The U.S. government is proposing an identity-authentication system for the Web, aiming to streamline government operations online and strike down one of the biggest hurdles that keeps people from trusting Internet shopping sites and other such services.
Commerce Secretary Gary Locke has created a new office within his department to oversee the development of "the National Strategy for Trusted Identities in Cyberspace." A final draft of the strategy has yet to be released, but it essentially involves partnering with public- and private-sector institutions - such as universities and banks - to give users a single account that would allow them to interact with multiple websites and government services online. This means users wouldn't have to keep track of a long list of usernames and passwords for various accounts.
Although some critics attacked the proposed system as a potential tool for more government data collection and citizen monitoring (the Department of Homeland Security is a partner in the project), the impetus appears to be largely financial. The strategy is intended both as a way to save money for the U.S. government by not requiring individual agencies to design and maintain their own identity-authentication mechanisms, and to give users more faith in the trustworthiness of online commerce.
"The reality is that the Internet still faces something of a 'trust' issue," Mr. Locke said last Friday in a speech in Stanford, Calif. "And it will not reach its full potential until users and consumers feel more secure than they do today when they go online."
For the plan to work, the government needs to develop partnerships with companies and institutions that collect information for identification purposes.
"There is a growing consensus inside and outside government that it is nice to have more than one [online]credential, but you don't want infinite credentials," said Mary Ruddy, founder of Massachusetts-based identity management software firm Meristic Inc.
"You already see some sites taking Facebook credentials or Google IDs. This concept is already out there in the wild, so to speak."
Although the proposed system would see the government act much more as an authenticator than collector of identities, Mr. Locke was quick to stress the voluntary nature of the program.
"Let's be clear. We are not talking about a national ID card. We are not talking about a government-controlled system," he said.
One of the most difficult aspects of the proposed system is the wide spectrum of identification levels on the Internet. For example, the U.S. National Institutes of Health carries general health information online that people can access by logging in with the most basic of information. But for other areas, such as clinical trials or grants, the agency requires much more stringent identity verification.
The concept of a government-aided identity authentication program may strike some observers as detrimental to user privacy and anonymity, but it could ease improvements in those areas. Many private-sector identity companies have touted such programs as a way for Web users to provide only as much information as needed for a specific task - for example, letting their government representative know they live in the politician's district, or confirming that they are old enough to buy alcohol, without giving any more personal information away.
"You should be able to say you're eligible for a senior citizen's discount without having to give away your name and address," said Kaliya Hamlin, a user identity expert and founder of the Identity Woman blog.