back to article US proposes online IDs for Americans

The US Government has published plans to create digital identities for Americans. The US Government wants to create a voluntary system that will allow Americans to access financial services online using one account. It hopes the new system will help protect against fraud and identity theft and reduce the barriers to trade that …

COMMENTS

This topic is closed for new posts.
  1. Loyal Commenter Silver badge

    Face -> Palm

    "The US Government wants to create a voluntary system that will allow Americans to access financial services online using one account. It hopes the new system will help protect against fraud and identity theft and reduce the barriers to trade that multiple accounts brings to businesses and consumers, the strategy said."

    I'm guessing they have never heard of a 'singel point of failure' then. Phished once, phished everywhere...

    1. DrXym Silver badge

      SSNs

      The US already has a single point of failure. Everyone hands out their SSN to private businesses like toffee because so many of them ask for it. e.g. Banks & credit card companies use it as a unique key to do credit checks. I bet most US citizens know their SSN off by heart whereas most people in the UK haven't a clue what their national insurance number is, let alone where they left the plastic card that says it.

      Anyway I don't see the issue with having a single sign on ID for all government related business assuming appropriate safeguards were in place to protect people from themselves and hackers That would imply multi factor authentication + hard token of some kind.

      Just as important are safeguards and legislation preventing 3rd party access as well as the proliferation of government services that require sign on for use. It should be strictly for government to person business for tax, health and benefits and not for general inquiries, monitoring / tracking or frivolous uses (e.g. lending libraries).

      1. kwhitefoot
        Go

        single sign on ID for all government related business

        We already have this in Norway, had it for a couple of years. And it uses my mobile as part of the authentication process requiring me to both remember a password and be in possession of my mobile so that it can send me a token after I have given the right password, I then type the token in to the web page.

      2. Ammaross Danan
        Badgers

        Reading

        "It should be strictly for government to person business for tax, health and benefits and not for general inquiries, monitoring / tracking or frivolous uses (e.g. lending libraries)."

        In case you missed it, they're recommending it for online banking and the like too. It's supposed to be an "online identity" like Microsoft's Single Sign-on (LiveID) or the like. Once your username (email address likely?) and password is phished, logged, DB hacked, etc, your life is now an open book with access to any accounts in the system and government services.

        As for the SSN bit, yes, Americans (mostly) do have it memorized. However, a hacker getting your SSN isn't going to get them into your bank account (without some social engineering at least...). Basically this online identity will exacerbate the problems we have with SSNs.

        The government should invest more time into proper fraud protection schemes and less with helping end-users reduce password re-use with implementing a single password for everything. At least with password reuse, you don't have a convenient list of all the places you use said password. (yes, email would be a list, but if you lose your email account you're toast anyway).

      3. Anonymous Coward
        Coat

        Couldn't they just use RSA?

        Oh wait...

  2. spodula

    To me this sounds like

    o Paypal

    o single sign on

    o except government controlled.

    Neither of these three statements fills me with confidence.

  3. Blofeld's Cat
    Coat

    ID Cards: Reloaded

    If the US Government require any assistance with this project, we have a lot of ex-Ministers over here in the UK that are very keen on this sort of thing.

    It's the one with the "Spartacus" name tag.

  4. Kevin 6

    Wonder

    I wonder if they checked to see it the idea was already pantented

    "users will be able to register for access to a network of government and businesses providing data and ways to pay for things online"

    sounds like some vague description some patent troll would already have patented.

    Seriously though this sounds like a stupid idea instead of having to break into multiple accounts, and companies to steal all your accounts now they get a 1 stop shop for access over who you are. Smart, very smart...

  5. Anonymous Coward
    Anonymous Coward

    More to lose..

    When your ID for the new system gets stolen...

    1. TakeTheSkyRoad
      Black Helicopters

      Agreed !!

      This paragraph in particular I found interesting...

