The first problem with this idea is obvious: If you consolidate all of your passwords in one place, that actually makes your identity even easier to steal. In this way, all of the parties involved would never freely communicate with each other, creating precisely the web of information that you probably don't want anyone - private company or government agency - to track. Amazon would know the buyer was secure, and the credential would know it was communicating with a bookseller, but the authentication provider would never learn that you just bought Bob Woodward's new book. The device carrying your credential - a flash drive, a cellphone, a smart card of some kind - would authenticate itself, rather than referring Amazon to the company that vouches for you. That company would then provide you with a single credential you could then present (when you don't want to be anonymous online) to Amazon, or VA.gov, instead of having to re-establish that you are who you say you are with every online transaction. But the basic idea is that you could have your offline identity verified online by a company of your choosing. The government has set out principles - chief among them "choice, efficiency, security and privacy" - more than mechanics. The NSTIC sidesteps that, in part, by deferring to private industry to develop the "identity ecosystem." But the idea, as it is roughly outlined in the government's proposal, still comes with a lot of unsettling complications. "The history, all the way back to the 1930s with Social Security numbers, has been that people reject the idea of a national identity number." "I think that they learned a lesson with REAL ID that people are not receptive to a centralized government database," Stepanovich said. That is not what's contained in the NSTIC proposal, to the relief of privacy advocacy groups. "That's what a lot of people feared - that the government was going to take REAL ID and put it on the Internet and be able to track everybody's Internet activity," Stepanovich said. In 2009, the government released a Cyberspace Policy Review first proposing the objective of a national plan for online identification - what sounded like a national ID card for the Internet - and concerns grew. "And then it started growing, this need to authenticate everybody." "In that capacity there really wasn't a huge privacy concern," Stepanovich said. But the following year, Congress passed legislation, the REAL ID Act, mandating elements of a national ID card for the rest of us. That system seemed a logical efficiency (and federal employees, after all, have a different relationship to the government than the rest of us do). In 2004, the government launched such a system for federal employees, who today carry microchip-embedded ID cards that grant access to both buildings and websites while recognizing individual security clearance levels. Stepanovich dates the idea back to early last decade when private companies first began designing "Internet credential" systems to verify users' identities in online transactions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |