Tweet Cybersecurity

Online Trust Takes More Than Mom’s Maiden Name

How many websites do you shop? How many passwords do you have for your various online accounts? How many times have you used your mother’s maiden name, your place of birth or some other piece of personally identifiable information to verify your identity in a transaction?

Quite a few, I would guess, and therein lies a challenge. The most common ways of verifying who you are online — so you can access your accounts, buy things or use services — leave behind trails of breadcrumbs that savvy criminals can follow and collect until they have enough information to assume your identity. Addressing this problem is critical to support the continued growth of e-commerce, enhance cybersecurity and protect personal privacy — all goals vital to the interests of consumers, businesses and the country as a whole.

The Obama administration took a critical step forward last summer when it unveiled a draft National Strategy for Trusted Identities in Cyberspace (NSTIC), which articulated a vision for a robust digital identity ecosystem that improves on the types of passwords commonly used to login online today. Supported by the National Institute of Standards and Technology — with a critical leadership role for the private sector — its purpose is to drive development and implementation of new identity solutions and privacy-enhancing technologies that will improve the security and convenience of sensitive online transactions.

NSTIC promotes a system of voluntary credentials that would be available from a wide range of providers. Consumers would be free to use these credentials (or not), as they wish, in an open marketplace.

But now a proposed House amendment to the FY2011 Continuing Resolution would prevent the NSTIC’s implementation, jeopardizing the public-private partnership and undermining the country’s cybersecurity posture. The rationale for the amendment hinges partly on the false assumption that trusted online identities would lead to a mandatory, Big Brother–like “national Internet ID,” which simply isn’t the case.

On behalf of the US technology industry, BSA President and CEO Robert Holleyman today joined with Phillip J. Bond of TechAmerica and Dean C. Garfield of the Information Technology Industry Council in calling on House Leaders to reject the amendment. Read their letter here. It is important that their message is heard.

Leave a Reply

Your email address will not be published. Required fields are marked *