Published on Security Management (http://www.securitymanagement.com)
White House Releases Plan to Protect Identities and Grow Businesses Online
By Matthew Harwood
Created 04/15/2011 - 14:41



    
Wrap-Up?: 
No
Weight: 
0
Lead Headline?: 
No
Date: 
04/15/2011
By Line: 
By Matthew Harwood
Teaser: 
The Obama administration today unveiled its strategy to safeguard transactions in cyberspace by helping to create voluntary "secure, efficient, easy-to-use, and interoperable identity solutions."




The Obama administration today unveiled its strategy to safeguard transactions in cyberspace by helping to create voluntary "secure, efficient, easy-to-use, and interoperable identity solutions."


These secure credentials, provided by the private sector, would help consumers easily manage their identities online by eliminating the need for multiple passwords while making it easier for firms to identify legitimate customers and build their businesses online, according to the White House.


"By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation," said President Barack Obama in a statement [1], releasing the National Strategy for Trusted Identities in Cyberspace [2] (NSTIC).


Cybercrime costs the American economy billions of dollars every year, while consumers victimized by identity theft can lose up to 130 hours trying to recover from the fraud, as well as an average of $631 in out-of-pocket expenses, according to the administration.


The core of the strategy, to be implemented by the Commerce Department, calls for development of an "Identity Ecosystem" populated by the interoperable, secure identity credentials of consumers who opt in.


"It is an online environment," according to the strategy document, "where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities--and the digital identities of devices."


The White House assures consumers who opt for the credentials that they will have many options for how they verify their identity online—everything from smart cards, cell phones, keychain "fobs," to one-time password generators and solutions not yet invented.


In an effort to sell the strategy, the White House provided imagined scenarios in which online users whiz around the Internet safely and securely to shop, chat, and access new markets.


In one such hypothetical situation, "Mary" uses a smart card provided by her Internet service provider to speed around the Web, buying products without having to remember multiple user names and passwords for each site she visits.The smart card talks to the Web site without her having to do a thing.


In another, 13-year-old "Antonio" carries a school-provided keychain fob with his identity credentials embedded to access online chatrooms reserved for adolescents. The keychain fob allows Antonio to verify his age but does not provide any biographical information, thereby allowing Antonio to interact anonymously with children his own age.




 


Anticipating fears of government and corporate surveillance, the White House emphasized that solutions would be fielded theoretically by many different private companies and their management decentralized.


"Since consumers will be able to choose among a diverse market of different providers of credentials, there will be no single, centralized database of information," the press release states.


The identity credentials' privacy-enhancing technologies would also make it harder for service providers to link and create a profile of online user, according to the administration.


"By default, only the minimum necessary information will be shared in a transaction," the strategy explains. "[T]he Identity Ecosystem will allow a consumer to provide her age during a transaction without also providing her birth date, name, address, or other identifying data."


Finally, the strategy emphasizes that the program would be voluntary.


""[T]he Strategy does not advocate for the establishment of a national identification card or system Nor does the Strategy seek to circumscribe the ability of individuals to communicate anonymously or pseudonymously, which is vital to protect free speech and freedom of association," the document states. "Instead, the Strategy seeks to provide to individuals and organizations the option of interoperable and higher-assurance credentials to supplement existing options, like anonymity or pseudonymity."




♦ Screenshot of NSTIC Homepage


Related Resources: 
Thumbnail: 
Comments



  

  
Private sector can provide verified credentials now


  

    Submitted by trubarb on Mon, 04/18/2011 - 17:06.  


  

    
It is worth noting that the private sector is already implementing verified credentials to build "trusted" communities to facilitate commerce and to establish credibility in professional networks. At <a href="http://cms.hour.ly/?p=823" title="Verified Identities facilitating jobs at hour.ly"> hour.ly </a> prospective workers choose to verify their identities and even share the results of their criminal background checks to speed the hiring process. At <a href="https://www.mavenresearch.com/faq#identity-verification" title="ID Verification assures Maven and its Clients that you are who you say you are"> Mavenresearch </a> community members choose to share their credentials to facilitate client companies looking to survey verified professionals with specific industry expertise. And at <a href="http://www.naymz.com/about.action?section=compare" title="Leveraging Verified Credentials at Naymz">Naymz</a>  community members volutarily verify their credentials to help build their credibility.


Verified credentials are also being used to protect young students in <a href="http://www.icouldbe.org/standard/public/lm_protecting_students_online.asp" title="Protecting Students Online"> icouldbe's  </a>online mentoring site, and to limit fraud at <a href="http://upperbid.com/cgi-bin/auction/auction.cgi?action=GetPage&amp;amp;Name=trufinaLaunch&amp;amp;Lang=English" title="UpperBid reduces fraud through use of verifed credentials for sellers">UpperBid's</a> auction site. Mentors share their verified identity information, including clear criminal background checks, and sellers are verified, respectively. In both cases, the anonymity of the individual is protected while the trusted community is assured.


While the NSTIC community works out preferred standards for single-sign-on and establishes governence guidelines, individuals and responsible web properties should not hesitate to implement viable solutions today. Individuals' identities can be shared while their privacy is protected through the use of verified credentials that can be used over and over again at the users discretion. <a href="http://www.trufina.com/blog/?p=360" title="Trufina Services Demonstrated at NSTIC Release">Trufina</a> is one company dedicated to providing those services from a completely user-centric perspective.

 

  




    

    




  
Security Management is the award-winning publication of ASIS International, the preeminent international

organization for security professionals, with more than 38,000 members worldwide.


ASIS International, Inc. Worldwide Headquarters, 1625 Prince Street, Alexandria, Virginia 22314-2818 U.S.A.

703.519.6200 | fax 703.519.6299 | www.asisonline.org


ASIS


© 2013 Security Management

This site is protected by copyright and trade mark laws under U.S. and International law.

No part of this work may be reproduced without the written permission of Security Management.








    

    
Source URL: http://www.securitymanagement.com/news/white-house-releases-plan-protect-identities-and-grow-businesses-online-008430

    
Links:
[1] http://www.whitehouse.gov/the-press-office/2011/04/15/administration-releases-strategy-protect-online-consumers-and-support-in

[2] http://www.nist.gov/nstic/