Obama moves forward with Internet ID plan

http://news.cnet.com/8301-31921_3-20054342-281.html

Obama moves forward with Internet ID plan
by Declan McCullagh

The Obama administration said today that it's moving ahead with a plan for broad adoption of Internet IDs despite concerns about identity centralization, and hopes to fund pilot projects next year.

At an event hosted by the U.S. Chamber of Commerce in Washington, D.C., administration officials downplayed privacy and civil liberties concerns about their proposal, which they said would be led by the private sector and not be required for Americans who use the Internet. There's "no reliable way to verify identity online" at the moment, Commerce Secretary Gary Locke said, citing the rising tide of security threats including malware and identity theft that have grown increasingly prevalent over the last few years. "Passwords just won't cut it here."

A 55-page document (PDF) released by the White House today adds a few more details to the proposal, which still remains mostly hazy and inchoate. It offers examples of what the White House views as an "identity ecosystem," including obtaining a digital ID from an Internet service provider that could be used to view your personal health information, or obtaining an ID linked to your cell phone that would let you log into IRS.gov to view payments and file taxes. The idea is to have multiple identity providers that are part of the same system.

Administration officials plan to convene a series of workshops between June and September of this year that would bring together companies and advocacy groups and move closer to an actual specification for what's being called the National Strategy for Trusted Identities in Cyberspace, or NSTIC. Left unsaid was that the series of workshops, which will be open to the public, will give the proposal's backers a chance to downplay concerns that it could become the virtual equivalent of a national ID card...

Oh, well that makes it ok.

One of he various characters of Hitler's little excursion would suffice.

PB

Only people who have no clue how the internet works in the first place would be bothered by this.

First this is an effort to make transactions done on the internet more secure and less susceptible to identity theft. It is not an attempt to spy on you.

When you connect to the internet a couple of things happen. Number one your provider assigns you an IP address. This address can be traced back directly to whoever is the customer listed on the account with the ISP. Second every thing you do on the internet has your machines unique ID attached to it by means of something called a mac address. These are unique to every single machine on the planet now at the moment there is no real way to tie you directly to that address but lets say you were a terrorist and you made a threat to bomb the white house on the internet. The feds could first trace your post to your provider via the IP address and then from your provider to the account holder via the account and then from there they can go to the address and look at every machine they find there till they find the one that matches the mac address that sent the post in the first place.

So really at the moment you are not nearly as anonymous as you think you are at lest when you are home. However other things come into the mix, like internet cafe;s or other free wifi hotspots. All the people using those are typically sharing the same IP adress through a router. This makes it very difficult to track activity down to a specific person as Mac addresses aren't currently registered to people so you cant go somewhere and look up my MAC address and find out who I am as you could an IP address. However I am quite sure the FBI and others use that information to track people all the time.

The bottom line is this has nothing to do with them wanting to be able to track you or your information as that can already be and is already being done quite easily, this is an effort to try to bring more security to online transactions something to protect both you and the business you are conducting that transaction with. The proposal they made today was for people to work on a Digital ID that you could get to make those transactions much more secure and yes it could be used for other things as well but that is not the intent here the intent is to provide better security for online transactions that's it.

Screaming this is some attempt to spy on you is just WOOWOO stuff.

unless I personally ok it.

They are trying to come up with standards on how exactly to on the one hand alow you to do a transaction where both sides of the transaction are assured they are dealing with who they are expecting to deal with while at the same time limiting the information exchanged in creating that trusted relationship. If you read the article is specifically states it would be entirely voluntary. Think of it like an online credit card something only you have the copy of like your credit card and you could use like a credit card to make a purchase or any number of different transactions based on that card. They could have cards for all sorts of different uses the key to this meeting was to try to figure out a standard set of security features that would be required for a company to issue such a card.

Again this is a good thing and while yes there is the potential for abuse that is not the intent and like a credit card companies that abuse it would likely be discovered quite quickly and they would either suffer from no one wanting anything to do with their"card" or possibly even criminal repercussions depending on any legislation they passed to go along with these standards.

No system is going to be 100% secure ever, there will always be potential for abuse but what we are working with currently for security is quickly becoming very outdated and insecure. Change is needed and I am happy that the administration is taking a proactive role in trying to address what is a very real need.

A MAC address is a layer two entity - it does not exist beyond your router or LAN segment. It does leave your machine, but it's not encoded in any packet that leaves your immediate segment, since it's stripped out as soon as the gateway receives the packet to decode it and retransmit it. From there, if it were to leave, it would be retransmitted with the gateway's MAC address - not that of your machine. This is why devices like routers and broadband modems have LAN and WAN port MAC addresses. Other computers connected to the same router, switch, or wireless access point can see it, but nothing beyond the gateway.

One can get a personal security digital certificate and use it to certify anything with available software right now. How is this different?

at mandates.

Just as we already have. What is the "move forward"? We are here already.

government isn't involved.

Tell me how government involvement is going to make this better?

Some of us value our privacy.

I would say they could probably do a lot.

The government is Doing good. There is a real need for this sort of thing and if you read the article this is not an ID provided by the government this would be an ID provided by private companies. Also its not mandatory but voluntary.

This could be very helpful in many ways for thousands of transactions done over the internet, and dismissing it as trying to spy on you comes from ignorance of how the internet works and the need to protect ones Identity on the internet.

look to see what books people are checking out of libraries. Nor do they restrict people from flying for no reason except that they posted some criticizing information on the internet.

Oh wait, yeah they do.

have they broken down your door and arrested you yet?

Look I am all for personal privacy but this is much more an effort to try to ensure that on the internet than it is to try to spy on you. Yes like any ID it can be used to find out what you DO but claiming that is the intent here is ludicruss tinfoil hat bullshit.

This is an attempt to try to make online transactions more secure nothing more and besides that it would be entirely optional so if you dont trust it dont freaking do it. Me I'll continue to embrace emerging technology and use it to help keep myself protected from things like identity theft.

intended to use your library card as a way to spy one you, but they do, same with wireless wiretapping.

Past performance is the best indicator of future actions.

I supose you want us to live in huts as well?

Tinfoil hat crap at its finest!

limiting how much information any entity, whether private or public, is allowed to collect on an individual unless a warrant is issued by a judge.

Its an effort to try to make online transactions more secure for everyone nothing more nothing less.

abusing the rights of personal information.

This is a system, as presented, that is ripe to be abused. Those that don't learn from history are bound to repeat it.

Or apparently how a digital ID would work. If anything this would make your information more secure not less. You can continue to see boogeymen around every corner if you like but what you are trying to present here is the exact opposite of what they are trying to accomplish.

they are going to protect our private information? What are the specific guidelines? What is the system they will use? How is the method of encryption better than what we have now? Who are the people who are going to protect this information? What government regulations are going to be put in place to ensure that this information will not be used against us?

None of this was addressed, and it won't be any time soon - if at all.

Thats what this meeting is about. LOL they are trying to answer the exact questions you just proposed.

most basic of outlines and are allowing the wolves to build the security system for the hen house.

When, in recent history, has the Chamber of Commerce done anything that hasn't protected corporations and benefited business?

You're arguing hypotheticals and I'm using real world examples.

The problem here is you seem to know almost nothing about how either the internet or computers work and you are making up boogeyman scenarios based on that lack of knowledge.

I cant possibly teach you how all this stuff works here in this posting, I have been working in the computer industry almost since the internet started and there's still tons I don't know but I know more than enough to know that a digital ID could carry a wealth of information yet be unreadable by anyone except the specific person you are sending it to. I also know enough to know YOUR INFORMATION IS NOT SECURE NOW! This is an attempt to improve the security of that information. Railing against it based on fear of past abuses is silly.

And the meeting absolutely was about standards for the proposed digital ID's I dont know what you think it was.

That's a prediction. Hold me to it.

although you already are using a pin when you log onto the internet you are just not aware its going on. They will never need to have you log in with a pin to identify you so it wont happen.

be uniquely identified. Say something bad about the vogue gov., you'll be shut up pronto.
A teabagger majority would never put up with DU critters, for example. Things like this are always done under the guise of goodness. The Internet is a threat to politicians and corporations. An eventual unique ID tracked right to an individual(s) would fix that threat promptly.

It robs them of the ability to silence dissent by silencing the loudest and/or most effective dissenters.

will provide the tools for purification of the masses to the vogue ideology of choice by TPTB.

That's far too messy and costly. And there's always the chance someone will find the bodies. :dilemma:

Instead, the regime can simply rescind dissenters' online ID. And if they still won't shut up, restrict their ability to obtain such a "license" to access this "privilege" (it will never a right in the Land of the Free--that's for Yurpeen Soshulists!) in the future.

Oh what Joy hath Progress wrought! :patriot:



:(

to believe this has not been discussed as part of the silent agenda. The ultimate 20th century radio wave jammer updated for the 21st century, no online ID/presence.

You are not anonymous now. You already have a unique ID.

Authorization standards are currently handled privately, between the consumer and the ISP. This is a move in the direction of requiring ISPs to act as gatekeepers to verify that the end-user of is the same entity as the consumer of their access.

We're not simply talking about logging access by IP address here.

This apears to be an effort to come up with a better digital ID than the current user name password model. The article says it would be an ID provided by a variety of different companies with the user chosing which one to use if they chose to use any at all.

I can see where this could become so prevalent that you couldn't make an internet transaction without a digital ID but I dont see anything at all in the article that states what you claim that this would be something assigned by ISP's It wouldn't work that way anyway as IP addresses are farmed out to multiple people.

How for example could what you suggest work on a laptop that was used in multiple locations?

If authorization isn't ultimately the responsibility of ISPs, who else? :shrug:

I'd suggest you look at the role that ISPs play in the current spate of DMCA takedowns for a less rosy projection how this ID model might play out.

Every machine on the internet has an address. What you are complaining about is like complaining because the phone book listed your address. There is no getting around the simple fact that you already have a digitial ID. Currently its quite easy to spoof that ID this is an attempt to make that ID more secure for you and the people you are trying to do business with.

And this cant be something limited to control by ISPs because of the nature of mobile devices. When you use your laptop ion different locations many times you are jumping from one ISP to another, What you are proposing simply would not work.

and post for an hour or two? Does every company that operates such a business demand personal information about you and then transmit that information to its Internet Service Provider?

Governments do not like what they can not control.

If the US Chamber is involved, it's a bad idea.

Yet next year we're supposed to vote for a president who is bent on dismantling one of the best organizing tools of the left?

We laughed at 'Pugs who voted against their own interests, what about liberals who do the same?

You've gotta be kidding me.

is like having wolves patrol the hen house.

The author wil be pleased it worked so well on so many.

makes it sound likes it for our own benefit. Any quasi run program between big business and the government is not done for our benefit. If the past 18 years has taught us anything, it should teach us that corporate interests are always placed ahead of the people's.

and yes it is for the corporations benefit as well. Identity theft is a huge problem these days and the internet has only made it worse. There is a real need for a digital ID that can be used to secure transactions.

Despite the tinfoil hat crap about them trying to spy on you.

to not use government agencies with our private information against us.

people will always abuse any system that does not mean you should not try to improve security for both individuals and businesses.

Silly IMHO as it would help you as well but hey you go rail against that evil government trying to help you secure your bank account.

three levels of password protection, and has never been hacked. Oddly, it's not a major bank, it's a local credit union.

Nothing the government is going to do in this field is going to make me feel safer. If anything, it will make me feel less secure. One hacked password and someone could have access to every single account I have.

Plus, it also begs to be abused by the powers that be. As I stated in a different reply, no government agency that collects private information has the intent to be abused, but it almost always does.

you complain one hacked password could give someone access to every account you have yet you rail against efforts to improve that security.

current systems. All they are suggesting is consolidating it into a single system that is controlled through a small handful of companies and overseen by the government. Neither of which have great track records on protecting that information. Hackers have infiltrated private military records, and now we want to consolidate our information into one so called "handy" system? Sometimes inconvenience is the best tool for protection.

Less info about you in transactions not more or even the same,

And what they are trying to come up with is

Administration officials plan to convene a series of workshops between June and September of this year that would bring together companies and advocacy groups and move closer to an actual specification for what's being called the National Strategy for Trusted Identities in Cyberspace, or NSTIC


That means they are trying to come up with standards that would be required for these digital IDs

Sort of like standards for MPG on cars , in order to be considered a valid digital ID it would need to meet these requirements.

Again this is good stuff and Obama should be praised not demonized for this.

track record of protecting private information. They're going to have to store the most private of information for this to work.

And again this is an effort to establish a standard for these ID's to meet to be certified. The ID's themselves could require varying degrees of information from something as simple as your name and address to as complex as your medical records the information in the ID you got would depend on what you needed it for.

