The Commerce Department is currently working with the White House Cybersecurity Coordinator to develop a program that will allow businesses and consumers to make sensitive online transactions with greater levels of trust and privacy. […] Recently, I had a lengthy conversation with White House Cybersecurity Coordinator Howard Schmidt about the Trusted Identities initiative and how it might work. […]
ConsumerMan: Under this [National Strategies for Trusted Identities in Cyberspace] plan, the Commerce Department would coordinate federal activities to implement the Trusted Identities program with the private sector. Who does the heavy-lifting here?
Schmidt: The private sector will lead the building of multiple ways that people can identify themselves depending on their interactions online, and to also make sure these trusted identities are indeed privacy-enhancing as well as helping businesses to be more successful.
ConsumerMan: Do you have any initial ideas as to how this might be done?
Schmidt: We do have some thoughts. Say for example, if I regularly do business with a particular bank. The bank can then give me some sort of device. Let’s say for the sake of our discussion, it’s an application I can put on my mobile device. Instead of using a credit card number every time I do a transaction or a password every time I do something, I have a one-time password or PIN number that I can use that’s generated locally on my mobile device.
So I’m not putting all this personally identifying information to the Internet. A third-party verifier — not the government by the way — can effectively complete that transaction with the business to make sure that they get the ability to sell what they want to sell to me, but I also get the benefit of insuring that the business is valid. That’s one easy example of a way to do trusted identities.
The other thing that I want to make sure that we’re very clear on: This is not an attempt to create any sort of national identity card. It’s quite the opposite. It’s a matter of letting the private sector, through the normal course of doing business, give people choices, including multiple choices. If I want an identity to deal with my bank, that is something that requires a higher level of validation. But if I want nothing at all, so I can blog about things on the Internet, I also have the ability to do that.