http://en.wikipedia.org/wiki/NemID
Most public institutions as well as many private (including the banks) have switched to this system.
Our government already know just about everything about us (e.g. few people need to fill out tax forms), so this has not been very controversial. The largest controversy has been with the security.
Actually I don't get why the gov makes people do one in the US and Canada. Most people have their income reported to the gov by their employer. That information should be downloadable by people and then what is missing could be filled in, mistakes fixed, deductions not already calculated added...
Until recently, a lot of SK banks also used ActiveX plugins for "security" instead of SSL, making it basically impossible to use anything other than Internet Explorer. I get the impression this is changing.
I wouldn't trust the government to handle identification across multiple sites any more than I trust Facebook or Google.
The UK has a similar system, although surprisingly few people know about it: http://www.gateway.gov.uk/
If it's only intended to be used in this kind of way, no problem. If not...
http://en.wikipedia.org/wiki/National_identification_number#...
I've got to say, having a personnummer makes dealing with the Government and businesses a bit smoother and more efficient.
The fact is that we want (and can) enter into contracts on the Internet. In order to enforce contracts we must have identities. Since the Government (specifically the judiciary) enforces contracts, this means that we must be entering into these contracts under Government-managed identities.
Currently we acquire and prove this Government-managed identity using an ad-hoc, decentralised, system with much duplication. I can use a passport or my driver's license or my birth certificate or perhaps some utility bills or some combination. This causes various problems, including fraud and waste.
If two parties mutually choose to enter into a contract over the Internet, and this contract is to be enforced by the judiciary, then it would be ideal for them to be able to verify each others' legal entities and authorisation. I think that properly implemented this could eliminate a large amount of online fraud.
Nothing about the principle of such a system inherently creates privacy problems, since when parties enter into a contract they already expect to reveal their identities to each other, and nothing would necessarily be forcing people to reveal their identities in any other situation, just the same as is the case at the moment.T here is a risk of a slippery slope of course; I can't deny that.
There's no reason such a system has to be centralised, though. X.509 certificates would work fine, for example, issued at the same time as a birth certificate, with each local office as a CA.
Unfortunately, the problem is with implementation. I don't think that any government is competent enough to put a system together that does meet privacy requirements, and there are too many self-interested parties who would influence and corrupt the design of such a system.
This initiative is coming out of NIST inside the Commerce department, with smart folks there who know this 1) a tough problem, 2) needs to be an open standard and 3) that the feds role here is best as being the ones who convene the people in the room.
http://www.wired.com/epicenter/2011/01/obama-strategy-for-on...
There's got to be a better way to prove you are real and legit, than giving some company the right to pull a sub-one dollar sum of money from your bank account and then confirming that to them online.
OpenID is fine, so far as it has gone, but right now it looks like Facebook is winning the war for identity and authentication. Having the feds behind an open standard hardly means you are getting the Real ID of the internet.
You've got a few choices of who's going to do this in the future. The feds, your bank, Facebook, PayPal or your mobile phone carrier. Personally, I'd prefer an open system where I have my choice of 10 providers all using open standards, than having to rely on multiple closed systems like giant bank or Facebook or Paypal.
I've never had any problem with this method, what are your objective quantifications for why a 'internet id' from the Commerce Department would solve this better? Why does taxpayer money need to be spent on a problem that is already solved to a sufficient degree by commercial forces?
I think this type of attitude really hurts in a democracy. Every year people push bad ideas, and we must fight back against them.
As such people using it take great care and don't trust it.
This is actually a hidden benefit of the system.
If you introduce an ID that everyone 'trusts' implicitly (esp. relating to online commerce) then the scope for fraud widens greatly. You can assume the system will get corrupted because of the great benefits accruing to those who can breach it.
The vast majority of contracts entered don't need much; if it does go wrong, usually little damage is done. As the risk profile increases, then so does the amount of verification, purchasing a business requires reams of documentation, an iPhone cover shipped out of hong kong can stay anonymous.