Seriously I dont think you understand nearly enough about how this stuff works to comment or fear monger on it.

You're working with a bunch of hypotheticals. Give me real world examples that show this can not and will not be used against us, or that it will not change from what is outlined and put into practice later.

you cant stop progress out of fear that something might be misused. Thats like saying we never should have started driving cars cause people used to fall off horses.

but I can see how people who don't want to do it might end up forced into it if Banks/etc. start requiring it.

Totally unnecessary. Create stupid jobs. Be a hassle. Cost money every year to renew.

I hate shit like this. Even if I have no idea what it is, since I didn't bother to read the link. :)

It's a brave new world and big brother is watching.

Message removed by moderator. Click here to review the message board rules.

Administration Releases Strategy to Protect Online Consumers and Support Innovation and Fact Sheet on National Strategy for Trusted Indentities in Cyberspace

The misinformation on this is going to be thick.

Come on. :eyes:

Are you "happy when the Pugs have their finger on (any) button"?

I'm not!

Are you suggesting that nothing should change out of fear of Republicans?

That's HUAC-style questioning at its finest. :thumbsdown:

My question was an attempt to get you to wrap your head around the fact that the tools we applaud today in our hands might not seem so laudable in the hands of a Pug administration.

If you think we'll never ever be afflicted with a Republican president again, I'm afraid I don't share your optimism.

That's HUAC-style questioning at its finest.

"My question was an attempt to get you to wrap your head around the fact that the tools we applaud today in our hands might not seem so laudable in the hands of a Pug administration."

The attempt failed miserably because attacking a policy one day Repubicans will be in control is ludicrous.

"If you think we'll never ever be afflicted with a Republican president again, I'm afraid I don't share your optimism."

That assumption is based on a ridiculous premise.

and it will be very easy to misinform as the average person doesnt have a clue how the internet works.

That's in some story or other just about every day.

We did not get what we voted for.

He is NOT ON OUR SIDE!

What a fucking familiar refrain. :puke::grr::nuke:

Oh yeah, when they pushed for warrantless wiretapping.

stop being so easily manipulated.

There is a real need for a more secure digital transaction, this was a meeting to try to come up with new standards for digital identification it is an atrtempt to try to make what you do on the internet safer for you and the people you are doing business for not as a way to spy on you.

"That's in some story or other just about every day." And you suck it up like the people arent trying to sell you a point of view.

Think for yourself learn about what you are afraid of and it becomes a lot less scary. This is an attempt by the administration to come up with a way to protect your information and you are railing at them for doing it. All because some writer said it was scary!!! booga booga!

nt

was still out here with the rest of us shlubs he'd be screaming holy hell! :grr:

they when they get to the top they become one of them, and the days of being in the weeds are forgotten.

PRONTO! This makes me furious. :argh: Have I said how much I hate Obama's relationship with the rightwing?

for clean coal technology. Here's the text for everyone to read.

http://www.whitehouse.gov/the-press-office/2011/04/15/administration-releases-strategy-protect-online-consumers-and-support-in

WASHINGTON, DC – Today, the Obama Administration released the National Strategy for Trusted Identities in Cyberspace (NSTIC), which seeks to better protect consumers from fraud and identity theft, enhance individuals’ privacy, and foster economic growth by enabling industry both to move more services online and to create innovative new services. The NSTIC aims to make online transactions more trustworthy, thereby giving businesses and consumers more confidence in conducting business online.

“The Internet has transformed how we communicate and do business, opening up markets, and connecting our society as never before. But it has also led to new challenges, like online fraud and identity theft, that harm consumers and cost billions of dollars each year,” said President Obama. “By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation. That’s why this initiative is so important for our economy.”

“We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords,” said Commerce Secretary Gary Locke, speaking at the U.S. Chamber of Commerce. “Working together, innovators, industry, consumer advocates, and the government can develop standards so that the marketplace can provide more secure online credentials, while protecting privacy, for consumers who want them.”

The goal of NSTIC is to create an “Identity Ecosystem” in which there will be interoperable, secure, and reliable credentials available to consumers who want them. Consumers who want to participate will be able to obtain a single credential--such as a unique piece of software on a smart phone, a smart card, or a token that generates a one-time digital password. Instead of having to remember dozens of passwords, the consumer can use their single credential to log into any website, with more security than passwords alone provide. Since consumers will be able to choose among a diverse market of different providers of credentials, there will be no single, centralized database of information. Consumers can use their credential to prove their identity when they're carrying out sensitive transactions, like banking, and can stay anonymous when they are not.

Once the Identity Ecosystem is developed, a small business, for example, would be able to avoid the cost of building its own login system and could more easily take its business online. Consumers would be able to connect with the new business with a credential they already have, thereby avoiding the hassle of creating another username and password while also being more secure. The small business can take advantage of this interoperability to focus on its product or service instead of on managing users’ accounts. The small business has also expanded its ability to reach new customers across the nation and around the world.

Separately, there are many services for which consumers must go to a physical store--or sign a sheet of paper and fax it to a business. In the Identity Ecosystem, consumers would have the option of proving their identity online, which would enable industry and government to both move brick-and-mortar services to the online world and to create innovative new services.

More secure credentials will also help consumers and businesses better protect themselves from identity theft and online fraud, which annually cost our economy billions of dollars and impose a significant cost in time and money to those who fall victim. In the worst cases, it can take a consumer over 130 hours to recover from having their identity stolen. According to industry surveys, a consumer will also suffer an average out-of-pocket cost of $631 when their identity is stolen--and millions of consumers suffer this experience each year.

The Identity Ecosystem will provide more security for consumers; it will also provide better privacy protections. Today, a vast amount of information about consumers is collected as they surf the Internet and conduct transactions. How organizations handle that information can vary greatly, and more often than not, it is difficult for consumers to understand how their privacy will (or will not) be protected. The NSTIC seeks to drive the development of privacy-enhancing policies as well as innovative privacy-enhancing technologies to ensure that the ecosystem provides strong privacy protections for consumers.

The NSTIC outlines a private-sector led effort, facilitated by government, to develop the technologies, standards and policies necessary to create the Identity Ecosystem and to enable a self-sustaining market of many different credential providers. The Identity Ecosystem will be built to provide more security and privacy to consumers, while also spurring economic growth by helping businesses move more services online.

For more details on the National Strategy for Trusted Identities in Cyberspace (NSTIC), click here, or read the full Strategy here.



Fact Sheet: National Strategy for Trusted Identities in Cyberspace



“The internet has transformed how we do business, opening up markets and connecting our economy as never before. It has revolutionized the ways in which we communicate with one another, whether with a friend down the street or a colleague across the globe. And as we have seen in recent weeks, it has empowered people all over the world with tools to share information and speak their minds. In short, the growth of the internet has been one of the greatest forces for innovation and progress in history.”

—President Barack Obama


A PLATFORM FOR SECURITY, PRIVACY AND INNOVATION

The NSTIC’s vision statement is: “Individuals and organizations utilize secure, efficient, easy-to-use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.”

For our nation to continue to drive economic growth over the Internet, we must provide individuals and organizations the ability and the option to more securely identify each other. When individuals and organizations have greater trust in online identities, they can offer and use online services for more sophisticated and sensitive transactions than have been available to date. They will also be better protected against online fraud and identity theft.

The Strategy emphasizes choice for individuals, who can:

* Choose whether or not to participate at all: participation is optional.
* Choose one or more different identity providers: the Strategy envisions a vibrant marketplace that provides individuals with choices among multiple identity providers—both private and public.
* Choose between different types of credentials: individuals will be able to choose credentials that meet their needs, including smart cards, cell phones, keychain “fobs,” one-time password generators, and, undoubtedly, secure solutions that have yet to be invented.
* Choose when to use a credential: if people want to use cyberspace without a credential in ways that don’t require authentication, like browsing or blogging anonymously, they can do so at any time.
* Choice drives competition and innovation —and will result in a thriving market of diverse solutions to fit different individuals’ needs.

EXAMPLES

Faster Online Errands—Mary is tired of memorizing dozens of password and username combinations to conduct her personal online errands. She opts instead to get a smart card from her Internet service provider. She inserts the card into her computer and in a matter of seconds, with just clicks of her mouse, she is able to securely move between her online account with her bank, her mortgage company, and her doctor; next she sends an authenticated email to her friend and remotely checks her office calendar on her employer’s intranet.

