways it was some decades back and deciding to go there).
>American poor people are stereotypically obese and have multiple cars and big screen TVs.
Done with credit. You could have the same thing in Romania if they let everyone had 5 credit cards, different credit for their house, difference credit for their car and different credit for the place where they buy their TV.
Being fat doesn't mean they're getting more food, it means they're getting more bad food. A better thing to look for would be a place where the poor are not hungry and not malnourished.
>Oh, and they have free healthcare too.
What are you talking about here, ER care? Can they get a hip replacement for "free" like they could in e.g. Sweden? Why are cancer patients divorcing their spouses to ensure said spouse wont end up losing his/her retirement money paying medical costs of a dead person?
>Why is comparing the pressure between {your favorite western European country} and the US irrelevant?
Because it's impossible to quantify why this pressure is happening. Is it because of coincidence? Misinformation? Informed choice? Opportunity (e.g. "we can walk to the US but can't afford to get to where we really want, and anywhere seems like it would be better than here")? Given that we can't say with even the slightest amount of confidence, this number is almost completely meaningless.
A number that would have more meaning would be if some place had no or negative immigration but that's not the case in any first world country as far as I'm aware.
>Huh? Opportunity is surely one factor in "place to be".
But it speaks to the location of the actor, not how good the country he's going to since he is choosing the new country over less than the whole set (i.e. if someone leaves mexico to go to the US that is more likely to mean that he/she chose to go the US over staying in mexico or going somewhere else in middle america than to mean that he chose it over France).
In the 50s, 60s, 70s children have dreamed of becoming astronauts, programmers, engineers, scientists. But nowadays the cool jobs are in sports, TV, finance.
I'd bet around 1776 the majority of ppl in the colonies were willing to take care of themselves. Today the power of federal government cannot be ignored by anyone, so it's part of every big problem/solution.
IMHO we'll see some global changes in the next years. The best place to live would be the one, where your chances of survival are the highest.
> In the 50s, 60s, 70s children have dreamed of becoming astronauts, programmers, engineers, scientists. But nowadays the cool jobs are in sports, TV, finance.
More dreamed of becoming cowboys, police, and firemen.
Also, kids during the 50s dreamed of becoming professional athletes. The only that has changed in that respect is which sports.
In any event, that doesn't have anything to do with "How about because ppl prefer religion over science. And security over freedom. Federal government getting more corrupt and more powerful with each year."
I lived in a small city in the Urals in Russia for a summer and they had exactly that... They had a bulletin/message board and I'm sure some why to share files. I didn't really explore it more so I'd love to hear someone else's experience.
I don't understand, will this ID be required to connect to the Internet? If not (say it's only used like SSNs are now) I don't see how starting your own internet would help.
I think what he is suggesting is making a new Internet. Long term this will have to be done at some point. We will have to create a peer-to-peer based net that is not connected (or at least doesn't rely on) the current one.
Can someone explain to me how this post is still getting so many upvotes? Unless I'm badly mistaken the ID system will not be in any way mandatory to connect to the Internet. Even if it becomes de facto mandatory (e.g. e-commerce sites deciding to require it) making a second internet wouldn't change anything...
This article is pretty light on details. Here's a quote from the White House Cybersecurity Coordinator Howard Schmidt:
Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. "I don't have to get a credential, if I don't want to," he said. There's no chance that "a centralized database will emerge," and "we need the private sector to lead the implementation of this," he said.
They said something similar to this about the proposed UK national ID system, then shortly afterwards unveiled plans for an incredibly centralised system with a slow transition leading from voluntary to mandatory. Fortunately these plans were recently scrapped.
I think the big picture here is that various governments for a variety of reasons foresee difficult times ahead and are trying, falteringly and often swimming against public opinion, to move towards a state of affairs where they have a greater degree of authoritarian control than was the case in the past - perhaps similar to China, which may become the new model state/economy which others seek to emulate.
They're getting Google in on this too. I can't imagine that Google will give no push-back against the idea that FacebookConnect becomes a national Internet ID.
FOR many years, Social Security cards carried an admonition that they were to be used "for Social Security and tax purposes -- not for identification."
You've got my personal guarantee that if an optional Internet ID is created today, it will be required before long. This is how the system works. Witness the gradual ratcheting up of (ridiculous) security measures in airports if you're skeptical.