As IT people, we all naturally love a world that fits into a relational model, one where all people have a unique ID. As citizens, however, we have to resist this because of the lopsided risk/reward profile for individuals. In cases if centralised ID, you gain a little but lose a lot.
Also, contract enforcement can occur with out ID, look at bringing suit under a John Doe or Richard Roe.
In the real world we have drivers licenses yet fraud still happens.
A centralized system requires hardly any effort to gain a detailed profile of you = dangerous.
In theory - no, we don't, except for ephemeral one-time identities which are actually anonymous.
In real world - yes, (un)?fortunately we must. Still, there's no reason to require that anyone must have one and only one identity, and this identity must be state-issued.
Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. "I don't have to get a credential, if I don't want to," he said. There's no chance that "a centralized database will emerge," and "we need the private sector to lead the implementation of this," he said.
Read more: http://news.cnet.com/8301-31921_3-20027800-281.html#ixzz1AZD...
I think the big picture here is that various governments for a variety of reasons foresee difficult times ahead and are trying, falteringly and often swimming against public opinion, to move towards a state of affairs where they have a greater degree of authoritarian control than was the case in the past - perhaps similar to China, which may become the new model state/economy which others seek to emulate.
And saying there is no chance a centralized database will emerge is impossible to predict.
And what purpose does the ID serve if it's not able to be referenced via some sort of data base.
The White House's comments are nonsensical.
Cool. They've got the OK from me. It could turn out to be neat, and so long as it's optional I'm not worried.
I've got a bridge to sell you, too.
Social Security Numbers, we were promised, would not be used as personal identifiers. See, e.g., http://query.nytimes.com/gst/fullpage.html?res=9C02EFD71039F...
FOR many years, Social Security cards carried an admonition that they were to be used "for Social Security and tax purposes -- not for identification."
You've got my personal guarantee that if an optional Internet ID is created today, it will be required before long. This is how the system works. Witness the gradual ratcheting up of (ridiculous) security measures in airports if you're skeptical.
I live in a rural area and several of my friends are going the self sufficient route and my wife and I are at least putting in enough solar panels to generate about 3/4 of the electricity that we currently use.
The country I live in (USA) is in rapid decline and it would be naive to believe that all utilities and infrastructure will stay online 100% of the time. Having a useful local "localnet" would be a good idea, and could be fun also as a community activity. Perhaps libraires would be good hubs and meeting places to set this up. Even better to also get the local police, fire department and city government involved: something to bring the whole community together.
Here in Germany, we have an initiative that is devoted to exactly that problem. It is called "Freifunk" and has been deployed successfully to other countries.
http://wiki.freifunk.net/Kategorie:English
The Freifunk hackers did some amazing work to provide the needed firmware for many of the cheap standard wi-fi routers, as well as other hardware.
They are also doing good scientific work regarding mesh networks. Since they are working with real-world networks, their work usually surpasses the quality of university research. That's why nowadays many German universities are working together with Freifunk. For instance, they use Freifunk routers for their field tests.
If you want to build something like that in your town, you should definitely have a look at what those guys are doing, and I'm sure they'll be happy to assist you.
The major issues were:
* taking biometric information from the entire population including fingerprints.
* linking that information to an online identity
* joining up all government databases on said identities (health, law enforcement etc) enabling departments to cross reference information
* plans to use this identity as your only gateway to be able to receive a job, receive benefits etc
* plans to allow certain individuals at any moment to "quarantine" identities (preventing work, benefits etc)
The entire system looked so open to abuse it was scary. I'm v.glad we're rid of it.
However, as having a passport or a driving license is not compulsory, there were plans to have a national identity card, as is the case in many European countries that would be compulsory for all adults. This has fairly recently been scrapped before it was ever adopted. Partly because the cost ended up being estimated at £18B (US$30B). Quite how a database and some photo cards of 60M people(less if you only include adults) would cost that much is a mystery that only governments can solve!
My google account has double authentication now, telephone as well as a second email address, and serves as a central repository for all my other accounts across the web if I happen to forget a password. I can change providers if I want as well. Further, my VISA card is tied to my identity for purchases and donations. But anything that doesn't involve that isn't tied to my identity.
So please just go shove it with your "need". It just makes me furious that this is even being proposed, it's totally unnecessary meddling and we all KNOW it will be abused.
You cannot eliminate fraud, deceit and risk. You cannot create a utopia. These things are impossible, and all the best intentions in the world usually have bad unforeseen outcomes. Natural growth of systems is the best way forwards. A company like PayPal tries verification by depositing small amounts, it works, the consumers don't mind, so it stays. Another company tries something else, consumers don't like it, it goes. At no point is a central committee involved. This is the way it should be.
No one group of people should ever be allowed this much power.
Political positions: A believer in liberty, pro-international travel and open borders, tends towards mild hostility towards regulation. Generally law-abiding.
Friendliness to American Interests Rating (FAIR): 72/100
Your Fair Score is actually your TerrorScore. Would you like to sort social media profiles by TerrorScore? They will undoubtedly use Google PageRank like Eigenvectors to calculate it based on who you're linked to and your ipv6 traffic profile.
I hate to be an Ipv6 cynic but after all, Ipv4 NAT is the best thing that ever happened to online anonymity.
There's exactly one person behind my NAT; how many are behind yours?
Anyway, if you're talking about governments (so ISPs are required to cooperate, by law), 3-tuple (IP, port, timestamp) is enough to identify you. Even more traditional (IP, timestamp) pair is enough for low-to-medium-trafficked ISPs or sites.
After that, it becomes unconstitutional, far as I know.
So, in other words, it's unconstitutional, because it won't be used only for commerce.
But strict constructionism isn't an answer either. We shouldn't only have a right to bear 18th century arms, or let computer files be searched without a warrant merely because they aren't on paper. It's always going to be subjective, applying the law to questions that didn't even exist back when it was written. We have to do it, but we have to be more careful about it than we have.
This project is aimed at making it possible for people to interact with government agencies using identities they already have. Some interactions require very little security and knowledge of who a person is (leaving a comment here for example) while others (paying your taxes) require quite a bit.
It isn't that my bank would change the role of the IRS, but I'd login to the IRS using a strong identity issued by my bank versus this silly PIN I use today.
http://www.dhs.gov/xlibrary/assets/ns_tic.pdf
Note that if [generic scary three letter agency] wants to spy on you it's already quite easy for them to do so (see FISA, CALEA, NSLs, Sugar Grove, etc).
It's not really about spying.
It's about a government bureaucracy having the power to control your identity.
If Visa cancels my card I can get an AMEX. The CIA has limited reach here.. the alphabet soups can't easily freeze my bank account.
But if the government controls my ID card, they can shut me down utterly and I have no recourse aside from the broken judicial system.
The simple fact of the matter is that corporations such as Visa and HSBC and Equifax are more trustworthy than the government.
Giving the government the ability to authenticate humans online is giving them WAY TOO MUCH UNCHECKED POWER.
Check all that apply:
[ ] State Picture ID
[ ] Passport
[ ] Social Security Card
The simple fact of the matter is that corporations such as Visa and HSBC and Equifax are more trustworthy than the government.
You should really read the proposal. It's a federation of privately run PKI authorities. Potentially people like Visa, HSBC and Equifax.
With no details about the government's plan for an internet ID, we're left to our imaginations, which probably vary widely from person to person.
http://www.bretpiatt.com/blog/2009/07/25/cloud-computing-mak...
Major internet properties are international - Facebook, Paypal, Skype, Google, Microsoft's, Groupon, etc. Most countries have the technical talent to create clones of successful US startups. The problem is local governments will be able to control those local forums and social networks. So killing online freedom in US will kill it worldwide.
Suppose you want a system where you want to signal to all internet companies that you don't want your browsing data to be harbored without your consent. The ID system would allow the creation and enforcement of such system.
