White House unveils cyber ID proposal (Update)

Apr 15, 2011 by Chris Lefkow
A man surfing the web at an internet cafe. The White House unveiled a plan Friday to boost consumer confidence and business online through the creation of a single, secure credential for Internet users.

The White House unveiled a plan on Friday designed to boost confidence and business in cyberspace through the creation of a single, secure online credential.

"By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation," President Barack Obama said in a statement.

"That's why this initiative is so important for our economy," Obama said.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) proposes the creation of secure and reliable online credentials that would be available to consumers who want to use them.

It would be private-sector driven and participation would be voluntary.

The "identity ecosystem" would involve the use of a single credential -- unique software on a smartphone, a smart card or a token that generates a one-time digital password, for example, -- and would eliminate the need to remember multiple passwords.

"The consumer can use their single credential to log into any website, with more security than passwords alone provide," the White House said.

"Consumers can use their credential to prove their identity when they're carrying out sensitive transactions, like banking, and can stay anonymous when they are not," it said.

"The Internet has transformed how we communicate and do business, opening up markets, and connecting our society as never before," Obama said. "But it has also led to new challenges, like online fraud and identity theft, that harm consumers and cost billions of dollars each year."

The White House said the goal is to "make online transactions more trustworthy, thereby giving businesses and consumers more confidence in conducting business online."

In addition to providing more security for consumers, the White House said the proposed system could also provide better privacy protections.

"Today, a vast amount of information about consumers is collected as they surf the Internet and conduct transactions," it said. "How organizations handle that information can vary greatly, and more often than not, it is difficult for consumers to understand how their privacy will (or will not) be protected.

"The NSTIC seeks to drive the development of privacy-enhancing policies as well as innovative privacy-enhancing technologies to ensure that the ecosystem provides strong privacy protections for consumers," it said.

Commerce Secretary Gary Locke, speaking at an event at the US Chamber of Commerce here, said "we must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords.

"Working together, innovators, industry, consumer advocates, and the government can develop standards so that the marketplace can provide more secure online credentials, while protecting privacy, for consumers who want them," Locke said.

The Washington-based Center for Democracy & Technology issued a statement emphasizing that the NSTIC was not proposing a national identification program.

"There are two key points about this strategy: First, this is NOT a government-mandated, national ID program; in fact, it's not an identity 'program' at all," said CDT president Leslie Harris.

"Second, this is a call by the administration to the private sector to step up, take leadership of this effort and provide the innovation to implement a privacy-enhancing, trusted system," Harris said.

Explore further: Net neutrality balancing act

add to favorites email to friend print save as pdf

Related Stories

The safe way to use one Internet password

Feb 25, 2010

(PhysOrg.com) -- A little-used Internet authentication system from the 1980s could provide the answer for enabling web users to securely log in only once per Internet session, a Queensland University of Technology researcher ...

IBM software safeguards consumer identity on the Web

Jan 26, 2007

IBM today announced software that allows people to hide or anonymize their personal information on the Web, ensuring protection from identity theft and other misuse. Developed by researchers at IBM's laboratory in Zurich, ...

US senators introduce online privacy 'bill of rights'

Apr 12, 2011

US senators John Kerry and John McCain introduced an online privacy bill Tuesday that seeks to strike a balance between protecting the personal information of Web users and the needs of businesses to conduct ...

US unveils plan to make online transactions safer

Jun 26, 2010

(AP) -- In the murky world of the Internet, how do you ever really know who you're talking to, who you're buying from or if your bank can actually tell it's you when you log in to pay a bill?

New report calls for online privacy bill of rights

Dec 16, 2010

(AP) -- The Commerce Department is calling for the creation of a "privacy bill of rights" for Internet users to set ground rules for companies that collect consumer data online and use that information for marketing and ...

Recommended for you

Researchers uncover likely creator of Bitcoin

3 hours ago

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

7 hours ago

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

Net neutrality balancing act

Apr 17, 2014

Researchers in Italy, writing in the International Journal of Technology, Policy and Management have demonstrated that net neutrality benefits content creator and consumers without compromising provider innovation nor pr ...

User comments : 24

Adjust slider to filter visible comments by rank

Display comments: newest first

Doug_Huffman
2.8 / 5 (4) Apr 15, 2011
Both are a day late and a byte short, the tyrant fed and its eager subject.

