Doing business on the Internet can be dangerous, especially when online transactions are involved, but pretty soon, a unique public-private partnership could make online activity safer — and simpler for users in the process.
On Friday, April 15, federal officials, including U.S. Commerce Secretary Gary Locke, unveiled the National Strategy for Trusted Identities in Cyberspace (NSTIC), an initiative to create a network that facilitates secure transactions and enhances user safety and information control.
“I’m optimistic that NSTIC will jump-start a range of private-sector initiatives to enhance the security of online transactions,” Locke told the audience. “This strategy will leverage the power and imagination of entrepreneurs in the private sector to find uniquely American solutions.”
In this network, a citizen would pick a public or private entity to provide a secure identification. The entity would issue one after the citizen proved his or her identity, and then the citizen could use this identification however he or she wished, perhaps only for sensitive transactions, like commerce, and not for Internet use, which is less personal. The National Institute of Standards and Technology, a division of the U.S. Commerce Department, has an online video presentation of how such an “identity ecosystem” would work.
This could eliminate the need for people to remember multiple user names and passwords. “I personally have a whole bunch, and you write them down. Passwords are weak at best because we reuse them or we create variations on a theme because we really don’t want to remember complex, unique passwords for all of our interactions,” said Judith Spencer, chair of the Policy Management Authority for CertiPath.
That company is one of four that are on board to guide NSTIC’s development. CertiPath, along with Northrop Grumman, Microsoft and CA Technologies developed a proof of concept of a cross-sector digital identity initiative that was demonstrated during the announcement. The Friday demonstration showed how mobile devices could authenticate online transactions.
Spencer said both colleagues and competitors think this is a good idea. “We think this is something that is good for all and that we can all benefit from this,” she said. “We can make e-commerce much more attractive to individuals.”
Locke said the government thinks it would be better for the private sector to spearhead this plan. If the government was the single issuer of identifications, that could create privacy issues. “Having a single issuer of identities creates unacceptable privacy and civil liberties issues. We want to spur innovation, not limit it,” he said.
Spencer said private companies would participate because of the chance to create a new market on the Internet and facilitate more transactions that would presumably be safer. “There are a lot of people who actually fear it, so what if you could create a space that was safe and that people understood?” she said.
According to Spencer, the government wants results within the next 90 days, which means more pilots and demonstrations are on the way. But achieving a long-term, comprehensive identity ecosystem with multiple companies on board will come later. Yet, she’s optimistic. “I don’t think a year would be a stretch. I actually think we will see some things starting to gain a foothold. I believe in the next year, maybe 18 months,” she said.
The White House has made the NSTIC strategy document publicly viewable.