January 27, 2011 | WebMemo on Homeland Security
The White House recently took the first step toward establishing an Internet “identity ecosystem,” delegating responsibility for the project to the U.S. Department of Commerce. Media reports suggest that the goal of this project is to issue unique Internet IDs to Americans that would serve as a single identifier for access to password-protected Web sites.
Before the federal government progresses too far on its project, it is worthwhile to draw some clear boundaries on what makes sense and what does not. While addressing security concerns online is important, so are protecting constitutional liberties, not hamstringing the Internet as engine of economic growth and innovation, and not unwisely expanding the power and cost of government.
An Ambiguous Plan
A draft version of the Administration’s National Strategy for Trusted Identities in Cyberspace, published in June 2010, described an “identity ecosystem” that would consolidate the number of passwords that an individual uses to access various parts of the Web. Supposedly, by decreasing the number of passwords used, the government could decrease security vulnerabilities and help to “foster an identity ecosystem where individuals can use interoperable credentials to authenticate themselves online.”
The reason for the Administration’s concern is obvious: Thousands if not millions of Internet intrusions occur annually. Because of lax security on the Internet, “nation states can perpetrate espionage; industrial spies can steal trade secrets; criminals can steal money; and militaries can disrupt command and control communications.”
Identity theft, fraud, phishing, and other malicious Internet activity should be addressed in a suitable, feasible, and acceptable manner. The federal government already has a number of ongoing cyber-credentialing activities. The Army, for example, established a public key infrastructure program to ensure more safety in military information networks. These efforts are commendable.
A government-directed national ID effort, however, raises concerns. A government-directed national ID system could:
The Administration has yet to lay out how it plans to proceed. The final strategy should:
A Risk to Liberty
It is certainly important that the federal government take the security of the cyber domain seriously. Decreasing the security risks associated with multiple credentials may well be an important and worthwhile endeavor for the private sector. However, a government-run or government-directed Internet ID system presents a risk to liberty that simply outweighs the potential security benefits.
Jena Baker McNeill is Policy Analyst for Homeland Security in the Douglas and Sarah Allison Center for Foreign Policy Studies, a division of the Kathryn and Shelby Cullom Davis Institute for International Studies, and James Jay Carafano, Ph.D., is Deputy Director of the Davis Institute and Director of the Allison Center at The Heritage Foundation.