According to a January 7 article on tech-news purveyor CNET.com, the Obama administration has announced plans to assign to the U.S. Department of Commerce a still-vague project involving the creation of a verifiable online I.D. for Americans.
The program, titled the National Strategy for Trusted Identities in Cyberspace, has apparently been evolving for some time; a first draft of the proposal was released last summer, describing a sort of voluntary Internet-wide certificate of authenticity citizens could use to diminish the possibility of fraud and identity theft while conducting transactions online. The June 2010 draft reportedly mentioned what sounds like an actual I.D. of some sort — a smart card or "digital certificate" — offered and recognized by Web businesses that would eliminate the need for multiple accounts and passwords, creating a singular identity that would ostensibly be easier to manage and tougher to exploit.
The most recent announcement, made at the Stanford Institute for Economic Policy Research on Friday, does away with any talk about a "national I.D. card" or "government-controlled system" in favor of emphatic reassurances that the initiative would be voluntary and that Internet anonymity would still be possible. And, tellingly, the U.S. Commerce Department was chosen over other agencies that may have been considered for oversight, such as the National Security Administration and the Department for Homeland Security.
Because, you know, nothing says "preservation of civil liberties" to a publicity-seeking organization on the far left or right of the political spectrum quite like the phrase "national I.D. card" and the acronym "NSA."
To be fair, the idea of an optional and extra-secure online commercial presence — a sort of reverse VeriSign for the consumer rather than the seller — has its appeal. One-click shopping not just on Amazon.com, but Web-wide. The confidence to buy from obscure and independent retailers as casually as you bid on eBay. The knowledge that there will always be a trail if someone appropriates your identity or credit information, and goes hog-wild on vintage Ray-Bans and 100 percent lemur-pelt laptop cases.
But, while it may not be the NSA, the U.S. Department of Commerce is still a wholly owned subsidiary, as it were, of the United States government.
The same government whose most confidential information, it seems these days, is about as secure as a high-school pregnancy rumor. The same government whose employees don't seem to realize that you need to designate your Twitter feed as "Private" to make it, you know, private. The same government whose 11-page prospectus on ideas for preventing future Wikileaks-style leaks was itself leaked last Friday.
One might be forgiven for feeling a modicum of trepidation about signing up for a government-sponsored online security program. One might, in point of fact, suspect that signing up for a government-sponsored online security program could possibly be a lot like deciding to take a nap on a bench along Ybor City's Seventh Avenue around midnight on a Saturday, using one's wallet to hold down one's diary and passport on the sidewalk while one catches 40 winks.
Friday's CNET story is full of quotes about the importance of the private sector's involvement in the NSTIC initiative. But the timing of the announcement that the Department of Commerce will be handling it, rather than another, more button-pushy agency, seems specious at best. And plenty of folks are sure to see the concept of "one-click verification" as equivalent to "one-click access" for cyber-thieves and Big Brother alike.