This site contains information from January 2009-December 2014. Click HERE to go the CURRENT website.

Remarks at Administration's Announcement of National Strategy for Trusted Identities in Cyberspace

Friday, April 15, 2011

Commerce Secretary Gary Locke
Remarks at Administration's Announcement of National Strategy for Trusted Identities in Cyberspace

Thank you, Ann, for that kind introduction, and thanks to the U.S. Chamber of Commerce for hosting today’s event. 

I also want to welcome the many innovators, trade associations, companies, and consumer advocates that are represented here as we mark another important milestone on our mission to build a more secure online environment.

President Obama has made promoting innovation a centerpiece of his economic agenda – and there is perhaps no segment of the economy that has seen more innovation than IT and the Internet. 

Fifteen years ago, we saw the dawn of the commercial Internet. 

Flash forward to 2011. 

Nowadays, the world does an estimated $10 trillion of business online.  Nearly every transaction you can think of is being done over the Internet:

  • Consumers pay their utility bills from their smart phones;
  • People download movies, music and books online; and
  • Companies, from the smallest local store to the largest multinational corporation, order goods, pay vendors and sell to customers via the Internet.

U.S. companies have led at every stage of the Internet revolution, from:

  • Web browsing and e-commerce technology; to
  • Search and social networking.

But at critical junctures, the U.S. government has helped enable and support private sector innovation in the Internet space: 

  • In the early 1990s, the government opened the door for commercialization of the Net;
  • In the late 1990s, the government’s promotion of an open and public approach to Internet policy helped ensure the Net could grow organically and that companies could innovate freely; and
  • Recently, we’ve promoted the rollout of broadband facilities and new wireless connections in remote parts of the country.

Today, we take another major step – this one to ensure that the Internet's security features keep up with the many different types of online transactions people now engage in.

The fact is that the “old” password and user-name combination we often use to verify people is no longer good enough.  It leaves too many consumers, government agencies and businesses vulnerable to ID and data theft.

This is why the Internet still faces something of a “trust” issue.  And it will not reach its full potential – commercial or otherwise – until users and consumers feel more secure than they do today when they go online.

President Obama recognized this problem long-ago, which is why the administration’s Cyberspace Policy Review called for the creation of an “Identity Ecosystem,” where:

  • Individuals and organizations can complete online transactions with greater confidence; and
  • They can trust the identities of each other and the integrity of the systems that process those transactions.  

I am proud to announce that the President has signed – and that, today, we are publishing – the National Strategy for Trusted Identities in Cyberspace, or NSTIC.

The Strategy is the result of many months of consultation with the public, including innovators and private sector representatives like you in the audience.

I’m optimistic that NSTIC will jump-start a range of private-sector initiatives to enhance the security of online transactions.

This strategy will leverage the power and imagination of entrepreneurs in the private sector to find uniquely American solutions. 

Other countries have chosen to rely on government-led initiatives to essentially create national ID cards. 

We don’t think that’s a good model, despite what you might have read on blogs frequented by the conspiracy theory set.

To the contrary, we expect the private sector to lead the way in fulfilling the goals of NSTIC.

Having a single issuer of identities creates unacceptable privacy and civil liberties issues. We also want to spur innovation, not limit it.

And we want to set a floor for privacy protection that is higher than what we see today, without placing a ceiling on the potential of American innovators to make additional improvements over time. 

Behind you are a number of firms exhibiting technologies and applications that can make a real difference in our future, and some are already out in the market today. 

At the end of today’s event, you’ll have an opportunity to see all of them, but let me take a minute to highlight two in particular.

Each year, medical researchers make discoveries that save lives and improve the well-being of those afflicted with disease. 

Part of this rigorous scientific research is the review and approval of clinical trials, such as the Cancer Therapy Evaluation Program run by the National Institutes of Health. 

To conduct these trials, paper signatures are needed for approvals at every turn. 

This adds hundreds of dollars of cost – and more importantly, weeks of time that could be better spent getting patients into treatment more quickly. 

But the system has been stuck in paper as the world moves digital for a simple reason: because there has been no reliable way to verify identity online. 

Passwords just won’t cut it here, as they are too insecure and the stakes are too high to risk fraud.

The good news is that today, NIH has come together with private sector groups – including patient advocates, researchers and pharmaceutical firms – to eliminate this inefficient paper system through new identity technology that enables all sides to trust the transaction. 

With trusted identities, patients can be enrolled more quickly in potentially life-saving therapy programs, saving hundreds of dollars per transaction.  Trusted identities enable:

  • Trials to run faster;
  • Researchers to spend more time in the lab; and
  • A faster and cheaper way to move new therapies from the lab to the treating cancer patients.

At the other end of the identity spectrum, we have the scourge of ID and data theft, with phishing schemes being among the most prevalent.

Every second, phishing emails show up in people’s inboxes, asking unwitting consumers to type their username and password into a fraudulent site.

In the audience today is Kimberly Bonney, a consumer from Bethesda, Maryland, who was victimized by one of these schemes last year.

She received an e-mail that she thought was from her Internet service provider, telling her that her account was in danger of being closed.  The email asked that she provide her password, which she did. 

Then, her co-workers, fellow members of her church, and her landlord began receiving emails that appeared to be from her stating that she was overseas and in need of a $2,800 loan to fly back to the United States. 

It was a fraudulent e-mail, of course.

Kimberly had become one of the 8.1 million Americans who were victims of identity theft or fraud last year.  These crimes cost us some $37 billion a year.

But companies are introducing technologies that can help us turn the tide.  At least one leader in the U.S. technology sector has come up with a simple solution to stop scammers from accessing their customers’ accounts with just a stolen password.

They’ve recently rolled out a simple tool where verification codes are sent over the mobile phone network to a user’s smart-phone or wirelessly connected computer – and when they want to access their online accounts, they have this additional and incredibly simple layer of protection.

I urge you to walk around this room to see for yourself how stronger authentication technology can protect against identity theft and cybercrime. 

This is a difficult challenge.  We’re trying to improve security, convenience and privacy all at once.

That's why it's so important that we are leveraging the power and imagination of entrepreneurs in the private sector. 

And the Commerce Department – led by Jeremy Grant at NIST – is staffing up to facilitate these private sector efforts.

I’m looking forward to learning of your future successes – perhaps you can send me an email – an authenticated email –describing those successes to my new email address at the U.S. embassy in China – that is, if I’m confirmed of course.

Thank you again for your support, and now let me turn it over to Jane Lute, who is the Deputy Secretary of the Department of Homeland Security.

Jane has over 30 years of military and senior executive experience, having served at the United Nations, on the National Security Council and in the United States Army.

She understands how integral cyber security is to our national security, and I’d like to bring her up here to offer a few thoughts. . . .