NSTIC National Identity

Post date: May 20, 2011 2:54:15 AM

The U.S. government initiated a national identity and cyberspace project in mid-April 2011. It is not necessarily a red flag for advocates of online consumer rights. (Facebook is much more fearsome and likely to usurp privacy protection!)

Background and OpenID conjecture

This is my "theory", completely lacking a factual basis, merely guesswork. The U.S. government gave the private-sector internet ecosystem an opportunity to figure out a solution to the identity problem almost a year ago exactly. I refer to the OpenID, and later, OpenID-OAuth 2.0, identity authentication framework.

OpenID was not well-received, although it actually was implemented and is now in use for many online services. Some shortcomings were corrected. That hasn't overcome OpenID's poor reputation.

Problems with OpenID

    • burdensome for most website owners and webmasters to implement.

    • although I find it easy to use, it is confusing to many users because of the URL-type sign-in rather than a traditional USERID@****.com format.

    • has many potential flaws from a security perspective.

Despite efforts by technology industry leaders such as Google, Yahoo, StackExchange and WordPress to improve and promote OpenID, it is not considered a success.

Back to NSTIC

Initially, I was extremely leery about NSTIC. Much of my trepidation was due to the morass of misinformation and fear-mongering on the internet though. I was reassured after reading @IdentityWoman's recent article, Why we should not overreact to NSTIC (FastCompany). This was reinforced after visiting http://nstic.gov, the official U.S. government website.

Pay particular attention to the notion of an "Identity Eco-system". This is a phrase with a future.

National Identity Card NOT

One need not fear the roll-out of a mandatory national identity card, at least not from this project (I was concerned about that possibility). The government specifically recommends the private sector as best suited for developing and operating an online identity framework. Multiple identity provider is recognized and acknowledged as a necessity.

NSTIC's scope includes information security as well as user privacy.

The complete NSTIC strategy document (as pdf) is available. URL's for many relevant *.gov web pages and documents are embedded in the Fast Company article, along with @IdentityWoman's analysis and critique.

The first NSTIC-specific meeting of government, industry and consumer privacy groups is scheduled for late May or early June 2011. The conference website is http://nstic.com It is similarly named but totally distinct from the U.S. government website.

This chart sumarizes global privacy rights by country, sourced from Privacy International. It was based on 2007 data. Click, then select "original" to enlarge and view full-size.

Privacy International documented the criteria and metrics that they used to produce the chart here.