[LINK] No country for cyber outlaws

Bernard Robertson-Dunn brd at iimetro.com.au
Sat Jan 22 14:43:38 AEDT 2011 

<brd>
I have a theory that, even if a solution or technology solves a problem, 
(which it often doesn't) it will cause more problems. These problems are 
often even worse than the one it is aimed at solving.

In the example below, as well as the one mentioned at the bottom of the 
article, I can think of a myriad of other problems.

I wonder just how much this has been thought through.
</brd>

No country for cyber outlaws
January 22, 2011
SMH
http://www.smh.com.au/technology/technology-news/no-country-for-cyber-outlaws-20110121-19zym.html

The US is playing online sheriff, with plans for universal internet IDs, 
writes Gerard Wright.

The internet is sometimes described as the Wild West - vast and lawless 
and enticing.

But now there is a new sheriff in town, with the White House announcing 
this month new guidelines to protect users.

The sheriff is the US Department of Commerce. The law is the National 
Strategy for Trusted Identities in Cyberspace and it will allow the 
establishment of internet IDs.

It will be the first time any government has sought to provide a single 
form of digital identification for internet users, coded to provide a 
form of filtered identity information, giving out only as much 
information as needed depending on the type of online transaction.

For example, if you wanted to buy a bottle of wine online, your digital 
ID would supply only proof that you are over the legal drinking age, 
without providing your date of birth.

To vote online, the ID would allow authorities to check your bona fides, 
such as street address, through tax records, without the possibility of 
exposing their contents.

One of the claimed benefits is that users would no longer have to 
remember myriad passwords for different transactions.

Websites that use the strategy to authenticate identity would carry a 
small icon on their pages, similar to retail and banking sites which 
announce they use encryption software to safeguard transmitted information.

The internet ID aims to put a brake on cyber crimes such as identity 
theft and online fraud. The stakes are huge, not just financially, 
although the sums are considerable.

Americans spent an average of $US7.7 billion a week online in the 
so-called "shopping season" from late November to Christmas last year, 
the Department of Commerce estimates. The Commerce Secretary, Gary 
Locke, estimates global online business expenditure is $US10 trillion.

What the US government is trying to do, according to the White House's 
cyber security co-ordinator, Howard Schmidt, is penetrate the opaque 
nature of internet identity, without compromising privacy.

"We have a major problem in cyberspace, because when we are online we do 
not really know if people, businesses and organisations are who they say 
they are," he says.

"We need a cyber world that enables people to validate their identities 
securely, but with minimal disclosure of information when they're doing 
sensitive transactions [such as banking] - and lets them stay anonymous 
when they're not [as in blogging]."

The notion of government involvement in harvesting detailed personal and 
financial information to establish such identity records is anathema to 
many Americans.

"You want the internet to be less of a risk to use and they're trying to 
increase security," Amie Stepanovich, a national security fellow with 
the Electronic Privacy Information Centre in Washington, says. "But 
American government has a unique history of collecting information, and 
that database becomes a target, requiring a criminal to break into only 
one database, rather than the system as it now is."

The issue of security also troubles experts such as Jonathan Mayer, at 
Stanford University's computer science department.

Schmidt has suggested a USB flash drive or smartcard as the physical 
location of the internet ID. Mayer in turn notes the recent history of 
high-profile breaches of smart cards, in the US and Europe.

Further difficulties include the unreliability of computer hardware - 
and users - and the complication of pairing physical and online identities.

Mayer described the draft strategy, issued in June, as "long on rhetoric 
and short on details". Locke says a new draft will be issued in the next 
few months.

The task of implementing internet ID will be a joint government-public 
enterprise.

Stepanovich regards it as the most delicate of multi-dimensional 
balancing acts. It must handle what technology can achieve and the 
extent to which it should be restrained - and the tension between 
privacy and the protection of consumer rights on one hand, and freedom 
of communication on the other.

-- 

Regards
brd

Bernard Robertson-Dunn
Canberra Australia
email:	 brd at iimetro.com.au
website: www.drbrd.com

More information about the Link mailing list