It could be the best idea for the Internet in years – or a privacy nightmare.
On Friday, Commerce Secretary Gary Locke and White House Cybersecurity czar Howard Schmidt ventured into the heart of Silicon Valley to announce plans for what some Web wags are already calling a “National Internet ID” but which proponents liken to an “online driver’s license.”
"We are not talking about a national ID card," Locke said at a conference hosted by the Stanford Institute for Economic Policy Research in Palo Alto, Calif., according to CNET. "We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities."
Details of how the “driver’s license” would work are scarce, but a working paper issued last year suggested that private online retailers would offer customers an account they could use for multiple, or even all, vendors, eliminating the need to remember numerous usernames and passwords.
Schmidt, speaking at the Palo Alto event, denied that such an ID would be mandatory.
"I don't have to get a credential, if I don't want to," he said, adding he doubted that "a centralized database will emerge," and that "we need the private sector to lead the implementation of this."
The program is part of something called the National Strategy for Trusted Identities in Cyberspace, or NSTIC, which, according to Bloomberg News, has the backing of such tech titans as Verizon, Google, PayPal, Symantec and AT&T.
What’s interesting is that the Commerce Department is handling this initiative, rather than the Department of Homeland Security, which originally hosted NSTIC, or the Pentagon’s National Security Agency.
Commerce has overseen the civilian Internet since the early days, and continues to take a remarkably hands-off approach for a federal agency governing such a big part of our daily lives.
That cheered some civil libertarians, including the American Civil Liberties Union’s Jay Stanley.
“If the concept were implemented in a perfect way it would be very good,” he told Bloomberg News. “It’s a convenience. But having a single point of failure may not be good for protecting privacy. The devil’s really in the details.”
John Clippinger of Harvard University’s Berkman Center for Internet and Society took a rosy view of the proposal.
“This is going to cause a huge shift in consumer use of the Internet,” he told Bloomberg News. “There’s going to be a huge bump and a huge increase in the amount and kind of data retailers are going to have.”
Still, it’s not the first time someone’s tried to set up such an “Internet passport.”
Chroniclers of failed Microsoft initiatives will remember Microsoft Passport, which tried to do this more than 10 years ago but failed to catch on. Its descendant is Windows Live ID, which works mostly on Microsoft-owned sites such as Hotmail and Xbox Live.
Similarly, Google’s ID works across the Google universe, but not outside it. A newer initiative called OpenID claims to have the backing of Google, Microsoft, AOL and Yahoo!, among others, but it’s not widely known.
Facebook’s been a bit more successful with its Facebook Connect program, started in 2008. Many blogs and news sites, including this one, now let commenters log in with their Facebook IDs, which have to be verified with users’ real names.
- Staying Safe on Facebook: How to Lock Down Your Page
- Security and Privacy Software Reviews
- 2010’s Top 5 Social Network Foul-ups