Obama's online trusted ID plan greeted with caution
Privacy advocates say administration's plan is well intentioned by fraught with uncertainties
Computerworld - The Obama administration's release of the final version of the National Strategy for Trusted Identities in Cyberspace (NSTIC) was greeted on Friday with caution by privacy advocates who see it as a well-intentioned effort that is still years away from fruition.
The strategy, first announced last June, is designed to foster better technologies, standards and policies for online authentication. The goal of NSTIC is to enable an identity ecosystem in which individuals and organizations are able to conduct online transactions with far more assurance and security than they are currently able to.
When fully implemented, the new identity infrastructure will allow Internet users the option of obtaining trusted online identity credentials from a range of private service providers and from government entities.
Instead of maintaining separate usernames and passwords for each website, Internet users would be able to use a single set of identity credentials to gain access to services on multiple sites.
For example, a user would be able to use a digital credential obtained from his ISP, bank or university to securely access services at multiple other sites without having to first register at each one or having to divulge personal information to them.
Such a model is expected to be far more convenient and privacy-friendly than current online authentication mechanisms.
NSTIC calls on the National Institute for Science and Technology to develop standards and technology polices for the new identity infrastructure. But it leaves it to the private sector to do the actual development and deployment of the technology. Internet users will be free to decide for themselves whether they want to use NSTIC credentials for online transactions.
Andy Ozment, White House director for cybersecurity policy, and Howard Schmidt, President Obama's cybersecurity coordinator, touted NSTIC as a groundbreaking effort on Friday.
Commerce Secretary Gary Locke described NSTIC as another example of the U.S. government helping to enable and support private innovation at a critical juncture.
"Usernames and passwords are no longer good enough" for protecting against identity theft and online fraud, Locke said. For the Internet to achieve its full potential, it's vital for the government and the private sector to work collaboratively to develop a new, secure and more privacy-friendly identity ecosystem, he said.
"We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords," Locke said.
However, meanwhile privacy advocates see the effort as a well-meaning one that is fraught with many uncertainties.
For one thing, the kind of identity infrastructure envisioned by NSTIC is still several years away at least, said Aaron Brauer-Rieke, a fellow at the Center for Democracy and Technology. "The strategy at this point is just a vision for the future," Brauer-Rieke said. "There is still a lot of work that has to happen."
Obama and tech
- China set to surpass U.S. in R&D spending in 10 years
- Outgoing federal CIO warns of 'an IT cartel'
- @whitehouse takes on Twitter Town Hall
- Obama's CIO quits
- Little new in Obama cybersecurity proposal
- Feds update IT plan following Obama's 'horrible' comment
- Obama's online trusted ID plan greeted with caution
- U.S. Census tech makeover includes 'oasis' for innovation
- Obama seeks big boost in cybersecurity spending
- QuickPoll: Is Obama's 98% 4G broadband coverage goal realistic?
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them. All Privacy White Papers | Webcasts