Today, at Stanford University, Commerce Secretary Gary Locke and I were pleased to announce that the Commerce Department will host a National Program Office (NPO) in support of the National Strategy for Trusted Identities in Cyberspace (NSTIC). As I’ve written previously, the NSTIC fulfills one of the action items in the Cyberspace Policy Review (pdf) and is a key building block in our efforts to secure cyberspace.
This holiday season, consumers spent a record $30.81 billion in online retail spending, an increase of 13 percent over the same period the previous year. This striking growth outshines even the notable 3.3-5.5 percent overall increase in holiday spending this past year. While clearly a positive sign for our economy, losses from online fraud and identity theft eat away at these gains, not to mention the harm that identity crime causes directly to millions of victims. We have a major problem in cyberspace, because when we are online we do not really know if people, businesses, and organizations are who they say they are. Moreover, we now have to remember dozens of user names and passwords. This multiplicity is so inconvenient that most people re-use their passwords for different accounts, which gives the criminal who compromises their password the “keys to the kingdom.”
We need a cyber world that enables people to validate their identities securely, but with minimal disclosure of information when they’re doing sensitive transactions (like banking) - and lets them stay anonymous when they’re not (like blogging). We need a vibrant marketplace that provides people with choices among multiple accredited identity providers – both private and public – and choices among multiple credentials. For example, imagine that a student could get a digital credential from her cell phone provider and another one from her university and use either of them to log-in to her bank, her e-mail, her social networking site, and so on, all without having to remember dozens of passwords. Such a marketplace will ensure that no single credential or centralized database can emerge. In this world, we can cut losses from fraud and identity theft, as well as cut costs for businesses and government by reducing inefficient identification procedures. We can put in-person services online without security trade-offs, thereby providing greater convenience for everyone.
This is the world envisioned in the NSTIC. We call it the Identity Ecosystem. We will be working to finalize the NSTIC in the coming months, but that is only the beginning of the process. I’m excited to be working with Secretary Locke. The Commerce Department is perfectly suited to work with the private sector to implement the NSTIC. In addition, there are other departments and agencies with strategic roles to play as well. Above all though, we look to the leadership of the private sector. Therein lies the key to success. Now is the time to move forward with our shared vision of a better, more secure cyberspace.
In a future post, I will discuss why the NSTIC is different from past efforts to improve online authentication.
Howard A. Schmidt is the Cybersecurity Coordinator and Special Assistant to the President