Obama's online trusted ID plan greeted with caution
Privacy advocates say administration's plan is well intentioned by fraught with uncertainties
Computerworld - The Obama administration's release of the final version of the National Strategy for Trusted Identities in Cyberspace (NSTIC) was greeted on Friday with caution by privacy advocates who see it as a well-intentioned effort that is still years away from fruition.
The strategy, first announced last June, is designed to foster better technologies, standards and policies for online authentication. The goal of NSTIC is to enable an identity ecosystem in which individuals and organizations are able to conduct online transactions with far more assurance and security than they are currently able to.
When fully implemented, the new identity infrastructure will allow Internet users the option of obtaining trusted online identity credentials from a range of private service providers and from government entities.
Instead of maintaining separate usernames and passwords for each website, Internet users would be able to use a single set of identity credentials to gain access to services on multiple sites.
For example, a user would be able to use a digital credential obtained from his ISP, bank or university to securely access services at multiple other sites without having to first register at each one or having to divulge personal information to them.
Such a model is expected to be far more convenient and privacy-friendly than current online authentication mechanisms.
NSTIC calls on the National Institute for Science and Technology to develop standards and technology polices for the new identity infrastructure. But it leaves it to the private sector to do the actual development and deployment of the technology. Internet users will be free to decide for themselves whether they want to use NSTIC credentials for online transactions.
Andy Ozment, White House director for cybersecurity policy, and Howard Schmidt, President Obama's cybersecurity coordinator, touted NSTIC as a groundbreaking effort on Friday.
Commerce Secretary Gary Locke described NSTIC as another example of the U.S. government helping to enable and support private innovation at a critical juncture.
"Usernames and passwords are no longer good enough" for protecting against identity theft and online fraud, Locke said. For the Internet to achieve its full potential, it's vital for the government and the private sector to work collaboratively to develop a new, secure and more privacy-friendly identity ecosystem, he said.
"We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords," Locke said.
However, meanwhile privacy advocates see the effort as a well-meaning one that is fraught with many uncertainties.
For one thing, the kind of identity infrastructure envisioned by NSTIC is still several years away at least, said Aaron Brauer-Rieke, a fellow at the Center for Democracy and Technology. "The strategy at this point is just a vision for the future," Brauer-Rieke said. "There is still a lot of work that has to happen."
Obama and tech
- China set to surpass U.S. in R&D spending in 10 years
- Outgoing federal CIO warns of 'an IT cartel'
- @whitehouse takes on Twitter Town Hall
- Obama's CIO quits
- Little new in Obama cybersecurity proposal
- Feds update IT plan following Obama's 'horrible' comment
- Obama's online trusted ID plan greeted with caution
- U.S. Census tech makeover includes 'oasis' for innovation
- Obama seeks big boost in cybersecurity spending
- QuickPoll: Is Obama's 98% 4G broadband coverage goal realistic?
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts