The Obama Administration has taken a stand against the unwieldy user name/password system of online identification and launched an initiative with the private sector to build an "identity ecosystem." The initiative, called the National Strategy for Trusted Identities in Cyberspace (NSTIC), aims to come up with a centralized system of online IDs based on a national standard.

The four goals of the NSTIC are to improve consumers' privacy online, protect against online fraud, encourage more services to move to the Internet and promote innovation. The administration took great pains upon unveiling the initiative Friday to avoid making it sound like a Big Brother effort. Responding to previously-voiced concerns that this kind of identification would be tantamount to a national digital ID card, the strategy repeats "privacy-enhancing and voluntary" almost as a mantra.  

The government's involvement, led by the National Institute for Standards and Technology, will consist mostly of funding research and pilots, convening workshops, setting the public policy framework, and running education and awareness campaigns. A new office--the NSTIC National Program Office--within the Department of Commerce will coordinate the process.

The idea is to have multiple providers, such as ISPs, who would hand out IDs all adhering to the same system. Personal information could be stored on a thumb drive, smartcard or a smartphone app, and you would just pop it in when you need to verify your identity online to make a purchase, pay your taxes, or view your checking account balance. 

The strategy leaves open a lot of questions, and there are plenty of reasonable people expressing skepticism. A consolidated identity system presents real risks with regard to cyber-identity theft, noted Marc Rotenberg, director of the Electronic Privacy Information Center.

I'm not convinced the NSTIC effort is entirely misguided, though. Password management is a pain in the neck, and more importantly it seems to protect fewer individuals each year. Like seatbelts, these IDs would almost certainly become mandatory eventually, but maybe the added security is worth the intrusion in this case. What do you think? - Caron