Obama's online trusted ID plan greeted with caution
Privacy advocates say administration's plan is well intentioned by fraught with uncertainties
Computerworld - The Obama administration's release of the final version of the National Strategy for Trusted Identities in Cyberspace (NSTIC) was greeted on Friday with caution by privacy advocates who see it as a well-intentioned effort that is still years away from fruition.
The strategy, first announced last June, is designed to foster better technologies, standards and policies for online authentication. The goal of NSTIC is to enable an identity ecosystem in which individuals and organizations are able to conduct online transactions with far more assurance and security than they are currently able to.
When fully implemented, the new identity infrastructure will allow Internet users the option of obtaining trusted online identity credentials from a range of private service providers and from government entities.
Instead of maintaining separate usernames and passwords for each website, Internet users would be able to use a single set of identity credentials to gain access to services on multiple sites.
For example, a user would be able to use a digital credential obtained from his ISP, bank or university to securely access services at multiple other sites without having to first register at each one or having to divulge personal information to them.
Such a model is expected to be far more convenient and privacy-friendly than current online authentication mechanisms.
NSTIC calls on the National Institute for Science and Technology to develop standards and technology polices for the new identity infrastructure. But it leaves it to the private sector to do the actual development and deployment of the technology. Internet users will be free to decide for themselves whether they want to use NSTIC credentials for online transactions.
Andy Ozment, White House director for cybersecurity policy, and Howard Schmidt, President Obama's cybersecurity coordinator, touted NSTIC as a groundbreaking effort on Friday.
Commerce Secretary Gary Locke described NSTIC as another example of the U.S. government helping to enable and support private innovation at a critical juncture.
"Usernames and passwords are no longer good enough" for protecting against identity theft and online fraud, Locke said. For the Internet to achieve its full potential, it's vital for the government and the private sector to work collaboratively to develop a new, secure and more privacy-friendly identity ecosystem, he said.
"We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords," Locke said.
However, meanwhile privacy advocates see the effort as a well-meaning one that is fraught with many uncertainties.
For one thing, the kind of identity infrastructure envisioned by NSTIC is still several years away at least, said Aaron Brauer-Rieke, a fellow at the Center for Democracy and Technology. "The strategy at this point is just a vision for the future," Brauer-Rieke said. "There is still a lot of work that has to happen."
Obama and tech
- China set to surpass U.S. in R&D spending in 10 years
- Outgoing federal CIO warns of 'an IT cartel'
- @whitehouse takes on Twitter Town Hall
- Obama's CIO quits
- Little new in Obama cybersecurity proposal
- Feds update IT plan following Obama's 'horrible' comment
- Obama's online trusted ID plan greeted with caution
- U.S. Census tech makeover includes 'oasis' for innovation
- Obama seeks big boost in cybersecurity spending
- QuickPoll: Is Obama's 98% 4G broadband coverage goal realistic?
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Privacy White Papers | Webcasts