Tuesday, August 13, 2013

Forget REAL ID -- The Global Smart-ID is coming!

by: Julie Beal


(VIDEO) Internet Facing Multiple Attacks: CISPA, NSTIC, & Online Radicalization Working Group


The grand plan for Global ID is to give each person on the planet a way to identify themselves online. One ID number for each person, to signify all that they are. This is the full personal profile containing anything relevant for identification purposes. It means all our private details being managed by a corporation, in the cloud.

If you want to sign up to the online identity ecosystem, you can already do so through Google or Yahoo!, or by registering with the Identity Ecosystem Steering Group (IDESG).[1]

And if you don’t want anything to do with it, it’ll be tough, if not impossible, to get by in the future, because you’ll have to use your global ID to access all government services and healthcare services, to drive a car, and, once cash is gone, to pay for anything. Given the atmosphere of mistrust engendered by the system, and the constant fear of terrorism, over time it’s likely you’d need to ‘validate your identity’ to get insurance, to get a job, and to access buildings. 

In America, the Kantara Initiative (previously the Liberty Alliance) has been working with the Obama Administration to establish this global ID management system, and will soon be rolling it out nationwide, as a way to minimise fraudulent use of electronic health records (EHRs). The system is nearly up and running (trials have already begun), meaning anyone who wants to access healthcare in the US will have to produce their smart-ID first. Most of the time you’ll be required to provide three-factor authentication, which means something you KNOW (the one and only password), something you HAVE (the smart card/phone), and something you ARE (your biometrics). 

(VIDEO) Launch of the National Strategy for Trusted Identities in Cyberspace

Dig deep into your memories, and see if you remember the NSTIC? The National Strategy for Trusted Identities in Cyberspace was first announced by Obama in 2011, and is somewhat mis-named, since it intends to operate on a global scale. For online identity verification to work, it needs to be operable across borders, just like the Internet. Each country is developing their own version of the same package, but using the same standards, such as by aligning with the Open Identity Exchange (OIX). In the UK, for instance, the plan to make all government services online only is well under way, and having an online ID will be the only way to interact with the State. Universal Credit is soon to be rolled out, and all claimants will have to use their online ID in order to claim, and receive, benefits.[2] 

In America, most of the opposition to the control of identity is focused on ‘REAL ID’. It has unfortunately kept activists distracted from the NSTIC. Following the REAL ID Act of 2005, only thirteen states have fully complied, leaving some politicians up in arms that the Obama Administration seems to be doing little to help the implementation of REAL ID to combat terrorism. Perhaps they’re not aware that the American Association of Motor Vehicle Administrators were one of five pilot projects awarded a total of $9 million by the US government to kick off the NSTIC in September last year; the other winners were Daon, Criterion Systems, Resilient Networks and Internet2.

Daon is the first pilot to go live – by providing identity management for pilots!!! Or rather, airport executives. Daon’s team, which includes the American Association of Retired Persons (AARP), PayPal, Purdue University and the the American Association of Airport Executives (AAAE), was awarded $1.8 million for the NSTIC initiative. They plan to “demonstrate how consumers–specifically senior citizens–can benefit from a digitally connected, consumer friendly identity ecosystem.” AARP is busy drumming up support (e.g. for the Common Access Card), while Daon has created a system where airport executives can validate their identity using their smartphone.

(VIDEO) Jeremy Grant of NIST discusses NSTIC at the RSA Conference

It’s worth noting that Daon has been perfecting the art of biometric identity management since 1999, with its software being used globally. According to Wikipedia,
Daon is a member of the Federation for Identity and Cross-Credentialing Systems, Inc. (FIXs) and has an executive serving as the elected chair of the BioAPI Consortium and as head of the U.S. delegation to ISO/IEC JTC1 SC37 (subcommittee on biometrics). Daon is also a member of the Biometrics Consortium. 
In 2006, Daon and the American Association of Airport Executives (AAAE) entered into a joint venture to create the Security Biometric Clearing Network (SBCN) to provide services for biometric identity management, including enrollment, background checking, secure biometric and biographic information storage and card issuance.
So it’s taken seven years for them to get the system operational – enrollment began in March.
Participating AAAE members are using credentials based on patented IdentityX® risk-based, multi-factor, mobile authentication technology to access restricted, member-only areas of the association’s website. They will use their smartphones or tablets to verify their identity, leveraging privacy-enhancing methods, each time they access the website sections that house sensitive data. The identity management services are hosted in the cloud by TrustX™, a Daon affiliate. 
This is the first relying party participating in a NSTIC pilot to go live and represents a major milestone for the program. In addition to piloting the use of strong authentication credentials, Daon's pilot also focuses on the movement of relying party partners to external identity providers and trust frameworks as well as cross-sector credential interoperability. Following AAAE, other partners scheduled to go live include AARP, PayPal, Purdue University and a major bank. (Source)
Daon also provides the software for India’s Unique ID (UID), the world’s largest identity program, and have now brought IdentityX® to the market, for businesses and individuals to use as an identity authentication platform, for use on the user’s mobile phone or tablet. Biometrics and geo-location via GPS are required to authenticate high-risk transactions, such as payment. (Source)

