The US government has recently been pushing a scheme to create some kind of
"trusted" identity for people to use on the internet. At a meeting at
Stanford University on January 7th, US Commerce Secretary Gary Locke outlined
the problems that he perceives with trust on the internet and how the creation of
"trusted digital identities" might alleviate those problems.
There is likely some truth in what he says, and trusted identities could
some of the problems. Unfortunately, when looking at it from a privacy
perspective, that kind of scheme is likely to cause more
problems than it solves.
The threats that Locke describes are fairly well-known: "data breaches,
malware, ID theft and spam". It's not exactly clear how a trusted
identity would fix any of the problems he lists, but that's not really his
role. He is trying to build a groundswell of support for these identities,
but he is also being
rather disingenuous when he says things like:
Let's be clear. We are not talking about a national ID card. We are not
talking about a government-controlled system. What we are talking about
is enhancing online security and privacy and reducing and perhaps even
eliminating the need to memorize a dozen passwords, through creation and
use of more trusted digital identities.
PRIVACY Forum moderator
(and long-time privacy advocate) Lauren Weinstein has been following this plan
(which originates in the US Department of Homeland Security) since at least
last June. As he points
out, the entire trusted identity scheme rests on those identities being
government-issued IDs like driver's licenses or social security numbers.
While Locke might be technically correct about national IDs, he is
playing rather fast-and-loose with the reality as Weinstein notes:
This entire scheme rests on the ability to link Internet
presence/roles with real-world identities. So even if no physical
card ever exists, the system as currently understood would very much
equate to a national ID card for accessing the Internet.
There are the obvious problems with linking internet activity back to a
particular "meatspace" identity, not least that it removes the ability to
do some things
anonymously. Those records will be an attractive target for fishing
expeditions by law enforcement of various sorts. One need not look any
further than the current attempts to track down Wikileaks members and
supporters via Twitter records as an example of how this kind of data might
At the meeting, White
House Cybersecurity Coordinator Howard Schmidt said that there is no chance
"a centralized database will
emerge". Even if that's true, it won't be terribly hard to
reconstruct an internet
trail from distributed databases if the ID is tied to government-issued
Trusted IDs would also be a juicy target for identity
thieves. In short, these IDs suffer from privacy and control issues that
have been identified for decades by people like Weinstein and organizations
like the Electronic Frontier Foundation. While Locke may be giving lip
service to some of those longstanding concerns, it is pretty clear that, at
least so far, there is no real intent to address them.
There is also a question of how free software fits into this puzzle. Is
presenting a trusted identity going to require running proprietary code?
Is it going to require running a Trusted
Platform Module attested operating system
as well? The latter is clearly something that Microsoft and Apple
would be happy to see, but it would run completely counter to the ideas of
free and open source software.
Ars technica digs
in to some of the technical details of the most recent draft [PDF] of the proposal.
That analysis certainly doesn't alleviate any of the issues that Weinstein
raises, and in fact raises a few others, such as:
In stage number six, the project will address the "liability concerns of
service providers and individuals." It looks as though the project will
create rules for the system that allow for the fixing of security breaches
without everyone suing each other's brains out, perhaps something like the
Digital Millennium Copyright Act's safe harbor provisions. The last three
stages involve promoting and improving the Ecosystem, including offering
loans, tax breaks, and insurance grants for early adopters.
Another draft is due in the next few months, and Weinstein is not
Revised details of the Internet "Trusted ID" NSTIC plan will
reportedly be released within a matter of months. Perhaps there will
be wondrous revelations that will transform my current very dark view
of the proposal into a ringing endorsement.
Unfortunately, I very much doubt that this will be the case. I wish
I did not have to be so cynical and concerned about this project.
Contrary to some observers, I don't feel that the proponents of this
plan are evil or stupid, nor that their motives aren't in large measure
But a lack of evil and stupidity does not eliminate short-sightedness,
foolishness, and priorities run dangerously amok.
Schmidt is also pushing the idea that acquiring a trusted identity would be
voluntary, but if the system gets put in place it's a little hard to
believe it will be. The internet is playing a bigger and bigger role in
our lives. If the US government succeeds in this plan, it's not hard to
imagine that it will be difficult to do anything of consequence on the 'net
having such an ID.
This is an issue that bears watching. One might be forgiven for cynically
noting that our best defense against this plan may be the government
bureaucracy itself, as it will undoubtedly take some time—perhaps on
the order of years—for a proposal like this to actually get
implemented. In the meantime, though, privacy advocates and free software
users should be making an effort to clearly show the problems inherent in
this trusted identity scheme.
to post comments)