This is the third story posted to HN about the same pie-in-the-sky unicorns-and-fairy-dust identity scheme. Every official workshop ever done on the Internet identifies lack of authentication and identity management as one of its top three weaknesses --- going all the way back to Clinton and Magaziner.
(Since these are never conducted by engineers or, for that matter, competants, nobody ever notes the how this "problem" harmonizes with the end-to-end argument).
In no alignment of the planets and on no floor of the Alamo including the basement is the government going to solve the identity problem by fiat. The company that manages to come up with a tractable solution to this problem is going to be giving out $100 bills as conference tchotchkies.
Sure, this is being proposed by clueless incompetents. But the worrisome thing is that they are wealthy powerful clueless incompetents backed by people with guns, and this is the world they want to live in.
The scary thing is that something like this isn't entirely impossible to implement. Especially once 95% of the population is using appliances like iPads instead of general purpose computers.
Yes. First they replace the world wide web, the largest single coherent computing resource in the world, with the iPad, a device that represents fractions of a single percentage point of the computer market. Then: they take over the world!
Assuming you could convince everyone that this was a good idea and that anonymity/neutrality wouldn't be an issue, the federal government is the last group of people I'd trust designing this scheme to.
On the one hand, stable legally enforced identities on the internet that everyone has possession of would be a boon to ecommerce, they would be the foundation for any conceivable framework for performing binding transactions over the internet, and would drive a lot of new business, and enable new business models.
On the other hand, mandatory public identification of everyone, even in situations where it's unwarranted would be an Orwellian nightmare. And letting people require trustworthy identities in frivolous contexts (equivalent to asking people to show you their driver's license at a party, or to shop at a supermarket) is a bad idea, an extremely attractive to ethically challenged marketers bad idea at that.
The gripping hand of course, is that we can't not do this. As a society we have set ourselves on the path where the benefits outweigh the risks, and the risks of not creating a trustworthy system of identity that does it's best to guarantee both the security of transactions (non-repudiation) and the freedoms that come with pseudo- and ano- nymity outweigh the benefits of sticking with a broken system of partial identification, where identity theft is a simple matter of copying the right strings to the right places.
Frankly if you read the PDF referenced in the story, it's not as bad as some of the comments in this thread seem to think it is, the people involved have obviously been reading Kim Cameron, and aren't completely at sea on the privacy issues, or the social implications. That doesn't mean that this process doesn't bear strong scrutiny, but it does give me hope that this necessary piece of infrastructure won't get implemented in the absolute worst way possible.
I just finished reading Fatal System Error by Joseph Menn (given away at Gartner's Security and Risk Management Summit) that brought this topic up specifically. Good book if you want to get scared about going online ever again. :/
The major problem with an Internet ID (from a security perspective) is that the bad guys will still figure out how to spoof it and people will be lulled into more complacency, since the government has solved the problem.
I was surprised at the conference how easy it is for people to get around one-time passwords, multi-factor authentication and other "really secure" solutions.
The problem is immense and is going to require immense investment to fix.
And when it fails (as it will), there will be immense political pressure to "maintain" or deny technical shortcomings, and we'll be right back to where we started.
At least with someone like Microsoft or Apple you can constructively threaten publication of cracks, and it is their interest to fix things. If it's the government, they send people with guns after you, and to some extent those folks' employment /depends/ on the existence of cracks.
"There's nothing wrong with the Secure Internet. But we need more funding to catch all these bad guys..."
It's what I call a recursive ecosystem trap, where the rosy picture (things truly working) is subverted by people who can make money by repeatedly patching what's broken, and there is no incentive to make real fixes. It's dirty, and it works; the US prison system is good example of this.
I was talking to a buddy of mine today who works for Election Systems & Software, and he was saying that something like this is the only way we'll ever be able to vote online.
Interesting, but I for one have no problem with never being able to vote online. We have enough problems with fraudulent voting machines already without throwing the Internet into that mix.
Yeah, when discussing online voting, if it should be done is often overshadowed by the assumption that we can vote online. I'm sure that there's some group that would consider lack of online voting to be disenfranchising them.
This appears to be very close to what is parodied here http://news.ycombinator.com/item?id=1458066 "Before signing on, please ensure you have received your RealIdentity card from local authorities."
I picture a hashed biometric identifier that goes in the bottom 64 bits of your ipv6 address, every time you do anything online with any conceivable connected device.
If you want this porn, push this button after entering the blue text from the image into this text field.
e.g. if that is required, hacking will be all about getting other people to issue the dirty bits for you, and leave their fingerprints all over the evidence.
(Since these are never conducted by engineers or, for that matter, competants, nobody ever notes the how this "problem" harmonizes with the end-to-end argument).
In no alignment of the planets and on no floor of the Alamo including the basement is the government going to solve the identity problem by fiat. The company that manages to come up with a tractable solution to this problem is going to be giving out $100 bills as conference tchotchkies.