      "The Identity Ecosystem will use privacy-enhancing technology and policies to inhibit the ability of service providers to link an individual's transactions, thus ensuring that no one service provider can gain a complete picture of an individual's life in cyberspace," the NSTIC document said.

      Very good except of course that whoever controls the system has access to *everything* which if you extend this to the limit is every purchase and financial transation you make. Not just online either because once this matures it would be trivial for plastic cards to contain the ID too or at least to link databases.

      Seems to be the US Gov has realised how much information there is to be had out there and if it gets in quick and early then it could end up with a huge amout of information on it's citizens.

      I think it's unlikely to extend outside of the US though other govs (UK ?) might cotton on too.

      1. Jeff Deacon

        titular thingy ... ...

        As a data collection exercise, it strikes me as being like the TIA or MATRIX disasters, except that it has the veneer of a purpose, whereas the two previous attempts were just pure central government data acquisition.

        Why have we got control freak governments everywhere?

    2. JimC Silver badge

      Its a hard choice but

      I think I mistrust Google even more then I mistrust Government...

      1. Alan W. Rateliff, II
        Paris Hilton

        Good news, everyone!

        Then I have great news for you. Google will probably be contracted to handle the data back-end.

        Paris, handling some kind of back-end.

      2. saned
        Big Brother

        Choice

        Except that I can choose not to use Google. I wish I could choose a different government...

        1. JimC Silver badge

          s/Google/Government/

          I can vote for a different MP or local councillor, I can't get Google to stop photographing my house, or listening on my WiFi, (if I were mug enough to have any) or ripping off my creative work and trying to get it declared orphan or or or...

  6. Anonymous Coward
    FAIL

    Is it just me

    or is this an eggs/basket interface ?

  7. Graham Marsden
    Black Helicopters

    "Although the system proposed is voluntary..."

    Ah, "voluntary" a word that is liable to mean "if you don't volunteer, you're screwed, because without this you're not going to be able to do business online"

  8. Roger Varley

    OMG - just where do we start with this ....

    as title really

    1. maclovinz

      In the Easter Spirit!

      XD

  9. Dan Beshear
    Coat

    More Utopian nonsense

    So what happens when Aunt Mildred hands out her information to help launder money from that long lost relative in Nigeria? How about when the less-than-secured-as-promised system gets hacked into? (My money is on 75-90 minutes after going live.) And how much will this über-Net system cost? Hopefully the costs come from the subscribers (corporate and human), but knowing how the US is going lately it'll be free for the $1M+ bunch and $49.99 per month for the <$1M for us teeming masses.

    Call me when the Uncle Sham figures out how he's going to avoid Chinese & Saudi foreclosure in 2016.

  10. Anonymous Coward
    Anonymous Coward

    time until

    Guesses on amount of time till (the likely never to be implemented) system is breached and millions of identities stolen from when it goes live?

    Unless it's infiltrated by someone clever of course, who will sit back and harvest for a few years then have some real fun.

  11. despicable me
    Troll

    Don't worry

    After all, if you have nothing to hide, you have nothing to fear - do you?

  12. Rich 11 Silver badge
    Big Brother

    It'll never happen..

    ...because the usual nutters will denounce it as the Mark of the Beast and a sign of the End Times, and get their Congresspersons wound up into creating a grandstanding religio-political furore aimed at currying votes and soliciting campaign contributions.

    Still, it's always fun to watch from the sidelines.

    1. Anonymous Coward
      FAIL

      Sorry to disappoint you

      I'm not a nutter (yet) and i'm not part of any right-wing wacko group (religious or otherwise), but this is just a bad idea. Last thing we need is another ID...another unsecured ID; another ID that can be stolen; another system to be breached; another place where notbody is responsible but the victims for their losses.

      JUST SAY NO!

  13. Anonymous Coward
    FAIL

    Trust Me!

    ...Nothing can _possibly_ go wrong...

    - Your Prez.

  14. Anonymous Coward
    Anonymous Coward

    1 Compromise _one_ set of credentials

    2 Get access to all my financial services.

    3 Profit.

  15. Lake.P.Sailor
    FAIL

    Nothing to see here, move along.

    Another pie in the sky information grab scheme that will go nowhere. File this "plan" in the FAIL bin alongside "RealID" and the Clipper chip.

    Assuming we had the money for it (we don't) people here won't stand for the notion of El Fed having that much control over how they go about buying things. We won't get into the whole "required ID" question.

  16. Nick Kew Silver badge

    Exactly what we need is ....

    ... almost this proposal.

    Take out the government, or any other central authority to distrust (as in Microsoft passport), and instead empower the individual with a cryptographically-secure, verified identity.

    Much easier than it looks. Watch this space. Oh, er, right, *that* space, then.

  17. Christoph Silver badge
    Unhappy

    Voluntary?

    So various business and government sites will make it very hard to use them without this.

    Then after a bit of mission creep, even funny foreigners will have to have one of these IDs to use many US sites.

    Some other governments will join in. Some will object to the US knowing everything their citizens do, so will start their own rival systems to be forced on their citizens.

    Don't those idiots *ever* think things through? OK, some of them want just this, but the rest?

    And of course the 'smaller government' lot will love it, because that's smaller for *them*, not for everyone else.

  18. Philip Hands

    It _could_ work ...

    if it were done such that one could buy a key fob or similar token from one of a dozen manufacturers, depending on your needs, which device would generate a new key whenever one fancied, and would allow you to chose between one of several such identities.

    Then you take your widget to the post office, or some such, along with your passport, a gas bill and your swimming proficiency certificate, and they sign your ID using public key crypto.

    I believe that one of the ex-USSR countries has something pretty close to that in their ID cards.

    If you think that one of your keys is compromised, you revoke the key, create a new one and go back to the post office for it to be authenticated. No enormous central database required.

    of course, since no central database is needed, there is no chance of the civil servants supporting such a scheme, because of the lack of empire building opportunities.

    One could imagine having a tamper-proof module built into phones for holding these keys.

    at which point this becomes something like Dave Birch's psychic paper idea:

    http://digitaldebateblogs.typepad.com/digital_identity/2008/06/its-crazy-but-i.html

    shame it'll never happen

  19. a53

    Oh gawd

    If the Yanks are as good at losing security data as we Brits, heaven help them.

    1. copsewood
      Terminator

      @Philip Hands

      "One could imagine having a tamper-proof module built into phones for holding these keys."

      Best place for it, assuming the TPM has first class access to the display of the phone so you can know what you are signing with it. It'll have to be well firewalled from the dodgy applications you can download and run on the phone.

      "of course, since no central database is needed, there is no chance of the civil servants supporting such a scheme, because of the lack of empire building opportunities."

      Which is why a cross industry fully open (e.g. IETF style) standardisation process should lead this development, not government plans and legislation. Probably not in the US, as all the private corps involved will want patents on the tech so they can get rent out of it by keeping it restricted.

      Another question is, assuming a relatively independent post office wants the business of acting as the trusted third party, will their government masters prevent them because this approach isn't centrally controlled enough for the empire builders ? During the Nulab development of their ID cards at one time they were planning to make these compulsory and force 90 year old invalids to go to regional centres to be biometrically scanned so they could be issued these things.

    2. perlcat
      FAIL

      They lost mine quite handily

      Seems like government and stupid is saying the same thing twice.

    3. Anonymous Coward
      FAIL

      it could work if....

      If the Vietnamese hadn't just killed of the last of the unicorns....dang.

    4. Anonymous Coward
      FAIL

      won't ever work

      As i pointed out on Ars, when they wrote about this....ALL YOUR ID IS BASED ON A PILE OF PAPER. You can't EVER secure your ID. All anyone needs is pieces of paper to make them you (or vice versa).

      until the day comes that they fingerprint, footprint, eyeball print, DNA test your sprog immediately after they hatch out and take the mother's and father's DNA at the same time... then bar code the rugrag permanently and put it all in a nice smooth database... you won't have a sure ID. and hopefully i'll never live long enough to see this happen.