Electronic Frontiers Foundation EFF.org Electronic Privacy Information Center EPIC.org Verisignlabs.com
Jeffhans1
4.2 / 5 (5) Apr 15, 2011
So in other words now people won't need to steal a whole list of details about you, they just need to obtain your overall ID and can then impersonate you at will all across the cyberverse. Brilliant.
kaasinees
1.6 / 5 (7) Apr 15, 2011
In case for all the rants against the ID.
We have such ID in this country and NO problems.
So move allong and and fold ur tin hat.
stealthc
3 / 5 (4) Apr 15, 2011
yes you do have that id, but you definitely have problems from it. The increasing tax burden on you is because of that card, before your government used to only tax corporations. Anybody who's had a problem with the IRS will tell you that no problems is bs. Anyways you slice it that number is a dependency, and by rolling out what they are doing in a way that seems non-threatening, they will have precident to start rolling out new features such as social insurance number integration perhaps, or maybe a few steps in between to get the same result we all know they are aiming for?

I won't be signing up and I will boycott any business that uses this system.
kaasinees
3.7 / 5 (3) Apr 15, 2011
wrong.

nuf said.
MorituriMax
5 / 5 (2) Apr 15, 2011
In case for all the rants against the ID.
We have such ID in this country and NO problems.
So move allong and and fold ur tin hat.


Of course, no idea what country you are in and your profile is strangely empty... don't trust the internet enough to fill out the details? Surely your ID will protect you from foul play.
SmaryJerry
not rated yet Apr 15, 2011
It sounds like a beautiful system. However, it will not make you more secure in the slightest. It will make you feel more secure and it's easier. I guess that's a good thing.
ealex
5 / 5 (1) Apr 16, 2011
right, because the government has always been such an ace at security, that's exactly where I expect a more secure authentication method to come from. I'll stick to passwords, thanks. I have a memory for a reason.
Skeptic_Heretic
not rated yet Apr 16, 2011
The ID wouldn't be your logon info, it would be your identity, similar to a screen name.

You would control your own logon credentials.

This is basically similar to creating a "login with your facebook account" style link up. It would reduce anonymity for people online and provide a method of preferred access for accountability reasons. You wouldn't be forced to use such a mechanism but it would provide benefits if you have a good reputation.
Physmet
5 / 5 (1) Apr 16, 2011
What's really great about the single identity is that your online habits can be tracked by government and advertisers alike! It will also make it easier for state government to collect that extra Use Tax when you purchase online in a state other than your own. Great benefits for them with no extra security for you!

Seriously, though, if you want a single sign-on, download any of the free password manager softwares available.
Skeptic_Heretic
1 / 5 (1) Apr 16, 2011
It will also make it easier for state government to collect that extra Use Tax when you purchase online in a state other than your own. Great benefits for them with no extra security for you!
Other than the ability to use your online presence as an alibi, a ciriculum vitae, marketing and advertising for your own business ventures, credit score suppliment, etc.

There are more benefits than detriments, plus, only those who have something to hide fear being known.
Doug_Huffman
1 / 5 (1) Apr 16, 2011
This is basically similar to creating a "login with your facebook account" style link up.
Depends on how similar is your basically. De-Facedbook is a security failure in progress.

Read up on federated social networks and consider joining DIASPORA*ALPHA
Doug_Huffman
1 / 5 (1) Apr 16, 2011
only those who have something to hide fear being known.
Riiight! So says the Anony Mouse unskeptical believer.

https://www.eff.o...networks
FrankHerbert
1 / 5 (5) Apr 16, 2011
Lil Douggie is going to exercise his free market rights and dump all his savings in Reynolds stock.
CSharpner
5 / 5 (1) Apr 17, 2011
Having been deep in IT for 29 years now and being very security conscious since I've been online since the fidonet days in the 80's, and being a systems level developer, I've got some educated opinions on this idea.

First, you don't want a single online ID. That's asking for trouble and is common sense in the IT security space, though it's convenient, for sure, one ID is bad news - well known in the security space.

The tech: Right now, you CAN have a single (or a small handful) via Google, facebook, OpenID (many providers available like MyOpenID.com), but not all sites support them.

We all have something to hide, even if it's just our ID from ID thieves. We don't want our political or religious posts broadcast to our current or future employers, for example. We don't want people who hate us online (those who oppose our political or religious views) matching those up with everything else online (family, friends, work, home, finances) to use against us.
CSharpner
not rated yet Apr 17, 2011
Even if we don't have anything to hide "legally" from the authorities, we all have everything to hide from those who'd do us harm (political enemies, stalkers, predators, etc...).

I think the gist of the white house's proposal is that we need some way for both businesses and individuals to be able to validate each others' ID. That is obviously a good thing to have. Don't be mistaken that it is accomplished with a universal, online ID. The same goal can be accomplished without the need for a single online ID. Businesses can certify who they are with the more advanced SSL certs (the ones that turn your address bar green). Businesses can confirm individuals with stringent ID verification (like your bank does and your credit cards to let you gain access to your online accounts). Of course, each institution has their own custom-made verification system, so it's cumbersome, but it's not impossible.

