This week the Department of Commerce issued a proposal to create an on line trusted identity system. According to the Commerce Department it would encourage a greater trust in providing information online to individuals by businesses and visa versa. There would be multiple partners in this program, they are as follows:
- The Individual–to be issued digital identities to complete transactions.
- The Non-Person Entity (NPE)‚such as organizations and services who would require authentication.
- The Identity Provider‚who is responsible for the processes involved in enrolling subjects (individuals and NPEs) in the system.
- The Attribute Provider‚who oversees the processes involved in creating, validating, and keeping up the attributes associated with identities, such as age.
- The Relying Party‚who makes transaction decisions based on the receipt of a subject’s credentials.
- The Trustmark‚ some kind of image, logo, badge, or seal that authenticates participation in the Identity Ecosystem.
- And finally, the Governance Authority, which oversees and maintains the Ecosystem Framework.
They insist this is not a national identity system. They say it will be a way that individuals and companies can be sure that who they are doing business with is who they say they are. If this system existed then there wouldn’t be a need for multiple passports or sign ins. Private companies would run the program, but the government would have a large part in it. This is just a proposal and would have to go through multiple steps before coming a reality. However, alarm bells are already going off on my head
The first problem is it’s a large data base, which means it’s vulnerable to hackers. Second it’s unnecessary, we have plenty of private companies who provide this service, think Facebook Connect, Google, Open ID, are they perfect, no, but they already exist. Third it would be expensive and it just mean more red tape for businesses. Fourth it’s not a job for government to solve.
Finally, I don’t trust the government when it comes to how they plan to use the information once they have it. There would be too big of a temptation to misuse it. I truly believe that the commerce sec is sincere when he says this is not for a national identity card however the leap is too short for me. This would also make it easier for individuals to be tracked by the government or business. The paranoid part of me tells me this has nothing to do with private security and every thing to do with national security.
I see one major advantage with this system over OpenID and the like. This system gives us a reason to trust a site before creating a profile with personally identifiable information.