The US Government’s Plans for Your Anonymity and Identity Online
The latest Fast Company has a story about the emergence of a “Sharing Economy,” and the necessity of trust:
The challenge that worries everyone in the sharing world, of course, is trust…”Sharing of the kind we’re talking about really only works when there’s reputation involved,” says Freestyle’s Felser. “We haven’t seen any mass-market approach to combining distributed trust and sharing.” Most sharing platforms try to combat this issue by building a self-policing community. Almost all require profiles for both parties and feature a community ratings system.
But these ratings would carry far more weight if they traveled with you across the web… Startups like TrustCloud would like to become the portable reputation system for the web. The company is building an algorithm to collect (if you choose to opt in) your online “data exhaust” — the trail you leave as you engage with others on Facebook, LinkedIn, Twitter, commentary-filled sites like TripAdvisor, and beyond — and calculate your reliability, consistency, and responsiveness. The result would be a contextual badge you’d carry to any website, a trust rating similar to the credit rating you have in the offline world…
Emergent By Design has also discussed Facebook developing into an arbiter of trust on the Internet:
“Increasingly as we move later into the decade, physical currency will be harder to differentiate from virtual currencies like Facebook Credits,” said Brett King, author of Bank 2.0. “We’ll start to see a new economy emerging through social media where virtual currencies will be a very real part of the way people trade and sell information, collaborate on ideas and value various products and services.”
Every time you upload a photo, make a comment, add a friend, click a link, or make a purchase, that data is being harvested to create a map and a simulation of you. This is tremendously valuable information, and Facebook gets that.
If the trend continues where logging in via your Facebook profile is the simple method for verification, some speculate this could lead to Facebook evolving to being an actual utility for identity…After all, if people are willing to trust sensitive data to Facebook, companies could use that info to offer better rates on car or health insurance, or help you secure a loan, via the platform. While this could seem convenient for the average user, it does carry serious implications in terms of how governments will respond.
How will governments respond?
The US government responded this past week with the National Strategy for Trusted Identities in Cyberspace (NSTIC): “Enhancing Online Choice, Efficiency, Security, and Privacy.”*
The “Identity Ecosystem”
In an effort to develop trust and promote security the US government wants to help foster and develop “The Identity Ecosystem.”
An online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities—and the digital identities of devices.
The Identity Ecosystem has four principles:
- Identity solutions will be privacy-enhancing and voluntary
- Identity solutions will be secure and resilient
- Identity solutions will be interoperable
- Identity solutions will be cost-effective and easy to use
Goals and Benchmarks of the Identity Ecosystem
The public and private sector will use awareness and education programs to encourage demand for the Identity Ecosystem and to inform its use Awareness efforts will help inform individuals and organizations about the security and privacy risks associated with existing, weak authentication mechanisms.Integrate the Identity Ecosystem internationally. Given the global nature of online commerce, the Identity Ecosystem cannot be isolated from internationally available online services and their identity solutions.
Interim Benchmarks (3-5 years)
- There exists a growing marketplace of both trustmarked, private-sector identity providers at different levels of assurance and private-sector relying parties that accept trustmarked credentials at different levels of assurance. This relying party population is not confined to just one or two sectors.
- The number of enrolled identities in the Identity Ecosystem is growing at a significant rate, and the number of authentication transactions in the Identity Ecosystem is growing at least at the same rate.Longer-term Benchmarks (10 years)
- A majority of relying parties are choosing to be part of the Identity Ecosystem.
- A majority of U S Internet users regularly engage in transactions verified through the Identity Ecosystem.
- A majority of online transactions are happening within the Identity Ecosystem.
The Identity Ecosystem and Electronic Discovery
Here is a depiction of the Identity Ecosystem from the (NSTIC):
A case comes across your desk involving any type of online transaction or communications, litigation ensues, and you proceed with discovery. Who has what information? Bits and peices of individuals’s identities are going to be strewn about dozens of systems. Where are all these systems located? These systems will not exclusively be in one state or even country. Who do you subpoena in the above illustration and how? If a dispute arises in the United States, and relevant data is stored in Ireland and India – whose law applies? In this Information Ecosystem a dispute over a transaction at Starbucks could involve multi-national electronic discovery.
The companies that provide Identity Ecosystem services as well as companies that participate in the system will need clear policies and procedures in dealing with any litigation that may arise within the system.
The Future of Online Identities
Despite any reluctance citizens may have about the Identity Ecosystem – it is coming one way or the other. The Internet has existed in a sort of “wild west” vacuum of control and authority for a long period of time but it is probably coming to an end. The Internet has become too important and vital to business and government to allow it to continue to march forward without firmly establishing a method of uniquely and accurately identifying users online. Business wants it. Governments want it. Even citizens want it.
People want to know that they are secure in dealing with their bank, purchasing a book on their Kindle, or swiping a Smart Card (or phone) at a vending machine. And while the NSTIC certainly discusses anonymity…it’s hard to envision it actually existing in the Identity Ecosystem. But if the Internet has shown itself to be one thing, it would be that it is resilient and adaptive in the face of change and threats to it’s structure. I can imagine a black market economy developing on darknets such as Freenet for users who truly want to protect their identity online. These black market ecosystems already exist – look no further than Cydia, the black market app store for jailbroke iPhones.
Regardless, change is coming to the Internet. The question is if people are ready, or even aware of it?