Age Appropriate Access—Antonio, age 13, visits online chat rooms to talk to other students his age. His parents give him permission to get an identity credential, stored on a keychain fob, from his school. The credential verifies his age so that he can visit chat rooms for adolescents, but it does not reveal his birth date, name, or other information. Nor does it inform the school about his online activities. Antonio can speak anonymously but with confidence that the other participants are his age.

Smart Phone Transactions—Parvati does most of her online transactions using her smart phone. She downloads a "digital certificate" from an ID provider that resides as an application on her phone. Used in conjunction with a single, short PIN or password, the phone's application is used to prove her identity. She can do all her sensitive transactions, even pay her taxes, through her smart phone whenever and wherever it is convenient for her – and without remembering complex passwords.

Efficient and Secure Business Operations—Juan owns a small business and is setting up a new online storefront. Without making large investments in information technology, he wants customers to know that his small firm can provide the same safety and privacy for their transactions as sites for larger companies. He installs standard software and agrees to follow the Identity Ecosystem privacy and security requirements, earning a "trustmark" logo for his Web site. To reduce his risk of fraud, he needs to know that his customers' credit cards or other payment mechanisms are valid and where to ship his merchandise. There are a number of different ID providers that can issue credentials that validate this information. Millions of individuals can now use his Web site without having to share extra personal information or even set up accounts with Juan's company. This saves his customers time, increases their privacy and confidence, and saves Juan money.

Enhanced Public Safety—Joel is a doctor. A devastating hurricane occurs close to his home. Using his interoperable credential located on a USB thumb drive and issued by his employer, he logs in to a Web portal maintained by a federal agency. The site tells him that his medical specialty is urgently needed at a triage center nearby.

PRINCIPLES

PRIVACY ENHANCING AND VOLUNTARY

* Participation in the Identity Ecosystem will be voluntary: there is no requirement that any individual obtain a credential.
* The envisioned Identity Ecosystem will be grounded in the implementation of the full set of the Fair Information Practice Principles (FIPPs) in order to provide multi-faceted privacy protections. The privacy rules must address not only the circumstances under which participants in the Identity Ecosystem may share information but also the kinds of information that they may collect and how that information is managed and used.
* Although individuals will retain the right to exchange their personal information in return for services they value, these protections will provide a default level of privacy and will enable individuals to form consistent expectations about the treatment of their information within the ecosystem.
* A FIPPs-based approach will also promote the adoption of privacy-enhancing technical standards. As envisioned by NSTIC, such standards will minimize the ability to link credential use among service providers, thereby preventing them from developing a complete picture of an individual’s activities online.

SECURE AND RESILIENT

* Identity solutions will provide secure and reliable methods of electronic authentication. Authentication credentials are secure when they are issued based on sound criteria for verifying the identity of individuals and devices; resistant to theft, tampering, counterfeiting, and exploitation; and issued only by providers who fulfill the necessary requirements.
* Credentials are resilient when they can recover from loss, compromise, theft—and can be effectively revoked or suspended in instances of misuse. Another contributor to resilience is the existence of a diverse environment of providers and methods of authentication.

INTEROPERABLE

* Interoperability encourages service providers to accept a variety of credentials and identity media, similar to the way ATMs accept credit and debit cards from different banks.
* Interoperability also supports identity portability: it enables individuals to use a variety of credentials in asserting their digital identities to service providers. Finally, the interoperability of identity solutions envisioned in the Strategy will enable individuals to easily switch providers, thus aligning market incentives to meet individuals’ expectations.

COST-EFFECTIVE AND EASY TO USE

* Individuals, businesses, organizations, and all levels of government will benefit from the reduced cost of online transactions: fewer redundant account procedures, a reduction in fraud, decreased help-desk costs, and a transition away from expensive paper-based processes.

BENEFITS

INDIVIDUALS

* Convenience. Individuals will be able to conduct their personal business online with less time and effort.
* Privacy. Individuals’ privacy will be enhanced.
* Security. Individuals can work and play online with fewer concerns about identity theft.

PRIVATE SECTOR

* Innovation. The Identity Ecosystem will provide a platform on which new and more efficient business models will be developed—just as the Internet itself has been a platform for innovation. It will also enable organizations to put new services online, especially for sectors such as healthcare and banking.
* Efficiency. Online transactions will be practical in more situations. The private sector will have lower barriers to customer enrollment, increased productivity, and decreased costs. Cross-organizational trust will provide businesses with exposure to a large population of potential customers they might not otherwise reach. Not only is there potential access to new customers, the traditional barriers associated with customer enrollment can be eliminated, reducing a friction that prevents potential customers from using a service.
* Trust. Trusted digital identities will allow organizations to better display and protect their brands online. Participants in the Identity Ecosystem will also be more trusted, because they will have agreed to the Identity Ecosystem’s minimum standards for privacy and security.

GOVERNMENT

* Constituent Satisfaction. The Identity Ecosystem will enable government to expand its online services in order to serve its constituents more efficiently and transparently.
* Economic Growth. Government support of the Identity Ecosystem will generate innovation in the marketplace that will create new business opportunities.
* Public Safety. Increasing online security will reduce cyber crime, improve the integrity of networks and systems, and raise overall consumer safety levels. Enhanced online trust will also provide a platform to support more effective and adaptable response to national emergencies.

Obama = Koch!

Oh brother.

everything they do or say on the Internet. Then, your data will be parsed and pigeonholed for personality profiles and who knows what. Yep, it takes very little imagination to see where this is headed. This will make 1984 seem like preschooler stuff. Groups like DU will be deemed subversive, for example, and we can welcome the Joe McCarthy days back.

Commerce Secretary Gary Lock is full of it when he says, "There's "no reliable way to verify identity online" at the moment.

My husband is the CTO of an Internet Service Provider. It doesn't happen often, but they get calls from law enforcement (fed
and state) requesting IP addresses for online activity. My husband, of course, is required to give them the information.

I would assume that these IP addresses lead to a person, correct?

To use the Internet, you have to use an ISP--and your IP address leads straight back to you. Hell, I've watched DUers
solve mysteries and unearth identities--by doing their own online investigations.

So...why is our President acting in an official capacity to do this? We're being softened up. They'll do this incrementally.
First, it doesn't sound so bad, then the next step pushes that envelope just a bit more. Then, the final steps--everyone
needing a governmental ID to log on--happen.

Yes in that you are not nearly as anonymous as you think you are on the internet because your IP address can absolutely be traced back to you or at least to the person that subscribes to the service. However that IP address can then be shared by the whole household or whole block if you don't secure your wireless router so it cant really be definitively used to identify you. Not to mention the fact that anyone at an internet cafe or anywhere there is free wireless also uses the same IP adress.

So yes anything you do from your home or phone for that matter can be traced back to you but theres a whole lot of grey area in that and I certainly wouldnt want my bank to alow money transfers based on my IP.

There is a real need for secure Identification on the internet and dismissing it as an attempt to spy on you is tinfoil hat foolishness.

So if someone hacks my digital ID instead of just my credit card number they will have access to everything including my health and IRS records. I don't feel safer with this system.

How does it make anyone safer is beyond my understanding.

:thumbsdown:

Hacker cracks your ID and IP addy or cracks/uses your encrypted WEP/WPA wireless signal and does more cracking using them by proxy. How do you prove it wasn't you doing it?

This would be something you could use to secure transactions not something you used at every website you visited.

:cry:

Ah fer..! IS there no limit to the crassness over there in Washington? Nobody counts except a few billionaires and their brain-dead zombie stooges! :puke:

I am so angry I don't know what to do with it. What the hell are they doing to our country and our Bill of Rights?

Micro$oft attempted to encourage and pursuade Windows users to do something similar in the early '00s, with their .NET ID, hoping to make it so ubiquitous, that Windows users, beginning with using the ID for signing into MSN Messenger would start using it for registering on other sites/forums/blogs, and eventually/virtually every website would adopt it, such as what recently happened with You Tube, members who had registered for a username and password now are redirected after signing in to another page where they have to sign in using their google account/gmail username and password and use that instead from now on. So now anyone who wants to create, upload, or comment/vote on YouTube videos has to have a google/gmail account, or must register for and create one.

I understand the benefits of making it more difficult for mostly n00bs, kinky pron lovers, and luddites to be victims of online ID theft. but I also dislike the idea of making all my personal information available to organizations who could profit from sharing/selling/acquiring that information, perhaps w/o my consent or knowledge.

this is an effort to provide a reliable digital ID to people who want one or businesses that would like to require one. There is a need for this out there, the level of identity theft on the internet increases daily and costs all of us billions of dollars yearly.

learn more about how to recognize phishing sites and avoid opening fraudulent spam email, especially those containing attachments. I never click on a link within an email from a website that I registered on previously, concerning verifying my identity, and instead will go to the site by browsing for it or through its link that is saved in my bookmarks.