The main way the NSTIC will be initialised, it would seem, will be as part of the Patient Protection and Affordable Care Act (PPACA), which mandates the use of electronic health/medical records, and is set to take effect in 2014. To make sure all organisations are prepared for this, the Obama Administration has provided subsidies to cover the cost of converting paper records into an electronic format, which, “has fueled something of an explosion in companies developing and providing online personal health records (PHR) services and systems to patients and doctors alike.” (Source)

A number of incentives have also been provided to ensure compliance:
To encourage medical practices to implement EMR technology, the federal government has created an incentive program: Professionals able to meet specific federal requirements for EMR are eligible to receive up to $44,000 through the Medicare Electronic Health Records Incentive Program. Additionally, professionals providing service in an area deemed a Health Professional Shortage Area (HPSA) may be eligible for extra incentives above and beyond the initial $44,000. 
The incentives for institutions go even further with base payments for eligible institutions beginning at $2 million. … To ensure that institutions are making appropriate use of new electronic medical records technology (and the funding that goes along with it), several meaningful use requirements have been established. These include structured formats for areas such as medical billing, patient records and employee communication.(Source)
PHRs are said to increase patient safety, especially in emergency situations, because all of your personal medical data is readily to available, which could help guide treatment action. However, if you didn’t actually have your smart card/phone with you, how could you validate your identity? Would you be denied treatment?

It is also being claimed that the sharing of medical information among providers would reduce the costs of health care and insurance, because fewer tests and admin would be required, and there would be fewer errors. Nonetheless, when errors are made, they could be far more serious.
Robert Anthony from the Centers for Medicare and Medicaid Services (CMS) provided an update on the Electronic Health Record (EHR) Incentive Program as of March 2013: 
· 77 percent of eligible hospitals have received an EHR incentive payment 
· Over 245,000 Medicare and Medicaid Eligible Providers (EP) have received an EHR incentive payment 
· 192,126 EPs and 2,874 hospitals have successfully attested under the program
In the meantime, the $1.6 million awarded to the American Association of Motor Vehicle Administrators (AAMVA) has led to the second NSTIC pilot, in Virginia. The AAMVA, together with the Commonwealth of Virginia Department of Motor Vehicles, Biometric Signature ID, CA Technologies, Microsoft and AT&T to catalyse the NSTIC, has led to a roll-out of Identity Management (IdM) in Virginia, as part of the Cross Sector Digital Identity Initiative (CSDII):
When it comes to state services, a typical resident has some identity attributes with the Department of Revenue, some with the Department of Motor Vehicles and still others with various agencies such as the Department of Natural Resources. Moreover, if the resident uses Medicaid there’s attribute information stored there as well. For the past few years, there’s been discussion around consolidating the different state identity silos into one. The Commonwealth of Virginia is taking the first steps with a pilot program between the Department of Motor Vehicles and the Department of Medical Assistance Services. Virginia is creating the Commonwealth Authentication System that will verify a Medicaid recipient’s identity using data from the Department of Motor Vehicles, explains Dave Burhop, deputy commissioner and CIO with the Virginia DMV. In the future this system could be used by other state agencies to verify identification information as well. The impetus for the system was the Affordable Care Act, which will see 240,000 more Virginia residents using Medicaid, Burhop says ... 
… The system will provide identity-vetting information for administrators and it will also provide citizen-facing functionality, says Mike Farnsworth, project manager for the Commonwealth Authentication System with the Virginia DMV. Instead of having to fill out and deliver or fax paper forms, the new system enables online enrollment. The individual will open an account that will take them through enrollment in the Commonwealth Authentication System, says Burhop. The system will vet the individual using the driver license data to confirm identity. He is now able to apply for Medicaid benefits.” (Source)
This, then, is the second pilot to ‘go live’, and the most interesting thing about this particular project is the type of biometric it is using. Whilst fingerprints and photos can be easily mis-used, even after their ‘owner’ has died, the method developed by BioSig-ID validates a person’s identity in real-time. It is already being used by the education system to prevent cheating. To prove their identity, the user signs their name, and password, and the way they do this is uniquely individual to them, thereby validating their identity based on their behavior; it proves they are alive and (probably!) in control of the procedure and/or device. The final part of the procedure involves selecting secretly chosen pictures. I’m not sure how all this would work if the user were drunk, or under duress (such as beingabout to die!). Full authentication also requires proof of having the device used to store your credentials, so if your phone or smart card were stolen, you would be prevented from accessing healthcare, or making payments.
Dynamic biometrics like BioSig-ID™ allow an infinite number of different secret biometric samples (codes, images, and numbers) generated by the same individual. Revocation is instant and replacement is only a re-enrollment. If your fingerprint gets hacked it is gone forever. With BioSig-ID™ you can always change your drawing and clicking behaviour…….. There is no need for any special equipment or hardware, just a mouse, stylus or touchpad. Our Click-ID feature replaces tokens, smart cards, images, IP addresses, device reputation or other biometrics that require hardware and can augment PINS and passwords. An audit trail log is created for compliance and security. (my italics) (Source)
The Smart Card Alliance has been very involved with plans to use their technology as part of the digitization of health care, and a host of other ID applications, including biometrics. They have been pushing smart cards for many years, and have published several white papers. The Alliance, and especially Gemalto, have also provided consultation to the White House, so it seems likely their products will be used initially. (Whilst some people are either too poor, or unwilling, to buy a smart phone.) However, what it all seems to come down to is the secure element which can be used tocryptographically store all ID credentials, including biometrics, on one tiny ‘computer’ that can be either built-in, or inserted into, a phone. There have been a number of attempts, by the likes of Google and Microsoft, to achieve ‘consumer lock-in’, but a secure element allows the user to take it out of their phone and put it in another one (like you do with a SIM or micro-SD). The identity details on it can still be updated when necessary.