There's some entrepreneurial opportunity here though...
(continued...)
CSharpner
not rated yet Apr 17, 2011
(continued...)
More than one web site can offer users to create online IDs, pay a fee, and the site can research you just like your bank does, and give the green light to businesses that the information associated with your ID from their site is truly you. That site can provide SSO (single sign-on - like facebook, google, openid, and others already do) with an open API to any business that wishes to use. There are likely already plenty of these sites around... the eBusiness industry just needs to adopt their use more and they'd be accomplishing what the white house is urging.

To some extent, Google Checkout and Paypal (amoung others) already provide something very similar. For example, sign up with either of them, and you can use that one ID to make purchases on thousands of web sites (including one of mine). I have the guarantee from GC that I get paid, even if you don't pay.

(continued...)
CSharpner
not rated yet Apr 17, 2011
(final page...)

That provides the guarantees and security I need as an online store owner and as a GC user, you have the guarantee from GC that you will not lose your money, and GC does all the vetting of both me AND you because they're putting THEMSELVES on the line for fraud from either of us.

In short, these systems are mostly there. It's just a matter of more sites hooking up with these places that do the online vetting.

You'll likely never be able to do this with just one online ID as many companies rightly reserve the right to do their OWN vetting of you, so they'll make sure you are who you say you are, requiring you to essentially have an additional ID on their web site.

But, the central message of the white house's suggestion is valid. "The National Strategy for Trusted Identities in Cyberspace (NSTIC) proposes the creation of secure and reliable online credentials that would be available to consumers who want to use them." Single-ID-only not required to to accomplish it.
Skeptic_Heretic
5 / 5 (1) Apr 17, 2011
First, you don't want a single online ID. That's asking for trouble and is common sense in the IT security space, though it's convenient, for sure, one ID is bad news - well known in the security space.
But, the central message of the white house's suggestion is valid. "The National Strategy for Trusted Identities in Cyberspace (NSTIC) proposes the creation of secure and reliable online credentials that would be available to consumers who want to use them." Single-ID-only not required to to accomplish it.
This isn't a single ID, it's a single signon mechanism. I'm actually working on this project. If you want your fears/questions answered, feel free to ask. I'll disclose what I'm able to. Think social security. You have a social security ID to link your fiscal identity to your personal identity. That doesn't mean that when someone has your soc sec they have access to all of your bank accounts (unless you're really stupid).
random
not rated yet Apr 17, 2011
Frankly, I refuse to accept this because it will allow government to track my legally questionable activities.
RegenegeR
not rated yet Apr 18, 2011
A single ID, a single sign-on mechanism... Both are a single hurdle to hack your didital footprint.

When it comes to security, the best protection is redundancy. And this applies beyond the digital realm. (why do you suppose all important systems have them built in?)

Good example of this is monoculture gardening: One disease, and your entire harvest is screwed. Redundant planting of varying species (of the same kind), or even better permaculture, and you loose a few, but resistance prevails.
(please excuse my English, second language)
Skeptic_Heretic
not rated yet Apr 18, 2011
A single ID, a single sign-on mechanism... Both are a single hurdle to hack your didital footprint.

You understand the difference between profiles and id's, correct?
J-n
5 / 5 (1) Apr 18, 2011
I'm not a fan of single ID programs.

The internet right now provides some semblance of anonymity, this allows people the freedom to express views or ideas which may not be completely accecpted by the majority of individuals in a society without the thread of being ostracised from said group.

Say in a few years we go to war and the powers that be decide that this is another one of those wars that it would be "Unpatriotic" to denounce publically. You are not in favor of this war as it goes against your particular morals.

Now because everyone knows who you are online and in RL, people not only flame you online, but now show up at your job to complain to your boss about your unpatriotic online statements, they vandalize your car, and your children are harassed at school by teachers and students.

Allowing people the apperance of anonymity (yes you can be tracked via IP and your ISP) allows people to freely speak their mind and to contribute in meaningful ways.
CSharpner
not rated yet Apr 18, 2011
I'm actually working on this project. If you want your fears/questions answered, feel free to ask. I'll disclose what I'm able to.

Yes. Please send me any information you can, including resources where I can discover more. For example, is there a central, public website (or more than one)?

Thanks!

More news stories

Under some LED bulbs whites aren't 'whiter than white'

For years, companies have been adding whiteners to laundry detergent, paints, plastics, paper and fabrics to make whites look "whiter than white," but now, with a switch away from incandescent and fluorescent lighting, different ...

Researchers uncover likely creator of Bitcoin

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

Continents may be a key feature of Super-Earths

Huge Earth-like planets that have both continents and oceans may be better at harboring extraterrestrial life than those that are water-only worlds. A new study gives hope for the possibility that many super-Earth ...

Researchers successfully clone adult human stem cells

(Phys.org) —An international team of researchers, led by Robert Lanza, of Advanced Cell Technology, has announced that they have performed the first successful cloning of adult human skin cells into stem ...