Government will facilitate strategy
The private sector must lead the charge for the National Strategy for Trusted Identities in Cyberspace while the government facilitates the process, government officials say.
The goal of the strategy is to protect privacy, fight identity theft and fraud, drive economic growth by driving business online and create a platform for new Web services, said a White House administration official. User names and passwords are no longer good enough to secure online identities and something more is needed, be it a smart card, USB token, mobile device or something else.
The idea is to have the private sector offer citizens credentials that they could use to verify identity online, the official said. The credentials would be optional and individuals could choose to have one that they use for all accounts or multiple depending on the account they are accessing. There will also be a choice of where to get a credential from. “Our goal is to have a credential that would work anywhere online. If consumers want to have more than one they can,” said the official
The credentials would also enable greater privacy, the official said. For example, if an individual was logging on to a site to watch videos, little to no information would be sent to the site whereas if the individual was logging on to his bank account or health care records there would be much more of an effort to authenticate the identity of an individual.
The Department of Commerce is leading the work on the strategy, with the program office located within the National Institute of Standards and Technology, said Jeremy Grant, senior executive advisor of ID management at NIST. The office will be having a series of workshops across the country this summer to discuss the strategy with the goal of having pilots funded for Fiscal Year 2012. There was $24.5 million earmarked for these tests in the U.S. Department of Commerce budget.
In the past the private sector has been hesitant to offer solutions to the public around securing identities, but the strategy aims to change that, the administration official said. There have been concerns around liability for companies involved in identity which the strategy will clarify. There are no plans, however, to draft legislation around the strategy, he adds.
All of this will not be easy. Susan Landau, fellow at the Radcliffe Institute for Advanced Study at Harvard University, said the work over the next few months and years will be like “herding cats.” She hopes that the industry can step up and work all the details out, including a governance model. “Can industry step up and do the critical thing, a serious governance model with trust framework?” she asked during a panel discussion about the strategy unveiling.
Also mentioned during the strategy unveiling:
- Leslie Harris, president and CEO at the Center for Democracy & Technology, is happy with the selection of NIST to lead the efforts to secure identities online, but she said that the strategy should call for federated identities. For example, there should be multiple identity providers, but they should all communicate with one another.
- Gene B. Sperling, assistant to the president for Economic Policy and director of the National Economic Council, says securing online identities can have an impact on the economy and lead to innovation.
- U.S. Sen. Barbara Mikulski (D-Md.) says the strategy will not be a national ID card but a “commerce-facilitating card.”
- Howard A. Schmidt, White House Cybersecurity Coordinator, says the strategy does not call for a card but a choice for individuals.