Obama administration moves forward with unique Internet ID for all Americans

The silver lining is that by the time this project goes through study after study, development, testing, and finally deployment 5-10 years will have passed and the Internet will fundamentally change in ways that either makes this instantly irrelevant or impossible to enforce.

We are going to end up with something sooner or later.<p>The fact is that we want (and can) enter into contracts on the Internet. In order to enforce contracts we must have identities. Since the Government (specifically the judiciary) enforces contracts, this means that we must be entering into these contracts under Government-managed identities.<p>Currently we acquire and prove this Government-managed identity using an ad-hoc, decentralised, system with much duplication. I can use a passport or my driver's license or my birth certificate or perhaps some utility bills or some combination. This causes various problems, including fraud and waste.<p>If two parties mutually choose to enter into a contract over the Internet, and this contract is to be enforced by the judiciary, then it would be ideal for them to be able to verify each others' legal entities and authorisation. I think that properly implemented this could eliminate a large amount of online fraud.<p>Nothing about the principle of such a system inherently creates privacy problems, since when parties enter into a contract they already expect to reveal their identities to each other, and nothing would necessarily be forcing people to reveal their identities in any other situation, just the same as is the case at the moment.T here is a risk of a slippery slope of course; I can't deny that.<p>There's no reason such a system has to be centralised, though. X.509 certificates would work fine, for example, issued at the same time as a birth certificate, with each local office as a CA.<p>Unfortunately, the problem is with implementation. I don't think that any government is competent enough to put a system together that does meet privacy requirements, and there are too many self-interested parties who would influence and corrupt the design of such a system.

Profile: Sebastian Marshall. Internet ID 353-808-A331. Known aliases: "lionhearted". Primary contact info: sebastian@sebastianmarshall.com<p>Political positions: A believer in liberty, pro-international travel and open borders, tends towards mild hostility towards regulation. Generally law-abiding.<p>Friendliness to American Interests Rating (FAIR): 72/100

I'll be getting one of these when hell freezes over. If that means starting my own Internet, then that's exactly what I'll do.

This article is pretty light on details. Here's a quote from the White House Cybersecurity Coordinator Howard Schmidt:<p>Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. "I don't have to get a credential, if I don't want to," he said. There's no chance that "a centralized database will emerge," and "we need the private sector to lead the implementation of this," he said.<p>Read more: <a href="http://news.cnet.com/8301-31921_3-20027800-281.html#ixzz1AZDYQ3Kk" rel="nofollow">http://news.cnet.com/8301-31921_3-20027800-281.html#ixzz1AZD...</a>

If it waddles like a national ID system and quacks like a national ID system, then it's probably a national ID system. Here in the UK we are fortunate to have recently dumped plans for a national ID system. Americans should do the same.

I shared my thoughts in detail about this more than a year ago, we should get out in front or as now coming true my prediction was, "As private industry and a world society I hope we can take care of this ourselves before it gets so out of control Congress tries to figure out how to do it and we end up with some horrible mess of a “National ID and Digital Identity Act” that looks at it only from the perspective of the USA and makes it very difficult for non-US citizens to do anything online (as most of the major Internet properties are US based) creating a whole new barrier for 3rd world citizens to overcome."<p><a href="http://www.bretpiatt.com/blog/2009/07/25/cloud-computing-makes-blacklists-obsolete-now-is-the-time-for-digital-identities/" rel="nofollow">http://www.bretpiatt.com/blog/2009/07/25/cloud-computing-mak...</a>

This headline is actually pretty misleading. From what I've seen of the project, it is not about the government issuing online identities. Rather they've realized that people already have identities from services like Facebook and Google as well as banks.<p>This project is aimed at making it possible for people to interact with government agencies using identities they already have. Some interactions require very little security and knowledge of who a person is (leaving a comment here for example) while others (paying your taxes) require quite a bit.

Is this done anywhere else in the world? It is the scariest of the scary Big Brother measures I've seen recently...

Actual draft of the proposal from June 2010:<p><a href="http://www.dhs.gov/xlibrary/assets/ns_tic.pdf" rel="nofollow">http://www.dhs.gov/xlibrary/assets/ns_tic.pdf</a><p>Note that if [generic scary three letter agency] wants to spy on you it's already quite easy for them to do so (see FISA, CALEA, NSLs, Sugar Grove, etc).

