Trusted IDs face fearful response

Proposed 'identity ecosystem' has plenty of pros and cons

The level of fear, uncertainty and doubt (FUD) that has always been a factor in online business has taken a turn for the worse — courtesy of the federal government, no less.

In late June, the Obama administration released a draft strategy for creating a system aimed at protecting individuals against identity theft, Internet scams and other malicious activity, whether someone is buying a book or downloading an electronic health record.

The gist of the proposal is simple: Develop a process for providing individuals with secure personal identifiers, such as digital certificates or smart cards, which they can use when conducting online transactions.

“The problem, as depicted in Peter Steiner’s legendary 1993 'New Yorker' cartoon, is that on the Internet nobody knows you’re a dog,” writes John Markoff for the New York Times. “And thus the enduring conundrum over who can be trusted in cyberspace.”

At present, many businesses issue personal identifiers, such as passwords or personal ID number codes, to online customers. But the administration envisions a trusted identity ecosystem in which all participating organizations agree to recognize the identifiers issued by one another. Participation would be voluntary for organizations and individuals, but the administration is betting that the prospect of convenient, secure online transactions would be a big draw.

However, the FUD factor might temper that optimism.

Some people fear that the system would improve security at the expense of privacy, with the secure identifier making it easier to monitor an individual’s online activity.

The Obama administration “must tread carefully, as efforts to create identity cards, personal certificates or other systems of identifiers raise privacy worries and fears of Big Brother tracking its citizens online,” writes Lolita Baldor for the Associated Press.

Then again, some people are uncertain that the plan would even improve security.

The Homeland Security Department set up an online forum to gather feedback from the public. One reader thought the government’s approach made the prospect of identity theft even more frightening than it already was.

“A single centralized identity is inherently less secure than a dozen identities because it creates a single point of failure,” the community member wrote. “Once that identity has been compromised — which will certainly happen no matter what technological measures are taken to protect it because there will always be a user in the chain — an individual's entire life will be open for hijacking.”

Gartner Vice President John Pescatore said he believes the strategy is simply off point. Rather than trying to construct a federal identity ecosystem, as others have attempted in the past, “the government would be much better off focusing on the root of identity theft and cyber crime problems: reusable passwords,” he writes in a post on the Gartner blog network.

Ultimately, some security experts doubt that a truly secure system is possible without creating the online equivalent of a government-issued, mandatory driver’s license — the worst nightmare of privacy advocates.

According to this camp, the “’voluntary ecosystem’ envisioned by Mr. Schmidt would still leave much of the Internet vulnerable,” Markoff writes. “They argue that all Internet users should be forced to register and identify themselves, in the same way that drivers must be licensed to drive on public roads.”

Finally, there are those for whom the FUD factor is beyond all reckoning. Andrew S., commenting on the DHS forum, dismissed the administration’s strategy as pointless given the state of security on the Internet.

“There is no such thing as ‘trusted identity’ as long as 25 percent of all computers running Windows are infected with malware that lets other people remotely control their computers,” he writes.

 

About the Author

Connect with the FCW staff on Twitter @FCWnow.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Wed, Jul 14, 2010 Bob

Having read the Strategy throughout, there is no mention of any centralized entity that stores your identity. This is mostly a Private Sector Infrastructure that is decentralized. Tyranny is in the imagination of those who probably have not read nor participated in the discussion or the solution in any thoughtful way. It is good to challenge the ideas so that those who do participate and are concerned about our Freedoms work diligently to protect them!

Fri, Jul 9, 2010

If a single, centralized entity stores your identity for all transactions, that entity has the power to prevent you from completing any transaction. That's not FUD, it' tyranny.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group