Internet Identity System Said Readied by Obama 25


Internet Identity System Said Readied by Obama Administration
2011-01-07 05:00:01.9 GMT

By James Sterngold

Jan. 7 (Bloomberg) — The Obama administration plans to
announce today plans for an Internet identity system that will
limit fraud and streamline online transactions, leading to a
surge in Web commerce, officials said.

While the White House has spearheaded development of the
framework for secure online identities, the system led by the
U.S. Commerce Department will be voluntary and maintained by
private companies, said the officials, who spoke on condition of
anonymity ahead of the announcement.

A group representing companies including Verizon
Communications Inc., Google Inc., PayPal Inc., Symantec Corp.
and AT&T Inc. has supported the program, called the National
Strategy for Trusted Identities in Cyberspace, or NSTIC.
“This is going to cause a huge shift in consumer use of
the Internet,” said John Clippinger, co-director of the Law Lab
at Harvard’s Berkman Center for Internet and Society in
Cambridge, Massachusetts. “There’s going to be a huge bump and
a huge increase in the amount and kind of data retailers are
going to have.”

Most companies have separate systems for signing on to e-
mail accounts or conducting secure online transactions,
requiring that users memorize multiple passwords and repeat
steps. Under the new program, consumers would sign in just once
and be able to move among other websites, eliminating the
inconvenience that causes consumers to drop many transactions.

Fewer Passwords

For example, once the system is in place, Google would be
able to join a trusted framework that has adopted the rules and
guidelines established by the Commerce Department. From that
point, someone who logged into a Google e-mail account would be
able to conduct other business including banking or shopping
with other members of the group without having to provide
additional information or verification.

Bruce McConnell, a senior counselor for national protection
at the Department of Homeland Security, said NSTIC may lead to a
big reduction in the size of Internet help desks, which spend
much of their time assisting users who have forgotten their
passwords. Because the systems would be more secure, he said, it
may also result in many transactions that are now done on paper,
from pharmaceutical to real estate purchases, to be done online
faster and cheaper.

A draft paper outlining NSTIC was released for comment by
the White House in June.

‘Who Do You Trust?’

“NSTIC could go a long way toward advancing one of the
fundamental challenges of the Internet today, which is — Who do
you trust?” said Don Thibeau, chairman of the Open Identity
Exchange, an industry group based in San Ramon, California,
representing companies that support development of the new
framework.

“What is holding back the growth of e-commerce is not
technology, it’s policy. This gives us the rules, the policies
that we need to really move forward.”

The new system will probably hasten the death of
traditional passwords, Clippinger said. Instead, users may rely
on devices such as smartcards with embedded chips, tokens that
generate random codes or biometric devices.

“Passwords will disappear,” said Clippinger. “They’re
buggy whips. The old privacy and security conventions don’t
work. You need a new architecture.”

Secure, Efficient

Development of a more advanced security system began in
August 2004, when President George W. Bush issued a Homeland
Security Presidential Directive that required all federal
employees be given smartcards with multiple uses, such as
gaining access to buildings, signing on to government websites
and insuring that only people with proper clearances would have
access to restricted documents. The system was intended to be
more secure and more efficient.

The Obama administration advanced the process when it
issued its “Cyberspace Policy Review” in 2009. One of the 10
priorities was the security identification system.
The federal government is facilitating what it calls a
“foundational” system in two ways. It is developing the
framework for the identification plan, and it will make a large
number of government agencies, services and products available
through the secure system, from tax returns to reserving
campsites at national parks.

“Innovation is one of the key aspects here,” said Ari
Schwartz, a senior adviser for Internet policy at the Department
of Commerce. “There’s so much that could be done if we could
trust transactions more.”

Schwartz said use of the system, once companies voluntarily
choose to participate, may spur a range of efficiencies and e-
commerce similar to the way ATM machines transformed banking,
opening the way to a growing number of services little by
little.

Privacy Concerns

Civil libertarians have expressed concern that the system
may not protect privacy as well as the government is promising.
“If the concept were implemented in a perfect way it would
be very good,” said Jay Stanley, a senior policy analyst for
privacy and technology at the New York-based American Civil
Liberties Union. “It’s a convenience. But having a single point
of failure may not be good for protecting privacy. The devil’s
really in the details.” He said the ACLU would “vehemently
oppose” anything that resembled a national ID card.

Aaron Brauer-Rieke, a fellow at the Center for Democracy &
Technology in Washington, a civil liberties group, said it was
important that the system would be operated by private
companies, not the government. He said he was concerned about
how the data on consumer online transactions would be used.
“New identity systems will allow moving from one site to
another with less friction and open up data flows, but might
also enable new kinds of targeted advertising,” he said. “We
have to make sure privacy doesn’t get lost in this.”

Schwartz and McConnell said the new system wouldn’t be a
national identity card and that companies, not the government,
would manage the data being passed online.
“There will not be a single data base for this
information,” McConnell said.

For Related News and Information:
Internet shopping stories: TNI INTERNET RET <GO>
Top retail stories: RTOP <GO>
Top government stories: GTOP <GO>

–Editors: Elizabeth Wollman, Joe Winski

To contact the reporter on this story:
James Sterngold in New York at +1-212-617-4946 or
jsterngold2@bloomberg.net

To contact the editor responsible for this story:
David Scheer at +1-212-617-2358 or dscheer@bloomberg.net.

  • Worried

    “There will not be a single data base for this
    information,” McConnell said.

    So where will the identity be stored then?

  • Pingback: Quora

  • Matt

    Long overdue, yet absolutely brilliant.

    Yes, Yes! Please make the internet as safe as possible.

    Thank you President Obama!

    Matthew

  • http://brazza.eu Brazza

    Would u trust the government with YOUR_PASSWORD? I wouldn’t

    But we do need an new system to secure our sites/logins

  • Sharinltie

    “All under one…” is the government honestly thinking we will trust it? It has lost millions of SS numbers; pays over half a million dead people; can’t get their employees to answer phones, return emails or communicate with us and now, the government, want to hand some private companies the ability to tract us 100% of the time? Wow!

  • The Dissident

    What a pile of crap! The Internet has been a source of success because government did NOT regulate it!

    Lets allow bureaucracies to control it, or, in this sense outsource government control into the hands of private companies like Google, AT&T, etc. so they can fudge it up and send their numbers, figures, statistics, and names to the government.

    (Lets not forget that Google, AT&T, etc. donate to ONE party in particular…hmmm…conflict of interest?)

    China is an excellent source for such an operation and their “Green Dam Youth” software which became mandatory for a while. It’s no longer “mandatory”, but still being operated behind closed doors.

    Ever hear of a Chinese journalist speaking freely without government approval? No….because they don’t exist. Ditto for Russia, Mexico, Cuba, Saudi Arabia, North Korea, and the most of the world.

    Regulate the Internet and freedom dissolves, disappears, in a wink of an eye.

    Goodbye freedom….I shall no longer be able to speak my mind b/c I’m in fear of some government bureaucrat or politician disagreeing with me.

    ….all in the name of “safety”, “hope”, “security”, or whatever empty promise they make.

    I hope you log my IP address whatever host this is, b/c if you don’t, you might be an accomplice to the crime I just committed: freedom of speech.

    ….it’s coming….just wait.

  • el Zoro

    Thanks but no-thanks. While I hate Passwords and it’s a long necessary app, I think I’ll pass. We don’t need any Government- or Corporate- managed Identity Database — not that there’s still any significant separation between the two. This would simply bring today’s reality to a smart-card in our pockets, or attached to our cyber-identities.

  • http://komentarij.blogspot.com/ Taras

    All goverments off “free” countries afraid free Internet. But USA? I have not words…

  • LaurenD

    TO THE PARANOID (e.g. ‘The Dissident’):

    The Obama administration is simply stating the obvious when it says current strategies for security and privacy online are dead. And, when it assumes that a single online identity for each user COULD make possible a less flaky security situation, and enable a much improved web-services environment.
    The next step is to come up with a better solution, and that solution will likely have to be a centralized corporate solution, or a government solution, or some combination. Why? Because, generally speaking, the more small entities have their hands on the security mechanisms, the less secure they become.
    Perhaps the more geaky among us can manage our own security, but then what about the rest of those online (the vast majority who are not uber-geeks)? Are they just to be the casualties in your libertarian pursuit of self-interest? At the moment there simply does not exist a set of tools that would enable the masses to individually, easily, secure a single online identity to be used across websites (OpenID is as good as it gets, and that’s not good enough).

    Nobody’s trying to steal your freedoms here; everyone’s just trying to push for something better online.

    Now as for “THE DISSIDENT’s” paranoid delusions that this is some big-brother conspiracy:

    Do you REALLY believe that the government gives a damn about your paranoid delusions? If so, who in the government is it that gives a damn; do you imagine Hillary Clinton is wondering what YOU think of her, or her policy preferences? Do you really believe that Obama is sitting around trying to figure out how to crush your ability to differ with him on economic policy? If so, then please seek professional help; seriously, there are much bigger concerns on the minds of those in public office, and frankly they don’t give a damn what you in particular have to say — you’re just not that important.
    There is, of course, a more legitimate concern here, but it is not a big-brother thought-police one. It is instead the individual manipulation of such a centralized system: the sort that might compromise the privacy and/or security of those in the public eye, or the sort that would enable criminal fraud and blackmail of individuals whose identities had been spoofed. BUT WAIT! That’s the problem now! So all we have to lose, is already lost.
    That’s my two cents.

  • Pingback: OpenID: The Web’s Most Successful Failure | Al Terry Gough

  • Pingback: OpenID: The Web’s Most Successful Failure | t3knoDorKs

  • Johnny Rebel

    One Pass to rule them all, One Pass to find them,
    One Pass to bring them all and in their freedom bind them.

    In the land of government where the shadows lie.

  • http://na prevere

    Do you really trust private companies with your personal data ? If you do then you are a fool. Yeah right, the center for Democracy and Technology is as real as the Tea Party.

  • http://TheHaverkamps.net Lance Haverkamp

    Taking a cue from Al Gore, Obama invents x.509 certificates!

  • dvsjr

    I can’t imagine a better example of why anonymity needs to go away on the web. Looking at these rude, blatantly trollish comments from anonymous posters is just what the argument for secure identity on the internet needs.

  • http://ka8ykk@gmail.com Chuck

    I sitting here with a 3 ring note book divided into categories, music, media, banks, credit cards and thinking what a great idea. However it does appear to be similar to a national ID like our social security number, drivers license number our phone number. Oh great, what next! License plate number, house number, apartment number. We’re doomed to be known by our number, cradle to the grave.

  • kyle

    i don’t like it personally. we don’t need the government to step in and “help”. as it is the openid system has existed for many years now so we don’t need a new system. if openid is so “broken” don’t make a new system, work on the old one.

  • http://www.flowerhouse.se Blombud

    I dont like this, I dont like this at all…
    Will help the customers remembering less password? What kind of crap is that?
    Who do they think they are fooling?

  • http://temcos.com Temcos

    They can’t agree or pass anything. One party will find a way to block this.

  • http://n/a Mike

    Multiple individual companies that are equipped to validate and store “identities” as long as one company does not share with another…especially the government. Sharing with the NSA, the FBI and CIA only when a crime is about to happen or has happened…AND these actions need to be protected by rules similar to FISA of 1978.

  • http://www.solomome.com Peter

    I think Jay Stanley sums it up perfectly “It’s a convenience. But having a single point of failure may not be good for protecting privacy!

  • FireMouse

    Brilliant and long overdue. BUT, I will be seriously opposed to it if the entire framework and standards are not 100% transparent, free, neutral and open source… It should be 100% open for critical scrutiny, and correction under an open standard management model.

  • Nat Sakimura

    It depends on how you see it.
    If the IdP is on your side, they can protect your privacy by using PPID.
    Using the same mail address everywhere to login certainly does not help privacy.
    PPID is much better in this respect.

    If the IdP is your enemy, yes, you are right, but you can at least choose an IdP that’s on your side.
    That’s why freedom of choice and diversity/variety is important.

  • http://www.kontrast.pl/ Sklep komputerowy

    This is a good way forward, not what in Europe ACTA, which raises a lot of controversy and suppresses development of the internet!

  • Pingback: Obama Administration Pilots Internet IDs, A Great Way to Shut Down Dissent | www.independentsentinel.com