Trusted IDs face fearful response

Proposed 'identity ecosystem' has plenty of pros and cons

The level of fear, uncertainty and doubt (FUD) that has always been a factor in online business has taken a turn for the worse — courtesy of the federal government, no less.

In late June, the Obama administration released a draft strategy for creating a system aimed at protecting individuals against identity theft, Internet scams and other malicious activity, whether someone is buying a book or downloading an electronic health record.

The gist of the proposal is simple: Develop a process for providing individuals with secure personal identifiers, such as digital certificates or smart cards, which they can use when conducting online transactions.

“The problem, as depicted in Peter Steiner’s legendary 1993 'New Yorker' cartoon, is that on the Internet nobody knows you’re a dog,” writes John Markoff for the New York Times. “And thus the enduring conundrum over who can be trusted in cyberspace.”

At present, many businesses issue personal identifiers, such as passwords or personal ID number codes, to online customers. But the administration envisions a trusted identity ecosystem in which all participating organizations agree to recognize the identifiers issued by one another. Participation would be voluntary for organizations and individuals, but the administration is betting that the prospect of convenient, secure online transactions would be a big draw.

However, the FUD factor might temper that optimism.

Some people fear that the system would improve security at the expense of privacy, with the secure identifier making it easier to monitor an individual’s online activity.

The Obama administration “must tread carefully, as efforts to create identity cards, personal certificates or other systems of identifiers raise privacy worries and fears of Big Brother tracking its citizens online,” writes Lolita Baldor for the Associated Press.

Then again, some people are uncertain that the plan would even improve security.

The Homeland Security Department set up an online forum to gather feedback from the public. One reader thought the government’s approach made the prospect of identity theft even more frightening than it already was.

“A single centralized identity is inherently less secure than a dozen identities because it creates a single point of failure,” the community member wrote. “Once that identity has been compromised — which will certainly happen no matter what technological measures are taken to protect it because there will always be a user in the chain — an individual's entire life will be open for hijacking.”

Gartner Vice President John Pescatore said he believes the strategy is simply off point. Rather than trying to construct a federal identity ecosystem, as others have attempted in the past, “the government would be much better off focusing on the root of identity theft and cyber crime problems: reusable passwords,” he writes in a post on the Gartner blog network.

Ultimately, some security experts doubt that a truly secure system is possible without creating the online equivalent of a government-issued, mandatory driver’s license — the worst nightmare of privacy advocates.

According to this camp, the “’voluntary ecosystem’ envisioned by Mr. Schmidt would still leave much of the Internet vulnerable,” Markoff writes. “They argue that all Internet users should be forced to register and identify themselves, in the same way that drivers must be licensed to drive on public roads.”

Finally, there are those for whom the FUD factor is beyond all reckoning. Andrew S., commenting on the DHS forum, dismissed the administration’s strategy as pointless given the state of security on the Internet.

“There is no such thing as ‘trusted identity’ as long as 25 percent of all computers running Windows are infected with malware that lets other people remotely control their computers,” he writes.


About the Author

Connect with the FCW staff on Twitter @FCWnow.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Wed, Jul 14, 2010 Bob

Having read the Strategy throughout, there is no mention of any centralized entity that stores your identity. This is mostly a Private Sector Infrastructure that is decentralized. Tyranny is in the imagination of those who probably have not read nor participated in the discussion or the solution in any thoughtful way. It is good to challenge the ideas so that those who do participate and are concerned about our Freedoms work diligently to protect them!

Fri, Jul 9, 2010

If a single, centralized entity stores your identity for all transactions, that entity has the power to prevent you from completing any transaction. That's not FUD, it' tyranny.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group