• IDPs issue credentials, the information objects used during a transaction to provide evidence of the subject’s identity The credential may also provide a link to the subject’s authority, roles, rights, privileges, and other attributes
• The credential can be stored on an identity medium: a device or object (physical or virtual) used for storing one or more credentials, claims, or attributes related to a subject Identity media are
★ 22 ★
available in many formats, such as smart cards, security chips embedded in personal computers, cell phones, software based certificates, and Universal Serial Bus (USB) devices Selecting the appropriate identity medium and credential type is implementation-specific and depends on the risk tolerance of the participating entities
A new program being touted by the Obama administration as a solution to online identity theft actually increases the risk of identity theft while providing the government with a national ID system through the backdoor, paving the way for a world wide web in which users will need government permission to access the Internet.
The so-called “National Strategy for Trusted Identities in Cyberspace,” created by NIST under the auspices of the U.S. Commerce Department, purports to offer an “identity ecosystem” under which Americans will be able to protect their information not with passwords but with a “single credential” stored on a smart card, a cell phone, a keychain fob or some other kind of gadget. This will then be used to access a myriad of data, including tax returns, health information, bank accounts and more, amounting to a passport for your entire life.
Companies like Siemens developed credit card-sized gadgets years ago that enable fingerprints to be used to approve online transactions and the technology is already well established. A series of workshops are planned for June to September during which the government will nail down specifics with companies who are on board with the project and pilot projects will be launched next year.
The program bears more than a passing resemblance to a 2007 proposal by China that threatened to force bloggers to register their real identities and personal details via a single centralized ID system as a means for the Communist government to control information and punish dissenters.
That idea was scrapped for being too draconian, but the Obama administration is pushing ahead with its own Internet ID system in pursuit of a wider cybersecurity agenda that Senator Joe Lieberman has publicly stated is aimed at mimicking Chinese-style censorship of the world wide web, casting doubt on assertions in the government PR video for the program embedded above that claim, “there is no central database tracking your actions”.
The irony of the fact that the program will be managed by a government that has routinely stolen and lost personal information (including that related to personal health data) through both malevolence and incompetence is not addressed in the propaganda video. Remember cash for clunkers? This is the same government that openly admitted it had seized control of data on Americans’ computers who used the cars.gov website.
Although the program will initially be voluntary, its widespread adoption by numerous internet hub giants will eventually make its use necessary for conducting any kind of transaction, creating profiles or engaging in any interactive process on the web.
Moreover, should there be a major cyber attack that cripples the web and leaves sensitive information vulnerable, the Obama administration would have all the political capital it needs to turn the “voluntary” program into a compulsory requirement for anyone who wishes to use the Internet. Given the fact that the Stuxnet worm attack was admittedly launched by the United States and Israel, the culprits are likely to be closer to home than we think.
“Although the White House is describing the NSTIC plan as “voluntary,” federal agencies could begin to require it for IRS e-filing, applying for Social Security or veterans’ benefits, renewing passports online, requesting federal licenses (including ham radio and pilot’s licenses), and so on. Then obtaining one of these ID would become all but mandatory for most Americans,” writes CNet’s Declan McCullagh.
“Taken to its logical conclusion, the program, “Could become the virtual equivalent of a national ID card,” he adds.
Despite government assurances that the “conspiracy theory set” are wrong in highlighting privacy concerns, critics have labeled the plan an effort to impose a national ID card via the backdoor.
No comments:
Post a Comment