Government’s plan for the internet.
Government’s new plan is all about the word identity. How to control everyone on the internet. Site like these will definitely be categorized as ‘not reliable’. Strength of the internet is freedom we have as a participant. No privacy checks! Thank you government(=controllers).
National Strategy for Trusted Identities in Cyberspace
Creating Options for Enhanced
Online Security and Privacy
June 25, 2010
Draft
DRAFT National Strategy for Trusted Identities in Cyberspace
June 25, 2010
Executive Summary
Cyberspace – the interdependent network of information technology components that underpins many of our communications – is a crucial component of the Nation’s critical infrastructure. We use cyberspace to exchange information, buy and sell products and services, and enable many online transactions across a wide range of sectors, both nationally and internationally. As a result, a secure cyberspace is critical to the health of our economy and to the security of our Nation. In particular, the Federal Government must address the recent and alarming rise in online fraud, identity theft, and misuse of information online.
One key step in reducing online fraud and identity theft is to increase the level of trust associated with identities in cyberspace. While this Strategy recognizes the value of anonymity for many online transactions (e.g., blog postings), for other types of transactions (e.g., online banking or accessing electronic health records) it is important that the parties to that transaction have a high degree of trust that they are interacting with known entities. Spoofed websites, stolen passwords, and compromised login accounts are all symptoms of an untrustworthy computing environment. This Strategy seeks to identify ways to raise the level of trust associated with the identities of individuals, organizations, services, and devices involved in certain types of online transactions. The Strategy’s vision is:
Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.
More specifically, the Strategy defines and promotes an Identity Ecosystem that supports trusted online environments. The Identity Ecosystem is an online environment where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities. The Identity Ecosystem enables:
· Security, by making it more difficult for adversaries to compromise online transactions;
· Efficiency based on convenience for individuals who may choose to manage fewer
passwords or accounts than they do today, and for the private sector, which stands to
benefit from a reduction in paper-based and account management processes;
· Ease-of-use by automating identity solutions whenever possible and basing them on
technology that is easy to operate with minimal training;
· Confidence that digital identities are adequately protected, thereby increasing the use of
the Internet for various types of online transactions;
· Increased privacy for individuals, who rely on their data being handled responsibly and
who are routinely informed about those who are collecting their data and the purposes for
which it is being used;
· Greater choice, as identity credentials and devices are offered by providers using
interoperable platforms; and
· Opportunities for innovation, as service providers develop or expand the services offered
online, particularly those services that are inherently higher in risk;
Privacy protection and voluntary participation are pillars of the Identity Ecosystem. The Identity Ecosystem protects anonymous parties by keeping their identity a secret and sharing only the information necessary to complete the transaction. For example, the Identity Ecosystem allows an individual to provide age without releasing birth date, name, address, or other identifying data. At the other end of the spectrum, the Identity Ecosystem supports transactions that require high assurance of a participant’s identity. The Identity Ecosystem reduces the risk of exploitation of information by DRAFT National Strategy for Trusted Identities in Cyberspace
June 25, 2010
unauthorized access through more robust access control techniques. Finally, participation in the Identity Ecosystem is voluntary for both organizations and individuals.
Another pillar of the Identity Ecosystem is interoperability. The Identity Ecosystem leverages strong and interoperable technologies and processes to enable the appropriate level of trust across participants. Interoperability supports identity portability and enables service providers within the Identity Ecosystem to accept a variety of credential and identification media types. The Identity Ecosystem does not rely on the government to be the sole identity provider. Instead, interoperability enables a variety of public and private sector identity providers to participate in the Identity Ecosystem. Interoperability and privacy protection combine to create a user-centric Identity Ecosystem. Usercentricity will allow individuals to select the interoperable credential appropriate for the transaction.
Through the creation and adoption of privacy-enhancing policies and standards, individuals will have the ability to transmit no more than the amount of information necessary for the transaction, unless they choose otherwise. In addition, such standards will inhibit the linking of an individual’s transactions and credential use by service providers. Individuals will have more confidence that they exchange information with the appropriate parties, securely transmit that information, and have the information protected in accordance with privacy best practices.
With the vision of the Identity Ecosystem in mind, the National Strategy for Trusted Identities in Cyberspace (NSTIC) identifies the following goals:
Goal 1: Develop a comprehensive Identity Ecosystem Framework
Goal 2: Build and implement an interoperable identity infrastructure aligned with the
Identity Ecosystem Framework
Goal 3: Enhance confidence and willingness to participate in the Identity Ecosystem
Goal 4: Ensure the long-term success of the Identity Ecosystem
The first two goals focus on designing and building the necessary governance, policy, standards, and
infrastructure to enable secure delivery of online services. The third goal targets the necessary
privacy protections and the education and awareness required to encourage adoption by individuals
and businesses. The fourth establishes the mechanisms to promote continued development and
improvement of the Identity Ecosystem over time.
Nine high-priority actions align to these goals and the vision. These actions provide the foundation for
the Identity Ecosystem implementation. The actions are:
Action 1: Designate a Federal Agency to Lead the Public/Private Sector Efforts Associated
with Achieving the Goals of the Strategy
Action 2: Develop a Shared, Comprehensive Public/Private Sector Implementation Plan
Action 3: Accelerate the Expansion of Federal Services, Pilots, and Policies that Align with
the Identity Ecosystem
Action 4: Work Among the Public/Private Sectors to Implement Enhanced Privacy
Protections
Action 5: Coordinate the Development and Refinement of Risk Models and Interoperability Standards DRAFT National Strategy for Trusted Identities in Cyberspace June 25, 2010
Action 6: Address the Liability Concerns of Service Providers and Individuals
Action 7: Perform Outreach and Awareness Across all Stakeholders
Action 8: Continue Collaborating in International Efforts
Action 9: Identify Other Means to Drive Adoption of the Identity Ecosystem across the
Nation
The execution of the actions above requires the Federal Government to continue to provide leadership, coordination, and collaboration in order to enhance the security of digital identities. To lead the day-to-day coordination of these actions, the Executive Office of the President (EOP) will designate a lead agency within the Federal Government. The Office of the Cybersecurity Coordinator within EOP will continue to lead interagency policy development specified in this action plan. The lead agency will work closely with The Office of the Cybersecurity Coordinator.
This Strategy is a call to action that begins with the Federal Government continuing its role as a primary enabler, first adopter and key supporter of the envisioned Identity Ecosystem. The Federal Government must continually collaborate with the private sector, state, local, tribal, and international governments and provide the leadership and incentives necessary to make the Identity Ecosystem a reality. The private sector in turn is crucial to the execution of this Strategy. Individuals will realize the benefits associated with the Identity Ecosystem through the conduct of their daily online transactions in cyberspace. National success will require a concerted effort from all parties, as well as joint ownership and accountability for the activities identified.
