ebrke Posted May 12, 2014 Share Posted May 12, 2014 If you weren't already feeling slightly paranoid, this will get you there: http://www.techdirt.com/articles/20140503/04264427106/us-government-begins-rollout-its-drivers-license-internet.shtml Quote Link to comment Share on other sites More sharing options...
ross549 Posted May 12, 2014 Share Posted May 12, 2014 This story is making its way around the internet and is slightly misleading. Here's the fun fact. The US Gov't has been doing this for a long time. The US Military has CAC/PIV deployed to all personnel which rolled out about a decade ago. This system works very well for identity verification, which is used for sites that have some sort of security or access control need. Example: I can access my earning statements (pay stubs) via a website that uses my CAC to log in. On my CAC is an encrypted identity certificate. When I attempt to access a site that uses the system, a window comes up that asks for my PIN (6-8 digits). The PIN decrypts the certificate on the card, and the identity certificate is passed to the requesting server, which checks with a certificate authority to verify authenticity. Once verified, I am granted access to the site. If the card is lost/stolen, I immediately report the loss and the certificates are revoked and I am issued new certificates. This all work very much like the public/private key system used in SSL/TLS , which is called PKI. What is also nice is that the system is two-factor, meaning one must possess the card and the PIN to be able to use the certificate and verify identity. We discussed this on the JimmyLee and Bambi show this last weekend. This system would be great for sites that need to be VERY secure, such as financial institutions, sites with medical data, etc. The real concern is not using an identity system on those sites, but mandating its use elsewhere. I'm on the fence with this one, as this system could easily replace usernames/passwords (and it has in many places in the military). It is very convenient. Adam Quote Link to comment Share on other sites More sharing options...
ebrke Posted May 12, 2014 Author Share Posted May 12, 2014 The problem would be with mandated use--that's open to myriad forms of abuse. Quote Link to comment Share on other sites More sharing options...
ross549 Posted May 12, 2014 Share Posted May 12, 2014 Absolutely. Although, I don't see how it could be enforced for servers outside the United States. We'd see a rapid migration out of the states if that happened. Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 13, 2014 Share Posted May 13, 2014 (edited) I agree ebrke. It is just one more area where we are conditioned to think ease of use is more important than privacy and freedoms. Sadly it worked with Touch ID didn't it. Eventually we will all see the folly in first providing a way to 'identify' yourself uniquely, and eventually it will be required. Then everyone will get onboard. Like Trusted Computing... I think back to Hitler's regime and what they did with just punch cards and making being an informant against family and friends a so called good thing, a patriotic thing. Edited May 13, 2014 by LilBambi Quote Link to comment Share on other sites More sharing options...
ross549 Posted May 13, 2014 Share Posted May 13, 2014 Sadly it worked with Touch ID didn't it. Huh? Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 13, 2014 Share Posted May 13, 2014 Meaning that they have managed to get people to use it for convenience, didn't they? Quote Link to comment Share on other sites More sharing options...
ross549 Posted May 13, 2014 Share Posted May 13, 2014 Touch ID has nothing to do with identity online. It only identifies you to your phone. Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 14, 2014 Share Posted May 14, 2014 I understand that. Nevermind... Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 14, 2014 Share Posted May 14, 2014 NOTE: that was nevermind in my best Lily Tomlin impression BTW Quote Link to comment Share on other sites More sharing options...
amenditman Posted May 14, 2014 Share Posted May 14, 2014 (edited) I think back to Hitler's regime and what they did with just punch cards and making being an informant against family and friends a so called good thing, a patriotic thing. Or 1984!There's a scary piece of prediction for you! He was off a little in the year, but a pretty accurate prediction of human nature/government interaction. Edited May 14, 2014 by amenditman 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.