Today, President Obama released the National Strategy for Trusted Identities in Cyberspace (NSTIC) (PDF).This Strategy seeks to improve security in cyberspace and e-commerce. We can see how this plays out in at least two areas. First, passwords alone are not secure enough, which contributes to online fraud and identity theft. It is also inconvenient to have to remember dozens of passwords to access different online services. Second, it is difficult for individuals to prove their true identity when they want to perform a sensitive transaction online, like banking or accessing health records. These problems are limiting the full economic potential of the Internet, because certain services cannot easily be moved online. NSTIC envisions a private sector led effort to create a new infrastructure for the Internet, built on interoperable, privacy-enhancing, and secure identity credentials. This new infrastructure is centered around choice. First, you don't have to use it at all. If you do, you can choose when or how to use it.
For example, you might get a "digital credential" bundled with your cell phone plan that resides as an application on your smart phone. It would remain inactive when you are just browsing the web. But with a single, short PIN or password, you could use your credential on the phone to do a range of transactions from logging in to your favorite online game as “anon01” where you do not want to reveal your real name to accessing your tax information where you do. To see an animated example of this system, visit the NSTIC program office's home page.
But not everybody wants a smart phone. Under this strategy, you will be able to choose from many different identity providers: perhaps your bank, your health care provider, your email provider, or any other preferred organization. We seek to create an ecosystem of many different providers, so that there is an option that suits every individual who wants to participate. Individuals can also choose between different credentials, or ways of logging in: cell phones, keychain “fobs,” smart cards, and many others – in fact, there will undoubtedly be ways that have not yet even been invented.
At today’s release event, held in the Hall of Flags at the Chamber of Commerce, I spoke along with Commerce Secretary Gary Locke, Senator Barbara Mikulski, Director of the National Economic Council Gene Sperling, and Deputy Secretary of Homeland Security Jane Lute. What an impressive list of high ranking officials from all across government! This breadth of participation underscores the importance of the Strategy – and its potential to improve the daily lives of individuals as well as contribute to our economic growth and competitiveness.
I also had the opportunity to tour exhibits of some ground-breaking, public/private initiatives that are putting us on the path to achieving the goals of NSTIC. These innovative solutions give us a glimpse of the future: a future in which the government and the private sector can strip away inefficient red tape and in which people can conduct their daily business online easily, securely and with more privacy.
Indeed, I have much more to say about how we seek to improve online privacy with the NSTIC. Look for my post about it in the next few days.
Howard A. Schmidt is the Cybersecurity Coordinator and Special Assistant to the President