(VIDEO) CredenSE
CredenSE is the world's first commercial NFC product with on board active signal amplification chip, industry leading Secure Element and miniature antenna, making it the only Secure Element microSD that can host mobile wallet applications on both NFC and non-NFC phones video here:  http://www.youtube.com/watch?v=zEDNjhZ8LKI

Now, anyone with an Android or Blackberry phone can use the CredenSE NFC microSD, released by DeviceFidelity, Inc., which is, “the world’s first NFC secure element solution that is open and accessible to any service provider globally”.
The CredenSE portfolio leverages DeviceFidelity’s patented technology that allows for clean integration of NFC microSD products into phones that already have NFC technology built-in such as the Samsung Galaxy S4. In this case, the NFC microSD provides an additional Secure Element for NFC phones that is not dependent or controlled by one particular party, thereby enabling all types of institutions such as banks, transit operators, system integrators, but also enterprise and security tokens providers to deploy directly to their consumers. ……CredenSE is the world’s first commercial NFC product with on board active signal amplification chip, industry leading Secure Element and miniature antenna, making it the only Secure Element microSD that can host mobile wallet applications on both NFC and non-NFC phones. (Source)
All of these measures are intended to make us safe online. But what about those of us who do not wish to have an online identity profile at all? If you can’t access basic services without handing your details over to a private corporation, you’re left with little, or no, choice. These private corporations include those who have helped the NSA pry into our lives for no good reason whatsoever, and they will only be helping the NSA even more by aggregating our information when they become Identity Providers.

There is a fortune to be made by marketers from the data collected in this way – and it is also fundamental to population simulations which are said to predict disease and unrest, and are therefore ‘necessary’ for policy formation. In other words, the data from our identity profiles gives a very clear picture of the global population, helping the Corporate State make predictions, and perfect their social engineering techniques. It is the Corporate State that holds the best computing power that money can buy, giving them the permanent edge in the cyber battlefield. No matter how secure we’re told identity management is, the NSA will always be able to gain access to our purely electronic lives.

Community cash is what we need. Local organic food and local councils with no link to Agenda 21 or the global Corporate State. Real news and real privacy.

The freedom to be.

Notes:

[1] A delegate from the Electronic Frontier Foundation is part of the Identity Ecosystem Steering Group, along with the government and some big corporations.http://www.idecosystem.org/group/leadership

[2] The UK is developing an online Identity Assurance model and has recently published guidance on authentication for businesseshttp://www.out-law.com/en/articles/2013/june/new-guidance-issued-on-identity-proofing-and-verification/. The best place to find out about the advances in IdM in the UK is the blog at DMossEsq. http://www.dmossesq.com/2012/09/midata-loneliest-initiative-in_10.html#uds-search-results

This article first appeared at Get Mind Smart

Julie Beal is a UK-based independent researcher who has been studying the globalist agenda for more than 20 years. Please visit her website, Get Mind Smart, for a wide range of information about Agenda 21, Communitarianism, Ethics, Bioscience, and much more.


SOURCE: http://www.activistpost.com/2013/08/forget-real-id-global-smart-id-is-coming.html

No comments:

Post a Comment