Jan. 7 (Bloomberg) — The Obama administration plans to announce today plans for an Internet identity system that will limit fraud and streamline online transactions, leading to a surge in Web commerce, officials said.
While the White House has spearheaded development of the framework for secure online identities, the system led by the U.S. Commerce Department will be voluntary and maintained by private companies, said the officials, who spoke on condition of anonymity ahead of the announcement.
A group representing companies including Verizon Communications Inc., Google Inc., PayPal Inc., Symantec Corp. and AT&T Inc. has supported the program, called the National Strategy for Trusted Identities in Cyberspace, or NSTIC.
[su_quote]This is going to cause a huge shift in consumer use of the Internet,” said John Clippinger, co-director of the Law Lab at Harvard’s Berkman Center for Internet and Society in Cambridge, Massachusetts. “There’s going to be a huge bump and a huge increase in the amount and kind of data retailers are going to have.[/su_quote]
Most companies have separate systems for signing on to e-mail accounts or conducting secure online transactions, requiring that users memorize multiple passwords and repeat steps. Under the new program, consumers would sign in just once and be able to move among other websites, eliminating the inconvenience that causes consumers to drop many transactions.
For example, once the system is in place, Google would be able to join a trusted framework that has adopted the rules and guidelines established by the Commerce Department. From that point, someone who logged into a Google e-mail account would be able to conduct other business including banking or shopping with other members of the group without having to provide additional information or verification.
Bruce McConnell, a senior counselor for national protection at the Department of Homeland Security, said NSTIC may lead to a big reduction in the size of Internet help desks, which spend much of their time assisting users who have forgotten their passwords. Because the systems would be more secure, he said, it may also result in many transactions that are now done on paper, from pharmaceutical to real estate purchases, to be done online faster and cheaper.
A draft paper outlining NSTIC was released for comment by he White House in June.
‘Who Do You Trust?’
[su_quote]NSTIC could go a long way toward advancing one of the fundamental challenges of the Internet today, which is — Who do you trust?” said Don Thibeau, chairman of the Open Identity Exchange, an industry group based in San Ramon, California, representing companies that support development of the new framework. What is holding back the growth of e-commerce is not technology, it’s policy. This gives us the rules, the policies that we need to really move forward.[/su_quote]
The new system will probably hasten the death of traditional passwords, Clippinger said. Instead, users may rely on devices such as smartcards with embedded chips, tokens that generate random codes or biometric devices.
[su_quote]Passwords will disappear,” said Clippinger. “They’re buggy whips. The old privacy and security conventions don’t work. You need a new architecture.[/su_quote]
Development of a more advanced security system began in August 2004, when President George W. Bush issued a Homeland Security Presidential Directive that required all federal employees be given smartcards with multiple uses, such as gaining access to buildings, signing on to government websites and insuring that only people with proper clearances would have access to restricted documents. The system was intended to be more secure and more efficient.
The Obama administration advanced the process when it issued its “Cyberspace Policy Review” in 2009. One of the 10 priorities was the security identification system.
The federal government is facilitating what it calls a “foundational” system in two ways. It is developing the framework for the identification plan, and it will make a large number of government agencies, services and products available through the secure system, from tax returns to reserving campsites at national parks.
[su_quote]Innovation is one of the key aspects here,” said Ari Schwartz, a senior adviser for Internet policy at the Department of Commerce. “There’s so much that could be done if we could trust transactions more.[/su_quote]
Schwartz said use of the system, once companies voluntarily choose to participate, may spur a range of efficiencies and e-commerce similar to the way ATM machines transformed banking, opening the way to a growing number of services little by little.
Civil libertarians have expressed concern that the system may not protect privacy as well as the government is promising.
[su_quote]If the concept were implemented in a perfect way it would be very good,” said Jay Stanley, a senior policy analyst for privacy and technology at the New York-based American Civil Liberties Union. “It’s a convenience. But having a single point of failure may not be good for protecting privacy. The devil’s really in the details.” He said the ACLU would “vehemently oppose” anything that resembled a national ID card.[/su_quote]
Aaron Brauer-Rieke, a fellow at the Center for Democracy & Technology in Washington, a civil liberties group, said it was important that the system would be operated by private companies, not the government. He said he was concerned about how the data on consumer online transactions would be used.
[su_quote]New identity systems will allow moving from one site to another with less friction and open up data flows, but might also enable new kinds of targeted advertising,” he said. “We have to make sure privacy doesn’t get lost in this.[/su_quote]
Schwartz and McConnell said the new system wouldn’t be a national identity card and that companies, not the government, would manage the data being passed online.
[su_quote]There will not be a single data base for this information,” McConnell said.[/su_quote]
Editors: Elizabeth Wollman, Joe Winski
To contact the reporter on this story:
James Sterngold in New York at +1-212-617-4946 or
jsterngold2 [at] bloomberg [dot] net
To contact the editor responsible for this story:
David Scheer at +1-212-617-2358 or dscheer [at] bloomberg [dot] net.