White House Unveils Plan for Secure Online IDs
Are you tired of remembering 10 different passwords for all your online activity? Maybe you use the same password for everything? With data breaches and botnets dominating the news, are you concerned that your private data might end up in the hands of cyber criminals?
The White House on Friday outlined its plan for a secure online identification system intended to allow people to ditch the user ID/password setup for a “trusted identity” they would obtain from a private company that specializes in verifying identities.
You would go to one of these companies, for example, and prove your identity much like you do when you obtain a driver’s license or a passport. The company would then provide you with a smart card, keychain fob, one-time password generator, or even a phone app. Plug the smart card or fob into your computer or fire up the app when accessing online banking, buying something on Amazon, filing your taxes, or anything else that requires personal data. All of your information is stored on the “trusted identity” you received, so you don’t have to enter anything or remember a password.
“The Internet has transformed how we do business, opening up markets and connecting our economy as never before. It has revolutionized the ways in which we communicate with one another, whether with a friend down the street or a colleague across the globe,” President Obama said in a statement. “And as we have seen in recent weeks, it has empowered people all over the world with tools to share information and speak their minds. In short, the growth of the internet has been one of the greatest forces for innovation and progress in history.”
The White House stressed that this system—known as the National Strategy for Trusted Identities in Cyberspace (NSTIC)—will primarily be a private-sector undertaking, though some government agencies, such as those that provide health care or other benefits, may provide trusted IDs directly. The government is not going to require Internet IDs and will not be setting up the online shopping equivalent of the DMV, the White House said.
“The government will not require that you get a trusted ID. If you want to get one, you will be able to choose among multiple identity providers—both private and public—and among multiple digital credentials,” according to a FAQ on the NSTIC Web site.
The president has stepped into this debate because “the role of the federal government is to facilitate and help jump start the private sector’s efforts by convening workshops and bringing together the many different stakeholders important for establishing the Identity Ecosystem,” the FAQ said.
Having a variety of private-sector options will ensure that “no single credential or centralized database can emerge,” the White House said. The administration also said that this approach protects online anonymity. “Even if you do choose to get a credential from an ID provider, you would still be able to surf the Web, write a blog, visit chat rooms, or do other things online anonymously or under a pseudonym,” the White House said.
The administration first discussed this undertaking in December, when the Commerce Department issued a report that made several recommendations, including a set of principles for how companies collect and use peoples’ data and privacy protection for cloud computing and location-based services.
At this point, this trusted ID idea is just that; an idea. As the White House notes, “the Identity Ecosystem, the system of technical and policy standards described by NSTIC, is not established yet.” It will likely be “some years” before this system is a reality, but the White House said it views this report as a jumping off point to help reduce cyber crime and create a new market for innovation.
An animated description of the system is below.
Comments are closed.