There's a lot of huffing and puffing about whether or not the Fed.Gov is trying to implement an Internet "Kill Switch" to be used to unplug parts of teh Intarwebz (but only if it's a really really really bad emergency, srlsy). I haven't jumped in on this because (a) the Fed.Gov can't even get its own cyber security house in order, so "unplugging" is likely pie-in-the-sky even if they tried, and (b) the Internet's design was to be massively robust in the face of multiple damage locations. Good luck unplugging from the routing algorithms, scooter.*
Instead, there's something going on under the radar that I think is much, much more serious. Kevin emailed to
point this out:
The NSTIC, which is in response to one of the near term action items in the President’s Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services.
That's Obama's Cyber Security Czar, Howard Schmidt, in full frontal
I'm-with-the-government-and-I'm-here-to-help mode. See, it's
helpful - you won't have to fill your pretty little head with all those annoying user names and passwords.
Because the Fed.Gov will issue you one.
This is so bad, on so many different levels that it's difficult to know where to start, but
let's try this (page 4):
Envision It!
An individual voluntarily requests a smart identity card from
her home state. The individual chooses to use the card to
authenticate herself for a variety of online services, including:
· Credit card purchases,
· Online banking,
· Accessing electronic health care records,
· Securely accessing her personal laptop computer,
· Anonymously posting blog entries, and
· Logging onto Internet email services using a
pseudonym.
Emphasis mine. So the Fed.Gov is here to help me post on Borepatch?
Sorry, Charlie. Thanks for the kind offer and everything, but no thanks. Not only do I think that I'm smart enough to remember my user names and passwords (rolls eyes), and not only do I feel up to the task of policing my online reputation as Borepatch, I'm not sure I trust you not to abuse this. Exhibit A in this is the graphic posted in the upper right hand side of the blog. Not sure how to say this gently, Howard, but some of your Fed.Gov colleagues like to refer to folks like me
as potential terrorists. Not only is this not nice, not only is it hurtful (rolls eyes), but it makes me mistrust the Fed.Gov's motives. And
I'm not the only one:
1. I don't trust the government to be competent with this
2. I don't trust the government to not abuse this power
The government is perhaps the single most important entity to protect yourself from. If cashflows and internet security are under the government's thumb, then contaband and actions to protect yourself from the government are going to be much harder to come by. I don't want a government ID credit card, I want a closer equivalent to cash, so i can make online purchases with LESS of a paper trail.
He's not alone either:
I am sure this is going to be made a requirement for a site to operate at some point, add this to the 'Internet kill switch', add the Patriot Act to it, multiply by Home Land Security and don't forget to factor in the rendition, you are going to have an interesting situation.The President will be able to shut down portions of the Internet, he will be able to identify who was saying what and when, this entire thing reeks of totalitarianism - complete control by the government over the dissemination of information and total knowledge of who was saying what on which topic plus ability to take action - shut down the dissenting portions of the web and then 'taking the necessary care' of those, who dare to oppose the government in any way, be it direct opposition to specific policies or be it simply providing information to the people that government wants to keep quiet and providing a forum to discuss this information.
Remember the Company execs who were just about dragged in front of Congress because they said that the Health Care "Reform" bill was going to cost them billions?
And this cuts to
the heart of the matter:
If I trusted the government to stick to the first case [authenticating identity for financial transactions to reduce liability of the parties], and to make a competent execution of it, then I would not have much problem with limited use of such a system, revocable at any point by the user and completely optional. But I don't trust that execution would be competent, that the government would limit its intrusions, that the government would allow revocation of an identity once issued, or that the government would keep the system optional. So frankly, this strikes me as a very, very bad idea.
Never mind that the Fed.Gov identity uber database becomes the biggest target for black hat hackers on the planet, and its custodians are almost certain to be incompetent.
This proposal contains nothing that's not complete and utter FAIL, unless you're intent on extending the government's control over the citizens. Quite frankly, one of the reasons that I blog pseudonymously is because I work in a field where you can't professionally say things like "Howard Schmidt is a statist prick." Note that I'm not sure that I
want to say that.
But I sure as heck want to be
able to say it if I want to.
To all the lefties who still swoon over Obama and his "transformative vision", just imagine what George W. Bush (or President Palin) might do with this.
Intellectual FAIL.
* Yes, I know that it's technically possible if you apply the right controls at enough locations. I don't want to get into it other than to say that I seriously doubt whether the people who have the skill to do this have the will or desire to. Let's just leave it at that.