Jan. 7 (Bloomberg) — The Obama administration plans to announce today plans for an Internet identity system that will limit fraud and streamline online transactions, leading to a surge in Web commerce, officials said.
While the White House has spearheaded development of the framework for secure online identities, the system led by the U.S. Commerce Department will be voluntary and maintained by private companies, said the officials, who spoke on condition of anonymity ahead of the announcement.
A group representing companies including Verizon Communications Inc., Google Inc., PayPal Inc., Symantec Corp. and AT&T Inc. has supported the program, called the National Strategy for Trusted Identities in Cyberspace, or NSTIC.
Most companies have separate systems for signing on to e-mail accounts or conducting secure online transactions, requiring that users memorize multiple passwords and repeat steps. Under the new program, consumers would sign in just once and be able to move among other websites, eliminating the inconvenience that causes consumers to drop many transactions.
For example, once the system is in place, Google would be able to join a trusted framework that has adopted the rules and guidelines established by the Commerce Department. From that point, someone who logged into a Google e-mail account would be able to conduct other business including banking or shopping with other members of the group without having to provide additional information or verification.
Bruce McConnell, a senior counselor for national protection at the Department of Homeland Security, said NSTIC may lead to a big reduction in the size of Internet help desks, which spend much of their time assisting users who have forgotten their passwords. Because the systems would be more secure, he said, it may also result in many transactions that are now done on paper, from pharmaceutical to real estate purchases, to be done online faster and cheaper.
A draft paper outlining NSTIC was released for comment by he White House in June.
‘Who Do You Trust?’
The new system will probably hasten the death of traditional passwords, Clippinger said. Instead, users may rely on devices such as smartcards with embedded chips, tokens that generate random codes or biometric devices.
Development of a more advanced security system began in August 2004, when President George W. Bush issued a Homeland Security Presidential Directive that required all federal employees be given smartcards with multiple uses, such as gaining access to buildings, signing on to government websites and insuring that only people with proper clearances would have access to restricted documents. The system was intended to be more secure and more efficient.
The Obama administration advanced the process when it issued its “Cyberspace Policy Review” in 2009. One of the 10 priorities was the security identification system.
The federal government is facilitating what it calls a “foundational” system in two ways. It is developing the framework for the identification plan, and it will make a large number of government agencies, services and products available through the secure system, from tax returns to reserving campsites at national parks.
Schwartz said use of the system, once companies voluntarily choose to participate, may spur a range of efficiencies and e-commerce similar to the way ATM machines transformed banking, opening the way to a growing number of services little by little.
Civil libertarians have expressed concern that the system may not protect privacy as well as the government is promising.
Aaron Brauer-Rieke, a fellow at the Center for Democracy & Technology in Washington, a civil liberties group, said it was important that the system would be operated by private companies, not the government. He said he was concerned about how the data on consumer online transactions would be used.
Schwartz and McConnell said the new system wouldn’t be a national identity card and that companies, not the government, would manage the data being passed online.
Editors: Elizabeth Wollman, Joe Winski
To contact the reporter on this story:
James Sterngold in New York at +1-212-617-4946 or
jsterngold2 [at] bloomberg [dot] net
To contact the editor responsible for this story:
David Scheer at +1-212-617-2358 or dscheer [at] bloomberg [dot] net.