The Obama administration said today that it's moving ahead with a plan for broad adoption of Internet IDs despite concerns about identity centralization, and hopes to fund pilot projects next year.
At an event hosted by the U.S. Chamber of Commerce in Washington, D.C., administration officials downplayed privacy and civil liberties concerns about their proposal, which they said would be led by the private sector and not be required for Americans who use the Internet.
There's "no reliable way to verify identity online" at the moment, Commerce Secretary Gary Locke said, citing the rising tide of security threats including malware and identity theft that have grown increasingly prevalent over the last few years. "Passwords just won't cut it here."
A 55-page document (PDF) released by the White House today adds a few more details to the proposal, which still remains mostly hazy and inchoate.
It offers examples of what the White House views as an "identity ecosystem," including obtaining a digital ID from an Internet service provider that could be used to view your personal health information, or obtaining an ID linked to your cell phone that would let you log into IRS.gov to view payments and file taxes. The idea is to have multiple identity providers that are part of the same system.
Administration officials plan to convene a series of workshops between June and September of this year that would bring together companies and advocacy groups and move closer to an actual specification for what's being called the National Strategy for Trusted Identities in Cyberspace, or NSTIC.
Left unsaid was that the series of workshops, which will be open to the public, will give the proposal's backers a chance to downplay concerns that it could become the virtual equivalent of a national ID card.
During his speech, Locke lashed out at the "conspiracy theory set" who have criticized the proposal. A column in NetworkWorld.com, for instance, called NSTIC a "great example of rampant, over-reaching, ignorant, and ill-conceived political foolishness."
"A top-down strategy for online identity is unlikely to work," Jim Harper, director of information studies at the Cato Institute, said today. "People will not participate in a government-corporate identity project that deviates from their demand for control of identity information, which is an essential part of privacy protection, autonomy, and liberty."
The Commerce Department's National Telecommunications and Information Administration created a YouTube video (above) to reassure Americans that "there is no central database tracking your actions." An FAQ repeats the message. It's enlisted allies to spread the message, including the Center for Democracy and Technology's Leslie Harris, who wrote in a post on commerce.gov that NSTIC is "not a national ID," but instead represents "a call for leadership and innovation from private companies."
One intriguing feature of today's description of NSTIC released by the White House is that it appears to build on a joint Microsoft-IBM project called Attribute-Based Credentials. (See CNET's previous coverage.)
The idea is to use encryption technology to let people disclose less about themselves--ideally, the minimum necessary to complete a transaction. The NSTIC document gives the example of someone filling a medical prescription online: "The pharmacy is not told (his) birth date or the reason for the prescription. The technology also filters information so that the attribute providers---the authoritative sources of the age and prescription information---do not know what pharmacy (is being used)."
Related links• A new (old) way to protect privacy: Disclose less
• Obama to hand Commerce Dept. authority over cybersecurity ID
The idea of using encryption technology to protect privacy in this way isn't exactly new. The legendary cryptographer David Chaum, the father of digital cash who's now building secure electronic voting systems, developed some of these ideas in the late 1980s. Dutch cryptographer Stefan Brands more fully developed the concept of limited disclosure digital certificates; Microsoft bought his company in 2008, and released the U-Prove specification last year along with a promise not to file patent lawsuits over its use.
On the other hand, it would be more convenient for law enforcement (not to mention intelligence agencies) if a more traditional, centralized system were used.
Sen. Barbara Mikulski, a Maryland Democrat who also spoke today at the Chamber event, seemed to veer a bit off-message--and instead of touting anonymity, she stressed the importance of aiding law enforcement.
Protecting civil liberties is important, Mikulski said. "But the first civil liberty is to be able to have a job, lead a life, and be able to buy what you want in the way we now buy it, which is through credit cards."
【免费咨询报名电话:010-6801 7975】
咨询报名MSN:xueliedu@hotmail.com
试一试网上报名
咨询报名QQ:
| 1505847972 | 1256358232 | 1363884583 | 1902839745 | 800072298 | 754854002 |
| 中专升大专 | 中专升本科 | 高升专 | 高升本 | 专升本 | 自考 |
报名咨询在线MSN:
