Recently, the National Institute of Standards and Technology (NIST) announced over $9 million in grants to five U.S. entities to develop technologies to “pilot identity solutions that increase confidence in online transactions, prevent identity theft, and provide individuals with more control over how they share their personal information.” Funded projects will address issues including commerce, preference sharing, use of technology by seniors, health and education. NIST, which is housed within the Department of Commerce, made the grants to support the National Strategy for Trusted Identities in Cyberspace (NSTIC), a White House initiative designed to promote the development of secure, interoperable identity credential technologies.
On Friday, the Obama Administration unveiled the final draft of its ambitious National Strategy for Trusted Identities in Cyberspace (NSTIC), which seeks to develop new and more secure systems for identity authentication online, creating new “Identity Ecosystem.” Secretary of Commerce Gary Locke as well as other officials unveiled the NSTIC (pronounced “en-stick”), which is signed by President Obama, at an event at the U.S. Chamber of Commerce.
As the NSTIC explains, on the Internet as it exists today, individuals must maintain numerous passwords for different websites which they use. This imposes risks and burdens on consumers and businesses alike. Moreover, the NSTIC describes how the absence of highly reliable authentication methods has hindered the ability of high-risk sectors like health and finance to migrate their services online.
A few months ago, the Obama Administration introduced its National Strategy for Trusted Identities in Cyberspace (NSTIC), an ambitious proposal to implement public-private partnerships to implement a new mechanism for identity verification and information sharing online. The plan has been controversial. Although there have been many legitimate criticisms of the proposal, other objections, such as that the plan would mandate a single national online ID, appear to be based on misunderstandings.
To help combat the latter set of objections, the National Institute of Standards and Technology (NIST), which will help implement the plan, released a brief and helpful animation explaining the proposal:
The government’s efforts at forwarding the NSTIC come at a time when there are signs of increasing private interest in data portability involving sensitive information. For instance, tech news blog TechCrunch recently described a new startup called “Stripe,” reportedly backed by Silicon Valley heavy-hitters, as a new competitor with PayPal, Google Checkout, and similar services that offer centralized sources for consumers to make payments to websites and online applications.
The White House is establishing a new office to work with industry to develop an online “identity ecosystem” in which consumers and businesses can transact securely and privately without the need for passwords. U.S. Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard Schmidt recently announced plans to create the new “National Program Office,” which will be housed within the Department of Commerce. The new office’s goals will be to support the creation of privately-implemented identity standards in collaboration with industry and the public.
According to the announcement, the Administration envisions that users could choose to use login credentials from competing private providers and select a level of disclosure appropriate for a particular transaction. For instance, a user could, employing the same credential provider, choose a pseudonym to write a blog comment but reveal key identity-verifying information to her medical care provider. Contrary to some overheated headlines, Secretary Locke took pains to emphasize that the plan will not create a single “national ID,” nor will participation be mandatory.
The new National Program Office will be in charge of implementing the forthcoming National Strategy for Trusted Identities in Cyberspace (NSTIC), which will detail the Obama Administration’s plan. (A draft [PDF] of the NSTIC was released in June 2010.) In the upcoming months, the Commerce Department will release the final version of the NSTIC and host a conference on the topic.
The “identity ecosystem” has the potential to eliminate the need for website-specific passwords online, facilitating new forms of interaction and shifting responsibilities and roles in data storage. Social networking, advertising, online health and financial services, and user-generated content may especially be affected. However, the proposal also implicates issues of privacy, cybersecurity, and civil liberties, and some early reactions have questioned whether it is appropriate for the government, as distinguished from private industry, to have a significant role in establishing uniform online identities. Apparently to address that criticism, the Administration has signaled that it is eager for suggestions from industry in developing rules to shape the identity ecosystem. As the National Program Office begins to offer opportunities for input, businesses should consider accepting the invitation.