That's pretty obvious. Just in a few month government and every established corp will require those for it's online services. Online banking, paypal&co, all app stores, gaming, taxes, healtcare, insurance ...
Prediction: it'll start with the gov't allowing safe harbor for sites that use these IDs, when questions regarding copyright, pr0n, etc., come up.
If your users post copyrighted material, e.g., then you'll be offered safe harbor only if you enforce registration via the national ID. Same deal for people posting "naughty" content -- which is more insidious than it sounds, because of the overlap between (a) sexual content and privacy concerns in discussions about, e.g., STDs; or (b) in the wake of wikileaks, being hassled about publication of, or support for those publishing, "leaked" data be it from government or from industry.
It's necessary that we provide a way for people to maintain anonymity, but the government wants to offer enough carrots to divert our horse from that path.
It'll be optional in the way driver's licenses are. If you want access to any internet service with value (e.g. google, etc.) you will need one. I can see it going that way.
The thing about schemes like this is that they remain optional until such time as the majority of the population have them, after which it becomes easy to convert the system to a mandatory one since minority groups can easily be sidelined. Or alternatively they become so popular that it becomes difficult to function as a modern citizen without one (I hope this doesn't apply with Facebook accounts in the next few years).
Spot on. When I relocated to the US from Europe, it was impossible for me to open a bank account, rent an apartment or get a cell phone without an SSN.
When I explained that to people at the SS administration, they told me that an SSN can never be a requirement to obtain any kind of service. In reality, it's simply not true.
Under no circumstances, outside of tax purposes (employment, banking, etc...) can you legally be required to provide an SSN in the united states. Any time I've been "required", I've put up a fuss, and eventually been granted equivalent avenues to provide assurance of payment or reference checks. In most cases this involves a three to four month deposit on the service. Annoying, but given that the organization is entering a commercial relationship with me without knowledge of my credit worthiness, bearable.
I detest these centralized government tracking systems on my activity, and hope that this next attempt on a national ID is quickly defeated.
If it waddles like a national ID system and quacks like a national ID system, then it's probably a national ID system. Here in the UK we are fortunate to have recently dumped plans for a national ID system. Americans should do the same.
Passports are issued by the UK Passport Office, and driving licenses by the DVLA (Driving & Vehicles Licensing Association). These are both effectively government agencies.
However, as having a passport or a driving license is not compulsory, there were plans to have a national identity card, as is the case in many European countries that would be compulsory for all adults. This has fairly recently been scrapped before it was ever adopted. Partly because the cost ended up being estimated at £18B (US$30B). Quite how a database and some photo cards of 60M people(less if you only include adults) would cost that much is a mystery that only governments can solve!
* First up we gotta biometrically scan every citizen of the United Kingdom for starters. That's 64 million people.
- Scanners
- Appointment Management
- Advertising Campaigns (to remind people to register/go)
- Chasing people who aren't registered
* Then for that to make sense you need to be able to validate people in places.
- Invest in technology to biometrically match people (readers etc)
- Train users/operators
- Handle the kinks in that tech (complaints, false positives).
- Handle any legal issues.
- Create the back end system to auth (somewhat non trivial)
- Load balance
- Security Checks, Penetration testing, etc, etc. No point in the whole system if its easily spoofed, right?
Then of course we need to produce the cards and send all the cards to those 64 million people. Also this system is supposed to integrate with existing government systems. You can imagine what I nightmare that probably was going to be.
My point being that its only a database and some photocards in the sense that I can write Stackoverflow in a weekend ;).
Tbh your belief that it was only photocards means that you probably didn't appreciate the full scope of the legislation. It actually sickened me how the entire focus of the debate on the ID system was on the cards when they were the least important aspect of it.
If I wore a tin-foil hat i'd even go so far as to suggest that politicians intentionally focused on the card part of it to divert our attention from the rest of it.
There are identifying documents, such as passports, drivers licenses and credit cards. These are sufficient for any situation where you might need to verify an identity.
Well, if you have a national ID, it's a lot easier to require ID when taking public transit (especially if they have RFID tags: "wave your ID to activate the ticket kiosk!"). That is certainly a step towards, while not necessarily totalitarianism, the sort of police state which I doubt that anyone would want to live in.
