June 27, 2010

Why the New Federal "Trusted Internet Identity" Proposal is Such a Very Bad Idea

Greetings. Last Friday, in White House Proposes Vast Federal Internet Identity Scheme, I posted a brief thumbnail expressing my major concerns regarding the expansive federal Internet Trusted Identity proposal.

Here are a few details explaining why I'm taking such a negative view of this plan.

It's important to note that this entire proposal under discussion, at this stage, is of course nothing but smoke. It has no functional reality, other than as a (useful) starting point for further discussion. But when viewed in the context of other government-related efforts, trends, and statements, it is quite alarming nonetheless, and it's very difficult to overstate its potential for serious negative consequences. Though indeed, like the vision of Christmas Future provided to Ebenezer Scrooge, it's currently only a shadow of what might be, not of what must or necessarily will be.

Let's look at one of the "Envision It!" boxes in the plan as posted at the Department of Homeland Security:

An individual voluntarily requests a smart identity card from her home state. The individual chooses to use the card to authenticate herself for a variety of online services, including:

Credit card purchases,
Online banking,
Accessing electronic health care records,
Securely accessing her personal laptop computer,
Anonymously posting blog entries, and
Logging onto Internet email services using a pseudonym.

This is, by definition, a government-issued identity card. The plan appears to envision a user authenticating themselves for the purposes even of pseudonym-based or "anonymous" activities. We can call such a posting "anonymous" if we wish -- but if the user has already authenticated, we're then dependent on the "proper" behavior of all players to actually treat the following transactions in a truly anonymous manner.

And anonymous to what extent? Perhaps a blog comment would appear on the Web anonymously, but when the lawyers show up demanding to know who posted that critical comment -- something that's happening with increasing frequency even now -- I'll bet you dollars to donuts that the initial authentication records will be available through some means to unmask the poster, or to correlate pseudo-identities that users may prefer to use for different purposes and "roles" on the Net.

The goals behind such an all-encompassing identity regime seem clear. While it could indeed provide some improvements over existing authentication methods in financial transactions and the like, the cost to civil liberties could be very high indeed, because -- as I read the plan -- the end result would be a detailed record -- likely captured by upcoming government proposals for expansive Internet service data retention requirements -- that could be used to "unwind" (unmask) anonymity on demand.

As I noted in Saving Internet Anonymity -- The Struggle is Joined, the increasingly shrill calls to put every possible Internet transaction into government-accessible databases has become an ever louder drumbeat.

And I believe we can easily dismiss the term "voluntary" used in the proposal -- since there's every reason to believe that such authentication regimes would quickly become effectively mandatory -- due to various pressures and liability concerns that don't take a lot of imagination to understand. Identity "mission creep" is virtually a certainty, though the conflicts that this is likely to create in an international environment like the Internet are certainly interesting to contemplate.

History, both long past and recent, shows us very clearly that -- human nature being what it is -- governments on the whole can't be trusted to not abuse data about their citizens' activities. Such abuse will almost always evolve from what initially appears to be laudable motives of law enforcement and the public welfare, but could rapidly degenerate into totalitarian nightmares.

Even if you (appropriately) view our current and recent federal governments as essentially relatively benign, we've still seen many instances of unjustifiable and even illegal surveillance and Internet data abuse -- even in the absence of long-term data retention requirements of the sort now being contemplated.

And even with the best of intentions, firms who are the custodians of user data and identity info are at the mercy of the civil legal system, above-board government demands for data, and -- as we've seen -- "secret" government data demands as well.

What of future governments, who might not be as benign, but would have at their fingertips the vast Internet identity infrastructure being contemplated -- what will they do with that shiny bauble?

I'm all in favor of discussions about how the Internet industry can improve the security and validity of transactions that need strong authentication -- such as in the financial sector or when dealing with medical health records. But the sort of government-entangled identity structure being proposed by the White House in the current document is -- perhaps even to a very significant degree unintentionally and with genuinely good intentions -- a wolf in sheep's clothing with the potential to decimate civil liberties on and off the Net for generations to come.


Posted by Lauren at June 27, 2010 02:48 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein