Trusted Internet ID Obama's Top Priority

May 22
13:41

2013

Dennis Schooley

Dennis Schooley

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

Normal 0 false false false EN-US X-NONE X-NONE The Obama administration is currently working on a scheme that will make a cyberspace utopia where fina...

mediaimage
Normal 0 false false false EN-US X-NONE X-NONE

The Obama administration is currently working on a scheme that will make a cyberspace utopia where financial transactions and exchanges of information are conducted in a secure environment.

United State Commerce Secretary Gary Locke has revealed plans to develop a National Strategy for Trusted Identities in Cyberspace (NSTIC),Trusted Internet ID Obama's Top Priority Articles a trusted Internet identity ecosystem that aims to curb fraud and identity theft and at the same streamline online transactions.

The Internet identity ecosystem plan is currently in the drafting stage but the Obama administration will release it in a few months, said Locke who spoke at the Stanford Institute for Economic Policy Research in California on Friday.

Within the Internet identity ecosystem, Individuals don't have to remember a growing list of usernames and passwords for various online services. Instead, they will be able to authenticate themselves online through secure, private and interoperable credentials.

In essence, the Internet identity ecosystem works as the Big Brother of all Big Brother mechanisms implemented online to ensure that people are who they say they are before they could access electronic financial data and health records. The trusted Internet identity ecosystem is part of the present administration's Cyberspace Policy Review which was released in May 2009.

Locke, who outlined the framework of the Internet identity ecosystem at the Stanford event with White House Cybersecurity coordinator Howard Schmidt, tried to dispelled fears of privacy groups over the plans.

"We are not talking about a national ID card," said Locke. "We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities."

Critics of the plan fear that instead of securing identities and transactions online, the identity ecosystem will instead do the opposite.

When the plan was first unveiled in June last year, John Pescatore, vice president and research fellow at Gartner Research, was very vocal in saying that a complicated, password-reliant framework such as the Internet identity ecosystem was not the solution to cybersecurity problems. Cybercrime thrived due to the use of reusable passwords. To address the problem, the government should instead strive to minimize the use of such passwords and opt for one-time passwords or other stronger authentification mechanisms, he said.

Some web users think the Internet identity ecosystem is part of the global plan to track users' identities and activities online. Other say the scheme restricts freedom of speech which is what the world wide web is about.

Jim Dempsey of the Center for Democracy and Technology, who was also at the Stanford event, said the scheme must be voluntary and created by the private sector; otherwise, "it wouldn't be trusted."

Proponents of the plan, however, said that apprehension over the Internet identity ecosystem stemmed from the lack of understanding as to how it will operate.

How exactly will the identity ecosystem help secure cyberspace? The ecosystem centers on four main buckets, explained Schmidt:

1. It is voluntary. If a user establishes a secure identity credential and then decides to revert to the standard multiple-password method for various online transactions, he can do so.

2. The ecosystem will only work if web users are confident that the transaction and/or exchange of information is secure.

3. The system will be interoperable or dependent on various security solutions and mechanisms implemented by different companies. This will make it virtually impossible for cybercriminals to target a particular entity and compromise the security of the others.

4. The system will be cost effective and user friendly.
While the purpose and the basic guidelines of the Internet identity ecosystem are already known, what it will actually look like is still unclear. According to Locke, the White House is initiating the plan, but much of it will depend on private sector involvement before it even takes off the ground. In fact, the government wants the private sector to design and implement the program.

The U.S. Commerce Department will be setting up a national program office to help enforce the identity ecosystem, he said.