The United States Department of Commerce held a press conference this morning to announce the National Strategy for Trusted Identities in Cyberspace--or NSTIC for short. The initiative is a partnership between the government and the private sector to improve online security and strengthen consumer confidence in the Internet.
Commerce Secretary Gary Locke presented the NSTIC at a press conference this morning. The initiative is a broad strategy to enhance the security of online transactions with the United States government playing the role of facilitator.
The press conference included a variety of stats and figures to paint the picture for why such a public / private partnership is needed. The Internet is the backbone of an estimated $10 trillion in online business each year. Consumers pay bills online, buy movies and music, and order just about anything imaginable from sites like Amazon and eBay.
But, proving who you are online is a difficult task, and usernames and passwords have failed time and time again to provide adequate protection. More than eight million adults were victims of fraud or identity theft in 2010 just in the United States. The damage from identity theft in 2010 alone is estimated at $37 billion.
In spite of years (and years) of security experts repeating the mantra to use more secure passwords, and trying to educate users on stronger password security, it has been revealed time and time again that passwords are still one of the weakest links in the chain. The Rockyou password breach in 2009, and the Gawker breach a year later both illustrate just how pervasive weak passwords remain.
Michael Barrett, Chief Information Security Officer of PayPal, supports the initiative. "We have consistently advocated that trustworthy online identity is a key component of a healthy Internet ecosystem. PayPal will be offering more services to our customers over the coming months that directly support the NSTIC, which we expect will result in many new benefits to both our customers and the Internet overall."
Locke pointed out that many other nations are approaching the problem of online identity and security by implementing some form of national ID card. Locke states, "We don't think that's a good model, despite what you might have read on blogs frequented by the conspiracy theory set," adding, "Having a single issuer of identities creates unacceptable privacy and civil liberties issues. We also want to spur innovation, not limit it."
Scott Charney, Corporate Vice President for Microsoft, also has some praise for the government strategy. "Microsoft supports the NSTIC vision for a citizen centric privacy enhanced identity ecosystem. Creating this ecosystem will provide citizens with a variety of choices for authenticating their identity online while helping to protect their security and privacy. Realizing this vision brings us closer towards a safer, more trusted Internet."
At this point, NSTIC is just a strategy...just a vision. Now, the door is open for private sector entrepreneurs and innovators to develop the ways to execute that strategy.