I can sympathize with discontent about this, but almost nobody has brought up the positive uses of unique Internet ID.<p>Suppose you want a system where you want to signal to all internet companies that you don't want your browsing data to be harbored without your consent. The ID system would allow the creation and enforcement of such system.<p>The support for this comes in part because of pressure from the groups who are concerned about privacy and fretting over how their browsing data is used. While infringement of privacy hampers the growth of ecommerce, complete ban on harboring data hurts e-businesses (they won't be able to advertise efficiently). The solution to it is to create a free market: assign everyone a unique id, to which your preferences about harboring date will be assigned. Even better, data associated with that id can be considered proprietary, and users can license it to companies who are willing to pay for it and users can sue companies that infringe on this proprietary data bc courts will recognize it as solely yours. This is a good start if government wants to step in to protect your privacy from the "evil" corporations, while not hindering the growth of e-businesses.<p>Ideally, you will be protected from corporations who are after your private data. Government, however, will surely continue using it the way you don't want.

To those who would say "it'll be optional - you won't need one to search Google, check you email, etc." I point out that there are already huge efforts to track people across domains and build profiles of them. Private companies are ALREADY slobbering over this, and paying good money for even anonymized datasets. If this system goes into practice, it will simply be good business for websites to require your ID as part of the signup process. Also, open networks (like attwifi, etc.) may begin to require these as well. They could build nice juicy datasets of the Starbucks laptop crowd, and believe me they'd be hot selling items.<p>That's probably a best case scenario by the way. How long until it's mandated that your ISP has your internet ID, and public networks (attwifi, etc.) are required to get it to let you out into the internet?

This sounds very Orwellian, but I doubt much will become of this. Based on the statement the article attributes to Locke, it sounds like they're selling it to us as a single sign-on provider. Somehow, I doubt this will become as popular as current single sign-on providers such as Facebook or Google without legislation.

Sounds like Jeff Atwood got his wish!<p><a href="http://www.codinghorror.com/blog/2010/11/your-internet-drivers-license.html" rel="nofollow">http://www.codinghorror.com/blog/2010/11/your-internet-drive...</a>

In a blue block on page 18 of <a href="http://www.dhs.gov/xlibrary/assets/ns_tic.pdf" rel="nofollow">http://www.dhs.gov/xlibrary/assets/ns_tic.pdf</a> :<p>&#62;<i>Envision It!<p>An individual learns of a new and more secure way to access online services using a strong credential provided by a trustworthy service provider.</i><p>Running this past my parents was met with a blank stare, followed by "what?". And they're significantly better about their online habits than most people, <i>especially</i> the ones they're targeting with a system like this. Anyone interested in identity online already has several means of proving they are who they say they are, and can generate X.509 certificates to provide ridiculous-quality proof for individual transactions.<p>While I fully expect something along these lines to exist eventually, I'm honestly scared by the sunshine-and-ponies descriptions in that document. They're also making <i>enormous</i> claims of universal interoperability that reek to me of XML/SOAP/etc evangelization - it <i>never</i> works that well.<p>(Link thanks to trotsky: <a href="http://news.ycombinator.com/item?id=2086135" rel="nofollow">http://news.ycombinator.com/item?id=2086135</a> )

IANAL, but this is technically legal, so long as it's used ONLY for commerce, by means of the Interstate Commerce Clause of the US Constitution.<p>After that, it becomes unconstitutional, far as I know.<p>So, in other words, it's unconstitutional, because it won't be used only for commerce.

This is a waste of time. Any good intelligence organization can already gain most or all or probably too much of the information they need from online actions, transactions, networks, posts/comments, protocol sniffing, ISP/ad network data, re-routing/copying traffic, social hacking, infected pcs, etc. And if you are encrypting, proxying, spoofing then you are Anonymous and already on the radar.<p>This Internet ID would just be a show piece.

So far as I can tell what is actually being discussed is an official certification scheme for third-party identity providers. This would make it more feasible for third-party IDs to be accepted in contexts where they're currently not. I don't see how that can be reasonably characterized as a "unique Internet ID for all Americans", but whatevs.

