THIS IS AN ARCHIVED SITE
This site contains information from January 2009-December 2014. Click HERE to go the CURRENT commerce.gov website.

Creating More Options to Improve Privacy and Security Online

Creating more options to improve privacy and security online

Guest blog post by Jeremy Grant, Senior Executive Advisor for Identity Management, National Institute of Standards and Technology

It’s well established that diversity of thought and backgrounds strengthens organizations of all kinds and that diversity is a key component of a strong economy. At the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Program Office (NPO), we believe diversity is also the key to establishing a vibrant marketplace of options to replace outdated passwords with reliably secure, privacy-enhancing and convenient ways to prove who you are online.

The Identity Ecosystem Steering Group (IDESG) was launched under the auspices of the NPO but is a privately led group laying the groundwork for that marketplace through policy and standards development. The group held its ninth plenary meeting this week at the National Institute of Standards and Technology in Gaithersburg, Md. The meeting brought together a broad coalition of individuals and representatives from industry, privacy and civil liberties advocacy groups, consumer advocates, government agencies, and more, focused on giving people choices when they conduct secure transactions online.

Instead of giving up lots of personal information every time you go online, you could choose who gets what information about you by allowing a trusted third-party to verify your online identity and then assert specific attributes on your behalf—only as needed for a transaction.

At the IDESG meeting, we heard from pilot participant ID.me, which is collaborating with vendors such as Under Armour to provide discounts to military families and first responders. ID.me is in the process of receiving higher level certification for its solution so that users can access government services and medical records.

Pilot recipient PRIVO and its partners are helping online sites that cater to children obtain verifiable parental consent—giving parents new ways to protect their kids online. The Georgia Tech Research Institute and TSCP are each working on frameworks and tools that provide supporting infrastructure to enable increased interoperability—allowing different systems to work together. Even among companies not involved in the IDESG and NSTIC, we are seeing improved identity and authentication options in the marketplace.

The steering group and pilots are providing safe environments for competitors and organizations with diverse policy goals to work together to innovate and solve some of the underlying challenges to online authentication. Together, they are working on identity solutions that follow the NSTIC principles of being privacy-enhancing and voluntary, secure and resilient, interoperable, and cost-effective and easy to use.

We understand that not everyone will be comfortable with the same identity providers. Some might prefer to trust their information to a well-established company or government agency; others may prefer a non-profit or advocacy group, or a combination of these organizations. Through the IDESG and a series of pilot grants, NSTIC is fostering a diverse marketplace that will give users options.

This week we were fortunate to have representatives from AARP, the American Civil Liberties Union, the NAACP and the National Federation of the Blind to highlight the diversity of the online community. We encourage organizations such as these to join IDESG – and to explore partnerships to create identity solutions that look out for the interests of their communities in this new marketplace.

The more organizations that engage with the IDESG, the better the organization can lay the foundation for a full spectrum of trusted online ID providers.  Online, as in life, we’ll find strength through diversity.

Comments Closed

Due to increased spam, comments have been closed on this content. If you wish to comment about the content, we encourage you to email webmaster@doc.gov.