- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
CSO - The National Strategy for Trusted Identities in Cyberspace aims to set the benefits, overall strategy, goals and objectives of the government's plan to improve how users (and even devices) are authenticated onto the Internet. The plan, so far, calls for very limited government involvement in the development of the identity infrastructure. As it stands today, the government's role will be essentially promoting leadership, encouraging speed of deployment, and the use of certain identity solutions.
Cybersecurity Coordinator and Special Assistant to the President Howard A. Schmidt said the initiative is necessary to help fight online fraud and identity theft. "We have a major problem in cyberspace, because when we are online we do not really know if people, businesses, and organizations are who they say they are. Moreover, we now have to remember dozens of user names and passwords. This multiplicity is so inconvenient that most people re-use their passwords for different accounts, which gives the criminal who compromises their password the "keys to the kingdom," he wrote.
Few would argue the need for improved Internet identities and authentication. But the devil, if there is one, would reside in the details of the plan. The initial version of the plan was published last summer. Late last week, Commerce Secretary Gary Locke and Schmidt announced the Commerce Department will host a National Program Office (NPO) in support of the National Strategy.
While many would expect civil liberties groups and privacy groups to be wary of any government identity plans, that doesn't appear to be happening with what has been put out for consideration this time. As Jim Dempsey, vice president for public policy at the Center for Democracy & Technology said at a Stanford University event held last week, "The government needs an identity ecosystem or identity infrastructure. It needs it for its own services as well as part of the solution to the broader cybersecurity problem as well as, as one of the foundations of eCommerce, but the government cannot create that identity infrastructure, because if it tried to, it wouldn't be trusted."
Dempsey said in a blog post: "And here's the good news: The Administration agrees. The Administration is not trying to create the identity infrastructure for the Internet. The Administration plan supports anonymity. The only centralization that was discussed by the Administration was the centralization of identity policy-making in the Department of Commerce."
While Locke and Schmidt made it clear the plan doesn't call for a national ID card, nor even a government controlled system, they didn't provide many details about what such an identity ecosystem would actually look like.
Will smart cards be issued to Internet users? Will users be given software certificates to help authenticate who they are? Will biometrics play a role? Who will issue the credentials? Banks? Internet Service Providers?