This was a minor plot device in the book <i>Ender's Game</i>, where two super-intelligent children needed to borrow their father's network citizen access to post on the forums about their ideas. Obviously this isn't what the administration is suggesting, but it seems like a dangerous first step. I don't like it.<p>I'm happy with an optional OpenID-like system for stronger authentication and convenient access to account logins, but the system should be 100% optional. There's no way I'm going to trust anyone with the ability to masquerade as me through a closed system. Imagine using Facebook Connect or Google to log in to your bank. Facebook has no business involving me and my bank. It is between me and my bank only. And there is no reason for me to risk my full, unlimited online identity to a single provider like Facebook or Google. The government also has no business knowing who my bank or email provider of choice are.

There are so many incentives for legislators to restrict the internet as we know it today and effectively no lobby to protect it. I am wondering if 10 years from now we are going to have much more "regulation and security" for the networks than now. Not only in the US, on the global scale. Who knows, it might be that the 90s-00s will be remembered as the only period in the human history when the truly free unregulated GLOBAL internet was possible.<p>This view might look naive and hype-provoking and indeed the internet proved to be very robust on the big scale so far. However I have read recently about the very limited visa regulations for travelling around the most of the world in the 19th century. kind of puts things into perspective.

And you can absolutely bet that this will be tied to a SSN and will be necessary in order to interact with the government.<p>In some ways, this is reminiscent of Microsoft's attempt to 'reboot the internet' with their own security code. I believe it was called Hailstorm.

I think a government OAuth sounds like a good idea. Verifying your identity based on SSN is pretty insecure. If the commerce department can come up with a secure standard, it can seriously cut down on fraud. Internet anonymity is good for some things, but the government needs to stop people from borrowing in someone else's name.<p>Security will probably be challenge. This needs to be done right, but it has great potential for cutting down on fraud. With real identity, scammers can blacklisted, and honest can people can transact business better. Despite the FUD, I think this is actually good government.

In a few years time, the government will block your access to the internet for not doing as you're told.<p>As all services become digital eventually, the guy controlling the central ID system will be able to literally let you starve to death.<p>The fight for internet freedom is really the most important one in human history. If we don't win, we'll end up with a government that can actually enforce ALL its laws ALL the time.

You can already sign up for a bank account online and prove you are who you say you are by inputting enough personal information so they can verify you.<p>Sure there is potential for identity theft but much less so than with what they are proposing now.<p>As far as single logins, there is already a well established solution with OpenID, OAuth, and the Log in with Facebook / Twitter style logins.

Great, another channel for identity theft.

Even if it is optional to start with, it's like every other government "security theater" nonsense and there will be mission-creep to make it mandatory sooner or later.<p>Absolutely no way this should be allowed to be enacted, in any form.<p>Government should simply enforce the existing spammer laws and ensure net neutrality.

Government tends to be inefficient in Internet business. The Government would screw things up in multiple ways: too slow, too expensive, too much corruption, not flexible etc.

Is there anything in the legislation forcing businesses &#38; their customers to use this ID for all transactions?

One more stake in the heart of liberty.

Why is it that people insist on calling US citizens Americans? Canadians, Chileans, Brazilians, Panamanians, Colombians, etc are all Americans also, and this move does not apply to them at all. The American population is composed of everyone this side of the pond and not of everyone to the north only. Journalists should make a distinction.

How long until a national ID turns into an international ID to combat terrorism?

Gongradulations fello americans,<p>your illuminati oligarchs have promoted you, to become ID numbers with unique identity<p><a href="http://www.youtube.com/watch?v=Ct9xzXUQLuY" rel="nofollow">http://www.youtube.com/watch?v=Ct9xzXUQLuY</a>

Mark of the Beast! Mark of the Beast!

How the hell am I supposed to keep working under the table and dodging the IRS, if they're able to track me down because I just posted to Hacker News from this IP address?<p>God, it gives me a cold chill feeling just thinking about it.

It seems everybody is opposed to this sort of thing, but I love the idea of having a single piece of ID that works universally. I guess there are issues with identity theft being made easier, but I think the benefits outweigh the "privacy" concerns.