We need a publicly-controlled identity infrastructure that's compatible with the Internet. The problem isn't that internet ID is somehow evil, but rather the government.
Remind me again of why we "need" a solution such as this? All this screeching reminds me of the people wanting a centralized solution to spam in the 1990s via government control or micropayments. We don't hear from them anymore because of spam filters and increased storage and bandwidth.
My google account has double authentication now, telephone as well as a second email address, and serves as a central repository for all my other accounts across the web if I happen to forget a password. I can change providers if I want as well. Further, my VISA card is tied to my identity for purchases and donations. But anything that doesn't involve that isn't tied to my identity.
So please just go shove it with your "need". It just makes me furious that this is even being proposed, it's totally unnecessary meddling and we all KNOW it will be abused.
"Remind me again of why we 'need' a solution such as this?"
There are lots of services that people want that are impossible to build without a way to prove that someone is who they say they are. E.g. better reputation systems.
"we all KNOW it will be abused."
Obviously. That doesn't mean there isn't a need though.
Last I checked there is an identity management authentication system you can use, for example Twitter has verified accounts (I don't know how they do it, perhaps by mail) or Bluehost asks for people to fax them a copy of an ID/Passport to get shell access (stupid, considering they have your VISA).
So what you are saying is you are prepared to take the potential abuses because you want it to be more "seamless" than a fax, postcard or a $1 VISA charge. And that further these abuses are better than having a market solution where a commercial ID provider or bank does it themselves?
Sounds like f--- all gain for a lot of risk. And we all know that beyond the abuses the "voluntary" nature of this will swiftly decline after it's implemented, so don't try to argue in that direction either. Just a reminder: the US government is currently illegally sifting through people's email, has wars going which are not authorized by congress, still runs a number of secret prisons across the world in which torture is conducted, is seeking people's private twitter messages in addition to their email because they have contact with Wikileaks, is groping people's genitals with high-school drop-outs in airports as well as taking naked photographs of them and has a "Homeland" tsar who is going to appear on telescreens installed in Walmarts to tell people to be alarmed and suspicous. Further, opposition movements have heated up the rhetoric of your politics to the point where there are open calls for the assassination of Julian Assange (who, like or dislike, is doing journalism) and the domestic rhetoric has been such that mentally ill people are now gunning down politicians. And you think it's advisable we install an ID system on the Internet because, in some unspecified way, it would be easier than a $1 VISA charge or a fax.... You sir, are very shill-like.
> Bluehost asks for people to fax them a copy of an ID/Passport to get shell access (stupid, considering they have your VISA).
It's not stupid. They have A VISA. They want to know that it's your VISA, because people can (and do) use fraudulent cards for hosting.
I'm surprised that they wait until you want shell access to do this. A number of hosting companies do this in different ways, usually before you're even given services. Rackspace Cloud, for example, calls you to verify your identity (last I heard, anyway).
The private sector is already doing a much better job of building reputation systems. It's now a full-fledged area of computing work. There's even a sizable O'Reilly book on the topic.
Right. Because eBay and Paypal have completely eradicated fraud and the gaming of the system. In addition, there are no false-positives in this scheme and people are not thrown under the bus just because they aren't 'internet famous' enough to get their situation resolved...
I'm not agreeing that we need a government system, but don't point to eBay as the solution to fraud.
It isn't sensible to think that any system can eliminate fraud entirely. If you want a system that gets it right most of the time then you can look to ebay.
What system in existence is completely resilient to fraud and false positives, and what evidence shows that the US government can produce such a system?
A better REPUTATION system (??!!??!!) is the best you could come up with? I cannot think of a less important application of a national ID card.
And even in this area, Amazon/Newegg have solved the pretty nicely with the "verified purchaser" tag. How is the national ID card system better?
For Serious Stuff (TM) like opening a stock trading account, laws have already been passed to make an all-electronic signup as binding as a paper signature.
We criticize China when it does something like this, but when America does it's all fine.
Please explain why such a "serious" use cannot be implemented with today's technologies. You can trivially ask people to give you their license number and run a lookup to confirm that they're who they claim to be at signup time. Yes, it's not gratis (see publicdata.com). But you stipulated that this is "serious" use, so that shouldn't be a problem.
Huh? I never said it couldn't be I said it wasn't.
But again it's not simply a question about identification as in per the right username/password/license plate.
I can log in and pretend to be anyone, in fact I can have multiple different accounts and be multiple different people.
But when you add social proofing on top of it you have created a verification mechanism that is much stronger since it includes my very existence, my friends, what I do etc. Things that can't as easily be faked.
> But when you add social proofing on top of it you have created a verification mechanism that is much stronger since it includes my very existence, my friends, what I do etc. Things that can't as easily be faked.
The point many of the critics here are making is that anonymity and privacy is required for a functioning democracy.
Why does it matter WHO is saying something. Shouldn't the most important thing be WHAT is being said?
Even in today's "everything goes" situation, libel/slander etc hasn't reached epidemic proportions to require policing everything people say.
And even then, I would much rather have a central clearinghouse where aggreived parties can register to have their names etc not be displayed by web sites (think of it as a robots.txt for humans). Note that this can be implemented without an online ID and is different from the current proposal.
I still haven't understood what is your problem with today's situation where people can create as many alter egos as they wish.
I'm guessing your comment was downvoted because people didn't appreciate the verbal irony (where both common meanings of appreciate apply). Or, if you were actually serious, then never mind.
This could be useful for allowing various levels of government to provide more services online. For instance, I wouldn't have to provide my social security number to a third party if I wanted to pay my taxes online. Or better yet, maybe they could allow voting online like Estonia does. Imagine what that would do for voter turnout.
Fine. But you're missing my point. My point is that this would be useful for providing government services online. If you feel that online voting is a bad example then so be it.
No we don't. Currently messy systems ensure that caveat emptor is alive and well. Buying, selling and all the other activities on the internet may be easier to implement from a computer point of view with a centralised ID, but it's a very good thing that people employ caution in online activities.
You cannot eliminate fraud, deceit and risk. You cannot create a utopia. These things are impossible, and all the best intentions in the world usually have bad unforeseen outcomes. Natural growth of systems is the best way forwards. A company like PayPal tries verification by depositing small amounts, it works, the consumers don't mind, so it stays. Another company tries something else, consumers don't like it, it goes. At no point is a central committee involved. This is the way it should be.
