Why Obama’s National Internet ID Solution is a Really, REALLY Bad Idea
Join in on the Facebook Discussion on this topic.
When it comes to the Internet, the US government usually doesn’t have a clue. That seems to be the case with the recent announcement of the Obama Administration’s plans to develop an internet identity system that officials claim will reduce fraud and identity theft while streamlining online transactions.
Cut to the chase: the National Strategy for Trusted Identities in Cyberspace (NSTIC) is a bad idea. On the surface having something that will increase online transactions and reduce identity theft makes (some) sense. Security is the #1 reason that people avoid online transactions and in an age that is continuously going more and more digital, it would appear prudent to take steps towards improving security.
This step is not a prudent one. It will lead us down the wrong path for several reasons.
How Do You Spell Disaster? S-I-N-G-L-E-P-O-I-N-T
A skeleton key is “a key or similar object capable of opening any lock regardless of make or type.” In its most basic form, this is what the Obama Administration is proposing. Rather than have different passwords and email validations to access the various places we surf, NSTIC will be a single point of entry for online interactions and transactions that consumers and businesses can use to engage.
This should terrify the tech-savvy crowd.
Having a single-point of entry into many websites is already available in several forms, most prominently through Facebook. Many have accepted it because there is only privacy at stake – we aren’t making purchases or attaching financial information to Facebook (even though there is a looming Facebook eCommerce potential, but that’s a different story).
Allowing access to our financial credentials and buying power through a single interface is ludicrous. eCommerce fraud is bad as it is and this solution is only an opportunity to empower the nefarious types to have more access in one tightly-wrapped package called NSTIC.
Stay Out of My Interwebbing Activities
“This is going to cause a huge shift in consumer use of the Internet,” said John Clippinger, co-director of the Law Lab at Harvard’s Berkman Center for Internet and Society in Cambridge, Massachusetts. “There’s going to be a huge bump and a huge increase in the amount and kind of data retailers are going to have.”
Exactly.
There’s a reason that companies such as Google and Paypal support this. It’s an opportunity to centralize and collect the most important asset on the Internet: data. There will be assurances that this piece of data or that piece of data will not be shared, but “sharing” is an ambiguous term. Necessity will kick in.
By necessity, I mean that there will be increasing “needs” by businesses and government agencies to peek in on what we are doing. If you think that this is a false statement, you are naive. It will happen. It will start under the guise of necessary adjustments to the law in the name of “consumer protection” or “homeland security” and will expand from there. I could write an entire piece about why this is the general trend on anything that pertains to our online privacy rights, but suffice to say that when you have a data-collection venue that data will be used by multiple entities regardless of the safeguards put in place up front.
A False Sense of Security
Diligence is often fueled by paranoia. A healthy dose of paranoia goes a long way towards maintaining proper personal online security. NSTIC will erase the paranoia for many and, as intended, bring more people into the online-transaction fold.
When it comes to financial security, anything that makes people trust a service is potentially a bad thing. It is in most people’s nature to relax about a particular subject when we feel secure that we are protected. By stamping it with the US Commerce Department’s seal of approval, many will trust it.
They will trust it too much.
Constant diligence protects millions of Americans from falling victim to online scams and financial security breaches. Anything that puts people too much at ease will be exploited, as is the case with a National Internet ID.
Who Are Smarter? Hackers or The US Government?
The most intelligent aspect of this solution is that they do not plan on having a centralized database. The government will rely on several service providers to house the data in the most secure fashion imaginable.
And yet, I’m still terrified.
The only reason that financial institutions have not been widely hacked for their data in the past is because it is generally worthless. The “buying power” is not there and money transfers are specifically geared to require multiple-points of approval. It would require a very organized and large-scale operation to form a true financial institution hack that could produce results, and those results would likely be short-lived.
This is different.
By its very nature, this is a streamlining initiative. Anything that is made to simplify our actions is open to manipulation. Hackers today who examine the way transactions happen online naturally go towards the easiest point of access which is currently directly through consumers. NSTIC may change that. By “may” I mean there is a chance the government will understand this before launch and add the appropriate safeguards. If they do, they would limit the effectiveness of the product by making it challenging for businesses and consumers to interact.
They “may” do it the secure way, which would make hacking into the service providers worthless. Chances are slim, however, as the goal here is to make things easier for online transactions to take place.
The Big Brother Factor
“We are not talking about a national ID card. We are not talking about a government-controlled system,” United State Commerce Secretary Gary Locke said on Jan. 7.
The first thing that comes to mind (and should come to your mind) when hearing these words is, “Yet.”
This is a very dangerous step towards increasing the power and reach of the government into our pocketbooks. Until the details of the plan are released this is just a conspiracy-theory-laden section of paranoia without substance, but any time the government gets involved with anything pertaining to the Internet, the alarm bells ring in the back of my CPU.
“A fine is a criminal sanction. A civil sanction, by contrast, is called a penalty. The term fine is sometimes used to describe a penalty, but the terms fine and penalty should be kept separate because the consequences are different: nonpayment of a criminal fine can result in incarceration, whereas nonpayment of a civil penalty cannot.”
I think you mean Civil Penalty , and not a Fine.
Weren’t the body scanners at the airports opt-in (e.g. you have the right to refuse?). I could easily see this going the same way…
“Sure you don’t have to have a national ID, but if you want to get on the internet you have to go down to the DMV, show 6 points of identification, obtain your temporary, & disposable passphrase, and then activate the 4 hour e-commerce access in the next 15 minutes…. Or you could opt-in.”
The biggest and most telling of these is Social Security ID. Social Security numbers were created for only one reason – to keep track of your contributions and how much you’re owed by Social Security.
Now, you’re required to give it to go to a bank, go to school, get a job, get a credit card, etc. etc.
What will happen is that businesses will say “this is the best way to protect ourselves” and if the majority of people adopt it, they will just refuse to do business with anyone that doesn’t use it. It becomes a slippery slope thing. It is unquestionably better for businesses, as it starts to put others on the hook for their security issues, so they will be clamoring to force all their customers to use it. The more people that do, the easier it will be to justify the decision. The more businesses that do it, the easier it will be for other businesses to do the same. Eventually, no major online retailer will do business without it.
It’s insanely important for people to resist this and to stay away from it. There are countless other reasons to not use it, but resisting it now is even more important as it’s become obvious that most people don’t think of the long-term ramifications of this decision and just say “Hey it makes it easier, and they say it’s safer, so why not?” The masses will gobble it up, and the people who are outliers will be stuck.
im not a high tech computer person, but the more i read out here the more convinced I am that this NSTIC is like a one on one tracking device. how do we resist it?
Why did none of you Republicans bitch when G.W. Bush tried to implement the National ID system, for everyone, in the real world? The Democrats have blocked the “national ID” since they got in.
This implementation is meant to be for secure online transactions(commerce department), but will fail, just like Microsofts dot Net ID system, or any other online company that has tried a “one ID” system.
“The Republicans should (hopefully) block any legislation from happening. This is where it is important to remain vigilant in protecting civil rights even in times where it seems that they allow for bad things to happen”
Then the Patriot Act should have been blocked.