After a year-long analysis of the state of Internet security led by the National Security council, President Obama's cybersecurity coordinator Howard Schmidt has released details of the administration's plan to protect the masses from cyberscumbags by creating a federal system for online identity authentication.
The Financial Times reported that "the creation of a system for identity management that would allow citizens to use additional authentication techniques, such as physical tokens or modules on mobile phones, to verify who they are before buying things online or accessing such sensitive information as health or banking records."
Good intentions aside, implementing a program of this nature could have repercussions far beyond combating phishers and scammers - it could put an end to any notion of online privacy and anonymity.
Electronic payment fraud and identity theft are serious problems, and are a drag on our economy which we could surely do without. But is this really where we need to begin?
Software continues to be produced with vulnerabilities written into the code, confidential information continues to be compromised on a daily basis due to lax security policies and employee unfamiliarity across a spectrum of industries, and information technology continues the shift to outsourced managed services in the cloud.
These realities creating more opportunities for data loss on a massive scale.
So why pursue authentication issues as the first order of business? And why is a federally issued "cyber identity" being touted as the optimal solution, over and above a slew of commercial epayment security options already available?
At the risk of seeming like a tinfoil hat wearing paranoid, I ran across an article in the TeamCymru newsfeed from Prison Planet that really struck a nerve.
If you take away all the allusions to evil ulterior motives that pervades the article and simply look at the rant as an examination of some potential consequences from a federal cyber identity mandate, it quickly becomes clear that this may not be the best solution - for all of us Internet users anyway.
The article titled Cybersecurity Measures Will Mandate Government ID Tokens To Use The Internet was written by Paul Joseph Watson and Alex Jones, and asserts that "under the guise of cybersecurity, the government is moving to discredit and shut down the existing Internet infrastructure in the pursuit of a new, centralized, regulated world wide web."
Whether or not the true intention is to "discredit" the Internet, the more than forty cybersecurity related bills before Congress and the elevation of cybersecurity to the Czar level at the White House are clear evidence that the government is moving to "centralize and regulate" the Internet to some degree.
The article goes on to say that "similar legislation aimed at imposing Chinese-style censorship of the Internet and giving the state the power to shut down networks has already been passed globally, including in the UK, New Zealand and Australia."
While "Chinese-style censorship" is not specifically outlined in Schmidt's strategy, the proposal does entail requiring everyone who wants to access the Internet to register with the government, creating yet another layer of bureaucracy at potentially enormous cost to taxpayers.
If the government has to say "yes" to your request for access to the Internet, then they also have the power to say "no."
And there are many other issues that will arise from such a system, like whether the government will monitor and collect data on individual usage, and what steps would be taken to protect the system itself from being compromised.
Even if your access to the web remains unfettered, the requirement to register for and use a federal cyber identity would mean an end to one of the Internet's most lauded features - the ability to remain (relatively) anonymous.
The Prison Planet article claims that "abolition of anonymity is used to chill free speech," and they may be on to something here.
Though, I think the authors meant "freedom of speech" - but the term "free" might be more apt, as access to a web that is under federal control will undoubtedly cost users more than it does today.
Americans for Tax Reform sees federal control of the Internet as just another example of a backdoor tax that will make access to the Internet more expensive:
"Everyone will pay rates for service that the government sets. And everything passing through your Internet, TV, or phone would become subject to the FCC's consistent regulatory whim..."
Sorry Alex and company, it probably just comes down to the mighty dollar, and the opportunity to garner profits, fees and taxes.
Although, just because someone is paranoid, it does not mean someone else is not really out to get him.
In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more
Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more
For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more
With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more