    5. John Smith 19 Gold badge
      Unhappy

      @Chrisoph

      "Then after a bit of mission creep, even funny foreigners will have to have one of these IDs to use many US sites."

      In the UK they started with the foreigners first.

  20. Michael 28
    Go

    ident-i-eeze

    The estate of Douglas Adams has proprietary rights on this.

  21. kns2c

    What online services?

    How about first implementing these "online services" properly. Most local governments don't accept online tax payments and those that do will charge you a "convenience" fee... seriously, they'd rather have me send them a check than have money deposited straight into their account. Even the federal government doesn't allow to file the tax return online without paying a 3rd party for the privilege (and even that doesn't work in many cases if you need some non-standard attachments). There are some exceptions, e.g. my state accepts vehicle registration fees online without a surcharge, but those are few and far between.

    Don't even get me started on the abysmal state of online banking. 3 days to transfer money from bank to bank and that's between your own accounts. No way to pay someone else directly - have to send a check.

    In case someone's wondering what a check (cheque) is - it's a piece of paper with your bank account number on it. Your bank account number is supposed to be kept secret because anyone who knows it can pull money from it. See the slight issue here?

    I'd say IDs are the least of our problems.

    1. Anonymous Coward
      WTF?

      so move!!

      "Don't even get me started on the abysmal state of online banking. 3 days to transfer money from bank to bank and that's between your own accounts. No way to pay someone else directly - have to send a check."

      Seriously, if that is what your internet banking is like then change banks. With my bank I can do account transfers and payments immediately - and they are immediate, most of the time less than 10 minutes.

      To pay someone else I just need their sort code and account number. Easy!

      1. kns2c

        Bank of Unicorns

        "Seriously, if that is what your internet banking is like then change banks. With my bank I can do account transfers and payments immediately - and they are immediate, most of the time less than 10 minutes.

        To pay someone else I just need their sort code and account number. Easy!"

        And that magical bank of yours is ... ? I have a feeling there is a bit of a geographical misunderstanding here (US vs UK).

  22. James Woods

    last I read

    This system is already live.

    And who to trust more; government or 'private sector'. There is no private sector when government gets involved in it with funding, contracts, and ideas.

    The private sector doesn't have the best track record themselves. It's why we have credit card standard systems being designed by credit card companies for whom still after first creating a problem and a solution still continue to have problems.

    All the while kicking around small businesses that haven't had problems and have to pay to keep up with corporate screwoff america.

    What can go wrong with a system like this.

  23. Anonymous Coward
    Anonymous Coward

    I'd bothered to read the first report

    and it basically proposed "passports... on the internet!" with some lip service sauce about the private sector saving the day and preserving everybody's privacy. That attitude apparently hasn't changed, so we have fancy words for what amounts to another verisign racket.

    "But it's voluntary!" is about as true as how voluntary you give monies to a commercial CA just to make those nag screens in your users' browsers go away. And maybe turn the location bar green.

    Admittedly I haven't read the new report as the previous one was sad enough. But going on this article, this five-letter-acronym still isn't mutual, it doesn't make everybody a first-class citizen, and the most important properties --of minimal information transfer, also no word on "trade" identities and such-- are left for commercial parties to invent, that don't exactly have a natural incentive to do so. Sounds like tripple win on a love parade float.

  24. Tom 35 Silver badge

    So they need magic

    "The US Government said that it was up to the private sector to develop technologies that make online identities secure and easy to use, safeguard transactions, and protect anonymity"

    So they are in effect going to put out a saucer of milk, and check in the morning to see if the elves have put together a system for them.

