« August 2011 | Main | October 2011 »

September 2011

09/18/2011

Your Online Driver’s License: NYT

On September 17th, 2011, Natasha Singer wrote for the New York Times about the National Strategy for Trusted Identities in Cyberspace (NSTIC).  Comparing NSTIC to a digital driver's license, Singer explained how NSTIC would make it so people have a simpler, safer way to prove who they are online with more than a flimsy password.  To do so, consumers would choose among trusted third parties — such as banks, technology companies or cellphone service providers — that verify certain personal information about them and issue them secure credentials to use in online transactions.  The system would allow Internet users to use the same secure credential on many Web sites; people could have their identity authenticator automatically confirm that they are old enough to sign up for Pandora without having to share their birthdate with Pandora.

18stream-pic-articleInline
However, authentication proponents and privacy advocates disagree about whether Internet IDs like NSTIC would actually heighten consumer protection.  Privacy advocates argue that identity verification online could make consumers more vulnerable because authentication companies would become "honey pots for hackers."  Lillie Coney, the associate director of the Electronic Privacy Information Center, noted that “You can have one key that opens every lock for everything you might need online in your daily life, or, would you rather have a key ring that would allow you to open some things but not others?”

However, Jeremy Grant (senior executive adviser for identity management at the National Institute of Standards and Technology) noted that no system is invulnerable.  Privacy concerns aside, better online identity authentication would improve the current situation where people use the same passwords for their e-mail, banking, and social network accounts.  Mr. Grant went on to compare weak security to flimsly locks on bathroom doors: “If we can get everyone to use a strong deadbolt instead of a flimsy bathroom door lock, you significantly improve the kind of security we have.”

The source article can be found here.

Posted by on 09/18/2011 at 01:52 PM in Anonymity, Authentication, Criticism, NS-TIC, privacy | | Comments (0)

| | | | |

09/08/2011

US could learn from Canadian identity management initiative: Network World

On September 2, 2011, Dave Keams wrote for Network World that the United States could learn a great deal from Canada's identity management initiative.  Mr. Keams argues that the Canadian initiative is smaller and more focused than the U.S. NSTIC initiative because it concentrates on government and citizen interactions. The US and Canadian ideas are generally the same, but differ in scale. 

The Canadian Treasury Board of Canada Secretariat recently released the final version of a document called "Federating Identity Management in the Government of Canada: A Backgrounder." It notes, "How identity information is collected, used, managed, and secured is of critical interest to leaders in the public sector charged with protecting the rights of citizens, ensuring privacy, and ensuring national security and public safety."

The study also sets out what it calls "Guiding principles for federating identity management":

• Achieve consensus through accepted, mutually respected assurances (of credential or identity), risk levels, and accountabilities.

• Respect program accountability.

• Let the citizen decide.

• Enable interoperability.

• Promote a fair and competitive marketplace.

Mr. Keams argues that  NSTIC should abide by these principles.

The Network World article can be found here.

***

 

Posted by on 09/08/2011 at 04:59 PM in Anonymity, Authentication, NS-TIC, privacy | | Comments (0)

| | | | |

09/05/2011

Naming Names on the Internet: New York Times

On September 4th, 2011, Eric Pfanner wrote for the New York Times on a new twist in the internet anonymity debate: real name policies.  Real name policies require web users to provide their real names in order to post on websites.  The article mentions how South Korea enacted a real name policy in response to the suicide of a popular actress who had been bullied via the internet.  However, the South Korean government decided to abandon the policy after hackers stole 35 million user's identification data (which they had been required to supply in order to verify their identities).

However, the article notes that there have been growing calls for restrictions on Internet anonymity.  Specifically, German Interior Minister Hans-Peter Friedrick cited the case of Norwegian terrorist suspect Anders Behrig Breivik who had blogged under the user name "Fjordman."  Furthermore, Google executive chairman Eric E. Schmidt told a media conference in Edinburgh that “The Internet would be better if we had an accurate notion that you were a real person as opposed to a dog, or a fake person, or a spammer.”

However, Mr. Pfanner goes on to argue that, all in all, real name policies are a lousy idea.  Online anonymity is essential for political dissidents and corporate whistle-blowers; real name policies would severely limit that anonymity.  Further, although cyberbullying and online death threats are an unwanted byproduct of internet anonymity, arrests made of members of the notorious hacking ring Anonymous demonstrates that authorities already have tools for rooting out anonymous trolls when they really want to.

In the end, Mr. Pfanner points out that "The real world is often messy, chaotic and anonymous. The Internet is mostly better that way, too."

The source article can be found here.

Posted by on 09/05/2011 at 03:27 PM in Anonymity, Authentication, privacy | | Comments (0)

| | | | |

Subscribe to this blog's feed

Search

Recent Posts

Recent Comments

Pages

Categories

More from WCS

Cyber Blogs

Add me to your TypePad People list

Archives

Categories