Posted on 09/20/2014 5:40:05 AM PDT by markomalley
The Commerce Department has been handing out grants to fund a way for Americans to use a single password anytime they shop, bank, pay bills or engage in any other online activity that requires logging in and verifying identity.
In effect, President Obamas administration is trying to bring an end to Americans having different passwords for each online account. Almost $3 million in grants were given out for the project this week through the departments National Institute of Standards and Technology, as part of its National Strategy for Trusted Identities in Cyberspace project.
"The grants announced will help spur development of new initiatives that aim to protect people and business from online identity theft and fraud," Commerce Secretary Bruce Andrews said.
There are more than 300,000 cases of identity theft annually, according to the Federal Trade Commission. Home Depot reported Thursday that hackers gained access to 56 million credit and debit cards in a breach of its systems. Last year, 40 million cards were compromised in a breach of Target's system.
The new initiatives would help create a "federated identity" system in which a single online provider would "vouch" for the user at other websites. The online user would choose the provider that vouched for them.
NIST spokeswoman Jennifer Huergo said the grants would help create a "marketplace of options so that you as a consumer could choose different identity providers that you trust."
She added that "federated identity" was a technical term that the computer experts coined.
"It sounds like 'federal' but it's not that at all. It's a term of art, I guess, for authentication. It comes from the IT people," she said.
Ryan Radia, associate director of technology studies at the free-market think tank Competitive Enterprise Institute, said the project's stated goal of a more secure Internet was laudable, but still better served by the private sector alone. The odds that any identity system starting out as voluntary eventually becomes mandatory is much greater if the government is involved, he said. He also dismissed NIST's claim that the technology could not be created without the grants.
"A Visa or Mastercard issued by a community bank in any small town can be used in any country around the world. That wasn't the result of any government initiative," Radia said, adding that government involvement might even retard the growth of privacy technology.
The government has given out about $19 million in grants through the NSTIC project since its creation in 2011.
Atlanta-based mobile trade association GSMA won an $822,000 grant to create a system that will be usable on different mobile networks. It is partnering with "America's four major mobile network operators," NIST said. Although neither NIST nor GSMA would disclose who the operators are, the four with the most subscribers in the U.S. are T-Mobile, AT&T, Verizon and Sprint, according to Bloomberg.
The $1.2 million grant to Confyrm of San Francisco would be to work on the federated system and find a way to track identity thieves.
MorphoTrust USA's grant is to demonstrate "how existing state-issued credentials such as drivers licenses can be extended into the online world to enable new types of online citizen services." That would include things like applying for federal benefits.
"Since the government has a pretty good idea of who you are, they could be an identity provider," Huergo said.
While the system would eliminate the need for multiple passwords at different websites many users employ the same password over and over again, making potential theft easier it also would create a potential "all your eggs in one basket" scenario. Should the one provider that vouches for a user be breached, most of that person's information would be at risk.
"That is a concern that has been raised," Huergo said, but argued that consolidating the information was still a better idea than the current setup. "Right now we have our eggs all over the place
this would give people the opportunity to reduce the number of baskets that contain their private information."
Nothing to see here, comrades...
Hacker’s wet dream.
No thank you.
Bad idea. If a person’s solitary password is compromised then everything they do is compromised. Am I alone in liking multiple passwords for multiple applications?
What if we all get a unique identifier permantly on our foreheads?
The Biblical prophesies are coming true at an astonishing rate.
I’m all for it, and sure this is satire at the same time. Imagine how convenient it would be for users, hackers and government monitors.
Is this real?
They violate the public trust by the very means they assure us of protection. Not once, as a matter of habit. To make matters worse they praise each other for how well they lie, obscure and devise “parallel construction.”
Now if any single fact of the NSA/Snowden revelations should prove how wise the Founding Fathers were about the dangers of a government that is unrestrained, it should be “parallel construction”.
This is the term given to when the NSA has information that it developed from its unconstitutional intrusion into our “persons and papers” (see 4th Amendment) and it “leaks” it to domestic law enforcement, with the condition that the source can never be revealed.
Since going to trial allows a defendant to the process of discovery to interrogate the the government over the evidence, and in this case the basis for the arrest came from the NSA, law enforcement must dream up a plausible lie to cover up the NSA’s involvement. This is corrupt and an act of perjury at an institutional level. It has become the normal course of doing business because government almost always finds ways to give itself permission for something it really wants to do.
I find these matters to be so serious that I am willing to support an Article V convention of the States to redefine and clarify the role of the federal government in how it relates to the States and the People.
The EXEMPT agree -— because they, their families
and Staff, will again (like Moslem invaders and
criminal illegals) be EXEMPT.
That, in of itself, doesn't bother me all that much.
A two-factor or even three-factor authenticator is far more secure, in of itself, than a simple password / passphrase. (FYI, the three factors are "something you know", "something you have", "something you are")
So far, so good, right?
The problem is that this single sign-on would, by its very nature, have to apply to logging on to the Internet, itself (and, with the MS cooperation with the government, perhaps even logging on to your computer, tablet, or even smartphone).
Legally, transactions done with two-factor or three-factor authentication have the characteristic of "non-repudiation" (that is, you cannot say "it wasn't me")
The up-side is that you would have very little concern that somebody could falsely do something in your name.
The down-side is that everybody else would have very little concern that somebody could falsely do something in your name (therefore, you would effectively lose anonymity).
The loss of anonymity has up-sides and down-sides as well. People acting with criminal intent would have a very hard time...but likewise, people just wanting to have privacy could kiss it goodbye.
The final thing that I could see is that, in order for such a single sign-on, single authenticating authority for all electronic transactions to work, there would need to be a single source that could say "yes that's BlueStateRightist" or "no it isn't."
Suppose the agency that administered that single authenticating source decided that they weren't pleased with what "BlueStateRightist" said on Free Republic. They could easily "lose" your credentials in the public key repository. And then you would be utterly cut off.
I know! We could get the same folks that did the website for Obama Care.
A related downside is that if the implementation is flawed (which is likely) the unencrypted and unhashed version of "what you are" will end up in a big list on a Russian hacker website. Since you cannot change "what you are" you will be preclude from using that system forever.
just implant a transponder/microphone at birth and call it a day
Nothing good can come of this.
Sometimes the columns write themselves.
Can’t buy or sell without it...
Would there be a way to do it if a person always had to order by credit using the same device? Report your device stolen and access to your credit and personal infomation could easily be disabled. The technology company would be in charge of strong firewalls instead of having the questionable security of merchandisers.
A chip in the hand and a reader on every device. It ain’t likely, it’s probable.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.