Jan 11

White House, Commerce prepare for trusted identities in cyberspace

President Obama will soon sign a finalized version of the National Strategy for Trusted Identities in Cyberspace and the Commerce Department will stand up a national program office focused on the implementation of that strategy, announced Commerce Secretary Gary Locke, at a Jan. 7 Stanford University event.

The goal of NSTIC is to create an “identity ecosystem” which gives users greater confidence in the online identities of each other and trust in the infrastructure that facilitates such transactions, said Locke. Despite the fact that the world does an estimated $10 trillion in online business, the Internet faces something of a trust issue, he said. “It will not reach its full potential until users and consumers feel more secure than they do today when they go online,” Locke added.

The White House release a draft (.pdf) NSTIC proposal in June 2010. Given the Commerce Department’s Internet Policy Task Force and work by the National Institute of Standards and Technology, DoC is a logical place for the NSTIC program office, especially given the program’s e-commerce focus, said Locke.

Officials speaking at the event stressed that NSTIC will not lead to a national ID card or a government-controlled system. Rather, NSTIC aims to build consensus on legal and policy frameworks for the creation of more trusted digital identities. “The government cannot create that identity infrastructure, because if it tried to it wouldn’t be trusted,” said James Dempsey, vice president for public policy at the Center for Democracy and Technology.

“We need private sector to lead the building of an identity ecosystem,” said Howard Schmidt, White House cybersecurity coordinator.

When finalized, NSTIC will not be a one-size-fits-all solution for Internet users, said Dempsey; it will support a range of transactions from anonymous to those which rely on greater trust. According to Schmidt, identities will be voluntary, services will be resilient, services will be interoperable and services should be cost effective.

Dempsey said if NSTIC is successful, it should be a model for cyber policy going forward because it draws from the strengths and feedback provided by the private sector, not top-down mandates. Philip Bond, president of TechAmerica said the efforts will be successful if government sets and “aggressive schedule of interaction with industry.

Leave a Reply