Friday, April 15, 2011

REDUX: Obama moves forward with Internet ID plan, NSTIC

"A 55-page document (PDF) released by the White House today adds a few more details to the proposal, which still remains mostly hazy and inchoate. " 
- More at Privacy Inc. c/o CNET.com
BTC-  NSTIC's stated aims are to provide better consumer protections against online identity theft because "passwords are broken" and to increase American economic efficacy in the online and world marketplaces.

Highlights from today's press conference featured Sen. Barbara Mukulski's work on NSTIC's piece of the cybersecurity budget and pricing to initiate the program at $25 million in taxpayer seed money. According to Andy Ozment, White House Director of Identity Management, a budget is available from the Dept. of Commerce for FY 2012.  NIST's Senior Advisor of ID Management stated that some of the NSTIC proposal structure was inspired by the Department of Defense's use of CAC cards, a smart ID card for government beneficiaries.  According to Ozment, there was no connection to legislative efforts on the Hill and the direction the NSTIC program.

Here are some examples of breaking Homeland Security and cyber privacy legislative actions this week.
DHS stated that it was proud to join the Chamber of Commerce on the NSTIC effort as it continues coordination between agencies.  The security credential was inarticulately explained to an HHS audience member asking how NSTIC would be utilized for patients medical records and data handling on an International scale. While it was repeatedly stated that NSTIC plans to be private sector led, one panelist made it known that government would be,"the longest pole in the tent".  Individual's state-to-federal use of the NSTIC credential was likened to online ID encryption used by Universities.  Part of its economic strategy would affect foreign trade policy standards, with clear intent to steer International identity credentials for Internet use. CDT's, Leslie Harris and NIST were among many who vociferously challenged the prospect of the US government's new "identity ecosystem" as a national ID card program.

Meanwhile, Florida may be an early adopter of US online identity credentials and standards, as they are swiftly moving SB 1150 through the legislature.  Online authentication may be available to add to drivers licenses as soon as January 1, 2012.  Florida is also in the process of adopting Real ID compliant standards for their licenses.

Workshops, pilot programs and efforts to gather stakeholder input to implement the NSTIC program are planned for 3-5 years.


Here's second life for news that matters:  
"The administration claims participation in the identity ecosystem will be entirely voluntary and users can choose to remain anonymous online. But privacy and civil rights advocates are sure to be concerned over what could be viewed as an attempt to create a type of digital ID card." - Hillicon Valley 

With passwords "broken," US rolls out Internet identity plan

White House To Release Final Trusted Identity Plan
c/o Information Week

Commentary by Kevin Gosztola at Op-Ed News:
"Finally how appropriate is it that this plan is being unveiled at the US Chamber of Commerce? As reported by ThinkProgress in February, the US Chamber of Commerce communicated with private contractors that provide cybersecurity services to the US government -- HBGary Federal, Palantir, Berico Technologies. It discussed with these cybersecurity service providers how ChamberWatch, the SEIU, MoveOn, ThinkProgress and other groups could be targeted and proposed efforts "to steal private computer information, spy on the families of the Chamber's critics, and plant false documents within organizations opposed to the Chamber's agenda." (These same companies were also discovered to have developed plans to help Bank of America by sabotaging WikiLeaks through similar tactics."  :::MORE HERE:::

WHO'S ON BOARD:

CA Technologies Champions White House Initiative to Create "Identity Ecosystem" [Kantara Initiative]

Northrop Grumman, Microsoft, CA Technologies and CertiPath Participate in National Strategy for Trusted Identities in Cyberspace Announcement

2 comments:

Ben Stein, NIST said...

We would like to make a couple of factual corrections to your post.

Your post says:
NIST's Senior Advisor of ID Management stated that some of the NSTIC proposal structure was inspired by the Department of Defense's use of CAC cards, a smart ID card for government beneficiaries.

Fact: NIST's Jeremy Grant never stated the CAC was for government beneficiaries. It’s not: it is for DoD employees, including soldiers. And it was an example of how using stronger authentication technologies can reduce network intrusions – in this case, DOD cut their intrusions by 46%.

Your post also states:
While it was repeatedly stated that NSTIC plans to be private sector led, one panelist made it known that government would be, "the longest pole in the tent".

Fact: Jeremy said “governance,” not “government” – and there is a big difference between the two. The panel talked extensively about the need to set up the right governance structure as NSTIC moves forward.

Thank you. The NSTIC website which contains more information and the full text of the strategy is at http://www.nist.gov/nstic

Beat The Chip said...

On the CAC cards - families members of retired service as CAC card users are not soldiers themselves. They are considered government beneficiaries by right.

In terms of governance - you'll have to articulate for the public the difference between public-private industry specific terminology in nuance and the general term governance if you intend to sport a correction.

Wikipedia spotlights the colluded puddle that is "governance" terminology. http://en.wikipedia.org/wiki/Governance