
Obama administration moves forward with unique Internet ID for all Americans - Stevenup7002
http://www.engadget.com/2011/01/09/obama-administration-moves-forward-with-unique-internet-id-for-a/
======
flyt
The silver lining is that by the time this project goes through study after
study, development, testing, and finally deployment 5-10 years will have
passed and the Internet will fundamentally change in ways that either makes
this instantly irrelevant or impossible to enforce.

~~~
Alex3917
We need a publicly-controlled identity infrastructure that's compatible with
the Internet. The problem isn't that internet ID is somehow evil, but rather
the government.

~~~
drats
Remind me again of why we "need" a solution such as this? All this screeching
reminds me of the people wanting a centralized solution to spam in the 1990s
via government control or micropayments. We don't hear from them anymore
because of spam filters and increased storage and bandwidth.

My google account has double authentication now, telephone as well as a second
email address, and serves as a central repository for all my other accounts
across the web if I happen to forget a password. I can change providers if I
want as well. Further, my VISA card is tied to my identity for purchases and
donations. But anything that doesn't involve that isn't tied to my identity.

So please just go shove it with your "need". It just makes me furious that
this is even being proposed, it's totally unnecessary meddling and we all KNOW
it will be abused.

~~~
Alex3917
"Remind me again of why we 'need' a solution such as this?"

There are lots of services that people want that are impossible to build
without a way to prove that someone is who they say they are. E.g. better
reputation systems.

"we all KNOW it will be abused."

Obviously. That doesn't mean there isn't a need though.

~~~
anonymous246
A better _REPUTATION_ system (??!!??!!) is the best you could come up with? I
cannot think of a less important application of a national ID card.

And even in this area, Amazon/Newegg have solved the pretty nicely with the
"verified purchaser" tag. How is the national ID card system better?

For Serious Stuff (TM) like opening a stock trading account, laws have already
been passed to make an all-electronic signup as binding as a paper signature.

We criticize China when it does something like this, but when America does
it's all fine.

~~~
ThomPete
I think you are dismissing this on pretty unresolved ground.

To claim that Amazon/Newegg solved it with "verified purchaser" is simply on
unsubstantiated ground.

I could find plenty of serious uses for reputation systems. In fact I would
claim that reputation systems is going to be the future of verification.

~~~
anonymous246
Please explain why such a "serious" use cannot be implemented with today's
technologies. You can trivially ask people to give you their license number
and run a lookup to confirm that they're who they claim to be at signup time.
Yes, it's not gratis (see publicdata.com). But you stipulated that this is
"serious" use, so that shouldn't be a problem.

~~~
ThomPete
Huh? I never said it couldn't be I said it wasn't.

But again it's not simply a question about identification as in per the right
username/password/license plate.

I can log in and pretend to be anyone, in fact I can have multiple different
accounts and be multiple different people.

But when you add social proofing on top of it you have created a verification
mechanism that is much stronger since it includes my very existence, my
friends, what I do etc. Things that can't as easily be faked.

~~~
anonymous246
> But when you add social proofing on top of it you have created a
> verification mechanism that is much stronger since it includes my very
> existence, my friends, what I do etc. Things that can't as easily be faked.

The point many of the critics here are making is that anonymity and privacy is
_required_ for a functioning democracy.

Why does it matter _WHO_ is saying something. Shouldn't the most important
thing be _WHAT_ is being said?

Even in today's "everything goes" situation, libel/slander etc hasn't reached
epidemic proportions to require policing everything people say.

And _even_ then, I would much rather have a central clearinghouse where
_aggreived_ parties can register to have their names etc not be displayed by
web sites (think of it as a robots.txt for humans). Note that this can be
implemented without an online ID and is different from the current proposal.

I still haven't understood what is your problem with today's situation where
people can create as many alter egos as they wish.

------
rlpb
We are going to end up with something sooner or later.

The fact is that we want (and can) enter into contracts on the Internet. In
order to enforce contracts we must have identities. Since the Government
(specifically the judiciary) enforces contracts, this means that we must be
entering into these contracts under Government-managed identities.

Currently we acquire and prove this Government-managed identity using an ad-
hoc, decentralised, system with much duplication. I can use a passport or my
driver's license or my birth certificate or perhaps some utility bills or some
combination. This causes various problems, including fraud and waste.

If two parties mutually choose to enter into a contract over the Internet, and
this contract is to be enforced by the judiciary, then it would be ideal for
them to be able to verify each others' legal entities and authorisation. I
think that properly implemented this could eliminate a large amount of online
fraud.

Nothing about the principle of such a system inherently creates privacy
problems, since when parties enter into a contract they already expect to
reveal their identities to each other, and nothing would necessarily be
forcing people to reveal their identities in any other situation, just the
same as is the case at the moment.T here is a risk of a slippery slope of
course; I can't deny that.

There's no reason such a system has to be centralised, though. X.509
certificates would work fine, for example, issued at the same time as a birth
certificate, with each local office as a CA.

Unfortunately, the problem is with implementation. I don't think that any
government is competent enough to put a system together that does meet privacy
requirements, and there are too many self-interested parties who would
influence and corrupt the design of such a system.

~~~
rsingel
Sorry the Engadget piece is full of FUD and light on details. I was at the
event and covered it for Wired.com.

This initiative is coming out of NIST inside the Commerce department, with
smart folks there who know this 1) a tough problem, 2) needs to be an open
standard and 3) that the feds role here is best as being the ones who convene
the people in the room.

[http://www.wired.com/epicenter/2011/01/obama-strategy-for-
on...](http://www.wired.com/epicenter/2011/01/obama-strategy-for-online-id/)

There's got to be a better way to prove you are real and legit, than giving
some company the right to pull a sub-one dollar sum of money from your bank
account and then confirming that to them online.

OpenID is fine, so far as it has gone, but right now it looks like Facebook is
winning the war for identity and authentication. Having the feds behind an
open standard hardly means you are getting the Real ID of the internet.

You've got a few choices of who's going to do this in the future. The feds,
your bank, Facebook, PayPal or your mobile phone carrier. Personally, I'd
prefer an open system where I have my choice of 10 providers all using open
standards, than having to rely on multiple closed systems like giant bank or
Facebook or Paypal.

~~~
nowarninglabel
>"There's got to be a better way to prove you are real and legit, than giving
some company the right to pull a sub-one dollar sum of money from your bank
account and then confirming that to them online"

I've never had any problem with this method, what are your objective
quantifications for why a 'internet id' from the Commerce Department would
solve this better? Why does taxpayer money need to be spent on a problem that
is already solved to a sufficient degree by commercial forces?

~~~
rsingel
There's literally nothing in the proposal about an internet ID from the
Commerce Department. While I'm not thoroughly convinced we need better
identification on the net, the proposal here is about creating _standards_ for
stronger identification -- something like OpenID with the weight of the
federal government trying to get industry, privacy and security groups in the
same room. The alternative, it seems to me, is to watch Facebook corner the
market on consumer identity, while defense contractors or the banking industry
wins government contracts, and the latter eventually create some very badly
designed system for citizens to log in to government agency websites.

While I'm also deeply opposed to any government-run program, that's not what's
happening here.

I'm also a bit disappointed here with Hacker News. Folks here could easily
imagine an internet that is easier and safer with a better way for users to
manage their identities, while retaining both privacy and the possibility of
pseudonimity and anonymity. Instead, mostly what's shown up in the border here
is a Reddit thread with people saying, "You can take my anonymous internet but
you'll have to pry the keyboard out of my cold dead hands." HN is usually much
better than this.

~~~
nowarninglabel
"I'm also a bit disappointed here with Hacker News. Folks here could easily
imagine an internet that is easier and safer with a better way for users to
manage their identities"

I'm disappointed with you. Why do your values for a "safer and better"
internet have to be imposed on me? Where is your objective data showing this
will be a "safer and better" internet? Is internet use in Australia "safer and
better" because they choose to govern and censor it? To me this sounds like
the marketing-speak of the war on drugs and terror.

