Re: Fwd: [Infowarrior] - Internet Identity System Said Readied by Obama Administration

[Dave Paris <dparis () w3works com>]

What the hell?  Is it April 1st somewhere on the planet?

On 1/7/2011 11:51 PM, Paul Ferguson wrote:
> FYI,
>
> - ferg
>
>
> ---------- Forwarded message ----------
> From: Richard Forno<rforno () infowarrior org>
> Date: Fri, Jan 7, 2011 at 2:10 PM
> Subject: [Infowarrior] - Internet Identity System Said Readied by
> Obama Administration
> To:
>
>
> Internet Identity System Said Readied by Obama Administration
>
> January 07, 2011, 7:10 AM EST
>
> By James Sterngold
>
> http://www.businessweek.com/news/2011-01-07/internet-identity-system-said-readied-by-obama-administration.html
>
> Jan. 7 (Bloomberg) -- The Obama administration plans to announce today
> plans for an Internet identity system that will limit fraud and
> streamline online transactions, leading to a surge in Web commerce,
> officials said.
>
> While the White House has spearheaded development of the framework for
> secure online identities, the system led by the U.S. Commerce
> Department will be voluntary and maintained by private companies, said
> the officials, who spoke on condition of anonymity ahead of the
> announcement.
>
> A group representing companies including Verizon Communications Inc.,
> Google Inc., PayPal Inc., Symantec Corp. and AT&T Inc. has supported
> the program, called the National Strategy for Trusted Identities in
> Cyberspace, or NSTIC.
>
> “This is going to cause a huge shift in consumer use of the Internet,”
> said John Clippinger, co-director of the Law Lab at Harvard’s Berkman
> Center for Internet and Society in Cambridge, Massachusetts. “There’s
> going to be a huge bump and a huge increase in  the amount and kind of
> data retailers are going to have.”
>
> Most companies have separate systems for signing on to e- mail
> accounts or conducting secure online transactions, requiring that
> users memorize multiple passwords and repeat steps. Under the new
> program, consumers would sign in just once and be able to move among
> other websites, eliminating the inconvenience that causes consumers to
> drop many transactions.
>
> Fewer Passwords
>
> For example, once the system is in place, Google would be able to join
> a trusted framework that has adopted the rules and guidelines
> established by the Commerce Department. From that point, someone who
> logged into a Google e-mail account would be able to conduct other
> business including banking or shopping with other members of the group
> without having to provide additional information or verification.
>
> Bruce McConnell, a senior counselor for national protection at the
> Department of Homeland Security, said NSTIC may lead to a big
> reduction in the size of Internet help desks, which spend much of
> their time assisting users who have forgotten their passwords. Because
> the systems would be more secure, he said, it may also result in many
> transactions that are now done on paper, from pharmaceutical to real
> estate purchases, to be done online faster and cheaper.
>
> A draft paper outlining NSTIC was released for comment by the White
> House in June.
>
> ‘Who Do You Trust?’
>
> “NSTIC could go a long way toward advancing one of the fundamental
> challenges of the Internet today, which is -- Who do you trust?” said
> Don Thibeau, chairman of the Open Identity Exchange, an industry group
> based in San Ramon, California, representing companies that support
> development of the new framework.
>
> “What is holding back the growth of e-commerce is not technology, it’s
> policy. This gives us the rules, the policies that we need to really
> move forward.”
>
> The new system will probably hasten the death of traditional
> passwords, Clippinger said. Instead, users may rely on devices such as
> smartcards with embedded chips, tokens that generate random codes or
> biometric devices.
>
> “Passwords will disappear,” said Clippinger. “They’re buggy whips. The
> old privacy and security conventions don’t work. You need a new
> architecture.”
>
> Secure, Efficient
>
> Development of a more advanced security system began in August 2004,
> when President George W. Bush issued a Homeland Security Presidential
> Directive that required all federal employees be given smartcards with
> multiple uses, such as gaining access to buildings, signing on to
> government websites and insuring that only people with proper
> clearances would have access to restricted documents. The system was
> intended to be more secure and more efficient.
>
> The Obama administration advanced the process when it issued its
> “Cyberspace Policy Review” in 2009. One of the 10 priorities was the
> security identification system.
>
> The federal government is facilitating what it calls a “foundational”
> system in two ways. It is developing the framework for the
> identification plan, and it will make a large number of government
> agencies, services and products available through the secure system,
> from tax returns to reserving campsites at national parks.
>
> “Innovation is one of the key aspects here,” said Ari Schwartz, a
> senior adviser for Internet policy at the Department of Commerce.
> “There’s so much that could be done if we could trust transactions
> more.”
>
> Schwartz said use of the system, once companies voluntarily choose to
> participate, may spur a range of efficiencies and e- commerce similar
> to the way ATM machines transformed banking, opening the way to a
> growing number of services little by little.
>
> Privacy Concerns
>
> Civil libertarians have expressed concern that the system may not
> protect privacy as well as the government is promising.
>
> “If the concept were implemented in a perfect way it would be very
> good,” said Jay Stanley, a senior policy analyst for privacy and
> technology at the New York-based American Civil Liberties Union. “It’s
> a convenience. But having a single point of failure may not  be good
> for protecting privacy. The devil’s really in the details.” He said
> the ACLU would “vehemently oppose” anything that resembled a national
> ID card.
>
> Aaron Brauer-Rieke, a fellow at the Center for Democracy&  Technology
> in Washington, a civil liberties group, said it was important that the
> system would be operated by private companies, not the government. He
> said he was concerned about how the data on consumer online
> transactions would be used.
>
> “New identity systems will allow moving from one site to another with
> less friction and open up data flows, but might also enable new kinds
> of targeted advertising,” he said. “We have to make sure privacy
> doesn’t get lost in this.”
>
> Schwartz and McConnell said the new system wouldn’t be a national
> identity card and that companies, not the government, would manage the
> data being passed online.
>
> “There will not be a single data base for this information,” McConnell said.
>
> --Editors: Elizabeth Wollman, Joe Winski
>
> To contact the reporter on this story: James Sterngold in New York at
> jsterngold2 () bloomberg net
>
> To contact the editor responsible for this story: David Scheer at
> dscheer () bloomberg net.
> _______________________________________________
> Infowarrior mailing list
> Infowarrior () attrition org
> https://attrition.org/mailman/listinfo/infowarrior

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.