There is the WOT extension and BHO for IE, and the Netcraft toolbar, amongst others that can warn internet users of unsafe/fraudulent websites, but hey, as long as this one government ID scheme remains OPTIONAL, then I am okay with it.

FBI actually prosecuting individuals who steal identities instead of trying to watch everyone and they might actually be able to clean up these scam artists.

Just one caveat, this is not one government ID being proposed. Its a proposal for companies to come up with a better digital ID that could be used voluntarily by anyone be they individual government or corporation.

Having said that if they come up with something that works it wont be long before many of the transactions you do on the internet will require one of these.

cause or causes, and not diverted or credited into some bottomless rabbit hole such as towards "Homeland Defense" or pork projects, or ESPECIALLY towards the MIC's "War on Terror"(tm) best to help pay down/reduce the national debt, or help the people (poor, disabled, aged, infirm) that the Rethugs obviously want to indirectly exterminate. I realize that it will mostly be from "privately-related" savings from less ID theft, and not entirely government/public-related.

But still, I have my suspicions and misgivings about what DC will consider a "good" cause or causes, seems like we of the "extreme" leftists/progressives/liberals and our hopes. wishes, and desires are becoming rather bereft of much support there since the turn of the century.

:-(

However Much more money would be saved on the private side of the equation than on the government side. But yea it should save the government money as well.

The ultimate violation. Imagine what happens when some sleazeball hacker ring(s) decide that a fortune can be made by obtaining so much data from so many millions of people.

I just can't.

Where is OUR protection Mr. President. What guarantees can you give us that our information will be protected when you can't even protect the data of your own precious war machine.

Epic. fucking. fail.

booga booga!

Total misunderstanding of what is being proposed here. EPIC FUCKING FAIL INDEED!

I like a little paranoia as much ass the next guy (see sig) . . . But, seriously?

Username/password is dinosaur technology, and is inevitably going to be replaced by something both more secure and more convenient. Doesn't really matter whether it's government or private industry leading the push. You can shout Obama down all you want, but it'll become the standard once some big business tech figures it out.

Because nothing is unhackable it'd still be dumb to have one "ID" for everything you do. I imagine most people will have five keys of varying strength/convenience, through different companies.

This is coming no matter what. Hell its already almost here for cell phones. I think its great Obama is getting out ahead of this and trying to push a standard. I am sorry so many will read this article and running away screaming with their hair on fire.

It is inevitable and needed Far better to try and make sure everyone is on the same page than to have all kinds of different security schemes running around where no one would be able to figure out what was or wasnt being done.

There is nothing done for our convenience, more like the government's convenience. Imagine having it all linked together. Some central "base" will be able to put together the "less disclosed" information to validate someone's ID.

Perhaps I've got it wrong but if I don't then - No thank you.

to market you socks.

There will be no centralized database. From a security standpoint that makes no sense. As long as big business runs the show it ain't gonna happen.

I don't care who sees me shop for goatse (which I do not, btw) but I do care if someone somewhere will be able easily use my medical history or prescription history to deny me a job without me knowing about. This here idea seems to make it that much easier for some kind of misuse to occur.

One upside: it will discourage presumptuous assholes from thinking they can stalk and harass people on the internet with impunity.

Thats not what this is about at all and it has nothing at all to do with being able to track you.

It would simply discourage abuse. That's what I meant.

and this is not anything remotely like assigning your computer an ID. This is more like assigning you an ID that could be compared across a secure connection that no one could read any info off except you and the receiver in fact because of the secure connection no one would be able to tell you sent your ID in the first place or what was sent for that matter. it would be a way of verifying over the secured connection that you were you and that the guy on the other end was who you thought they were. Not something that would be broadcast for the world to see like an IP address.

It would protect your information far better than the credit card you use every day does.

and you'll forget all about this.

this is a good thing despite the articles slant.

no wait, he lost it earlier than this, but if he hadn't lost it already, he sure would have now! corporatist capitalist orwellian sell-out! worst vote i ever cast was in 2008!!! ugh.

systems adequate to solve the problem?