The support for this comes in part because of pressure from the groups who are concerned about privacy and fretting over how their browsing data is used. While infringement of privacy hampers the growth of ecommerce, complete ban on harboring data hurts e-businesses (they won't be able to advertise efficiently). The solution to it is to create a free market: assign everyone a unique id, to which your preferences about harboring date will be assigned. Even better, data associated with that id can be considered proprietary, and users can license it to companies who are willing to pay for it and users can sue companies that infringe on this proprietary data bc courts will recognize it as solely yours. This is a good start if government wants to step in to protect your privacy from the "evil" corporations, while not hindering the growth of e-businesses.
Ideally, you will be protected from corporations who are after your private data. Government, however, will surely continue using it the way you don't want.
It's one thing to say the government will host the ID data for free, for every American. (Or at least every American they deem worthy of a proof-of-online-identity certificate.)
But possession is often viewed as 9/10ths of the law. Calling it "my" data is misleading if they really mean "data about me."
Would I like to have a permanent, personal and authenticated key value store to in conjunction in some interpersonal or person-machine transactions? Absolutely.
But I don't see how having a government issued identity solves the problem of how my browsing data might be misused elsewhere.
It would seem that it only adds more personally-identifiable metadata that could be intercepted, tracked, or stolen along the way.
How would such an ID system enable the creation and enforcement of a do-not-track list? That sounds appealing, but how does my identity being tracked stop me from being tracked?
This Internet ID would just be a show piece.
This view might look naive and hype-provoking and indeed the internet proved to be very robust on the big scale so far. However I have read recently about the very limited visa regulations for travelling around the most of the world in the 19th century. kind of puts things into perspective.
That's probably a best case scenario by the way. How long until it's mandated that your ISP has your internet ID, and public networks (attwifi, etc.) are required to get it to let you out into the internet?
http://www.codinghorror.com/blog/2010/11/your-internet-drive...
>Envision It!
An individual learns of a new and more secure way to access online services using a strong credential provided by a trustworthy service provider.
Running this past my parents was met with a blank stare, followed by "what?". And they're significantly better about their online habits than most people, especially the ones they're targeting with a system like this. Anyone interested in identity online already has several means of proving they are who they say they are, and can generate X.509 certificates to provide ridiculous-quality proof for individual transactions.
While I fully expect something along these lines to exist eventually, I'm honestly scared by the sunshine-and-ponies descriptions in that document. They're also making enormous claims of universal interoperability that reek to me of XML/SOAP/etc evangelization - it never works that well.
(Link thanks to trotsky: http://news.ycombinator.com/item?id=2086135 )
I'm happy with an optional OpenID-like system for stronger authentication and convenient access to account logins, but the system should be 100% optional. There's no way I'm going to trust anyone with the ability to masquerade as me through a closed system. Imagine using Facebook Connect or Google to log in to your bank. Facebook has no business involving me and my bank. It is between me and my bank only. And there is no reason for me to risk my full, unlimited online identity to a single provider like Facebook or Google. The government also has no business knowing who my bank or email provider of choice are.
In some ways, this is reminiscent of Microsoft's attempt to 'reboot the internet' with their own security code. I believe it was called Hailstorm.
Security will probably be challenge. This needs to be done right, but it has great potential for cutting down on fraud. With real identity, scammers can blacklisted, and honest can people can transact business better. Despite the FUD, I think this is actually good government.
As all services become digital eventually, the guy controlling the central ID system will be able to literally let you starve to death.
The fight for internet freedom is really the most important one in human history. If we don't win, we'll end up with a government that can actually enforce ALL its laws ALL the time.
Sure there is potential for identity theft but much less so than with what they are proposing now.
As far as single logins, there is already a well established solution with OpenID, OAuth, and the Log in with Facebook / Twitter style logins.
Absolutely no way this should be allowed to be enacted, in any form.
Government should simply enforce the existing spammer laws and ensure net neutrality.
your illuminati oligarchs have promoted you, to become ID numbers with unique identity
God, it gives me a cold chill feeling just thinking about it.
