Friday, October 5, 2012

NIST grantmaking evades privacy, steering accountability for online ID initiative

WASHINGTON - Government and business interests amid an NIST steering committee nearly uprooted public interest group representations the week NSTIC grants were awarded to contractors to retrofit government issue ID for smartphones and other privacy troubled devices.

According to reports, pilot programs would use national identity articles, like passports, and US drivers licenses online and in smartphones. Grants were awarded to companies like AAMVA, Microsoft, ATT and Daon. The Daon project would port an electronic version of passports, using biometrics, for use on smartphones to cross international borders around the world. While Privacy and Civil Liberty councils remained intact after the struggle, it became apparent privacy and most public interest considerations were marginalised.

 “The IDESG [had] nothing to do with the appropriations. That comes 100% from the NSTIC NPO. I, nor anybody else involved in the IDESG had any say in who got money. We haven’t seen anything other than what’s online. They’re government grants, and they report exclusively to the NSTIC NPO,” said Aaron Titus, Privacy Management Council on NSTIC’s Identity Ecosystem Steering Group [IDESG].

While privacy interests remained intact, the steering group appeared to be uninformed and ineffectual towards grant initiatives to port national identity articles online and onto mobile devices.

“NIST failing to inform a public interest steering committee of plans to fund and implement pilots using bonafide identity articles live online is a complete breakdown in an accountability process considering privacy impacts. This steering committee was almost eviscerated come time to award grants to a national ID program online. This is a heavy indicator that NSTIC is going to run counter to the public interest of privacy and civil liberty and should not be ignored,” says Sheila Dean, spokesperson for the 5-11 Campaign, a national identity watchdog group.

Titus was later asked about grantmaking for privacy and public awareness campaigning of the NSTIC initiative. He cited privacy standards tend to be an “ivory tower” as businesses and governments fail to measure up.

“Because [NSTIC] is voluntary, nobody would implement it. Instead, they’d all run away and do their own thing,” said Titus who indicated a “waste of time” on the part of the government to better inform the public of the program and its impacts to privacy for its intent.

The NSTIC program is a voluntary White House online initiative for online technology users and the private sector modeled closely to FICAM, a standardized identity credentialling program using Smart Cards and biometric credentials for access to federal facilities. It is administered by NIST, DHS and The US Department of Commerce.


No comments: