I agree, but I am afraid that our two party system, which is incentivized to 'politicize' (I dislike that broad term) everything, it would be quite hard. The one party proposes it, the other party will find "reasons" why it's either government overreach, or discriminatory, or something something something depending on the ideology. Purported ideology. Most likely it's another horse that gets debated in debates about a package of other things.
But yes, I wish we could be as modern as some European countries. I haven't heard of these identity theft issues in France, where everyone has a national identity card.
In Germany the postal service does what GP described by validating someone's identity for various purposes
> Deutsche Post offers a secure identity check service – to millions of users every year.
> On behalf of your contracting party
> To ensure that only identified persons have access to sensitive services
> To sensitive services including those from the financial services sector (such as opening an online bank account), telecommunications (activating a prepaid SIM card), health care (access to health information) or the mobility industry (including car sharing).
Let me point out that this service should not be necessary: every german ID has a physical key infrastructure necessary for any shop or vendor to do this with a local terminal, yet the enabling legislation deliberately didn’t instruct the government to build out any ecosystem.
Compare this with, say, Estonia where practically everything can be handled through the keys in the ID card.
Stories about foreign countries and their societal infrastructure, as an American, make me really envious and sad for my country's state of affairs.
It's kind of like the feeling I get looking at somebody with a very nice car or house: "Oh, it would be neat to have such a thing but there's no way I'd ever splurge and get that." It's difficult for me to conceive of some things other countries have as just being "normal".
only issue with Postident is that they are annoying and weren't accepting certain passports for foreign nationals for a time. also, they have an online system you can sort-of use now but also not really, and you cannot use a valid permanent residence card even tho it's issued by the german govt... it _is_ pretty alright though
it is selection bias -- the people with miserable and oppressive systems do not report it in detail, in English, on YNews right?
second, many systems of law treat individuals quite differently.. many systems that are not repeated in detail, on YNews, do not give much choice to an individual by design
I'm not suggesting that the United States is particularly bad. There are definitely many places in the world that are much worse off from so many perspectives (lack of rule of law, system of governance, economy, social safety net, class mobility, corruption, etc).
It could be better in so many ways, though, too. It would be nice if younger people (say, sub-70) would (and could be permitted to) take up the mantles of leadership.
It would be nice if younger people (say, sub-70) would (and could be permitted to) take up the mantles of leadership.
I'd really like to read a speculative fiction/scifi where every generation operates under its own system of laws, and you can opt in to a neighboring generation's laws instead once every N years or something.
To mitigate criminal activity ranging from stolen phones, to cellphone-activated bombs to evading wiretaps. I’m not arguing this is a good reason, but likely the reason this exists as a requirement.
There's still some identity theft issues, because "everyone asks your SSN for no reason" becomes "everyone asks for a scan of your id for no reason".
For instance, when I was looking for an appartment, the State had a service to both authenticate and watermark some documents (id and proof of income, among others).
The watermark was a bunch of big bars with "this is intended for rental search" written on them. Kinda low-tech, and it feels like a creative attacker could use software to strip them out, but it's cool they did that.
In theory, we have some very good APIs for securely authenticating someone (France Connect in particular), in practice administrations are slow to adopt them.
This is the problem with having the public and private key be the same. Anyone should be able to access your public key, and anyone you deal with should be able to ask you to use your private key to verify your identity. The problem is when that entire process is reduced to "give us the number the government uses to ensure you're you. Don't worry, we won't use it to convince anyone else we're you ;) Or leak it so anyone else can do the same ;) ;) ;)"
> Anyone should be able to access your public key, and anyone you deal with should be able to ask you to use your private key to verify your identity.
First, let's assume the identity would be backed by a somewhat decentralized system; e.g. the identity could be backed by any state/territory's existing ID cards.
The problem is making the request signing step secure and accessible to... well, anyone, tech-savvy folks included. Software for installation to a computer is an obvious no-go. A mobile app is probably a good idea but in any case I think we can assume a website will be a necessity. You've got to be able to give that website your private key. Guess what, you've already lost - as soon you tell people to type their key into this website, people will type their private key into any old website now. (I remember when my mom, with the best of intentions but without my prior knowledge, filled out my FAFSA info, SSN and all, on a scam .com site despite how many times we were told "fafsa.gov" or whatever.)
But let's pretend that's a solvable problem, just for the same of argument. Let's assume it's a federal government provided site which you can provide with your private key on demand to do signing on your behalf and it's relatively secure actually keeping the key in your browser. And there's a mobile app option which can store the key locally with better security and do signing in memory which can actually be wiped after. Fine. Now convince the public that this site/app do not constitute a Federal database of identities. You and I know it wouldn't, as described, but I would not blame anyone who objected on those grounds one bit, because without the necessary knowledge it absolutely would seem like a Federal ID, and folks are right to be wary of a single source of identity information. After all, all that does is take the SSN problem and add to it civil liberties problems. The distinction between SSNs and a [somewhat] decentralized PKI scheme with a centralized signing app for security/anti-phishing reasons is a distinction essentially impossible to convey to any but the most tech-savvy.
How much would it cost to give everyone a device from which the private key could not be removed?
Worried about "mark of the beast" based objections? Make it optional. Those who wish can retire their SSN and receive their public / private keys and then the government publishes their SSN as a trashed SSN. Everyone who still wants just a SSN can take their chances.
SSN already is optional. Nobody forced your parents to register you, but your parents wanted to claim you on the IRS tax form each year so they sold you out.
USA passport for my children didn't require SSN. And a passport complies with TSA id checks.
It's infuriating, because with the proper messaging, this is a bipartisan issue. Righ, left and everyone between have had identities stolen. Stolen identities cost businesses money - I'd wager millions, maybe billions collectively every year. There's literally no reason why a more secure form of identify verification needs to be a partisan issue.
Third world country here. Even we have ID cards and no identity theft issues. I don't get why the US doesn't get on with the times. Same for the metric system.
But yes, I wish we could be as modern as some European countries. I haven't heard of these identity theft issues in France, where everyone has a national identity card.