May 4, 2014
It appears the status quo may be finally making its moves to getting control over the heretofore free and open internet. As I and many others have noted previously, the internet is one of the most powerful tools humanity has ever devised. It frees information in a way that was simply unimaginable decades ago and empowers each of us to be as informed or uninformed as we desire.
Just last week in my post, Say Goodbye to “Net Neutrality” – New FCC Proposal Will Permit Discrimination of Web Content, I mused that in so-called “first world” countries like the U.S. the illusion of freedom must be maintained even as civil liberties are eroded. Thus censorship must be administered surreptitiously and slowly. The following plan to implement an “Internet ID” will initially only be rolled out as a pilot program in two states (Michigan and Pennsylvania), and will only deal with government services. That said, we can see where all of this is ultimately headed, and the program, called the National Strategy for Trusted Identities in Cyberspace, should be monitored closely going forward.
Vice reported on this a few days ago:
A few years back, the White House had a brilliant idea: Why not create a single, secure online ID that Americans could use to verify their identity across multiple websites, starting with local government services. The New York Times described it at the time as a “driver’s license for the internet.”
Sound convenient? It is. Sound scary? It is.
The vision is to use a system that works similarly to how we conduct the most sensitive forms of online transactions, like applying for a mortgage. It will utilize two-step authentication, say, some combination of an encrypted chip in your phone, a biometric ID, and question about the name of your first cat.
But instead of going through a different combination of steps for each agency website, the same process and ID token would work across all government services: from food stamps and welfare to registering for a fishing license.
The original proposal was quick to point out that this isn’t a federally mandated national ID. But if successful, it could pave the way for an interoperable authentication protocol that works for any website, from your Facebook account to your health insurance company.
To start, there’s the privacy issue. Unsurprisingly, the Electronic Frontier Foundation immediately pointed out the red flags, arguing that the right to anonymous speech in the digital realm is protected under the First Amendment. It called the program “radical,” “concerning,” and pointed out that the plan “makes scant mention of the unprecedented threat such a scheme would pose to privacy and free speech online.”
And the keepers of the identity credentials wouldn’t be the government itself, but a third party organization. When the program was introduced in 2011, banks, technology companies or cellphone service providers were suggested for the role, so theoretically Google or Verizon could have access to a comprehensive profile of who you are that’s shared with every site you visit, as mandated by the government.
Then there’s the problem of putting all your security eggs in one vulnerable basket. If a hacker gets their hands on your cyber ID, they have the keys to everything.
For now, this is all just speculation. The program is just entering a test phase with select state government agencies only (there are currently plans to expand the trial out to 10 more organizations.)
But it’s not far-fetched to think we’re moving toward a standardized way to prove our identity in cyberspace the same way we do offline.
Keep a close eye on this.