[LINK] No country for cyber outlaws
Bernard Robertson-Dunn
brd at iimetro.com.au
Sat Jan 22 14:43:38 AEDT 2011
<brd>
I have a theory that, even if a solution or technology solves a problem,
(which it often doesn't) it will cause more problems. These problems are
often even worse than the one it is aimed at solving.
In the example below, as well as the one mentioned at the bottom of the
article, I can think of a myriad of other problems.
I wonder just how much this has been thought through.
</brd>
No country for cyber outlaws
January 22, 2011
SMH
http://www.smh.com.au/technology/technology-news/no-country-for-cyber-outlaws-20110121-19zym.html
The US is playing online sheriff, with plans for universal internet IDs,
writes Gerard Wright.
The internet is sometimes described as the Wild West - vast and lawless
and enticing.
But now there is a new sheriff in town, with the White House announcing
this month new guidelines to protect users.
The sheriff is the US Department of Commerce. The law is the National
Strategy for Trusted Identities in Cyberspace and it will allow the
establishment of internet IDs.
It will be the first time any government has sought to provide a single
form of digital identification for internet users, coded to provide a
form of filtered identity information, giving out only as much
information as needed depending on the type of online transaction.
For example, if you wanted to buy a bottle of wine online, your digital
ID would supply only proof that you are over the legal drinking age,
without providing your date of birth.
To vote online, the ID would allow authorities to check your bona fides,
such as street address, through tax records, without the possibility of
exposing their contents.
One of the claimed benefits is that users would no longer have to
remember myriad passwords for different transactions.
Websites that use the strategy to authenticate identity would carry a
small icon on their pages, similar to retail and banking sites which
announce they use encryption software to safeguard transmitted information.
The internet ID aims to put a brake on cyber crimes such as identity
theft and online fraud. The stakes are huge, not just financially,
although the sums are considerable.
Americans spent an average of $US7.7 billion a week online in the
so-called "shopping season" from late November to Christmas last year,
the Department of Commerce estimates. The Commerce Secretary, Gary
Locke, estimates global online business expenditure is $US10 trillion.
What the US government is trying to do, according to the White House's
cyber security co-ordinator, Howard Schmidt, is penetrate the opaque
nature of internet identity, without compromising privacy.
"We have a major problem in cyberspace, because when we are online we do
not really know if people, businesses and organisations are who they say
they are," he says.
"We need a cyber world that enables people to validate their identities
securely, but with minimal disclosure of information when they're doing
sensitive transactions [such as banking] - and lets them stay anonymous
when they're not [as in blogging]."
The notion of government involvement in harvesting detailed personal and
financial information to establish such identity records is anathema to
many Americans.
"You want the internet to be less of a risk to use and they're trying to
increase security," Amie Stepanovich, a national security fellow with
the Electronic Privacy Information Centre in Washington, says. "But
American government has a unique history of collecting information, and
that database becomes a target, requiring a criminal to break into only
one database, rather than the system as it now is."
The issue of security also troubles experts such as Jonathan Mayer, at
Stanford University's computer science department.
Schmidt has suggested a USB flash drive or smartcard as the physical
location of the internet ID. Mayer in turn notes the recent history of
high-profile breaches of smart cards, in the US and Europe.
Further difficulties include the unreliability of computer hardware -
and users - and the complication of pairing physical and online identities.
Mayer described the draft strategy, issued in June, as "long on rhetoric
and short on details". Locke says a new draft will be issued in the next
few months.
The task of implementing internet ID will be a joint government-public
enterprise.
Stepanovich regards it as the most delicate of multi-dimensional
balancing acts. It must handle what technology can achieve and the
extent to which it should be restrained - and the tension between
privacy and the protection of consumer rights on one hand, and freedom
of communication on the other.
--
Regards
brd
Bernard Robertson-Dunn
Canberra Australia
email: brd at iimetro.com.au
website: www.drbrd.com
More information about the Link
mailing list