US Government Begins Rollout Of Its 'Driver's License For The Internet'

from the seizing-the-(wrong)-moment dept

An idea the government has been kicking around since 2011 is finally making its debut. Calling this move ill-timed would be the most gracious way of putting it.

A few years back, the White House had a brilliant idea: Why not create a single, secure online ID that Americans could use to verify their identity across multiple websites, starting with local government services. The New York Times described it at the time as a "driver's license for the internet."

Sound convenient? It is. Sound scary? It is.

Next month, a pilot program of the "National Strategy for Trusted Identities in Cyberspace" will begin in government agencies in two US states, to test out whether the pros of a federally verified cyber ID outweigh the cons.
The NSTIC program has been in (slow) motion for nearly three years, but now, at a time when the public's trust in government is at an all time low, the National Institute of Standards and Technology (NIST -- itself still reeling a bit from NSA-related blowback) is testing the program in Michigan and Pennsylvania. The first tests appear to be exclusively aimed at accessing public programs, like government assistance. The government believes this ID system will help reduce fraud and overhead, by eliminating duplicated ID efforts across multiple agencies.

But the program isn't strictly limited to government use. The ultimate goal is a replacement of many logins and passwords people maintain to access content and participate in comment threads and forums. This "solution," while somewhat practical, also raises considerable privacy concerns.
[T]he Electronic Frontier Foundation immediately pointed out the red flags, arguing that the right to anonymous speech in the digital realm is protected under the First Amendment. It called the program "radical," "concerning," and pointed out that the plan "makes scant mention of the unprecedented threat such a scheme would pose to privacy and free speech online."

And the keepers of the identity credentials wouldn't be the government itself, but a third party organization. When the program was introduced in 2011, banks, technology companies or cellphone service providers were suggested for the role, so theoretically Google or Verizon could have access to a comprehensive profile of who you are that's shared with every site you visit, as mandated by the government.
Beyond the privacy issues (and the hints of government being unduly interested in your online activities), there are the security issues. This collected information would be housed centrally, possibly by corporate third parties. When hackers can find a wealth of information at one location, it presents a very enticing target. The government's track record on protecting confidential information is hardly encouraging.

The problem is, ultimately, that this is the government rolling this out. Unlike corporations, citizens won't be allowed the luxury of opting out. This "internet driver's license" may be the only option the public has to do things like renew actual driver's licenses or file taxes or complete paperwork that keeps them on the right side of federal law. Whether or not you believe the government's assurances that it will keep your data safe from hackers, keep it out of the hands of law enforcement (without a warrant), or simply not look at it just because it's there, matters very little. If the government decides the positives outweigh the negatives, you'll have no choice but to participate.

Filed Under: driver's license, identification, nstic, trusted identity

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    John Fenderson (profile), 5 May 2014 @ 2:23pm

    Re: Re: Re: NSTIC

    "You already have these with social and in fact the "Have a Techdirt Account" request in this window is an internet driver license to drive on this site."

    I have no "social" accounts, so I don't have one of those. My Techdirt account is a bad example, as it's completely unnecessary to have an account to use the site. And if it were necessary, it's more like a ticket to a particular venue than a uniform ID card.

    "The NSTIC and related IDESG are not trying to get everyone to use a federated ID but would like to make the one you do use"

    They're not? I thought they specifically do want to get everyone to use such ID. They just don't have the power to require it anywhere except on government sites. BTW, I do not use federated ID services of any sort, so they can't improve the one I do use.

    "How about if you didn't have to sign away all user controls if you "like" something."

    Well, since I don't use Facebook, I don't personally care one bit about the "like" buttons. I rather suspect that people who do use Facebook don't care so much about these issues (or they wouldn't be using facebook).

    "It might be about those holding data being responsible to you as opposed to their shareholders."

    How does federated ID do this?

    "A number of real and important differences might surface if you actually did more than parrot last week's paraphrase of the effort."

    Now, now, no need to get insulting. I'm asking honest and legitimate questions. By the way, I've actually been following these issues (including federated ID) for years. I'm not just parroting last week's paraphrase.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.