  25. Sly
    FAIL

    another reason to shop at local stores.

    cash... the great anonymous maker.

    1. mraak

      Cash

      That's why you have to pay them to your cash and that only a bit per day.

  26. Anonymous Coward
    FAIL

    I don't trust paypal

    Why would i trust the government?

    This has "bucket of fail" writ all over it in big letters.

  27. maclovinz
    Flame

    What the fuck?

    The Feds (not the President) can't even manage the nation's security now, why the HELL would I want this?

    So some $7-$9/hr public worker has every single one of my accounts?

    Please.

    Fix the fucking infrastructure first.

  28. Eduard Coli
    Thumb Down

    Old is new again

    This is a very bad idea indeed...

    No surprise, Mickey$oft tried to sell this in an early iteration on .NET.

    The problem they had was that the government's favorite charity, you know, the banks did not want to pay M$ for the privilege.

    Now the banks can have the government have us pay M$.

    I have the binder advertising this still. (the knowledge may be gone but the binder is forever).

  29. Martin.Hale
    Big Brother

    What's that old line again...

    ...oh yeah - put the government in charge of the desert and in a year you'll have a shortage of sand. There's zero chance of them not making a royal hash of this. Zero.

  30. mraak

    Fox

    Breaking news on Fox: Obama wants to Stalinize the internets. This is unacceptable.... unless it's privatised by a GOP donor.

  31. Marketing Hack Silver badge
    Stop

    How about "no way in Hell!"?

    "The Identity Ecosystem will use privacy-enhancing technology and policies to inhibit the ability of service providers to link an individual's transactions, thus ensuring that no one service provider can gain a complete picture of an individual's life in cyberspace," the NSTIC document said.

    So instead of service providers having access to all your transactions the government will?? And we know how long* it will take law enforcement/tax authorities/homeland security/NSA/social services/whoever else wants your info and works for the government to get your data.

    *--That "how long" will be somewhere between instantaeneous and at best a few years after the system goes online after a little requisite "but if our agency/department had access to this database we could improve society by (your justification here)..)

    And then there is the security. I hate having to remember multiple logons and passwords, but I'd rather have that than one big database that contains everything. Every hacker in the world is going to compete to penetrate that database, and chances are they will come up with something really ingenious or so-simple-its-brilliant to hack into the system.

  32. Anonymous Coward
    Big Brother

    Tell you what

    Go away and balance your budget and reduce the national debt by half then come back and we can talk.

  33. Doug Glass
    Go

    My Man Obumma

    Don't know about the rest of the world, but I just don't believe I'll be trusting the US govern-ment to keep any password of mine either safe or confidential. Any list or file will be managed by the lowest paid, last person hired and the job will likely be shuffled from person to person endlessly. Not exactly my idea of security. Not to mention the pathetic state of the govern-ment's computer system and expertise. Or lack thereof.

    Just one more drop in an ocean of regulation proposed by the current administration bent on controlling everything they can get their hands on. New York state regulators have written regs to control kids playground games. Since when it is the government's job to tell anybody how they play and throw a ball?

    Oh well, elections are coming. But they're always coming and we seem to be in an endless loop of putting morons and nannies into office.

  34. D Moss Esq

    What's in a brand?

    The US plan is predicated on a thriving private sector industry capable of providing several identities for the entire population.

    Some people would say that industry doesn't exist and that the plan is therefore holed below the waterline, it's talking about something that doesn't exist, like centaurs, it's fantasy.

    Others would say that the industry does exist. Banks do it, telcos do it, even Microsoft and eBay do it, let's do it, let's issue ID. But that still doesn't make the Fed plan feasible.

    These banks and telcos and suchlike have spent billions of dollars building trusted brands. They need to protect those brands. There's value in that there trust. They are not about to let a bunch of civil servants jump in and trash the brand. The shareholders wouldn't like it. The equity analysts wouldn't like it. And the directors wouldn't like it, it's not good for their job prospects.

