Credit Card Debts:The National Strategy for Trusted Identities in Cyberspace is Totally Silly

July 8th, 2010 by admin

Article Summary:

Credit card debt can be a financial killer, but it can be overcome. Find out more about how to deal with debt that has accumulated on your credit cards.

Have you heard of this? The Whitehouse, along with “key government agencies, business leaders and privacy advocates” have cooked up a blueprint for a voluntary, centralized identification system that will  somehow clamp down on identity …

Related posts:Annual fees and


Article Content:
Have you heard of this? The Whitehouse, along with “key government agencies, business leaders and privacy advocates” have cooked up a blueprint for a voluntary, centralized identification system that will  somehow clamp down on identity fraud on the web via the “use of trusted digital identities.” It’s called The National Strategy for Trusted Identities in Cyberspace (NSTIC). Sounds nice, I guess, but what the heck does that mean?

The incredibly broad and vague plan is introduced in the not-very-explanatory blog post from cybersecurity coordinator Howard A. Schmidt and laid out in befuddling detail in the draft strategy. And while no one’s arguing that it’d be nice to have a system where “individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on,” exactly how The Man intends to achieve that remains a mystery. While they are at it, why not just draft up a strategy for world peace and a zero carbon energy economy?

The strategy brings the issue even further into orbit by inventing the term “Identity Ecosystem” which sounds sexy, I guess, but again, what the heck does that mean? From what I gather, citizens can opt-in to create a sort of smart identity card or digital certificate. Another feature of this Identity Ecosystem is that it’s “user-centric,” which means that you will be able to pick and choose which private information you use to authenticate your identity. To me, this sounds a bit like what they do when you order your credit report history and they quiz you on items from your credit history—names of mortgage lenders, previous addresses, balances on credit card accounts and other stuff like that. The presumption is that only you are privy to this kind of info, but in reality these factoids could be obtained by any determined hacker or dumpster diver. I’m not sure what kind of data the government plans to cook up that’ll be better than that system.

Another problem is that The National Strategy for Trusted Identities in Cyberspace seems to believe that one of the big issues at stake here is the hassle of remembering multiple logins and passwords for various online services. But how exactly would a centralized authentication system help that? Unless you use the same username and password for every single online account, hackers who crack your Facebook password won’t necessarily get access to your Gmail, Bank of America and Mint account, too. The worst they can do is post some porn on your boss’s Facebook wall—they don’t get the run of the place like they would if they compromised your smart identity card or digital certificate. In a way, it’s like having a single skeleton key for your office, car, home, safety deposit box, gun locker and daughter’s chastity belt. Imagine dropping that key in the subway station.

But the biggest NSTIC killer is the fact that it’s completely redundant. Let’s see—you’re looking to create a interoperable, standardized authentication system that works from site-to-site? Sounds a lot like OpenID. But even if we don’t go there and say we shoot for something as simple as a federally recognized number that you can use to verify your identity. But wait, that sounds a heckuva lot like a Social Security number—and we all know those are far from airtight.

The one thing that doesn’t seem like a concern, though, is the notion that the government might use this information for anything sinister and Big Brother-y. For one, the system will be voluntary. For another, what could the government possibly know about you that could A) be used to verify your identity and B) be abused in a way that impinges on your civil liberties? It’s not like you’ll be whispering your deepest, most embarrassing secrets into these super secret smart ID cards—and if you were, why would Obama care if you used to play naked robber with your same-sex childhood friend.

Maybe I’m being too dismissive about this whole initiative. Or maybe I’m just flat out reading it wrong. But I don’t realistically foresee any kind of top-down identity verification system working in the U.S. or anywhere else. There will always be a way to spoof the system and it’s better to have distributed layers of security than a single point of failure.

Agree? Disagree? Chime in below.

Related posts:Annual fees and why they’re sillyHow to Balance the National BudgetHow to Handle a Sudden Windfall

———————

Tags: , ,
Posted in Credit Card Debt |
« Credit Cards Debt:How do courts settle Credit Card Debts?
Credit Card Debt Help:what is the effect (on credit history) of settling a debt with creditors? »
You can leave a response, or trackback from your own site.

Leave a Reply

Sorry, no posts matched your criteria.