The Elephant in the Room


To paraphrase a newcomer to the online identity space on her first exposure to the NSTIC IDESG Plenary process in Phoenix: there was an elephant in the room…the lack of elephants in the room. She became immediately skeptical of what could get done at the conference, and left dissatisfied in her investment in time. I’m afraid she was not alone.

The aspirations of NSTIC ring true now more than ever. They are increasingly important given the mounting economic damage from data breaches, the threat to national and personal security that the current system of passwords enables, and the harm to citizens—especially the poor and elderly—from identity theft.

But minor design flaws of NSTIC have hamstrung the IDESG in bureaucratic processes. Major companies from across the identity industries are abandoning meaningful engagement in IDESG committees, deliberations, and elections. As leaders that Americans—and most world citizens—rely on for online services “vote with their feet”, with them flee the IDESG’s legitimacy and its opportunity to make a real impact on a real world problem draining massive resources from public and private sector leaders every day. The IDESG ‘s road to irrelevancy is being paved to with good intentions I believe IDSEG is trying too hard to solve the whole problem of internet identity.

It can’t and won’t.

Nevertheless, I ran to maintain my seat as At Large Delegate on the IDESG and have been reelected. I did so, professionally, because at the Open Identity Exchange I lead organizations that have made the biggest investments in NSTIC and have the most to lose if the current trajectory continues toward an important opportunity lost. Personally, I ran stand beside leaders I admire like Jeremy Grant and Bob Blakely.

If it were up to me—and if it were possible—I would reform the IDESG scope to focus on a singular issue: the elimination of passwords. Through this approach the IDESG would focus on:

  • Encouraging industry efforts already in flight;
  • Educating consumers through PSAs; and
  • Advocating that government agencies lead the way by refusing to rely on passwords.

This suggestion may seem like a radical shift, but I believe it is modest in scope and pragmatic in strategy. At the end of the day, the IDESG is trying to influence the evolution of a market for online transactions. The only way this will be possible is if the IEDSG aligns synchronizes its efforts with the very constituency without which market evolution is not possible.

It’s going to take a different approach to bring these elephants to water…let alone make them drink.