I just finished reading Fatal System Error by Joseph Menn (given away at Gartner's Security and Risk Management Summit) that brought this topic up specifically. Good book if you want to get scared about going online ever again. :/
The major problem with an Internet ID (from a security perspective) is that the bad guys will still figure out how to spoof it and people will be lulled into more complacency, since the government has solved the problem.
I was surprised at the conference how easy it is for people to get around one-time passwords, multi-factor authentication and other "really secure" solutions.
The problem is immense and is going to require immense investment to fix.
And when it fails (as it will), there will be immense political pressure to "maintain" or deny technical shortcomings, and we'll be right back to where we started.
At least with someone like Microsoft or Apple you can constructively threaten publication of cracks, and it is their interest to fix things. If it's the government, they send people with guns after you, and to some extent those folks' employment /depends/ on the existence of cracks.
"There's nothing wrong with the Secure Internet. But we need more funding to catch all these bad guys..."
It's what I call a recursive ecosystem trap, where the rosy picture (things truly working) is subverted by people who can make money by repeatedly patching what's broken, and there is no incentive to make real fixes. It's dirty, and it works; the US prison system is good example of this.
The major problem with an Internet ID (from a security perspective) is that the bad guys will still figure out how to spoof it and people will be lulled into more complacency, since the government has solved the problem.
I was surprised at the conference how easy it is for people to get around one-time passwords, multi-factor authentication and other "really secure" solutions.
The problem is immense and is going to require immense investment to fix.