|
The National Strategy for Trusted Identities in Cyberspace by Decius at 1:14 pm EDT, Jun 26, 2010 |
Howard Schmidt: Today, I am pleased to announce the latest step in moving our Nation forward in securing our cyberspace with the release of the draft National Strategy for Trusted Identities in Cyberspace (NSTIC). This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities. No longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. We seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc) from a variety of service providers -- both public and private -- to authenticate themselves online ...
|
The National Strategy for Trusted Identities in Cyberspace by noteworthy at 9:46 am EDT, Jun 26, 2010 |
Howard Schmidt: Today, I am pleased to announce the latest step in moving our Nation forward in securing our cyberspace with the release of the draft National Strategy for Trusted Identities in Cyberspace (NSTIC). This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities. No longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. We seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc) from a variety of service providers -- both public and private -- to authenticate themselves online ...
From the Loose Tweets Sink Fleets Department: What in the world is going on? Oh, it's a hacker causing all of this chaos. A hacker has gotten into the U.S. Federal payroll system and electronically issued paychecks ... to himself! totaling billions of dollars!
Paul Ferguson: We are all responsible. And we are all failing.
Andrew Keen: In the future, I think there will be pockets of outrageously irresponsible, anonymous people ... but for the most part, we will have cleansed ourselves of the anonymous.
Bruce Schneier: Will not wearing a life recorder be used as evidence that someone is up to no good?
New Scientist: The US Department of Homeland Security is developing a system designed to detect "hostile thoughts" in people walking through border posts, airports and public places ...
Decius: Unless there is some detail that I'm missing, this sounds positively Orwellian.
Eric Schmidt: If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.
|
Bellovin RE: The National Strategy for Trusted Identities in Cyberspace by Decius at 1:43 pm EDT, Jun 26, 2010 |
Steven Bellovin People often suggest that adding strong identification to the Internet will solve many security problems. Strong, useful identification isn't possible and wouldn't solve the security issue; trying to have it will create privacy problems.
Agree. The problem with security in cyberspace is that exploits target bugs in software to make them do things the designers didn't intend. Authoritarians have this fantasy that if they can just design a system that requires everybody to be tracked and tagged they'll be able to arrest those dirt bags who commit crimes on the Internet. One problem with this idea is the assumption that the identity system will be any less prone to software bugs then any other part of the infrastructure. It won't be, so it won't work. Another problem is the idea that you can actually manage an identity system for everybody in the entire world. You can't. This, much like the ill considered efforts at "whois accuracy," will only serve to make it easier to target, arrest, or sue people who aren't intentionally out to commit crimes but for some reason run afowl of well heeled interests. The secret is that some of the supporters of these systems know this, and thats exactly what they want. Other supporters don't care - they stand to benefit financially from these requirements regardless of how effective they are. Bellovin RE: The National Strategy for Trusted Identities in Cyberspace |
The National Strategy for Trusted Identities in Cyberspace by Dagmar at 5:35 pm EDT, Jun 26, 2010 |
@#$!$$@~! I thought you were joking about this. *sigh* |
|
|