April 17, 2011

Govt Issues Cyberspace Security Proposal

The Obama administration Friday outlined a plan designed to boost confidence and business in cyberspace through the creation of a single, secure credential that would replace passwords.

"By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation," US President Barack Obama said in a statement accompanying the release of a national strategy to safeguard identity.

"The Internet has transformed how we communicate and do business," he said. "But it has also led to new challenges, like online fraud and identity theft, that harm consumers and cost billions of dollars each year."

"That's why this initiative is so important for our economy," Obama said.

As part of the new strategy, the Commerce Department is asking the private sector to create a system that can identify Internet users in a way that safeguards their privacy, is secure, interoperable and cost-effective.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) proposes the creation of secure and reliable online credentials available to consumers who want to use them. Participation would be voluntary.

"Consumers who want to participate will be able to obtain a single credential -- such as a unique piece of software on a smart phone, a smart card, or a token that generates a one-time digital password," the Commerce Department told Reuters in a statement.

Identity theft is a serious matter and millions of people are victims each year, which costs them an average of $631 and 130 hours to recover from, said the Commerce Department.

An "identity ecosystem" would involve the use of a single credential and would eliminate the need to remember multiple passwords. "The consumer can use their single credential to log into any website, with more security than passwords alone provide," the White House said. "Consumers can use their credential to prove their identity when they're carrying out sensitive transactions, like banking, and can stay anonymous when they are not."

The goal is to "make online transactions more trustworthy, thereby giving businesses and consumers more confidence in conducting business online," it said.

The White House said the proposed system could also provide better privacy protections to consumers and businesses. "Today, a vast amount of information about consumers is collected as they surf the Internet and conduct transactions," it said. "How organizations handle that information can vary greatly, and more often than not, it is difficult for consumers to understand how their privacy will (or will not) be protected."

"The NSTIC seeks to drive the development of privacy-enhancing policies as well as innovative privacy-enhancing technologies to ensure that the ecosystem provides strong privacy protections for consumers," it said.

At a US Chamber of Commerce event in Washington, Commerce Secretary Gary Locke said: "we must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords."

"Working together, innovators, industry, consumer advocates, and the government can develop standards so that the marketplace can provide more secure online credentials, while protecting privacy, for consumers who want them," Locke said.

The Center for Democracy & Technology issued a statement emphasizing that the NSTIC was not proposing a national identification program.

"There are two key points about this strategy: First, this is NOT a government-mandated, national ID program; in fact, it's not an identity 'program' at all," said CDT president Leslie Harris. "Second, this is a call by the administration to the private sector to step up, take leadership of this effort and provide the innovation to implement a privacy-enhancing, trusted system."

Companies at a Chamber of Commerce event to kick off the effort included Google, Symantec, eBay subsidiary PayPal, Microsoft and Northrop Grumman Corp.


On the Net: