[LINK] Trusted Identities

stephen at melbpc.org.au stephen at melbpc.org.au
Wed Jan 12 14:50:52 AEDT 2011 

> From: "WebProNews" <webpronews at ientrynetwork.net>
> Subject: White House Plan for Web Identity Ecosystem a Tough Sell So Far
> Date: Tue, 11 Jan 2011 12:56:04 -0500


======================================================================
This is a WebProNews Mailing
Please see the bottom of this mailing for subscription information.
======================================================================

White House Plan for Web Identity Ecosystem a Tough Sell So Far

National Strategy for Trusted Identities in Cyberspace Draws Criticism

By: Chris Crum

The White House is working on a "National Strategy for Trusted Identities
in Cyberspace" in which it has placed the Commerce Department in charge
of an "Identity Ecoystem". 

In a nutshell, the program is about giving consumers IDs they can use to
log in across sites all over the web, which they can rely on as being
secure, and not have to worry about remembering countless passwords (and
thereby not having to use the same password over and over again on
different sites, which is incredibly helpful to cyber criminals).

Would you rather have a single web ID than use multiple passwords? 
Comment here. http://redir.ientry.com/04-18661-2036962-1809000-0-20

Of course the announcement of this strategy has already drawn plenty 
of skepticism, backlash, and general controversy. For example, many 
are skeptical that government can succeed where technology giants 
like Microsoft or Google have not. As some have pointed out, the 
company that's probably come the closest and has the best chance of 
accomplishing becoming online users' universal ID would be Facebook, 
given not only its enormous amount of users, but its integration into 
a large portion of the web through Facebook log-in. Add mobile and 
the rest of the world outside of the U.S. to the mix, and Facebook 
does have a very widespread and portable reach. Of course not 
everyone trusts Facebook to be their universal ID, with many very 
concerned with how the company treats privacy issues.

Much of the criticism of the White House's efforts has been over the 
vagueness of the strategy, and of course many simply don't want the 
government involved in this.

Here is the explanation of the strategy from Howard A. Schmidt, the 
Cybersecurity Coordinator and Special Assistant to President Obama 
(from WhiteHouse.gov):

"This holiday season, consumers spent a record $30.81 billion in online 
retail spending, an increase of 13 percent over the same period the 
previous year.  This striking growth outshines even the notable 
3.3-5.5 percent overall increase in holiday spending this past year. 
While clearly a positive sign for our economy, losses from online 
fraud and identity theft eat away at these gains, not to mention the 
harm that identity crime causes directly to millions of victims. We 
have a major problem in cyberspace, because when we are online we do 
not really know if people, businesses, and organizations are who they 
say they are. Moreover, we now have to remember dozens of user names 
and passwords. This multiplicity is so inconvenient that most people 
re-use their passwords for different accounts, which gives the 
criminal who compromises their password the "keys to the kingdom."

We need a cyber world that enables people to validate their identities 
securely, but with minimal disclosure of information when they're 
doing sensitive transactions (like banking) - and lets them stay 
anonymous when they're not (like blogging). We need a vibrant 
marketplace that provides people with choices among multiple 
accredited identity providers – both private and public – and choices 
among multiple credentials. For example, imagine that a student could 
get a digital credential from her cell phone provider and another one 
from her university and use either of them to log-in to her bank, her 
e-mail, her social networking site, and so on, all without having to 
remember dozens of passwords. Such a marketplace will ensure that no 
single credential or centralized database can emerge. In this world, we 
can cut losses from fraud and identity theft, as well as cut costs for 
businesses and government by reducing inefficient identification 
procedures. We can put in-person services online without security 
trade-offs, thereby providing greater convenience for everyone.

"We are not talking about a national ID card," U.S. Commerce Secretary 
Gary Locke is quoted as saying at the event where the plan was 
announced. "We are not talking about a government-controlled system."

That's not enough to curb the criticism, however. For example, 
Pascal-Emmanuel Gobry at Silicon Alley Insider says, "The big 
security/IT companies with the right Washington connections to get this 
gig don't reassure us any more than the government does." Gobry does 
also suggest that having the Commerce Department, as opposed to the 
Department of Homeland Security run the program feels a little less 
"big-brotherish."

As far as I can tell, there's nothing here indicating that people will 
be required to use IDs from this program. It will be interesting to 
see how it is adopted around the web. Will people trust this system 
more than they trust Facebook? Of course there are other options like 
OpenID, at least for the sites that support them.

Would you use an ID like the White House is suggesting?
http://redir.ientry.com/04-18661-2036962-1809000-0-20

Share your thoughts in the comments or discuss with our Facebook fans.
http://redir.ientry.com/04-18667-2036962-1809000-0-20  
 
Read this article on webpronews.com:
http://redir.ientry.com/04-18570-2036962-1809000-0-20

--

Cheers,
Stephen

More information about the Link mailing list