Aug 13 2010   12:57PM GMT

The feds’ identity ecosystem will include national identity cards

4Laura Laura Smith Profile: 4Laura

The U.S. government is increasing its efforts to identify, authenticate and authorize people online. This month it’s releasing a draft of a Strategy for Trusted Identities in Cyberspace proposal that includes promoting a “national identity ecosystem,” in which one option will be national identity cards. Legislators are looking the draft over, but the plan is far along — and, some would argue, comes none too soon.

“Cyberspace — the interdependent network of information technology components that underpins many of our communications — is a crucial component of the nation’s critical infrastructure,” the draft states. “The nation faces a host of increasingly sophisticated threats against the personal, sensitive, financial and confidential information of organizations and individuals.” It then delivers sobering numbers: In 2009 the Internet Crime Complaint Center, or IC3, website received 336,655 complaints, up 22.3% from 2008. The total dollar loss from all the cases referred in 2009 was $559.7 million, up from $264.6 million in 2008.

According to the draft strategy, cybercriminals exploit weak identity solutions for individuals, websites, email and the infrastructure that connects to the Internet. And by “weak,” the draft means passwords. This should come as no surprise to CIOs grappling with federated identity and single sign-on for managing identities in their hybrid cloud environments. It will be worth watching the evolution of a national identity ecosystem based on industry standards and backed by a partnership of private and public enterprises. In it, identity would be authenticated in a variety of ways and on various devices. Stay tuned to next week to learn more.

The potential for national identity cards scares the dickens out of regular folks who fear Big Brother and don’t realize what a big problem cybercrime is. The more than 10 million Americans who are victims of identity theft each year each can spend as much as 130 hours reconstructing their identities (credit rating, bank accounts, reputation, for example) following an identity crime, according to the Federal Trade Commission. But the financial risk for businesses and indeed, the national GDP, is alarming — and is heightened by the fact that we lack enough jurisprudence to figure out who is responsible for a business loss caused by a cyber event. That problem is being explored on this week and next.

The aggregation of network infrastructures with open APIs, the greater numbers of businesses using cloud services, the sheer amount of information and the nature of that data — all pose enormous risks, said Drew Bartkiewicz, senior vice president of technology and new media markets for The Hartford Financial Services Group in New York. “You talk about credit card data. . . . That’s so 2000,” he said. “Companies’ forecasts, people’s social reputations — whether they’re part of a gun group or are surfing a dating site when they’re married — all that data is becoming grounds for information malpractice,” he said.

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • ENII
    If a person's national identity card, presumably to be used everywhere, gets compromised, what then? And how long would it take before the person gets their identity back? And what do they do in the meantime? Anyone who is convinced that an identity system cannot be compromised is deluded.
    0 pointsBadges:
  • Bfedorko
    Given advanced, persistent threats, and the lack of defense inherent in Zero-Day exploits, every internet-facing system is vulnerable. this problem is compounded when using 'The Cloud' (read as: leased servers), as The Cloud may be a conglomerate, including off-shored data centers. An ID card will not improve security, save promoting a good 'feeling' that the security posture is enhanced. However, It does present a nice, standard platform for those with curious, or malicious intent to focus on. The big story here is attaching actionable authentication to activity on the internet. This can be exploited for marketing and trending at best - Silencing and exploitation at worst. Remember, the internet is not a computing platform, or a point of sale machine - It is simply a communications infrastructure. When enough is done to stifle, limit, and/or intimidate users, they will simply move to another framework, like Darknet. There are many highly effective ways to secure business online without mandating licensing. Most companies only need to choose one and use it.
    60 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: