The process, if approved, would reportedly replace all personalized passwords on “sensitive” accounts with one form of ID. The federal government and many private companies says it’s needed to fix the problem of having multiple passwords for multiple sites. The government also says it will be safer – a claim with which critics disagree.
A pilot program is set to being this month.
The so-called biometric ID card has some concerned that a backdoor for government regulation and monitoring of the Internet would be created and an individual’s online presence would be linked to any government services they receive.
The White House’s National Strategy for Trusted Identities in Cyberspace (NSTIC) plan would reportedly replace the current Internet passwords process involving sensitive online accounts. For now, it would be voluntary, but critics say the idea is scary and the rollout a disaster. For instance, if the government begins requiring and ID to e-file tax returns or to apply for government benefits, then it essentially would become mandatory for most people.
“The original proposal was quick to point out that this isn’t a federally mandated national ID,” wrote Motherboard journalist Meghan Neal. “But if successful, it could pave the way for an interoperable authentication protocol that works for any website, from your Facebook account to your health insurance company. A scary can of worms to open.”
In 2007, China pressured bloggers to register their true identities and personal data into a centralized ID system. Those vocally opposed to the proposed requirement charged the Chinese government could then use the information gathered to “punish dissenters” of the Communist government.
The US proposal has other critics.
“The biggest problem for Internet security was and is buggy code,” computer security expert and Columbia University’s Steven Bellovin wrote in an article criticizing the proposal. “All the authentication in the world won’t stop a bad guy who goes around the authentication system, either by finding bugs exploitable before authentication is performed, finding bugs in the authentication system itself, or by hijacking your system and abusing the authentication connection set up by the legitimate user. All of these attacks have been known for years.”
Story continues below video
Declan McCullagh of CNET previously stated that the system would essentially be the equivalent of a national ID card because such an identity would eventually be mandatory for welfare programs, filing tax returns, and the application and renewal of various licenses.
The National Strategy for Trusted Identities report states, in part:
A secure cyberspace is critical to our prosperity. We use the internet and other online environments to increase our productivity, as a platform for innovation, and as a venue in which to create new businesses. Our digital infrastructure, therefore, is a strategic national asset and protecting it is a national security priority and an economic necessity. In the current online environment, individuals are asked to maintain dozens of different usernames and passwords, one for each website they interact. The complexity of this approach is a burden to individuals, and it encouraged behavior, like the reuse of passwords, that makes online fraud and identity theft easier.
According to an Electronic Frontier Foundation report on the NSTIC system, crafting a national ID system by the federal government (or even a “decentralized” system) is entirely feasible, but such an endeavor would pose “significant privacy issues.” As the report also aptly notes, many Americans are entirely unaware of the program.
Meanwhile, online service providers of nearly all types have complained that an Internet ID system would make them liable for affirming exactly who uses their websites.
What do you think of a national Internet ID system? Let us know in the comments section below.