The June 2010 draft reportedly mentioned what sounds like an actual I.D. of some sort a smart card or digital certificate offered and recognized by web businesses that would eliminate the need for multiple accounts and passwords, creating a singular identity that would ostensibly be easier to manage and tougher to exploit.
The most recent announcement, made at the Stanford Institute for Economic Policy Research on Friday, does away with any talk about a national I.D. card or government-controlled system in favor of emphatic reassurances that the initiative would be voluntary and that Internet anonymity would still be possible. And, tellingly, the U.S. Commerce Department was chosen over other agencies that may have been considered for oversight, such as the National Security Administration and the Department for Homeland Security.
Because, you know, nothing says preservation of civil liberties to a publicity-seeking organization on the far left or right of the political spectrum quite like the phrase national I.D. card and the acronym NSA.
To be fair, the idea of an optional and extra-secure online commercial presence a sort of reverse VeriSign for the consumer rather than the seller has its appeal. One-click shopping not just on Amazon.com, but web-wide. The confidence to buy from obscure and independent retailers as casually as you bid on eBay. The knowledge that there will always be a trail if someone appropriates your identity or credit information, and goes hog-wild on vintage Ray-Bans and 100% lemur-pelt laptop cases.
But, while it may not be the NSA, the U.S. Department of Commerce is still a wholly owned subsidiary, as it were, of the United States government.
The same government whose most confidential information, it seems these days, is about as secure as a high-school pregnancy rumor. The same government whose employees dont seem to realize that you need to designate your Twitter feed as Private to make it, you know, private. The same government whose 11-page prospectus on ideas for preventing future Wikileaks-style leaks was itself leaked last Friday.
One might be forgiven for feeling a modicum of trepidation about signing up for a government-sponsored online security program. One might, in point of fact, suspect that signing up for a government-sponsored online security program could possibly be a lot like deciding to take a nap on a bench along Ybor Citys Seventh Avenue around midnight on a Saturday, and to use ones wallet to hold down ones diary and passport on the sidewalk nearby while one catches 40 winks.
Fridays CNET story is full of quotes about the importance of the private sectors involvement in the NSTIC initiative. But the timing of the announcement that the Department of Commerce will be handling it, rather than another, more button-pushy agency, seems specious at best. And plenty of folks are sure to see the concept of one-click verification as equivalent to one-click access for cyber-thieves and Big Brother alike.