The strategy proposes a system for identity management that would allow people to use various authentication methods to verify their identity before carrying out transactions online. Transactions include buying goods online as well as accessing sensitive information such as health or banking records.
“The Internet has transformed how we communicate and do business, opening up markets, and connecting our society as never before. But it has also led to new challenges, like online fraud and identity theft, that harm consumers and cost billions of dollars each year,” said President Obama. “By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation.”
Consumers who want to participate will be able to obtain a single credential – such as a unique piece of software on a smart phone, a smart card, or a token that generates a one-time digital password. Instead of having to remember dozens of passwords, the consumer can use their single credential to log into any website, with more security than passwords alone provide.
The trusted-identity system is distinct from a national ID card, which some countries, such as Germany, use as a mandatory all-purpose identity verification card.
Privacy groups, such as the Center for Democracy and Technology, were generally supportive of the Obama administration’s strategy. “NSTIC puts forth a vision where individuals can choose to use a smaller number of secure, privacy-preserving online identities, rather than handing over a new set of personal information each time they sign up for a service", said CDT President Leslie Harris.
"There are two key points about this strategy. First, this is not a government-mandated, national ID program; in fact, it's not an identity 'program' at all. Second, this is a call by the administration to the private sector to step up, take leadership of this effort and provide the innovation to implement a privacy-enhancing, trusted system", Harris stressed.
The release of NSTIC follows closely the introduction of a comprehensive privacy bill by Sens. John Kerry (D-Mass.) and John McCain (R-Ariz.). That bill would require companies that collect data from consumers to implement security measures to protect the data. The companies would also be required to provide consumers with “clear notice” about what data was being collected.