Internet IDs for Americans

Internet ID for Americans: Just How Big is the Opportunity for Technology Companies?

Anything the government does, the private sector can do better. The job of the government is to provide the framework in which we operate. Not to do the function for us. They set the rules, they assist in the setting of standards, and they monitor the function within that framework and rules. A single point of access to information is not a good idea. Diversity in systems and infrastructure has always resulted in better operating systems. Redundancy and reliability are the result of careful planning and good execution of standards. Competitive forces in a capitalistic society generally push systems to become what we need them to be. Whatever the government does will cost the taxpayer more. The government has shown over and over again that they are inefficient — resulting in higher cost to taxpayer for the same things that can be done in the private sector. Show us the way, steer us in a direction, and let us do the job!

January 11, 2011

Connected Planet Blog - This week, the Commerce Department announced it will create a new office to create an Internet ID for all Americans (know as The National Strategy for Trusted Identities in Cyberspace (NSTIC). The choice by the Obama Administration of the Commerce Dept. might be attributable to complaints by some who question the ability of the National Security Agency and the Dept. of Homeland Security to balance their roles as policing/enforcement agencies with the need to respect privacy and civil liberties.

But this announcement will no doubt trigger hot debates on whether this type of initiative would reduce or in fact increase the chances of identify theft, fraud or other types of illicit behavior, a well as abuses by either private companies and perhaps even the government.

For one, no government agency is ever going to win awards for efficiently managing anything in the long run. And when it comes to administering something as potentially enormous as this, there will be a lot of data, a lot of oversight and a lot of participation by American citizens to manage.

Efforts to “centralize” data so that people no longer have to use different passwords and email validations to access different online entities will require robust and powerful technologies, so there will no doubt be a lot of technology giants salivating for this to go through.

Simultaneously, there will no doubt be a lot of people questioning whether centralizing data is really “safer” than having federated data pools of data controlled more by individuals than government officials or the technology companies with which they contract. Anytime data is accessible through a single entry point it can be more readily compromised. It may be easier to manage, but some will argue it is more vulnerable to attack or compromise.

The level of centralization of personal data that has already taken place has already opened up unprecedented levels of access to that data by marketers, pretexters, social engineers and others capable of capitalizing on our personal information, stealing our identities or participating in illicit behaviors.

It will be interesting to see how Americans react to this as it evolves. And it will be interesting to see what players in the data collection and management space, as well as analytics, intelligence and management will develop in order to procure government contracts.

So questions will boil down to how to monitor how chosen technology players proceed with what they are tasked without giving into the temptation to use that centralized data for their own purposes, and, what independent third party will monitor the government to ensure it doesn’t overstep its authority in the name of “homeland security” or “consumer protectionism.”

There will have to be a lot of checks and balances for this to work effectively.

Obama Administration Reportedly Plans to Create Internet ID for All Americans

January 7, 2011

CNet - President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today.

It's "the absolute perfect spot in the U.S. government" to centralize efforts toward creating an "identity ecosystem" for the Internet, White House Cybersecurity Coordinator Howard Schmidt said.

That news, first reported by CNET, effectively pushes the department to the forefront of the issue, beating out other potential candidates, including the National Security Agency and the Department of Homeland Security. The move also is likely to please privacy and civil-liberties groups that have raised concerns in the past over the dual roles of police and intelligence agencies.

The announcement came at an event today at the Stanford Institute for Economic Policy Research, where U.S. Commerce Secretary Gary Locke and Schmidt spoke.

The Obama administration is currently drafting what it's calling the National Strategy for Trusted Identities in Cyberspace, which Locke said will be released by the president in the next few months. (An early version was publicly released last summer.)

"We are not talking about a national ID card," Locke said at the Stanford event. "We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities."

The Commerce Department will be setting up a national program office to work on this project, Locke said.

Details about the "trusted identity" project are remarkably scarce. Last year's announcement referenced a possible forthcoming smart card or digital certificate that would prove that online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions.

Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet.

"I don't have to get a credential, if I don't want to," he said. There's no chance that "a centralized database will emerge," and "we need the private sector to lead the implementation of this," he said.

Jim Dempsey of the Center for Democracy and Technology, who spoke later at the event, said any Internet ID must be created by the private sector--and also voluntary and competitive.

"The government cannot create that identity infrastructure," Dempsey said. "If it tried to, it wouldn't be trusted."

Inter-agency rivalries to claim authority over cybersecurity have existed ever since many responsibilities were centralized in the Department of Homeland Security as part of its creation nine years ago. Three years ago, proposals were circulating in Washington to transfer authority to the secretive NSA, which is part of the U.S. Defense Department.

In March 2009, Rod Beckström, director of Homeland Security's National Cybersecurity Center, resigned through a letter that gave a rare public glimpse into the competition for budgetary dollars and cybersecurity authority. Beckstrom said at the time that the NSA "effectively controls DHS cyberefforts through detailees, technology insertions," and has proposed moving some functions to the agency's Fort Meade, Md., headquarters.

One of the NSA's missions is, of course, information assurance. But its normally lustrous star in the political firmament has dimmed a bit due to Wikileaks-related revelations.

Bradley Manning, the U.S. Army private who is accused of liberating hundreds of thousands of confidential government documents from military networks and sending them to Wikileaks, apparently joked about the NSA's incompetence in an online chat last spring.

"I even asked the NSA guy if he could find any suspicious activity coming out of local networks," Manning reportedly said in a chat transcript provided by ex-hacker Adrian Lamo. "He shrugged and said, 'It's not a priority.'"