Monday, January 10, 2011

National Strategy for Trusted Identities in Cyberspace (NSTIC)

According to the media and the headlines, the Obama administration is trying to implement a "National Internet Identity for all Americans", similar to what the Bush administration attempted through the department of Homeland Security a few years ago.  User centric identity advocates, such as myself see it different.  Kaliya (Identity Woman), expressed on her recent blog post at Fast Company that user centric-identity is about "1) maintaining the freedom to be who you want to be on the Internet AND 2) having the freedom and ability to share verified information about yourself when you do want to." 

Unfortunately, I also believe in limited government and citizen privacy and many like minded individuals feel skeptic of the governments involvement when it comes to Internet Identities.  And, although, it is not the Homeland Security Department who is driving this initiative, but the Commerce Department, it is still the government.  A government where the President (Obama or any future President) has the ability to change the rules of the game at any time.  Today's plans maybe to protect the privacy of citizens and improve trust in online commerce, but who says that may not change tomorrow?

But, for us, limited government believers, the reality must set in.  We live in a society where governments do provide services (regardless of effective or wasteful) and those services are exposed to the Internet.   Citizens as end-users must access those services.   Standards for Digital Identities that give control to the end user, allow for consumer's privacy and benefit commerce (e.g. Kantara Initiative) are important.  The private sector as well as Governments as Relaying Parties, Identity Providers, Trust Providers and resource hosts of these services have a need to be involved in these standard groups and in some cases, as it is with NSTIC, lead the Internet community in implementing these standards.

So, all in all, NSTIC is a great initiative that I wish would not be "National" but Global, where private sector, governments, privacy groups, technology groups, security groups, etc, would be involved.  At a global level and with involvement from different groups interested in the "common" service, this initiative would be more welcome, be more flexible to improve and not have a chance to be controlled by just one group.