An online program the White House is calling an “Identity Ecosystem” will be introduced in two states next month.
The concept involves a secure online ID that Americans could use to verify their identity across multiple websites, starting with local government services.
“Sound convenient? It is. Sound scary? It is,” Motherboard reported.
The program — formally known as the National Strategy for Trusted Identities in Cyberspace — was introduced three years ago but was more or less placed on the back burner while National Security Agency concerns were stealing headlines.
Now that some of the public backlash has quelled, the system the New York Times described initially called the “driver’s license for the internet” is being reintroduced.
“The NSTIC program has been in (slow) motion for nearly three years, but now, at a time when the public’s trust in government is at an all time low, the National Institute of Standards and Technology is testing the program in Michigan and Pennsylvania,” TechDirt reports.
The first round of tests are aimed at finding an efficient and secure two-step verification for accessing public programs, like government assistance. The White House believes this ID system will reduce fraud and overhead, by eliminating duplicated ID efforts across multiple agencies.
“The vision is to use a system that works similarly to how we conduct the most sensitive forms of online transactions, like applying for a mortgage. It will utilize two-step authentication, say, some combination of an encrypted chip in your phone, a biometric ID, and question about the name of your first cat.
But instead of going through a different combination of steps for each agency website, the same process and ID token would work across all government services: from food stamps and welfare to registering for a fishing license.”
The Electronic Frontier Foundation pointed out some of the obvious privacy red flags, and the potential First Amendment violations if anonymous speech in the digital realm is lost. The EFF called the program “concerning” and “radical” and pointed out that the plan “makes scant mention of the unprecedented threat such a scheme would pose to privacy and free speech online.”
Beyond the privacy issues and potential for government tracking, there are still massive security issues with this concept of centralized information. This collected data “would be housed centrally, possibly by corporate third parties. When hackers can find a wealth of information at one location, it presents a very enticing target. The government’s track record on protecting confidential information is hardly encouraging,” as TechDirt notes.
Military and government employees are already familiar with the Common Access Card system used to access government email and other data systems. The NSTIC white paper describes similar cards that would be issued to all Americans, if the test programs prove efficient.