PayPal on Board with White House 'Trusted Identity' Initiative
By Kenneth Corbin
In an effort to bolster the security of online transactions, the Obama administration on Friday released the National Strategy for Trusted Identities in Cyberspace (NSTIC), a blueprint for a decentralized system of secure credentials that could have a substantial impact on online sellers. PayPal's Chief Information Security Officer said he was on board with the initiative and soon expects to deliver benefits to PayPal and eBay customers.
At the core of the initiative is a so-called "identity ecosystem" that would seek to replace the numerous passwords consumers keep for various accounts with a single, more secure credential, such as a smart card or a token.
The proposed framework, developed by the Department of Commerce, aims to combat online fraud and identity theft, blights that have long been a drag on the ecommerce economy. Additionally, by pushing a more secure online environment, the administration is looking to usher in a new wave of Web-based services and transactions, such as remote access to a patient's medical records.
"By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation," Obama said in a statement. "That's why this initiative is so important for our economy."
Online sellers and other organizations doing business over the Internet will not be required to participate in the new framework, which aims to establish a flexible system of authentication that only supplies the minimum amount of information needed to verify a consumer's identity for a particular transaction.
Proposed Benefit to Small Businesses
Broadly, the strategy is looking to allay the security concerns that have slowed the migration of businesses and government services to the Web. For example, the report describes the scenario of a small business looking to open an online store. By tapping into the identity ecosystem, the merchant would avoid reinventing the wheel through the costly construction of its own account management system. Instead, it could receive a certification from the identity ecosystem, a "trustmark" emblem that would appear on its site to alert consumers that they can use their universal login credentials to complete a secure transaction.
"As a result, the business immediately has a base of millions of potential customers who can safely and easily shop at the online store without enduring the inconvenience of manually entering information to create an account," the report's authors wrote.
The administration stressed that it is not proposing a centrally managed identity database that would be overseen by the government, aiming to distance the initiative from past proposals, such as the controversial REAL ID Act, that have come under fire for privacy concerns, among other issues. Instead, participation in the identity ecosystem would be voluntary, and offer businesses and consumers a variety of authentication frameworks to be developed by members of industry, with the federal government helping to facilitate but playing a limited role.
"Giving consumers choices for solving these kinds for problems is at the heart of this new strategy," Obama wrote in the report's introduction (available in PDF format here). "And it is one that relies not on government, but on the private sector to design the technologies and tools that will help make our identities more secure in cyberspace and to make those tools available to consumers who want them."
The administration acknowledged that the NSTIC will take years to complete. In the meantime, the Commerce Department is establishing a National Program Office to coordinate between the federal government and private sector to move forward with the development of new authentication mechanisms. The office is planning shortly to convene a series of meetings with industry stakeholders and other groups to discuss the current authentication landscape and potential standards and technologies for the future.
PayPal on Board
The administration's proposal comes after more than a year of development in concert with leading industry players, advocacy groups and other stakeholders. PayPal, for instance, is on board with the new initiative, and is pressing ahead with the development of experimental new authentication measures, with plans to roll out more services to merchants and customers over the next several months.
"We intend to directly support the NSTIC, which we expect will result in many new benefits to our customers, perhaps the most immediate benefit being the use of PayPal and eBay identities within the e-government context," Michael Barrett, PayPal's chief information security officer, wrote in a blog post. "We think this will help all of our customers, and we look forward to seeing the development of the NSTIC and the emerging identity ecosystem over the coming months and years."
Barrett also addressed the potential privacy concerns that inevitably arise from any government involvement with highly sensitive, personal information.
"I am not personally concerned about these dystopian worries," he said. "From every conversation I've had with the White House team, they're simply trying to set the voluntary ground rules of an identity ecosystem that will allow the creation of a safer online experience, without a heavy-handed "big brother" approach."
About the Author
Kenneth Corbin is a freelance writer based in Washington, D.C. He has written on politics, technology and other subjects for more than four years, most recently as the Washington correspondent for InternetNews.com, covering Congress, the White House, the FCC and other regulatory affairs. He can be found on LinkedIn here .
Edited for clarity on 3/19/11.
About the author:
Kenneth Corbin is a freelance writer based in Washington, D.C. He has written on politics, technology and other subjects since 2007, most recently as the Washington correspondent for InternetNews.com, covering Congress, the White House, the FCC and other regulatory affairs. He can be found on LinkedIn here.
You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.