White House Releases Plan to Protect Identities and Grow Businesses Online

By Matthew Harwood

The Obama administration today unveiled its strategy to safeguard transactions in cyberspace by helping to create voluntary "secure, efficient, easy-to-use, and interoperable identity solutions."

These secure credentials, provided by the private sector, would help consumers easily manage their identities online by eliminating the need for multiple passwords while making it easier for firms to identify legitimate customers and build their businesses online, according to the White House.

"By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation," said President Barack Obama in a statement, releasing the National Strategy for Trusted Identities in Cyberspace (NSTIC).

Cybercrime costs the American economy billions of dollars every year, while consumers victimized by identity theft can lose up to 130 hours trying to recover from the fraud, as well as an average of $631 in out-of-pocket expenses, according to the administration.

The core of the strategy, to be implemented by the Commerce Department, calls for development of an "Identity Ecosystem" populated by the interoperable, secure identity credentials of consumers who opt in.

"It is an online environment," according to the strategy document, "where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities--and the digital identities of devices."

The White House assures consumers who opt for the credentials that they will have many options for how they verify their identity online—everything from smart cards, cell phones, keychain "fobs," to one-time password generators and solutions not yet invented.

In an effort to sell the strategy, the White House provided imagined scenarios in which online users whiz around the Internet safely and securely to shop, chat, and access new markets.

In one such hypothetical situation, "Mary" uses a smart card provided by her Internet service provider to speed around the Web, buying products without having to remember multiple user names and passwords for each site she visits.The smart card talks to the Web site without her having to do a thing.

In another, 13-year-old "Antonio" carries a school-provided keychain fob with his identity credentials embedded to access online chatrooms reserved for adolescents. The keychain fob allows Antonio to verify his age but does not provide any biographical information, thereby allowing Antonio to interact anonymously with children his own age.


Private sector can provide verified credentials now

It is worth noting that the private sector is already implementing verified credentials to build "trusted" communities to facilitate commerce and to establish credibility in professional networks. At <a href="" title="Verified Identities facilitating jobs at"> </a> prospective workers choose to verify their identities and even share the results of their criminal background checks to speed the hiring process. At <a href="" title="ID Verification assures Maven and its Clients that you are who you say you are"> Mavenresearch </a> community members choose to share their credentials to facilitate client companies looking to survey verified professionals with specific industry expertise. And at <a href="" title="Leveraging Verified Credentials at Naymz">Naymz</a>  community members volutarily verify their credentials to help build their credibility.

Verified credentials are also being used to protect young students in <a href="" title="Protecting Students Online"> icouldbe's  </a>online mentoring site, and to limit fraud at <a href=";amp;Name=trufinaLaunch&amp;amp;Lang=English" title="UpperBid reduces fraud through use of verifed credentials for sellers">UpperBid's</a> auction site. Mentors share their verified identity information, including clear criminal background checks, and sellers are verified, respectively. In both cases, the anonymity of the individual is protected while the trusted community is assured.

While the NSTIC community works out preferred standards for single-sign-on and establishes governence guidelines, individuals and responsible web properties should not hesitate to implement viable solutions today. Individuals' identities can be shared while their privacy is protected through the use of verified credentials that can be used over and over again at the users discretion. <a href="" title="Trufina Services Demonstrated at NSTIC Release">Trufina</a> is one company dedicated to providing those services from a completely user-centric perspective.

View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.