US government proposes singular Internet identity plan

The United States Chamber of Commerce (USCC) proposed a plan at an event earlier today to create a secure Internet identification system. The plan hopes to eliminate the current status quo—currently multiple passwords and usernames, or even the same username and password—that are easy to guess and to be stolen. The plan stressed that this strategy is not a national Internet ID card, that it's completely voluntary, and will be run by private sectors.

"By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation," President Barack Obama said in a statement from the White House.

The plan, titled National Strategy for Trusted Identities in Cyberspace (NSTIC), was first drafted in January of this year. Much hasn't changed since the first iteration of the plan, though Arstechnica points out that there is an even stronger emphasis on the aforementioned fact that it will be run by private sectors and be a voluntary service.

As the White House puts it, "consumers who want to participate will be able to obtain a single credential—such as a unique piece of software on a smart phone, a smart card, or a token that generates a one-time digital password" that would allow them to login to any website "with more security than passwords alone provide."

Password have certainly proven to be susceptible to breach, especially recently. In mid-December of 2010, Gawker Media suffered a security breach that exposed more than one million of its registered users' usernames, email addresses, and passwords.

The plan, while promoting security in respect to one's identity, is also aiming to help businesses build viable commerce online. The White House outlines that a small business without the funds to create its own login system online "would be able to avoid the cost" and "could more easily take its business online." In fact, Bloomberg reports that the United States government plans to spend more than $56 million "on technology aimed at safeguarding the online marketplace" including the NSTIC.

You can read the entire strategy on the White House website or by clicking here.

Report a problem with article
Previous Story

APNIC reaches final phase of IPv4 allocations

Next Story

Google denies filtering Microsoft related searches

68 Comments

Commenting is disabled on this article.

What happened to my post?

I was agreeing with v1ewer about the US Chamber of Commerce NOT being a goverment entity.

Why can't people figure that out and understand that this US Chamber of Commerce is all about priviate business. Anything to help them get things side in their's and their members interest.

I was about to say the same thing. The US Chamber of Commerce is NOT a Goverment entity. Get that straight people!!!

Now you know why this entity would propose such a thing.

USCC is not a US government regulation/control/policy agency, like the CDC, EPA, etc, but a private, business-only, commercial entity/lobby group, which supports/promotes/defends only big business/corporation interests:
http://www.uschamber.com/
notice the ".com" suffix instead of ".gov", which is the USA government official domain.
Now ask yourselves why do these people want a unified net ID?
And I thought it was obvious, and that every1 got it... ;-)
See Wikipedia for more info:
http://en.wikipedia.org/wiki/U..._States_Chamber_of_Commerce

v1ewer said,
USCC is not a US government regulation/control/policy agency, like the CDC, EPA, etc, but a private, business-only, commercial entity/lobby group, which supports/promotes/defends only big business/corporation interests:
http://www.uschamber.com/
notice the ".com" suffix instead of ".gov", which is the USA government official domain.
Now ask yourselves why do these people want a unified net ID?
And I thought it was obvious, and that every1 got it... ;-)
See Wikipedia for more info:
http://en.wikipedia.org/wiki/U..._States_Chamber_of_Commerce

The US Chamber of Commerce cannot be trusted to do ANYTHING to benefit anyone but big business. You can bet they have some ulterior motive behind this initiative that screws the average citizen.

As the internet has proven countless times before, no matter how secure something gets, someone will find a way to bypass the security. Unless they some back up plan in the case of a security breach, there could be an online identity crisis. Other than that, this is a very secure plan and could potentially work.

If there's one thing anyone should know about marketing & politics, it's not to believe everything you're told. If this nat'l ID is good for biz, ask yourself why. If the gov likes the idea, again why? In this case because the Chamber of Commerce & the White House are agreeing -- maybe for the 1st time -- why? The Chamber of Commerce is a private organization to help, i.e. lobby for biz, for companies whose primary concern is to get you to buy their products/services. The White House is the 2012 election campaign annex [headquarters in Chicago], that for the past couple of years has been focused on helping major donors & special interest groups like the unions. Neither has a record of helping out the average person, though there's always been plenty that they wanted to sell you -- plenty that they wanted you to give them. It also can't hurt to consider the companies behind this, those publicly calling it a great idea like Microsoft, even though no one has revealed any details like how this nat'l ID would be set up, the mechanics of how it would work. Without knowing the motives of all involved, & without some obvious, glaring need to solve some really important problem, people are going to be very wary, & they should be. The White House & the Chamber expect it, or they wouldn't add every few sentences that yeah, did we mention it was voluntary & private. It's step one of a sales pitch, an invite to negotiation.

Large numbers of people have & will comment on how they expect the worst motives & outcomes -- that's the other side of the negotiation, the opening bid or offer. You may or may not agree but you should be thankful for the dissenting voices -- they're the surest way to make sure the gov's actual implementation is better thought out & perhaps more than an unchallenged power grab... like any living organism government lives to expand its numbers, & one way to do that is to expand its territory, its power. Unfortunately debate will probably get ugly, FWIW... The current US admin. has made it common practice, tried to make it acceptable to atack the messenger rather than the message -- a move that has helped further divide the nation because a large segment of society doesn't buy that at all. Again unfortunately, those in the middle who actually want to discuss & debate the issues, to talk about the pros & cons are in danger of being drowned out by personal attacks coming from extremes on both sides.

TechJunkie81 said,
The Gov't isn't in it, do you have trouble reading ?

It hasn't been implemented yet -- we've heard the 1st sales pitches but that's it. Can't say the gov's involved in running it or not, nor can anyone say with certainty that the gov won't find a need to regulate & thus take over whatever is implemented, if it ever is. BTW, attacking those you disagree with rather than their arguments, i.e. questioning their ability to read, might just be what the gov's counting on. ;-)

Stupidist Idea i've heard yet. how about we have ALL POLITICIANS FROM ALL POLITICAL STRIPES KEEP THEIR AGENDAS AND IDEAS OF THE INTERNET TO THEMSELVES. sorry for the shout but this needs to be said!

It's funny how people don't trust the government but are happy to put their faith in companies like facebook who have stellar record of protecting end user rights and privacy

Melfster said,
It's funny how people don't trust the government but are happy to put their faith in companies like facebook who have stellar record of protecting end user rights and privacy

But you can sue a private company and win!!!!

I don't want my freaking tax dollars (yes, you know as a business owner) wasted on such a stupid system that will ONE day be used against me.

I say the gov should stay out of it all together, no funding nothing, let private industry do it on its own if it doesn't work then something must be wrong with it that someone else can fix...

whats next the gov saying we need to make one operating system because more then 2 is too many and incompatable.... and to confusing for the public?

daddy_spank said,
It is completely voluntary and is run by private sector. if you dont like it, dont use it.

I think what bothers many people is the way the word voluntary keeps cropping up in their sales pitches, maybe together with the way the gov is involved in pitching the idea. If it's a purely private initiative, like say Microsoft's or Facebook's IDs, why not just do it & run your ads & so on? I don't recall Microsoft or Facebook *ever* using the word voluntary when they tried to get you to sign up -- I mean of course it's voluntary. Nor has the prez been their spokesman. In a nutshell maybe it's the worst sales campaign ever or there's something important they're leaving out -- have you ever seen a Chevy ad that tells you that you don't of course have to buy a Chevy? ;-)

mikiem said,

Nor has the prez been their spokesman. In a nutshell maybe it's the worst sales campaign ever or there's something important they're leaving out -- have you ever seen a Chevy ad that tells you that you don't of course have to buy a Chevy? ;-)

I know everyone loves to compare everything to cars in America but I'm not really seeing the similarities between having a secure identity login solution and buying a car.

Target just called. They want their tinfoil back. What a bunch of paranoid .....s, with their panties all in a bundle!!!

You do understand what the word voluntary means, right?!

"though Arstechnica points out that there is an even stronger emphasis on the aforementioned fact that it will be run by private sectors and be a voluntary service."

Note: I'm not saying the plan is good or bad, just that no one would force you to use it. You know, kind of like the health care plan.

Take a deep breath, people, and come out of your safe room. More choices are a good thing.

COKid said,
Target just called. They want their tinfoil back. What a bunch of paranoid .....s, with their panties all in a bundle!!!

You do understand what the word voluntary means, right?!

"though Arstechnica points out that there is an even stronger emphasis on the aforementioned fact that it will be run by private sectors and be a voluntary service."

Note: I'm not saying the plan is good or bad, just that no one would force you to use it. You know, kind of like the health care plan.

Take a deep breath, people, and come out of your safe room. More choices are a good thing.

I have to agree, it amazes me the amount of negativity to change and progression I see on the Internet these days. One login and password would make things so much easier for me, I have logins across various sites and I would like to change the passwords every 30 days but it's too much bother. A single login ala MS Passport across all sites is simple progress towards the future (it makes no sense to have more than one login to access secure information).

Securid's or other 2 factor authentication could be used to buck up the encryption. It's certainly something I'd be willing to invest in.

COKid said,
Target just called. They want their tinfoil back. What a bunch of paranoid .....s, with their panties all in a bundle!!!

You do understand what the word voluntary means, right?!

"though Arstechnica points out that there is an even stronger emphasis on the aforementioned fact that it will be run by private sectors and be a voluntary service."

Note: I'm not saying the plan is good or bad, just that no one would force you to use it. You know, kind of like the health care plan.

Take a deep breath, people, and come out of your safe room. More choices are a good thing.

Everything was voluntary at one time or another.

Car Insurance? Guess what, Mandatory Now!
Health Insurance? Guess what, Mandatory Coming Up

etc
etc

Seat belts? Mandatory.
Pasteurization for milk? Mandatory.
Warning labels on cigarettes? Mandatory.

Still doesn't have a damn thing to do with an optional username/password system that's not even government controlled... waaaaait a minute, I wonder if Big Bro got to OpenID too?

What about enforcement? "They" can't even stop people from downloading things they shouldn't be, how are "they" going to tell?

About as reasonable as a mandatory RFID implant.

COKid said,
Target just called. They want their tinfoil back. What a bunch of paranoid .....s, with their panties all in a bundle!!!
Note: I'm not saying the plan is good or bad, just that no one would force you to use it. You know, kind of like the health care plan.
Take a deep breath, people, and come out of your safe room. More choices are a good thing.

Those comments are *exactly* what have many people worried. Personal attacks combined with statements of impartiality & more ridicule. Note that nothing is said about *why* this is a good idea -- only that opposing it is bad. Whenever this tactic has been used it's been by someone or some group promoting their own self interest -- not mine, & not anyone else's.

I'm not gunna get technical and just be layman about this. This is a bad idea. The idea if solely used for that purpose is okish but we all know the use will be expanded. And with no one safe from hacking in any government sector at the minute your expected to trust them with you, golden key. No thanks. Whats wrong with just people using credit card and not having it saved to the site. Same thing really.

It starts off voluntary, until they persuade the major companies like Microsoft/Google/Etc to use (tax breaks, etc) and then all of a sudden we'll be stuck HAVING to use it, and in the end they'll end up making it mandatory.

Then the government will be able to track everything you do!

Bought something off eBay in the past? Tax free
Buy something off eBay in the future with this crap? You're going to get tracked down and taxed (because that WILL pass).

I'd say I hope we as Americans are smart enough to realize that this is a HORRIBLE IDEA but then again, we have idiots who voted Obama in...sigh

Tech Greek said,

Bought something off eBay in the past? Tax free
Buy something off eBay in the future with this crap? You're going to get tracked down and taxed (because that WILL pass).

No, it is not tax free. You are breaking the law.

Seems like half the comments are from people who aren't even reading the article past the title. "The plan stressed that this strategy is not a national Internet ID card, that it's completely voluntary, and will be run by private sectors." Loosen the tin foil hats a tad guys.. cutting off circulation to the brain.

Jen Smith said,
Seems like half the comments are from people who aren't even reading the article past the title. "The plan stressed that this strategy is not a national Internet ID card, that it's completely voluntary, and will be run by private sectors." Loosen the tin foil hats a tad guys.. cutting off circulation to the brain.

+1
what she said

Jen Smith said,
Seems like half the comments are from people who aren't even reading the article past the title. "The plan stressed that this strategy is not a national Internet ID card, that it's completely voluntary, and will be run by private sectors." Loosen the tin foil hats a tad guys.. cutting off circulation to the brain.

None the less, its a completely retarded idea.

SpeedyTheSnail said,
None the less, its a completely retarded idea.

No arguments there. Not a fan of keeping everything in one place. Shoot I don't even put that sort of stuff on my phone. Long as its an optional, not the "big brother" conspiracy that some are talking about.

Jen Smith said,

No arguments there. Not a fan of keeping everything in one place. Shoot I don't even put that sort of stuff on my phone. Long as its an optional, not the "big brother" conspiracy that some are talking about.

Indeed

Jen Smith said,
Seems like half the comments are from people who aren't even reading the article past the title. "The plan stressed that this strategy is not a national Internet ID card, that it's completely voluntary, and will be run by private sectors." Loosen the tin foil hats a tad guys.. cutting off circulation to the brain.

Sure until they go "Yeah, well the system works! Were going to make it mandatory now" once everyone is used to it

UN1X said,

Sure until they go "Yeah, well the system works! Were going to make it mandatory now" once everyone is used to it


Exactly. Make no mistake, it's a first step.

Jen Smith said,
Seems like half the comments are from people who aren't even reading the article past the title. "The plan stressed that this strategy is not a national Internet ID card, that it's completely voluntary, and will be run by private sectors." Loosen the tin foil hats a tad guys.. cutting off circulation to the brain.

OK, if it's going to be run privately, why was the White House involved at all? The prez didn't come out & do a PSA when the grocery store brought out their shopper cards, pretty sure he hasn't done a promo for Facebook or Microsoft IDs, & best I recall haven't seen him doing any ads for Google. Of course if you can't or don't want to attempt answering those sorts of questions you can always take the ridicule route... hey, I bet that's what the tinfoil comment was about! ;-)

NO system is completely secure, it's just a government grab at your stuffs.

If this doesn't get swatted down, say bye to your free land of internets

More over, Gawker Media should have encrypted + encoded their database.
That's just irresponsible and there should have been a class action law suite agains them. Anyhow, this is no excuse for a one stop shop governments ordained internet ID system.

Brian Miller said,
More over, Gawker Media should have encrypted + encoded their database.
That's just irresponsible and there should have been a class action law suite agains them. Anyhow, this is no excuse for a one stop shop governments ordained internet ID system.
Rest assured, the government will make sure it's super-duper secure! They'll assist synergistic entrepreneurs connect to the cloud transparently.

Brian Miller said,
The fact is the internet has hurt the government.
Also, do they not know the internet is international?

There are a lot of things he doesn't know...

As seta-san said it might be for IRS audit, but i know numerous people who sell things on Ebay and don't file taxes on it, and I'm not talking a couple hundred dollars, several thousands should have to pay taxes on it like others that do, it is just fair.

ShiFteDReaLitY said,
As seta-san said it might be for IRS audit, but i know numerous people who sell things on Ebay and don't file taxes on it, and I'm not talking a couple hundred dollars, several thousands should have to pay taxes on it like others that do, it is just fair.

but if you bought the stuff in the first place and paid taxes on it then shouldn't that be enough!
double taxations is a load of bull!

Windows7even said,

but if you bought the stuff in the first place and paid taxes on it then shouldn't that be enough!
double taxations is a load of bull!

Welcome to Canada

Yes, one account to be compromised, as apposed to several.....that you would be entering frequently on a computer...that is attached to you through the government... Good idea!

This just opens up the possibility for people to get hacked easier, lets put everything in one place and make it easier.

Personally I prefer having everything PERSONAL unlinked. Volentary or not, if enough people use it then it no longer is voluntary, more like a nessescity.

They explicitly stated it would be voluntary and run by the private sector. If people still think there's some sinister trap despite that...

Personally, I think such a service would be cool.

Seizure1990 said,
They explicitly stated it would be voluntary and run by the private sector. If people still think there's some sinister trap despite that...

Personally, I think such a service would be cool.

In the modern age, it can be "run by the private sector" and yet become a mandatory monopoly for the consumer because the few sites everyone uses can collude to require this "feature". They'll argue "Well, use of our site is voluntary". Which arguably it won't be true in fact if it's Amazon, etc.

Seizure1990 said,
They explicitly stated it would be voluntary and run by the private sector. If people still think there's some sinister trap despite that...

Personally, I think such a service would be cool.


Private sector != no government involvement or access when the government is setting it up...

Yeah...umm...no, I think not. First, one golden "key" to hack for total identity compromise. Second, does anyone, of any political persuasion, trust the government...any government...that much?

Hurricane Andrew said,
Yeah...umm...no, I think not. First, one golden "key" to hack for total identity compromise. Second, does anyone, of any political persuasion, trust the government...any government...that much?

I think ID cards with RSA chips on them (that require a password/PIN) are pretty secure. The keys never leave the card, and the only point if failure is having the card password... AND physical access to the card.

In spain we have a chip embedded on our ID cards and it's quite useful for some stuff. (Like anything involving banks. )

Julius Caro said,

I think ID cards with RSA chips on them (that require a password/PIN) are pretty secure. The keys never leave the card, and the only point if failure is having the card password... AND physical access to the card.
In spain we have a chip embedded on our ID cards and it's quite useful for some stuff. (Like anything involving banks. )

Except for the fact a few weeks ago RSA got hacked and they lost their private key.

Julius Caro said,

I think ID cards with RSA chips on them (that require a password/PIN) are pretty secure. The keys never leave the card, and the only point if failure is having the card password... AND physical access to the card.

In spain we have a chip embedded on our ID cards and it's quite useful for some stuff. (Like anything involving banks. )

That has long been hacked. PIN is stored in the card, thats why you can change it at any terminal...even if the store has no internet/phone connection.