In its bid to boost Web security in the US, the Barack Obama administration is working out a plan to issue American computer users with an internet identity, newsgroup posts report.
The Obama administration is drafting a paper called the National Strategy for Trusted Identities, which investigates ways that web users can protect their online identities.
White House Cybersecurity Coordinator Howard Schmidt told the website it is “the absolute perfect spot in the U.S. government” to centralize efforts toward creating an “identity ecosystem” for the Internet.
Although some critics attacked the proposed system as a potential tool for more government data collection and citizen monitoring (the Department of Homeland Security is a partner in the project), the impetus appears to be largely financial. The strategy is intended both as a way to save money for the U.S. government by not requiring individual agencies to design and maintain their own identity-authentication mechanisms, and to give users more faith in the trustworthiness of online commerce.
Possible methods of creating a “trusted identity” could include issuing a “smart card” or digital certificates that would prove that online users are who they say they are. They could then be used to buy goods and carry out financial transactions on the internet, the report said.
Commerce Secretary Gary Locke, who unveiled the plan with White House Cyber Security Coordinator Howard A. Schmidt, has tried to stress that the system will not be like a driver’s license for the Internet.
“We are not talking about a national ID card. We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing, and perhaps even eliminating, the need to memorize a dozen passwords, through creation and use of more trusted digital identities,” Locke explained during the announcement which has been posted on a variety of tech related newsgroups today.
But, despite Locke’s assurances, several newsgroup subscribers and journalists are wary of the government plan.
“The problem is that as an administration that has continued most of the often-dubious domestic surveillance practices of the Bush Administration (and even concocted a few new ones), who exactly is going to believe them? Nobody will trust the government to design and implement such a system without abuse — even if the system is voluntary, and even if Uncle Sam offloads its creation to the US Commerce Department,”
Even event attendees expressed their concern.
“The government cannot create that identity infrastructure,” said Jim Dempsey of the Center for Democracy and Technology, who actually spoke at the Stanford event following Locke and Schmidt. “If it tried to, it wouldn’t be trusted.” Dempsey added that such a system would need to be created by a private sector agency or organization, and that it would have to be competitive and voluntary.
But the Commerce Department, at least, assures us that their plan will not be mandatory.
“It provides consumers a choice – those who want to remain anonymous for activities like blogging will continue to be able to do so,” a department representative said. “Online service providers that opt in to such a system would follow a set of security and privacy guidelines.”
Later this year, the Commerce Department plans to hold a workshop involving industry, academia, civil society organizations, standards-setting organizations, and government to discuss NSTIC initiatives.