Obama administration pushing development of Internet ID

A number of readers sent e-mails about a new initiative by the White House on the Internet, but it may be less than imagined in terms of government control.  Both CBS and Fox report on the Commerce Department’s new Internet ID program that will allow users to create a “trusted identity” to avoid the dozens of logins and passwords that users need to maintain.  The adoption of an ID would be strictly voluntary and handled by the private sector:

The Obama administration is currently drafting what it’s calling the National Strategy for Trusted Identities in Cyberspace, which Locke said will be released by the president in the next few months. (An early version was publicly released last summer.)

“We are not talking about a national ID card,” Locke said at the Stanford event. “We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.”

The Commerce Department will be setting up a national program office to work on this project, Locke said.

Details about the “trusted identity” project are unusually scarce. Last year’s announcement referenced a possible forthcoming smart card or digital certificate that would prove that online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions.

Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. “I don’t have to get a credential if I don’t want to,” he said. There’s no chance that “a centralized database will emerge,” and “we need the private sector to lead the implementation of this,” he said.

Unlike the FCC’s attempt to regulate the Internet, this looks more like an effort to push the private sector into creating a new product.  The assignment of Commerce to this task underscores the R&D aspect of the project, especially since the other two options were the NSA and Homeland Security.  The Obama administration hopes to create a product class that will generate demand from frustrated users that will enhance security on line.

However, its relatively benign purpose doesn’t make it a good idea.  Users would essentially trade self-management of security to third parties, which sounds great in theory but in practice could mean all sorts of problems once hackers know how to break the codes.  If that happens, then neither the user nor the vendor could protect their data or systems from incursions, and the damage and its source would take longer to discover.

Besides, if the private sector sees a need for this, why does government need to intervene to create the demand?  No one is preventing innovators from creating online secure IDs now.  If vendors see value in this approach, and users see value in adopting the IDs, then the open and free market on the Internet will produce such a market.  It would be a lot more likely to produce a product class that actually meets the needs of the market than something designed not by stakeholders but by bureaucrats at Commerce.  The government has better ways to spend its money, or more accurately, hasn’t got the money to waste on creating voluntary security products that few seem to want or need.

Blowback