Furthermore, why do I need a federal program to do this? There are already
identity management solutions and standards widely available, namely
Shibboleth <http://shibboleth.internet2.edu/>, which is deployed across
California State Universities and universities across the U.S. There is no
reason it could not be leveraged for federated identity.

>"While I'm also deeply opposed to any government-run program, that's not
what's happening here."

Pardon? Just because it is a private-public partnership does not exclude the
government from ownership, but don't trust me, go read the source yourself:
<http://www.dhs.gov/xlibrary/assets/ns_tic.pdf> That is the draft from when it
was proposed for DHS. You can see in the document itself the references to
"accountability" of these private partners to the government in their
"Identity Ecosystem".

------
lionhearted
Profile: Sebastian Marshall. Internet ID 353-808-A331. Known aliases:
"lionhearted". Primary contact info: sebastian@sebastianmarshall.com

Political positions: A believer in liberty, pro-international travel and open
borders, tends towards mild hostility towards regulation. Generally law-
abiding.

Friendliness to American Interests Rating (FAIR): 72/100

~~~
narrator
That 353-808-A331 is the lower 64 bits of your ipv6 address anytime you do
anything online. You won't have to login anywhere! If you need to do something
important you'll just sign with your private key and the gov will graciously
provide the public key keyserver. I've been trying to tell that to everybody
for years.

Your Fair Score is actually your TerrorScore. Would you like to sort social
media profiles by TerrorScore? They will undoubtedly use Google PageRank like
Eigenvectors to calculate it based on who you're linked to and your ipv6
traffic profile.

I hate to be an Ipv6 cynic but after all, Ipv4 NAT is the best thing that ever
happened to online anonymity.

~~~
wmf
_IPv4 NAT is the best thing that ever happened to online anonymity._

There's exactly one person behind my NAT; how many are behind yours?

~~~
bad_user
Yes, but how many people know that?

------
jrockway
I'll be getting one of these when hell freezes over. If that means starting my
own Internet, then that's exactly what I'll do.

~~~
mark_l_watson
I would like to see more local (at the town level) shared networks. Something
like cheap wi-fi base stations (really cheap!) that could link up a local area
and have a good directory of what material people host to be shared, local
bulletin boards, etc.

I live in a rural area and several of my friends are going the self sufficient
route and my wife and I are at least putting in enough solar panels to
generate about 3/4 of the electricity that we currently use.

The country I live in (USA) is in rapid decline and it would be naive to
believe that all utilities and infrastructure will stay online 100% of the
time. Having a useful local "localnet" would be a good idea, and could be fun
also as a community activity. Perhaps libraires would be good hubs and meeting
places to set this up. Even better to also get the local police, fire
department and city government involved: something to bring the whole
community together.

~~~
jrockway
The USA is in rapid decline? Let me guess, because teenagers use Facebook,
spell "you" as "u" and house prices are not increasing as quickly as 5 years
ago?

~~~
postingfromwork
You're on the right track, actually. Academic motivation is virtually
nonexistent in the States, whereas in China kids go to school on Saturdays and
go to private cram schools until nighttime. A nation is made or broken by its
education systems since after all, knowledge is power.

~~~
jrockway
_Academic motivation is virtually nonexistent in the States, whereas in China
kids go to school on Saturdays and go to private cram schools until nighttime.
A nation is made or broken by its education systems since after all, knowledge
is power._

Well, the OP said "rapid decline". This is a gradual non-improvement, which is
not the same thing.

Also, does going to school 7 days a week increase learning? I can sit in front
of my computer and type stuff for 24 hours straight. Doesn't mean the result
is any good.

~~~
DuncanIdaho
Knowledge is leverage. Leverage works as interest upon interest. Therefore
gradual non-improvement is the same as rapid decline. Loosing 3 percent a year
where everybody is standing still is not that different as standing still in a
world where everybody is accumulating interest.

Also what I have noticed with myself ( I had a decadent phase in life, moved
on and now look on "friends" who stayed where they were) - decadent
consumerism might not look as bad when you start doing it. But it erodes your
soul it makes you weak and timid. Arm the lumpenproletariat with high tech -
and you won't get "a little bit weaker" society - you get idiocracy.

A human to be happy must play hard, work hard and love hard. This is a virtue
that most everybody is abandoning these days. I'm not advocating for
repression (like China, India or western world of old), I'm advocating that we
don't forget a passion in our lives and that we do not fail to show it to our
children. Else everything is in vain.

------
bigsassy
This article is pretty light on details. Here's a quote from the White House
Cybersecurity Coordinator Howard Schmidt:

Schmidt stressed today that anonymity and pseudonymity will remain possible on
the Internet. "I don't have to get a credential, if I don't want to," he said.
There's no chance that "a centralized database will emerge," and "we need the
private sector to lead the implementation of this," he said.

Read more:
[http://news.cnet.com/8301-31921_3-20027800-281.html#ixzz1AZD...](http://news.cnet.com/8301-31921_3-20027800-281.html#ixzz1AZDYQ3Kk)

~~~
sliverstorm
_I don't have to get (one)_

Cool. They've got the OK from me. It could turn out to be neat, and so long as
it's optional I'm not worried.

~~~
CWuestefeld
_so long as it's optional I'm not worried._

I've got a bridge to sell you, too.

Social Security Numbers, we were promised, would not be used as personal
identifiers. See, e.g.,
[http://query.nytimes.com/gst/fullpage.html?res=9C02EFD71039F...](http://query.nytimes.com/gst/fullpage.html?res=9C02EFD71039F935A15754C0A96E958260)

 _FOR many years, Social Security cards carried an admonition that they were
to be used "for Social Security and tax purposes -- not for identification."_

You've got my personal guarantee that if an optional Internet ID is created
today, it will be required before long. This is how the system works. Witness
the gradual ratcheting up of (ridiculous) security measures in airports if
you're skeptical.

~~~
RickRoll
That's pretty obvious. Just in a few month government and every established
corp will require those for it's online services. Online banking, paypal&co,
all app stores, gaming, taxes, healtcare, insurance ...

~~~
CWuestefeld
Prediction: it'll start with the gov't allowing safe harbor for sites that use
these IDs, when questions regarding copyright, pr0n, etc., come up.

If your users post copyrighted material, e.g., then you'll be offered safe
harbor only if you enforce registration via the national ID. Same deal for
people posting "naughty" content -- which is more insidious than it sounds,
because of the overlap between (a) sexual content and privacy concerns in
discussions about, e.g., STDs; or (b) in the wake of wikileaks, being hassled
about publication of, or support for those publishing, "leaked" data be it
from government or from industry.

It's necessary that we provide a way for people to maintain anonymity, but the
government wants to offer enough carrots to divert our horse from that path.

------
motters
If it waddles like a national ID system and quacks like a national ID system,
then it's probably a national ID system. Here in the UK we are fortunate to
have recently dumped plans for a national ID system. Americans should do the
same.

~~~
j_baker
Just out of curiosity, if the national government in the UK doesn't issue IDs,
who does? Counties? Cities?

~~~
adamt
Passports are issued by the UK Passport Office, and driving licenses by the
DVLA (Driving & Vehicles Licensing Association). These are both effectively
government agencies.

However, as having a passport or a driving license is not compulsory, there
were plans to have a national identity card, as is the case in many European
countries that would be compulsory for all adults. This has fairly recently
been scrapped before it was ever adopted. Partly because the cost ended up
being estimated at £18B (US$30B). Quite how a database and some photo cards of
60M people(less if you only include adults) would cost that much is a mystery
that only governments can solve!

~~~
Quarrelsome
Really? Lets think about it.

* First up we gotta biometrically scan every citizen of the United Kingdom for starters. That's 64 million people.

\- Scanners

\- Appointment Management

\- Advertising Campaigns (to remind people to register/go)

\- Chasing people who aren't registered

* Then for that to make sense you need to be able to validate people in places.

\- Invest in technology to biometrically match people (readers etc)

\- Train users/operators

\- Handle the kinks in that tech (complaints, false positives).

\- Handle any legal issues.

\- Create the back end system to auth (somewhat non trivial)

\- Load balance

\- Security Checks, Penetration testing, etc, etc. No point in the whole
system if its easily spoofed, right?

Then of course we need to produce the cards and send all the cards to those 64
million people. Also this system is supposed to integrate with existing
government systems. You can imagine what I nightmare that probably was going
to be.

My point being that its only a database and some photocards in the sense that
I can write Stackoverflow in a weekend ;).

Tbh your belief that it was only photocards means that you probably didn't
appreciate the full scope of the legislation. It actually sickened me how the
entire focus of the debate on the ID system was on the cards when they were
the least important aspect of it.

If I wore a tin-foil hat i'd even go so far as to suggest that politicians
intentionally focused on the card part of it to divert our attention from the
rest of it.

------
bretpiatt
I shared my thoughts in detail about this more than a year ago, we should get
out in front or as now coming true my prediction was, "As private industry and
a world society I hope we can take care of this ourselves before it gets so
out of control Congress tries to figure out how to do it and we end up with
some horrible mess of a “National ID and Digital Identity Act” that looks at
it only from the perspective of the USA and makes it very difficult for non-US
citizens to do anything online (as most of the major Internet properties are
US based) creating a whole new barrier for 3rd world citizens to overcome."

[http://www.bretpiatt.com/blog/2009/07/25/cloud-computing-
mak...](http://www.bretpiatt.com/blog/2009/07/25/cloud-computing-makes-
blacklists-obsolete-now-is-the-time-for-digital-identities/)

~~~
RickRoll
>>As private industry and a world society I hope we can take care of this
ourselves before it gets so out of control Congress tries to figure out how to
do it and we end up with some horrible mess of a “National ID and Digital
Identity Act” that looks at it only from the perspective of the USA and makes
it very difficult for non-US citizens to do anything online (as most of the
major Internet properties are US based) creating a whole new barrier for 3rd
world citizens to overcome.

Major internet properties are international - Facebook, Paypal, Skype, Google,
Microsoft's, Groupon, etc. Most countries have the technical talent to create
clones of successful US startups. The problem is local governments will be
able to control those local forums and social networks. So killing online
freedom in US will kill it worldwide.

------
daveman692
This headline is actually pretty misleading. From what I've seen of the
project, it is not about the government issuing online identities. Rather
they've realized that people already have identities from services like
Facebook and Google as well as banks.

This project is aimed at making it possible for people to interact with
government agencies using identities they already have. Some interactions
require very little security and knowledge of who a person is (leaving a
comment here for example) while others (paying your taxes) require quite a
bit.

~~~
thwarted
Is it really in the best interest of collecting taxes to defer authentication
(and even authorization) to a third party such as Google, or even banks?

~~~
daveman692
I interact with the IRS once a year having to remember a short PIN I created
years ago and can't figure out how to change. My bank has a very strong
knowledge of who I am partially via
<http://en.wikipedia.org/wiki/Know_your_customer> and because I login to it on
a much more frequent basis.

It isn't that my bank would change the role of the IRS, but I'd login to the
IRS using a strong identity issued by my bank versus this silly PIN I use
today.

~~~
chopsueyar
...or you could use the mail.

------
StavrosK
Is this done anywhere else in the world? It is the scariest of the scary Big
Brother measures I've seen recently...

~~~
abrahamsen
Yes, Denmark:

<https://www.nemid.nu/>

<http://en.wikipedia.org/wiki/NemID>

Most public institutions as well as many private (including the banks) have
switched to this system.

Our government already know just about everything about us (e.g. few people
need to fill out tax forms), so this has not been very controversial. The
largest controversy has been with the security.

~~~
nkassis
"(e.g. few people need to fill out tax forms)"

Actually I don't get why the gov makes people do one in the US and Canada.
Most people have their income reported to the gov by their employer. That
information should be downloadable by people and then what is missing could be
filled in, mistakes fixed, deductions not already calculated added...

~~~
SapphireSun
The government would like to know about other things you are doing on the side
as well. :-)

------
trotsky
Actual draft of the proposal from June 2010:

<http://www.dhs.gov/xlibrary/assets/ns_tic.pdf>

Note that if [generic scary three letter agency] wants to spy on you it's
already quite easy for them to do so (see FISA, CALEA, NSLs, Sugar Grove,
etc).

~~~
forensic
>Note that if [generic scary three letter agency] wants to spy on you it's
already quite easy for them to do so (see FISA, CALEA, NSLs, Sugar Grove,
etc).

It's not really about spying.

It's about a government bureaucracy having the power to control your identity.

If Visa cancels my card I can get an AMEX. The CIA has limited reach here..
the alphabet soups can't easily freeze my bank account.

But if the government controls my ID card, they can shut me down utterly and I
have no recourse aside from the broken judicial system.

The simple fact of the matter is that corporations such as Visa and HSBC and
Equifax are more trustworthy than the government.

Giving the government the ability to authenticate humans online is giving them
WAY TOO MUCH UNCHECKED POWER.

~~~
trotsky
_But if the government controls my ID card_

Check all that apply:

[ ] State Picture ID

[ ] Passport

[ ] Social Security Card

 _The simple fact of the matter is that corporations such as Visa and HSBC and
Equifax are more trustworthy than the government._

You should really read the proposal. It's a federation of privately run PKI
authorities. Potentially people like Visa, HSBC and Equifax.

------
ulugbek
I can sympathize with discontent about this, but almost nobody has brought up
the positive uses of unique Internet ID.

Suppose you want a system where you want to signal to all internet companies
that you don't want your browsing data to be harbored without your consent.
The ID system would allow the creation and enforcement of such system.

The support for this comes in part because of pressure from the groups who are
concerned about privacy and fretting over how their browsing data is used.
While infringement of privacy hampers the growth of ecommerce, complete ban on
harboring data hurts e-businesses (they won't be able to advertise
efficiently). The solution to it is to create a free market: assign everyone a
unique id, to which your preferences about harboring date will be assigned.
Even better, data associated with that id can be considered proprietary, and
users can license it to companies who are willing to pay for it and users can
sue companies that infringe on this proprietary data bc courts will recognize
it as solely yours. This is a good start if government wants to step in to
protect your privacy from the "evil" corporations, while not hindering the
growth of e-businesses.

Ideally, you will be protected from corporations who are after your private
data. Government, however, will surely continue using it the way you don't
want.

~~~
shotgun
The trouble is who has _both_ ownership over and is able to exercise control
over your identity data? I do like your idea of using licensing as a possible
mechanism.

It's one thing to say the government will host the ID data for free, for every
American. (Or at least every American they deem worthy of a proof-of-online-
identity certificate.)

But possession is often viewed as 9/10ths of the law. Calling it "my" data is
misleading if they really mean "data about me."

Would I like to have a permanent, personal and authenticated key value store
to in conjunction in some interpersonal or person-machine transactions?
Absolutely.

But I don't see how having a government issued identity solves the problem of
how my browsing data might be misused elsewhere.

It would seem that it only adds more personally-identifiable metadata that
could be intercepted, tracked, or stolen along the way.

How would such an ID system enable the creation and enforcement of a do-not-
track list? That sounds appealing, but how does my identity being tracked stop
me from being tracked?

------
nlavezzo
To those who would say "it'll be optional - you won't need one to search
Google, check you email, etc." I point out that there are already huge efforts
to track people across domains and build profiles of them. Private companies
are ALREADY slobbering over this, and paying good money for even anonymized
datasets. If this system goes into practice, it will simply be good business
for websites to require your ID as part of the signup process. Also, open
networks (like attwifi, etc.) may begin to require these as well. They could
build nice juicy datasets of the Starbucks laptop crowd, and believe me they'd
be hot selling items.

That's probably a best case scenario by the way. How long until it's mandated
that your ISP has your internet ID, and public networks (attwifi, etc.) are
required to get it to let you out into the internet?

------
davidcuddeback
This sounds very Orwellian, but I doubt much will become of this. Based on the
statement the article attributes to Locke, it sounds like they're selling it
to us as a single sign-on provider. Somehow, I doubt this will become as
popular as current single sign-on providers such as Facebook or Google without
legislation.

~~~
jacoblyles
Couldn't they bully the ISPs to force everybody to use it? Seems like we
should worry when they set up the groundwork for something like that, and not
after the fact.

~~~
davidcuddeback
I don't see how this would be implemented at the ISP level, but maybe that's a
failure of my imagination. I'm imagining something similar to Open ID.

With no details about the government's plan for an internet ID, we're left to
our imaginations, which probably vary widely from person to person.

~~~
Evgeny
_I don't see how this would be implemented at the ISP level_

Simple: all new contracts with any ISP will require the customer to provide
the internet ID.

All existing contracts have to be renewed no later than {date}, and if the
customer fails to provide the internet ID by that date, he is forcefully
disconnected.

------
Twisol
Sounds like Jeff Atwood got his wish!

[http://www.codinghorror.com/blog/2010/11/your-internet-
drive...](http://www.codinghorror.com/blog/2010/11/your-internet-drivers-
license.html)

------
Groxx
In a blue block on page 18 of <http://www.dhs.gov/xlibrary/assets/ns_tic.pdf>
:

> _Envision It!

An individual learns of a new and more secure way to access online services
using a strong credential provided by a trustworthy service provider._

Running this past my parents was met with a blank stare, followed by "what?".
And they're significantly better about their online habits than most people,
_especially_ the ones they're targeting with a system like this. Anyone
interested in identity online already has several means of proving they are
who they say they are, and can generate X.509 certificates to provide
ridiculous-quality proof for individual transactions.

While I fully expect something along these lines to exist eventually, I'm
honestly scared by the sunshine-and-ponies descriptions in that document.
They're also making _enormous_ claims of universal interoperability that reek
to me of XML/SOAP/etc evangelization - it _never_ works that well.

(Link thanks to trotsky: <http://news.ycombinator.com/item?id=2086135> )

------
younata
IANAL, but this is technically legal, so long as it's used ONLY for commerce,
by means of the Interstate Commerce Clause of the US Constitution.

After that, it becomes unconstitutional, far as I know.

So, in other words, it's unconstitutional, because it won't be used only for
commerce.

~~~
forensic
Constitution is meaningless these days. "Unconstitutional" is defined by the
emotional whims and ideologies of judges.

~~~
prodigal_erik
The commerce clause in particular has been used to justify most anything,
including laws around production of your own goods because that can function
as an _alternative_ to interstate commerce.

But strict constructionism isn't an answer either. We shouldn't only have a
right to bear 18th century arms, or let computer files be searched without a
warrant merely because they aren't on paper. It's always going to be
subjective, applying the law to questions that didn't even exist back when it
was written. We have to do it, but we have to be more careful about it than we
have.

~~~
forensic
That's why Jesus invented amendments to the constitution.

------
drawkbox
This is a waste of time. Any good intelligence organization can already gain
most or all or probably too much of the information they need from online
actions, transactions, networks, posts/comments, protocol sniffing, ISP/ad
network data, re-routing/copying traffic, social hacking, infected pcs, etc.
And if you are encrypting, proxying, spoofing then you are Anonymous and
already on the radar.

This Internet ID would just be a show piece.

~~~
forensic
It's not about access to information, it's about the control to issue/deny
IDs.

------
contextfree
So far as I can tell what is actually being discussed is an official
certification scheme for third-party identity providers. This would make it
more feasible for third-party IDs to be accepted in contexts where they're
currently not. I don't see how that can be reasonably characterized as a
"unique Internet ID for all Americans", but whatevs.

------
dkokelley
This was a minor plot device in the book _Ender's Game_ , where two super-
intelligent children needed to borrow their father's network citizen access to
post on the forums about their ideas. Obviously this isn't what the
administration is suggesting, but it seems like a dangerous first step. I
don't like it.

I'm happy with an optional OpenID-like system for stronger authentication and
convenient access to account logins, but the system should be 100% optional.
There's no way I'm going to trust anyone with the ability to masquerade as me
through a closed system. Imagine using Facebook Connect or Google to log in to
your bank. Facebook has no business involving me and my bank. It is between me
and my bank only. And there is no reason for me to risk my full, unlimited
online identity to a single provider like Facebook or Google. The government
also has no business knowing who my bank or email provider of choice are.

------
knowledgesale
There are so many incentives for legislators to restrict the internet as we
know it today and effectively no lobby to protect it. I am wondering if 10
years from now we are going to have much more "regulation and security" for
the networks than now. Not only in the US, on the global scale. Who knows, it
might be that the 90s-00s will be remembered as the only period in the human
history when the truly free unregulated GLOBAL internet was possible.

This view might look naive and hype-provoking and indeed the internet proved
to be very robust on the big scale so far. However I have read recently about
the very limited visa regulations for travelling around the most of the world
in the 19th century. kind of puts things into perspective.

~~~
cma
The great firewall existed in the 90's and the 2000's right?

------
watmough
And you can absolutely bet that this will be tied to a SSN and will be
necessary in order to interact with the government.

In some ways, this is reminiscent of Microsoft's attempt to 'reboot the
internet' with their own security code. I believe it was called Hailstorm.

------
gersh
I think a government OAuth sounds like a good idea. Verifying your identity
based on SSN is pretty insecure. If the commerce department can come up with a
secure standard, it can seriously cut down on fraud. Internet anonymity is
good for some things, but the government needs to stop people from borrowing
in someone else's name.

Security will probably be challenge. This needs to be done right, but it has
great potential for cutting down on fraud. With real identity, scammers can
blacklisted, and honest can people can transact business better. Despite the
FUD, I think this is actually good government.

------
ebaysucks
In a few years time, the government will block your access to the internet for
not doing as you're told.

As all services become digital eventually, the guy controlling the central ID
system will be able to literally let you starve to death.

The fight for internet freedom is really the most important one in human
history. If we don't win, we'll end up with a government that can actually
enforce ALL its laws ALL the time.

------
bcheung
You can already sign up for a bank account online and prove you are who you
say you are by inputting enough personal information so they can verify you.

Sure there is potential for identity theft but much less so than with what
they are proposing now.

As far as single logins, there is already a well established solution with
OpenID, OAuth, and the Log in with Facebook / Twitter style logins.

------
guynamedloren
Great, another channel for identity theft.

------
ck2
Even if it is optional to start with, it's like every other government
"security theater" nonsense and there will be mission-creep to make it
mandatory sooner or later.

Absolutely no way this should be allowed to be enacted, in any form.

Government should simply enforce the existing spammer laws and ensure net
neutrality.

------
dennisgorelik
Government tends to be inefficient in Internet business. The Government would
screw things up in multiple ways: too slow, too expensive, too much
corruption, not flexible etc.

------
w1ntermute
Is there anything in the legislation forcing businesses & their customers to
use this ID for all transactions?

------
lwhi
One more stake in the heart of liberty.

------
sp4rki
Why is it that people insist on calling US citizens Americans? Canadians,
Chileans, Brazilians, Panamanians, Colombians, etc are all Americans also, and
this move does not apply to them at all. The American population is composed
of everyone this side of the pond and not of everyone to the north only.
Journalists should make a distinction.

~~~
JoeAltmaier
Perhaps because we're the only ones to actually put the work "America" in our
country's name.

------
yters
How long until a national ID turns into an international ID to combat
terrorism?

------
eurohacker
Gongradulations fello americans,

your illuminati oligarchs have promoted you, to become ID numbers with unique
identity

<http://www.youtube.com/watch?v=Ct9xzXUQLuY>

------
rman666
Mark of the Beast! Mark of the Beast!

------
unoti
How the hell am I supposed to keep working under the table and dodging the
IRS, if they're able to track me down because I just posted to Hacker News
from this IP address?

God, it gives me a cold chill feeling just thinking about it.

------
citricsquid
It seems everybody is opposed to this sort of thing, but I love the idea of
having a single piece of ID that works universally. I guess there are issues
with identity theft being made easier, but I think the benefits outweigh the
"privacy" concerns.

