Last week, the United State Commerce Department announced that a new office, known as the National Program Office (NPO), will be created under their watch, and will be responsible for coordinating activities related to the National Strategy for Trusted Identities in Cyberspace (NSTIC). The NSTIC is a White House initiative that is intended to make consumer internet activities more secure, but, judging from tech industry reaction, the new NPO is going to have a difficult time ahead of them trying to win over citizens’ trust.
Commerce Secretary Gary Locke, who unveiled the plan with White House Cyber Security Coordinator Howard A. Schmidt, has tried to stress that the system will not be like a driver’s license for the Internet.
“We are not talking about a national ID card. We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing, and perhaps even eliminating, the need to memorize a dozen passwords, through creation and use of more trusted digital identities,” Locke explained during the announcement.
But, despite Locke’s assurances, several industry bloggers and journalists are wary of the government plan.
“The problem is that as an administration that has continued most of the often-dubious domestic surveillance practices of the Bush Administration (and even concocted a few new ones), who exactly is going to believe them? Nobody will trust the government to design and implement such a system without abuse — even if the system is voluntary, and even if Uncle Sam offloads its creation to the US Commerce Department,” writes Karl Bode from DSLReports.com.
“One might be forgiven for feeling a modicum of trepidation about signing up for a government-sponsored online security program,” assures Scott Harrell of The Daily Loaf. “One might… suspect that signing up for a government-sponsored online security program could possibly be a lot like deciding to take a nap on a bench along Ybor City’s Seventh Avenue around midnight on a Saturday, and to use one’s wallet to hold down one’s diary and passport on the sidewalk nearby while one catches 40 winks.”
Even event attendees expressed their concern.
“The government cannot create that identity infrastructure,” said Jim Dempsey of the Center for Democracy and Technology, who actually spoke at the Stanford event following Locke and Schmidt. “If it tried to, it wouldn’t be trusted.” Dempsey added that such a system would need to be created by a private sector agency or organization, and that it would have to be competitive and voluntary.
But the Commerce Department, at least, assures us that their plan will not be mandatory.
“It provides consumers a choice – those who want to remain anonymous for activities like blogging will continue to be able to do so,” a department representative said. “Online service providers that opt in to such a system would follow a set of security and privacy guidelines.”
I wish I could say that I was optimistic, but, thanks to recent events, I’m already questioning just how technically illiterate US government officials are. If such a system was voluntary, I wonder how many people would actually use it. I’ll be watching this plan closely as it progresses to see if it actually does remain an “opt-in” program.