While the high concept NSTIC plan itself seemed clear to some, the details haven't yet been decoded for the general public. It may be because the scope of the program has been displayed as borderless as the Internet itself. After reading other reporting on the event, I figured my insights might be beneficial.
The title of the project is the National Strategy for Trusted Identity in Cyberspace. Locke stated from the gate that NSTIC "is not a national ID card program". No...but it does have a sweet spot for SmartCard to endorse it and discussions of ID cards were considered at one point. One clever attendee illustrated, by covering other words in the NSTIC moniker, the words "national" and "identity" were still present along with associations unaddressed by panelists.
White House Cybersecurity czar, Howard Schmidt did mention there "is no centralized database". Okay. Unfortunately, we do now know it may not be necessary because PC technology will tell on their users involuntarily. Privacy settings are upgraded constantly. This is why the FCC entertains the "Do Not Track" list.
Balm for ceaseless government burns to digital privacy is still currently lacking in approaching NSTIC.
CDT's Jim Dempsey was on hand offering a tempering idea: addressing current government approaches, handling and practices to digital privacy and civil liberty "before we make decisions based on impending threats." He is currently one of the nominees to Obama's privacy and civil liberty board. That's great; but we have a Bill of Rights which entitles us to 4th Amendment protections regardless of which way the US government panel rolls on things like sedition, free speech, identity and private property.
There are at least 3 federal agencies now involved with NSTIC: Department of Defense, Department of Homeland Security and now the Department of Commerce. Too many cooks in the kitchen may be responsible for nauseating waves of bureaucracy. According to one source, after 3 years of policy development, NIST may be the only organization who can clearly navigate the agency mapping for all hands involved public or private. Now that the Dept. of Commerce is in on the game it does not necessarily DHS has stepped out to the exclusion of the matter. DoD heralds are ever present to the start up interests of most Silicon Valley ventures. There was no short attendance of "useful people" embracing parts of the NSTIC behemoth and providing amenity.
Identity ecosystem proponents for interagency business and CEO's with track records for nationalized encryption all seemed to be trolling for federal subscribers, optimistic about gaining the United States government as an adopter or customer. Globalists were also represented to idealize the prospect for the US government to become the leader in international Net gatekeeping.
There isn't doubt towards the ability of NSTIC parts and systemic counterparts ability to perform good things. What is dubious is why we are doing this, the true relevance of NSTIC and who pays to sustain that system.
According to Lucky Green, a security consultant, the base purpose of the program would provide elementary authentication services to the public via the US Government.
BTC: "Do we need the government to do that?"
Lucky: "HELL NO!"Some of the more unfortunate conclusions drawn are that NSTIC's identity driven data is a source of commerce. The prospect may be evolving that US government wants their own identity driven apparatus which culls information like Facebook's social network. NSTIC definitely has that megalomaniacal feel of a regular Dept. of Defense funded start-up combined with a democratically led entitlement program. Where the money comes from for such a grandiose, "global" national identity system matters.
The last question asked of the NSTIC panel went to the matter of its federal budget. Members of the panel answered irritably towards presumptive evidence of said Sasquatch-like budget for the NSTIC program.
No one has shown us the money yet. We will keep you posted when numbers materialize.