White House Cybersecurity Coordinator Howard Schmidt cautions it won’t be a national ID program as critics claim it would be, but rather a necessary system for creating trusted digital identities to enhance the security of online transactions, and also a means for relieving the burden of having to remember dozens of usernames and passwords.
The Obama administration certainly isn’t trying to allay fears of federal intrusion into the everyday lives of US citizens it seems with news that it plans to relieve the burden of having to “remember dozens of user names and passwords” by creating an Internet ID for all Americans.
Speaking at Stanford University, Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard Schmidt spoke about plans for the National Strategy for Trusted Identities in Cyberspace (NSTIC)
“We have a major problem in cyberspace, because when we are online we do not really know if people, businesses, and organizations are who they say they are,” said Schmidt. “Moreover, we now have to remember dozens of user names and passwords. This multiplicity is so inconvenient that most people re-use their passwords for different accounts, which gives the criminal who compromises their password the ‘keys to the kingdom.’”
He cautioned that it wasn’t a national ID program as critics claim it would be, but rather a system for creating trusted digital identities to enhance the security of online transactions.
We need a cyber world that enables people to validate their identities securely, but with minimal disclosure of information when they’re doing sensitive transactions (like banking) – and lets them stay anonymous when they’re not (like blogging). We need a vibrant marketplace that provides people with choices among multiple accredited identity providers – both private and public – and choices among multiple credentials. For example, imagine that a student could get a digital credential from her cell phone provider and another one from her university and use either of them to log-in to her bank, her e-mail, her social networking site, and so on, all without having to remember dozens of passwords. Such a marketplace will ensure that no single credential or centralized database can emerge. In this world, we can cut losses from fraud and identity theft, as well as cut costs for businesses and government by reducing inefficient identification procedures. We can put in-person services online without security trade-offs, thereby providing greater convenience for everyone.
He calls it the “Identity Ecosystem” and says that nobody will be forced to get a credential if they don’t want to. The govt also has no plans for a central database to store digital identities, and it’s looking to the “leadership of the private sector” to implement the NSTIC.
The proposal sounds rather tame, but the same was likely said of Social Security numbers. The govt insisted they would never be used for identification purposes, but these days it’s used to identify you in everything from your monthly utility bill to your bank account number.
Moreover, once the NSTIC is place it seems likely only a matter of time before it becomes difficult to conduct business or interact with sites unless you have a “Trusted Identity.”
What do you think about the proposal?