Another concern is that a national trusted identity program that centralizes large amounts of personal data could create a common point of failure for privacy, according to NSTIC’s Effect on Privacy, a paper from Identity Finder, an organization that develops data loss prevention solutions. The paper considers the situation analogous to what happened with the Social Security system.
“U.S. citizens were given a Social Security card, and it took us decades to realize that we should not carry them around in our wallets. Now citizens are being given a more powerful form of identification and being told it is okay to carry it on our phones, tablets, laptops, and computers,” according to the paper.
Providing organizations with relatively large amounts of private information could create the risk of “hyper identity theft,” says Aaron Titus, the paper’s coauthor and chief privacy officer for Identity Finder. And theft is not the only risk to privacy. With so much personal data, organizations charged with collecting data will be under “intense economic pressure” to commoditize it for financial gain, he says.
The paper calls for a federal regulation, currently not part of the NSTIC proposal, which would have “unambiguous and mandatory restrictions” on how NSTIC participants could use sensitive personal information. Creating an effective regulation will be challenging, Titus says, especially with ongoing and rapid developments in areas such as the Internet, application development, and mobile devices. NSTIC will need “the input of privacy advocates at every step of the way,” he says.
Any new types of authentication methods proposed will need to be easy to use, and they will have to offer high levels of trust and assurance around security and privacy, says John Casillas, a senior vice president at the nonprofit Healthcare Information and Management Systems Society, an organization that aims to promote the effective use of information technology in healthcare.
Developing NSTIC will be “a tough thing to do,” said Schmidt. To jumpstart the effort, the government is holding a series of workshops around the United States run by NIST.