White House Releases Plan to Protect Identities and Grow Businesses Online

By Matthew Harwood


Anticipating fears of government and corporate surveillance, the White House emphasized that solutions would be fielded theoretically by many different private companies and their management decentralized.

"Since consumers will be able to choose among a diverse market of different providers of credentials, there will be no single, centralized database of information," the press release states.

The identity credentials' privacy-enhancing technologies would also make it harder for service providers to link and create a profile of online user, according to the administration.

"By default, only the minimum necessary information will be shared in a transaction," the strategy explains. "[T]he Identity Ecosystem will allow a consumer to provide her age during a transaction without also providing her birth date, name, address, or other identifying data."

Finally, the strategy emphasizes that the program would be voluntary.

""[T]he Strategy does not advocate for the establishment of a national identification card or system Nor does the Strategy seek to circumscribe the ability of individuals to communicate anonymously or pseudonymously, which is vital to protect free speech and freedom of association," the document states. "Instead, the Strategy seeks to provide to individuals and organizations the option of interoperable and higher-assurance credentials to supplement existing options, like anonymity or pseudonymity."

♦ Screenshot of NSTIC Homepage


Private sector can provide verified credentials now

It is worth noting that the private sector is already implementing verified credentials to build "trusted" communities to facilitate commerce and to establish credibility in professional networks. At <a href="" title="Verified Identities facilitating jobs at"> </a> prospective workers choose to verify their identities and even share the results of their criminal background checks to speed the hiring process. At <a href="" title="ID Verification assures Maven and its Clients that you are who you say you are"> Mavenresearch </a> community members choose to share their credentials to facilitate client companies looking to survey verified professionals with specific industry expertise. And at <a href="" title="Leveraging Verified Credentials at Naymz">Naymz</a>  community members volutarily verify their credentials to help build their credibility.

Verified credentials are also being used to protect young students in <a href="" title="Protecting Students Online"> icouldbe's  </a>online mentoring site, and to limit fraud at <a href=";amp;Name=trufinaLaunch&amp;amp;Lang=English" title="UpperBid reduces fraud through use of verifed credentials for sellers">UpperBid's</a> auction site. Mentors share their verified identity information, including clear criminal background checks, and sellers are verified, respectively. In both cases, the anonymity of the individual is protected while the trusted community is assured.

While the NSTIC community works out preferred standards for single-sign-on and establishes governence guidelines, individuals and responsible web properties should not hesitate to implement viable solutions today. Individuals' identities can be shared while their privacy is protected through the use of verified credentials that can be used over and over again at the users discretion. <a href="" title="Trufina Services Demonstrated at NSTIC Release">Trufina</a> is one company dedicated to providing those services from a completely user-centric perspective.

View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.