National Strategy for Trusted Identities in Cyberspace

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a proposal by the Obama administration to create secure online identities for Americans in cyber space. The aim of the proposal, according to Howard Schmidt, the White House Cybersecurity Coordinator, is to create an 'identity ecosystem' where individuals and organizations can complete online transactions with confidence that the individual who they are conducting business with is not impersonating someone else.

Schmidt also outlined that the NSTIC would also reduce the need to remember potentially insecure list of usernames and passwords. Schmidt highlighted that enrollment in the 'identity ecosystem' of individuals would be entirely voluntary and individuals can choose whether or not to obtain a credential.^[1] The measure also gives individuals control over what private information they use to authenticate themselves over time.^[2]

Background

The impetus for the policy move by the Obama Administration is part of the Cyberspace Policy Review published in June 2009. The NSTIC proposal was released in draft form in June 2010 along with a website set up by the Department of Homeland Security to elicit feedback and ideas from people.^[3] On April 15, 2011, the final draft of NSTIC was released by the White House. In this version of the draft the role of the federal government was toned down and highlighted its role as merely a facilitator in establishing the ecosystem. The effort has to be led by the private-sector.^[4]

Criticism

The proposal has generated a lot of criticism since it was released in draft form by the White House. A lot of criticism been centered around privacy implications of the proposal.

Shortly after the draft's release, the Electronic Privacy Information Center, in conjunction with a number of other consumer-rights and civil liberties organizations,^[5] sent the Committee a statement in response to the draft NSTIC policy, requesting that the White House provide a clearer and more complete plan to create and safeguard Internet users' rights and privacy.^[6]

The Obama White House released its final NSTIC guidelines in April 2011.^[7] While EPIC head, Marc Rotenberg, called NSTIC "historic," he also cautioned that "...online identity is complex problem and the risk of 'cyber-identity theft' with consolidated identity systems is very real. The US will need to do more to protect online privacy."^[8]

References

1. ^ Gross, Grant. "White House Officials Push Online Trusted IDs". PC World. PC World Communications Inc.. http://www.pcworld.com/businesscenter/article/216143/white_house_officials_push_online_trusted_ids.html. Retrieved 13 April 2011. 
2. ^ Schmidt, Howard. "The National Strategy for Trusted Identities in Cyberspace". The White House Blog. http://www.whitehouse.gov/blog/2010/06/25/national-strategy-trusted-identities-cyberspace. Retrieved 13 April 2011. 
3. ^ Whitney, Lance. "White House Drafting Plan for Cyberspace Safety". Politics and Law. Cnet. http://news.cnet.com/8301-13578_3-20008998-38.html. Retrieved 15 April 2011. 
4. ^ Montalbano, Elizabeth. "White Houses Issues Online Trusted Identities Plan". Information Week: Government. United Business Media LLC. http://www.informationweek.com/news/government/security/229401701. Retrieved 20 April 2011. 
5. ^ [1]
6. ^ http://privacy.org/privacy_coalition_comments_trusted_ids.pdf
7. ^ http://www.nist.gov/public_affairs/releases/whitehouse_nstic.cfm
8. ^ [2]

External links

• Blog Post by Howard Schmidt
• The Federal Website for NSTIC
• Electronic Privacy Information Center