White House cyber czar: Trusted Identities program is a secure “ecosystem”, not a national ID card

In a keynote address during the Visa summit, the special assistant to the president and the Cybersecurity Coordinator for the federal government outlined why the recently finalized NSTIC plan would benefit both consumers and business alike.

Schmidt added that the program is not just a security issue, but is vital to the future of American commerce.
“[NSTIC] is not a government-led effort, but a private-sector led effort”, he claimed. “Working with the private sector to create this ecosystem is really key to its success.”

“The private sector is the place where the transactions will take place”, he continued, and the government would only serve in “supporting” and “coordinating” roles to help get the system up and running.

Because hardly any person in the digital era can boast of needing only one user ID and password to manage, Schmidt said that the proposed NSTIC is a cornerstone to ensuring trust in the future of ecommerce.

“We have a tendency as human beings to use the same [ID and passwords] over and over again, not withstanding all the experts saying not to do that.” To support this claim, Schmidt cited analyses that peg the use of repeated passwords across online accounts at greater than 75% of all users, with nearly half failing to change their email account passwords regularly.

The White House ‘cyber czar’ then challenged the private sector to come up with suitable solutions to solve the identity management and verification problem that now exists.

The true test, he admitted, is devising a system that protects personal identities in cases where they may be hijacked by attackers.

“It’s going to be a tough thing to do, and there is going to have to be the development of new technologies and new business processes”, Schmidt confessed. “But we believe collectively that the benefits that we would derive from creating such an ecosystem will far outweigh any of the problems going forward.” Doing so within the privacy parameters established by the FTC, he continued, is yet another puzzle that private sector firms will need to solve as they begin to develop technological solutions for the online Trusted Identities program.

As for those concerned about privacy in this new identity management “ecosystem” proposed by the Obama Administration, Schmidt was quick to point out that the NSTIC will not be compulsory.

“This is not mandatory” he declared. “This is specifically not a national ID card – it’s not a driver’s license for the internet.” Anonymous interaction with or criticism of various entities, retailers and government included, will still be permitted outside the opt-in system, Schmidt assured.

What’s Hot on Infosecurity Magazine?