June 27, 2010

Plan Aims For Safer Online Transactions

With identity theft, bank account breaches and sophisticated Internet scams on the rise, the US government is looking for ways to make transactions over the Internet more secure for both businesses and consumers.

However, officials must act carefully, as efforts to create personal identity cards and other means of identifiers raise concerns over privacy invasion and fears of Big Brother tracking its citizens.

The White House laid out a draft plan on Friday arguing for a voluntary identification system and the set up of a website to gather input from experts and everyday web users on how it should be structured.

By Friday afternoon, the site was already getting traffic, votes and suggestions.

"The technology that has brought many benefits to our society and has empowered us to do so much has also empowered those who are driven to cause harm," said White House cyber coordinator Howard Schmidt in a blog posting Friday noting the need for better security online.

The plan, he explained, envisions a future in which people could acquire secure identifiers, such as smart identity cards or digital certificates, from service providers. Customers could then use the identifiers to prove who they are as they do business online.

Digital authentication is nothing new. It has been "the holy grail of Internet security policy since the early nineties," James Lewis, cyber security expert at the Center for Strategic and International Studies in Washington, told the Associated Press (AP).

The latest effort has a better chance of succeeding than previous tries, "but we need to see how much opposition it runs into and whether people will actually use it even if it gets deployed," he told AP.

The unregulated openness of the Internet is what allowed it to grow and prosper, but it also has created security holes that need to be addressed, said Ari Schwartz, vice president at the Center for Democracy and Technology. But any improvements made to identity systems raise many concerns

"The whole thing is very difficult to do and privacy is one of the more difficult pieces of it," Schwartz told AP, adding that the system has to balance efforts to maintain privacy while still finding out enough about someone to ensure his identity.

Cyber security experts have argued that the technologies for creating such identifiers already exist and are already used in different ways by businesses.

"The vision they put forth is already realized and commercially available," Roger Thornton, a cyber security expert and chief technology officer for California-based Fortify Software, told AP.

Banks already use sophisticated fingerprinting processes to identify a customer who signs in. The system knows if a customer is using a different computer and will often require additional identification if that computer has not been used for the banking website before.

Many companies, however, do not bother with the expensive and complex ID systems.

The government draft plan is part of an administration effort to promote cyber security both within the government and among society. Lawmakers have introduced a number of bills aimed at putting those goals into effect, and the White House plan was met with initial support from one of the authors of Senate computer security legislation.


On the Net: