The government really is here to help

Back in June the U.S. government issued a draft of The National Strategy for Trusted Identities in Cyberspace. A number of good friends in the so-called user-centric identity community attended meetings where the draft was promulgated, and said that -- on the whole -- it was a good initiative. There was so little controversy, in fact, that we didn't even note it at the time here in the IdM newsletter. I'd planned to wait until the final version arrived.

But a week or so ago U.S. Secretary of Commerce Gary Locke brought it up at an event at the Stanford Institute for Economic Policy Research, noting that Commerce would develop this framework for trusted identities, then encourage private industry to adopt it as a way to increase online commerce.

IN THE NEWS: White House officials push online trusted IDs

Well, the crazies latched on to this. But not only the crazies. Trusted technology news vendors also seemed to go ape. CNET, for example, reported:

"Obama has signed authority over to U.S. Commerce Department to create new privacy laws that require American citizens to hold an Internet ID card. The Internet ID card would be used in place of other user names and passwords created for various online websites. Some civil rights organizations have argued that a national Internet ID card harms a reader's right to Internet anonymity."

ANOTHER VIEW: Facebook wants to issue your Internet driver's license

Of course that's not at all what Secretary Locke announced. In fact, there is no "ID card" nor are there to be new "privacy laws" or, even, a requirement to participate. But that didn't stop the conspiracy theorists, of course.

My friend Dave Birch (he's a director of the U.K.'s Consult Hyperion, the IT management consultancy that specializes in electronic transactions) did a very good write up on the issues and, since he isn't in the U.S., it appears to not be contaminated by purely domestic political and ideological baggage. So I'd like to present it to you, edited only for length.

Last year I (This is Mr. Birch speaking) said that I thought that the US National Strategy for Trusted Identities in Cyberspace (NSTIC) was heading in the right direction. I'm very much in favour of the private sector providing multiple identities into a framework that it used by the public sector and vice versa. I'm in favour of choice: if I choose to use my Barclays identity to access the DVLA or my DWP identity to access O2 it shouldn't matter to the effective and efficient use of online transactions. There was one area where I felt it could have presented a slightly different vision, and that's in the use of pseudonyms, which I think should be the norm rather than the exception.

I don't think the danger is the crazies but the journalists, politicians, commentators and observers who don't really understand the rather complex topic of digital identity. Or, as "Identity Woman" Kailya Hamlin (who some of you may remember from the first European Internet Identity Workshop that Consult Hyperion sponsored with our friends from Innopay and Mydex back in October) said about NSTIC: "I am optimistic about their efforts and frustrated by the lack of depth and insight displayed in the news cycle with headlines that focus on a few choice phrases to raise hackles about this initiative."

As far as I can see, NSTIC being managed by the Commerce Department has nothing to do with "privacy laws" and the idea that it will require Americans to have an "Internet ID" is a journalistic invention. The actual situation is that NSTIC is to go from being an idea to an actual system: "The Obama administration plans to announce today plans for an Internet identity system that will limit fraud and streamline online transactions, leading to a surge in Web commerce, officials said. While the White House has spearheaded development of the framework for secure online identities, the system led by the U.S. Commerce Department will be voluntary and maintained by private companies."

What this means is not that Americans will get an "Internet Driver's License" but that they will be able to log in to their bank, the Veteran's Administration, the DMV and their favourite blogs using a variety of IDs provided by their bank, their mobile phone operators and others.

That's right, Dave -- it will be a privately administered public initiative. So be sure to tell your friends that there's nothing to fear from NSTIC. Move along folks, nothing to see here.

Copyright © 2011 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022