    The US plan won't happen.

    And -- funny coincidence -- but the UK has the same plan. Would you credit it?

    The UK also, in the form of the Cabinet Office, predicates its zany G-Cloud plans on a thriving private sector industry of identity providers. An industry that doesn't exist and wouldn't let the two left-footed CIOs of the big departments of state anywhere near their brand even if it did exist.

  35. Levente Szileszky

    Well, how do you spell ACTA, (MAF)RIAA and RICO?

    http://www.eff.org/issues/acta

    http://www.techdirt.com/articles/20110415/00333013902/riaa-lawyer-limewire-lawsuit-recommended-as-federal-judge.shtml

    http://www.techdirt.com/articles/20110411/02255913843/judge-backpedals-allowing-mass-infringement-lawsuits-after-press-calls-attention-to-her-riaa-lobbying-past.shtml

    http://en.wikipedia.org/wiki/Racketeer_Influenced_and_Corrupt_Organizations_Act

  36. D Moss Esq

    Where have all the biometrics gone?

    Read El Reg's article, and there's a great big hole in the middle.

    "Identity" means biometrics. That's what we've been told for years here in the UK. David Blunkett said so, so you know it's true. Even Meg Hillier said so. And yet there's not a single reference to biometrics in the entire article.

    Strange.

    Stranger still, there's no mention in the Wall Street Journal article, http://blogs.wsj.com/digits/2011/04/15/a-government-plan-for-ids-to-replace-online-passwords/?mod=google_news_blog Nor in the NATIONAL STRATEGY FOR TRUSTED IDENTITIES IN CYBERSPACE.

    And even strangerama, there's no mention of biometrics in the Cabinet Office's description of the wacky Identity Assurance service which forms a crucial part of the psychedelic G-Digital Project (http://gdigital.direct.gov.uk/) which exists in the hallucinogenic G-Cloud programme (http://dematerialisedid.com/BCSL/Clouds.html).

    Are we to understand now that biometrics are unnecessary? And/or that they don't work? And/or that we can now run identity management systems without biometrics, just as we have done for the past 5,000 years of civilisation?

  37. Wile E. Veteran

    You have your papers?

    No such thing as "voluntary" when the Government is involved.,,,,,,,

  38. Getter lvl70 Druid Silver badge
    Flame

    Not no, but....

    FUCK NO! It'll be just another database to be:

    1. Stolen/hacked

    2. Used against you by the IRS

    3. Made mandatory eventually by the US Gov 'for our own good" to 'protect citizens".

    I trust Barry Soetoro (aka Barack Obama) half as far as I could throw him (can't use 'trust as far as I can throw" because he's a freaking stick man that apparently weighs a buck o'five). Lies lies lies.

    One slick example: Years ago the guv promoted a seat belt law where yes, you could be ticketed IF you were in a wreck and you weren't wearing one and claimed 'It will never be used as a reason to stop/pull you over. Fast forward less than five years and bang! They WILL use a lack of seat belt as probable cause to stop you now. Mission creep... they ALWAYS change it up on the citizenry and it's ALWAYS for the damn children or for the poor or for the global climate warming change. Another for instance is that fucking Obamacare - if it's so fucking great, why did congress exempt themselves? Why are the Obamacare supporters like unions and various democrat organizations get exemptions? Why can't I get a 'Get Out of Jail Free" card?

    I am greatly pissed off about that hack job recently where damn near everybody I do business with lost customer email addresses etc. My spam has jumped 400% since then.....and these businesses have at least token security - freaking Chinese are all over US government servers - the US Gov can't protect shit.

    Tap, tap, tap...... I better go lay down for a bit, I've been avoiding the news cycle for my own good - and blood just shot out my eyes.... thanks El Reg!

    owwwwwwwwwwwwwww! brain hurts.

  39. joe.user
    FAIL

    When are we going to have enough of this!?

    Online Id's, tracking GSP without a warrant, the Patriot Act...I mean really, when's enough a enough? We're all too damn busy playing Xbox and updating Facebook we're overlooking an opportunity like 1960 to tell this Government and these blue-blood bozo's we're done!

    1. Peter Murphy
      Thumb Down

      Let me get this straight.

      "Fast forward less than five years and bang! They WILL use a lack of seat belt as probable cause to stop you now."

      Isn't lack of a seat belt probable cause for "driving without a seat belt"? Most first world countries make that a no-no. It's illegal where I drive.

      Doubtlessly the future ID system will suck: single point of failure, privacy issues, etc. But opponents should not make themselves look excessively intransigent by silly hypotheticals such as this.

      1. Getter lvl70 Druid Silver badge
        Thumb Down

        It's not silly at all

        Not wearing a seat belt has been law for some time but pulling you over because they cannot see a seat belt being used is horseshit. Why? Well I don't know... being searched while they got you, having your phone completely downloaded to a cop device - everything, pics, contacts, txts, email, and with a nice little addition of a password cracker built in. Michigan state police are doing this RIGHT NOW and have been since 08.

        The point of this is that while I don't have anything to hide - it;s none of the fucking governments business! It's no ones business but mine and the increasing intrusions into my life, neither asked or wanted, is wrong and is really pissing me off.

        It's not seat belts per se, it's the give them an inch and they take a mile every time thing I object to.

    2. longbeast

      re

      We have used biometrics for the last 5000 years, in the form of recognising people when we see or hear them. Faces, voices, bodytype... are difficult to forge sufficiently well that a careful person can't spot it.

      They don't work so reliably over the internet.

    3. Anonymous Coward
      Anonymous Coward

      Biometrics largely a fad. And a profitable industry.

      A picture is a biometric, and it's a useful way to check if it somewhat matches the person touting the document. But that's largely where the usefulness ends. An experienced customs officer (a smart one, not a TSA type goon) isn't really looking for that anyway; he'll be checking if you aren't nervous over and above the normal for traveling, and if so, he'll ferret out why. It's what you're up to, not who you are, that's important to border control.

      Take fingerprints. We've known since at least a 2002 academic paper that it's bloody easy to fool a fingerprint scanner. Aussie kids managed with gummi bears. Even those with heartbeat monitors in them. But that's not the worst of it. The problem is that whereas a document is easily replaceable*, fingerprints are not. So no redress in case of impersonation.

      And you leave them bloody everywhere. Useful to dust for after a murder or something, not so useful when trying to protect yourself from impersonation.

      "Biometrics" other than that picture are much like RFID: They're not useful to anybody but the sellers of the required equipment. They're an actual detriment to security as well as privacy, as a matter of fact, so I'd like my government to give me back a passport without RFID or fingerprints or what-have-you.

      Phat chance that'll happen, but then again they're not there for me; they've made bloody clear time and again they choose to regard their citizens as potential criminal "just to be sure". And that's a western european country. I perforce agree with Mahatma Gandi on the topic of western civilisation.

      * Blacklist the passport number of the old one, issue a new one.

    4. John Smith 19 Gold badge
      Happy

      AC@23:57

      "reduce the national debt by half then come back and we can talk."

      That would bring it down to about 48% of GDP.

      But that would be a start

    5. John Smith 19 Gold badge

      @Wile E. Beteran

      "No such thing as "voluntary" when the Government is involved.,,,,,,,"

      Not so. The UK govt, in their desire to do this said carrying the card would be "voluntary." It was about the only concession non governmental MP;s got out nuLabour.

      However as one nuLabour Home Secretary pointed out (once they had won the vote and Labour were in a majority at the time) it would only take a 1 clause bill to change that.

      Voluntary. Like breathing. You don't have to if you don't want to, but the consequences will be severe.

  40. Goat Jam
    Grenade

    Already Redundant

    We are already well on the way to a web with a "single sign on" courtesy of Facestab. More and more I see businesses exhorting their customers to "friend them" on Facestab, all it needs now is for the guvmint to follow suit and voila, it's done.

    Of course sane people will have nothing to do with it, but how many sane people are out there?

    Not enough to cause a statistically significant blip.

  41. Al 4
    FAIL

    Password length and characters allowed mandate would be better

    It would be better in my opinion to require all sites that require passwords to allow the use of characters other than just a - z either case and the numbers 0 - 9 and at least a 32 character length that is utilized and not cut off internally because their system can't deal with longer passwords. I taught my kids how to use and create long, unique, cryptic and easy to remember paraphrase passwords for sites that allow them. When friends are around when they are entering them in they will often comment on the length of their passwords. They also realize how hard it is for someone to figure out what your password is watching over your shoulder when your fingers are moving all over the keyboard to catch the 20+ keys that you use. The last password system that I worked on allowed passwords up to 64 characters in length and all but a couple of the UNICODE characters. Besides my kids the others I've shown agree that it is easier to remember a paraphrase password with substitutions than a short cryptic one that most places want and allow.

  42. Anonymous Coward
    Stop

    Who do you trust ?

    "The Identity Ecosystem will use privacy-enhancing technology and policies to inhibit the ability of service providers to link an individual's transactions, thus ensuring that no one service provider can gain a complete picture of an individual's life in cyberspace," the NSTIC document said.

    ... Except the US Govt who designed and owns the system ... sorry we didn't mention that .

  43. Eddy Ito Silver badge

    Oh yeah

    Who wants to give Uncle Sam a single puppet string they can manipulate while keeping their corpulent arses firmly planted in that high back leather chair in a cube at the Dept. of Homeboy Security. Comply... or else!

  44. John Smith 19 Gold badge
    Big Brother

    Is there a list somewhere of Grand Targets?

    You know, where breaking into them would bring *massive* kudos and/or financial reward?

    Only I can see this thing going to #1 on it.

    So difficult to decide on an icon. BB? FAIL or just a plain WTF?

  45. Charles 9 Silver badge

    If not the Government, then WHO?!

    If the government cannot be trusted with verifying our identity because they'll make a mess of it, and private industry cannot be trusted because they'll monetize it, the final question becomes, "WHO do you trust?" If the answer boils down to, "No one, not even yourself," then how will remote commerce (which require sufficient levels of trust) ever continue to build?

    1. John Smith 19 Gold badge
      Headmaster

      @Charles 9

      A better question might be "Why"?

      1. Charles 9 Silver badge

        WHY do we trust?

        Because the average human being cannot be solitarily self-sufficient. Indeed, we're not built that way since we're sexual creatures (I state it in the scientific sense that it takes two to procreate). Trust is an important social factor since none of us wants to get stabbed in the back, so to speak. So it boils down again to how we establish a system of trust for others (with which to do commerce) when neither the public nor private sectors can be trusted with such a system?

        1. John Smith 19 Gold badge
          Big Brother

          @ Charles 9

          Thank you for that neat summation of an aspect of the human condition.

          What I actually meant in this context was why do you *need* a central authority to hold *all* of your details who will confirm you are who *you* claim you are?

          In the context of the internet the key questions you want *any* kind of authentication to confirm are.

          I say I have funds/credit to cover this purchase. Establish comms to my provider and have then confirm the cash is in my account or I have this level of approved credit.

          I claim I am X. Here is my token. Anyone supplying a token which does not *match* this is someone else.

          With the advent of public key (using 2 keys) encryption (not just using the RSA algorithm but others) a central authority is no longer *necessary*.

          There already exists a mechanism to upgrade internet protocols, including those around security. It's called the IETF. It's not the US government.

          And if it's terrorism they are *so* concerned about I'd say 10 years after 9/11 seems a hell of a long time delay to suddenly *discover* this need.

          That "why?"

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019