Administration Releases Strategy to Protect Online Consumers and Support Innovation and Fact Sheet on National Strategy for Trusted Identities in Cyberspace
The Identity Ecosystem will provide more security for consumers; it will also provide better privacy protections. Today, a vast amount of information about consumers is collected as they surf the Internet and conduct transactions. How organizations handle that information can vary greatly, and more often than not, it is difficult for consumers to understand how their privacy will (or will not) be protected. T
he NSTIC seeks to drive the development of privacy-enhancing policies as well as innovative privacy-enhancing technologies to ensure that the ecosystem provides strong privacy protections for consumers.
A PLATFORM FOR SECURITY, PRIVACY AND INNOVATION
- Choose whether or not to participate at all: participation is optional.
- Choose one or more different identity providers: the Strategy envisions a vibrant marketplace that provides individuals with choices among multiple identity providers—both private and public.
- Choose between different types of credentials: individuals will be able to choose credentials that meet their needs, including smart cards, cell phones, keychain “fobs,” one-time password generators, and, undoubtedly, secure solutions that have yet to be invented.
- Choose when to use a credential: if people want to use cyberspace without a credential in ways that don’t require authentication, like browsing or blogging anonymously, they can do so at any time.
- Choice drives competition and innovation —and will result in a thriving market of diverse solutions to fit different individuals’ needs.
There are a number of different ID providers that can issue credentials that validate this information. Millions of individuals can now use his Web site without having to share extra personal information or even set up accounts with Juan's company. This saves his customers time, increases their privacy and confidence, and saves Juan money.
- Participation in the Identity Ecosystem will be voluntary: there is no requirement that any individual obtain a credential.
- The envisioned Identity Ecosystem will be grounded in the implementation of the full set of the Fair Information Practice Principles (FIPPs) in order to provide multi-faceted privacy protections. The privacy rules must address not only the circumstances under which participants in the Identity Ecosystem may share information but also the kinds of information that they may collect and how that information is managed and used.
- Although individuals will retain the right to exchange their personal information in return for services they value, these protections will provide a default level of privacy and will enable individuals to form consistent expectations about the treatment of their information within the ecosystem.
- A FIPPs-based approach will also promote the adoption of privacy-enhancing technical standards. As envisioned by NSTIC, such standards will minimize the ability to link credential use among service providers, thereby preventing them from developing a complete picture of an individual’s activities online.
- Identity solutions will provide secure and reliable methods of electronic authentication. Authentication credentials are secure when they are issued based on sound criteria for verifying the identity of individuals and devices; resistant to theft, tampering, counterfeiting, and exploitation; and issued only by providers who fulfill the necessary requirements.
- Credentials are resilient when they can recover from loss, compromise, theft—and can be effectively revoked or suspended in instances of misuse. Another contributor to resilience is the existence of a diverse environment of providers and methods of authentication.
- Interoperability encourages service providers to accept a variety of credentials and identity media, similar to the way ATMs accept credit and debit cards from different banks.
- Interoperability also supports identity portability: it enables individuals to use a variety of credentials in asserting their digital identities to service providers. Finally, the interoperability of identity solutions envisioned in the Strategy will enable individuals to easily switch providers, thus aligning market incentives to meet individuals’ expectations.
- Individuals, businesses, organizations, and all levels of government will benefit from the reduced cost of online transactions: fewer redundant account procedures, a reduction in fraud, decreased help-desk costs, and a transition away from expensive paper-based processes.
- Convenience. Individuals will be able to conduct their personal business online with less time and effort.
- Privacy. Individuals’ privacy will be enhanced.
- Security. Individuals can work and play online with fewer concerns about identity theft.
- Innovation. The Identity Ecosystem will provide a platform on which new and more efficient business models will be developed—just as the Internet itself has been a platform for innovation. It will also enable organizations to put new services online, especially for sectors such as healthcare and banking.
- Efficiency. Online transactions will be practical in more situations. The private sector will have lower barriers to customer enrollment, increased productivity, and decreased costs. Cross-organizational trust will provide businesses with exposure to a large population of potential customers they might not otherwise reach. Not only is there potential access to new customers, the traditional barriers associated with customer enrollment can be eliminated, reducing a friction that prevents potential customers from using a service.
- Trust. Trusted digital identities will allow organizations to better display and protect their brands online. Participants in the Identity Ecosystem will also be more trusted, because they will have agreed to the Identity Ecosystem’s minimum standards for privacy and security.
- Constituent Satisfaction. The Identity Ecosystem will enable government to expand its online services in order to serve its constituents more efficiently and transparently.
- Economic Growth. Government support of the Identity Ecosystem will generate innovation in the marketplace that will create new business opportunities.
- Public Safety. Increasing online security will reduce cyber crime, improve the integrity of networks and systems, and raise overall consumer safety levels. Enhanced online trust will also provide a platform to support more effective and adaptable response to national emergencies.