The problem isn't that national IDs will cause totalitarianism; they won't. The problem is that they're a step in a direction which a lot of people dislike, towards a government which is monitoring everything we do.
People dislike government monitoring them exactly because it's a step toward totalitarianism.
Nothing prevents public transit to allow people pay with their credit cards or even with driver's licenses.
I'm pretty sure that if government works on such payment system -- it would be much more expensive and buggy than best private alternatives.
Besides, government has other things to focus on, such as pulling military out from Iraq and paying out huge government debt.
It's not government business to mess with payment system and/or National ID.
I shared my thoughts in detail about this more than a year ago, we should get out in front or as now coming true my prediction was, "As private industry and a world society I hope we can take care of this ourselves before it gets so out of control Congress tries to figure out how to do it and we end up with some horrible mess of a “National ID and Digital Identity Act” that looks at it only from the perspective of the USA and makes it very difficult for non-US citizens to do anything online (as most of the major Internet properties are US based) creating a whole new barrier for 3rd world citizens to overcome."
>>As private industry and a world society I hope we can take care of this ourselves before it gets so out of control Congress tries to figure out how to do it and we end up with some horrible mess of a “National ID and Digital Identity Act” that looks at it only from the perspective of the USA and makes it very difficult for non-US citizens to do anything online (as most of the major Internet properties are US based) creating a whole new barrier for 3rd world citizens to overcome.
Major internet properties are international - Facebook, Paypal, Skype, Google, Microsoft's, Groupon, etc. Most countries have the technical talent to create clones of successful US startups. The problem is local governments will be able to control those local forums and social networks. So killing online freedom in US will kill it worldwide.
This headline is actually pretty misleading. From what I've seen of the project, it is not about the government issuing online identities. Rather they've realized that people already have identities from services like Facebook and Google as well as banks.
This project is aimed at making it possible for people to interact with government agencies using identities they already have. Some interactions require very little security and knowledge of who a person is (leaving a comment here for example) while others (paying your taxes) require quite a bit.
I interact with the IRS once a year having to remember a short PIN I created years ago and can't figure out how to change. My bank has a very strong knowledge of who I am partially via http://en.wikipedia.org/wiki/Know_your_customer and because I login to it on a much more frequent basis.
It isn't that my bank would change the role of the IRS, but I'd login to the IRS using a strong identity issued by my bank versus this silly PIN I use today.
Most public institutions as well as many private (including the banks) have switched to this system.
Our government already know just about everything about us (e.g. few people need to fill out tax forms), so this has not been very controversial. The largest controversy has been with the security.
And that is a very large controversy. Governments can't even get voting machines that a) work correctly and b) are tamper resistant. It scares me to death that the same contract/bidding system that produces the many monstrosities that support a basic right are going to produce this.
Actually I don't get why the gov makes people do one in the US and Canada. Most people have their income reported to the gov by their employer. That information should be downloadable by people and then what is missing could be filled in, mistakes fixed, deductions not already calculated added...
The new german ID is supposed to serve for online idenfication (only if the user wants to). The accompanying closed-source "ID app" was broken on the day of its release, they were not handling SSL certificates properly.
Most South Korean discussion sites and forums more or less require you to supply your national ID number before you can register.
Until recently, a lot of SK banks also used ActiveX plugins for "security" instead of SSL, making it basically impossible to use anything other than Internet Explorer. I get the impression this is changing.
Norway has a unified authentication scheme for government sites, but that's as far as it goes. --If the US wants to do that, fine, but if they think private sites are really going to go for it, they're dreaming.
I wouldn't trust the government to handle identification across multiple sites any more than I trust Facebook or Google.
In Finland most government services use your banking credentials for authentication. The same system can also be used by others: http://en.wikipedia.org/wiki/TUPAS
Sweden has something similar, called E-legitimation. Issued by banks, mostly used for accessing government services, like applying for student loans, paying taxes, etc.
If it's only intended to be used in this kind of way, no problem. If not...
In Sweden they also have a Personal Identity Number (Swedish: personnummer). You need a personnummer in order to do just about anything of significance (healthcare, education, accommodation, bank account, insurance, etc).
Note that if [generic scary three letter agency] wants to spy on you it's already quite easy for them to do so (see FISA, CALEA, NSLs, Sugar Grove, etc).
>Note that if [generic scary three letter agency] wants to spy on you it's already quite easy for them to do so (see FISA, CALEA, NSLs, Sugar Grove, etc).
It's not really about spying.
It's about a government bureaucracy having the power to control your identity.
If Visa cancels my card I can get an AMEX. The CIA has limited reach here.. the alphabet soups can't easily freeze my bank account.
But if the government controls my ID card, they can shut me down utterly and I have no recourse aside from the broken judicial system.
The simple fact of the matter is that corporations such as Visa and HSBC and Equifax are more trustworthy than the government.
Giving the government the ability to authenticate humans online is giving them WAY TOO MUCH UNCHECKED POWER.
I can sympathize with discontent about this, but almost nobody has brought up the positive uses of unique Internet ID.
Suppose you want a system where you want to signal to all internet companies that you don't want your browsing data to be harbored without your consent. The ID system would allow the creation and enforcement of such system.
The support for this comes in part because of pressure from the groups who are concerned about privacy and fretting over how their browsing data is used. While infringement of privacy hampers the growth of ecommerce, complete ban on harboring data hurts e-businesses (they won't be able to advertise efficiently). The solution to it is to create a free market: assign everyone a unique id, to which your preferences about harboring date will be assigned. Even better, data associated with that id can be considered proprietary, and users can license it to companies who are willing to pay for it and users can sue companies that infringe on this proprietary data bc courts will recognize it as solely yours. This is a good start if government wants to step in to protect your privacy from the "evil" corporations, while not hindering the growth of e-businesses.
Ideally, you will be protected from corporations who are after your private data. Government, however, will surely continue using it the way you don't want.
The trouble is who has both ownership over and is able to exercise control over your identity data? I do like your idea of using licensing as a possible mechanism.
It's one thing to say the government will host the ID data for free, for every American. (Or at least every American they deem worthy of a proof-of-online-identity certificate.)
But possession is often viewed as 9/10ths of the law. Calling it "my" data is misleading if they really mean "data about me."
Would I like to have a permanent, personal and authenticated key value store to in conjunction in some interpersonal or person-machine transactions? Absolutely.
But I don't see how having a government issued identity solves the problem of how my browsing data might be misused elsewhere.
It would seem that it only adds more personally-identifiable metadata that could be intercepted, tracked, or stolen along the way.
How would such an ID system enable the creation and enforcement of a do-not-track list? That sounds appealing, but how does my identity being tracked stop me from being tracked?
To those who would say "it'll be optional - you won't need one to search Google, check you email, etc." I point out that there are already huge efforts to track people across domains and build profiles of them. Private companies are ALREADY slobbering over this, and paying good money for even anonymized datasets. If this system goes into practice, it will simply be good business for websites to require your ID as part of the signup process. Also, open networks (like attwifi, etc.) may begin to require these as well. They could build nice juicy datasets of the Starbucks laptop crowd, and believe me they'd be hot selling items.
That's probably a best case scenario by the way. How long until it's mandated that your ISP has your internet ID, and public networks (attwifi, etc.) are required to get it to let you out into the internet?
This sounds very Orwellian, but I doubt much will become of this. Based on the statement the article attributes to Locke, it sounds like they're selling it to us as a single sign-on provider. Somehow, I doubt this will become as popular as current single sign-on providers such as Facebook or Google without legislation.
Couldn't they bully the ISPs to force everybody to use it? Seems like we should worry when they set up the groundwork for something like that, and not after the fact.
I don't see how this would be implemented at the ISP level
Simple: all new contracts with any ISP will require the customer to provide the internet ID.
All existing contracts have to be renewed no later than {date}, and if the customer fails to provide the internet ID by that date, he is forcefully disconnected.
An individual learns of a new and more secure way to
access online services using a strong credential
provided by a trustworthy service provider.
Running this past my parents was met with a blank stare, followed by "what?". And they're significantly better about their online habits than most people, especially the ones they're targeting with a system like this. Anyone interested in identity online already has several means of proving they are who they say they are, and can generate X.509 certificates to provide ridiculous-quality proof for individual transactions.
While I fully expect something along these lines to exist eventually, I'm honestly scared by the sunshine-and-ponies descriptions in that document. They're also making enormous claims of universal interoperability that reek to me of XML/SOAP/etc evangelization - it never works that well.
The commerce clause in particular has been used to justify most anything, including laws around production of your own goods because that can function as an alternative to interstate commerce.
But strict constructionism isn't an answer either. We shouldn't only have a right to bear 18th century arms, or let computer files be searched without a warrant merely because they aren't on paper. It's always going to be subjective, applying the law to questions that didn't even exist back when it was written. We have to do it, but we have to be more careful about it than we have.
This is a waste of time. Any good intelligence organization can already gain most or all or probably too much of the information they need from online actions, transactions, networks, posts/comments, protocol sniffing, ISP/ad network data, re-routing/copying traffic, social hacking, infected pcs, etc. And if you are encrypting, proxying, spoofing then you are Anonymous and already on the radar.
So far as I can tell what is actually being discussed is an official certification scheme for third-party identity providers. This would make it more feasible for third-party IDs to be accepted in contexts where they're currently not. I don't see how that can be reasonably characterized as a "unique Internet ID for all Americans", but whatevs.
This was a minor plot device in the book Ender's Game, where two super-intelligent children needed to borrow their father's network citizen access to post on the forums about their ideas. Obviously this isn't what the administration is suggesting, but it seems like a dangerous first step. I don't like it.
I'm happy with an optional OpenID-like system for stronger authentication and convenient access to account logins, but the system should be 100% optional. There's no way I'm going to trust anyone with the ability to masquerade as me through a closed system. Imagine using Facebook Connect or Google to log in to your bank. Facebook has no business involving me and my bank. It is between me and my bank only. And there is no reason for me to risk my full, unlimited online identity to a single provider like Facebook or Google. The government also has no business knowing who my bank or email provider of choice are.
There are so many incentives for legislators to restrict the internet as we know it today and effectively no lobby to protect it. I am wondering if 10 years from now we are going to have much more "regulation and security" for the networks than now. Not only in the US, on the global scale. Who knows, it might be that the 90s-00s will be remembered as the only period in the human history when the truly free unregulated GLOBAL internet was possible.
This view might look naive and hype-provoking and indeed the internet proved to be very robust on the big scale so far. However I have read recently about the very limited visa regulations for travelling around the most of the world in the 19th century. kind of puts things into perspective.
I think a government OAuth sounds like a good idea. Verifying your identity based on SSN is pretty insecure. If the commerce department can come up with a secure standard, it can seriously cut down on fraud. Internet anonymity is good for some things, but the government needs to stop people from borrowing in someone else's name.
Security will probably be challenge. This needs to be done right, but it has great potential for cutting down on fraud. With real identity, scammers can blacklisted, and honest can people can transact business better. Despite the FUD, I think this is actually good government.
In a few years time, the government will block your access to the internet for not doing as you're told.
As all services become digital eventually, the guy controlling the central ID system will be able to literally let you starve to death.
The fight for internet freedom is really the most important one in human history. If we don't win, we'll end up with a government that can actually enforce ALL its laws ALL the time.
You can already sign up for a bank account online and prove you are who you say you are by inputting enough personal information so they can verify you.
Sure there is potential for identity theft but much less so than with what they are proposing now.
As far as single logins, there is already a well established solution with OpenID, OAuth, and the Log in with Facebook / Twitter style logins.
Even if it is optional to start with, it's like every other government "security theater" nonsense and there will be mission-creep to make it mandatory sooner or later.
Absolutely no way this should be allowed to be enacted, in any form.
Government should simply enforce the existing spammer laws and ensure net neutrality.
Government tends to be inefficient in Internet business. The Government would screw things up in multiple ways: too slow, too expensive, too much corruption, not flexible etc.
Why is it that people insist on calling US citizens Americans? Canadians, Chileans, Brazilians, Panamanians, Colombians, etc are all Americans also, and this move does not apply to them at all. The American population is composed of everyone this side of the pond and not of everyone to the north only. Journalists should make a distinction.
How the hell am I supposed to keep working under the table and dodging the IRS, if they're able to track me down because I just posted to Hacker News from this IP address?
God, it gives me a cold chill feeling just thinking about it.
It seems everybody is opposed to this sort of thing, but I love the idea of having a single piece of ID that works universally. I guess there are issues with identity theft being made easier, but I think the benefits outweigh the "privacy" concerns.
