White House debuts Identity Ecosystem

The Obama Administration has unveiled a national strategy to safeguard internet users against fraud and identity theft and enhance individuals’ privacy by creating trusted entities that develop unique credentials for each user.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) aims to make online transactions more trustworthy by creating an “Identity Ecosystem” in which interoperable, secure and reliable credentials will be made available to users. Consumers who want to participate will be able to obtain a single credential, such as unique software on a smartphone, a smart card or a token that generates a one-time digital password. Instead of having to remember myriad passwords, credentialed users can log into any website with more security than passwords alone provide, according to an April 15 White House statement.

As envisioned in the 45-page National Strategy document, the federal government will facilitate a private sector-led effort to develop Identity Ecosystem technologies, standards and policies, and to enable a self-sustaining market of credential providers. There will be no single, centralized database of information, and users will be able to choose among different providers of credentials and easily change credential types and providers.

The NSTIC seeks to drive the development of privacy-enhancing policies as well as innovative privacy-enhancing technologies to ensure that the ecosystem provides strong privacy protections for consumers, according to the statement.

When implemented, the platform will enable users to:

  • Choose one or more identity providers, whether public or private.
  • Choose credential types that meet their needs, including smart cards, cellphones, keychain fobs, one-time password generators and future credentialing technology that hasn't been invented, according to the statement.

Consumers can use their credential to prove their identities when they’re carrying out sensitive transactions, such as viewing personal healthcare information. Once the Identity Ecosystem is in place, consumers would be able to connect to businesses and other online entities using a credential they already have, avoiding the hassle of creating usernames and passwords, according to the strategy.

The NSTIC’s Identity Ecosystem will be grounded in the eight Fair Information Practice Principles (FIPPs) to provide multi-faceted privacy protections, according to the strategy.

A FIPPS-based approach also will promote adoption of privacy-enhancing technical standards by minimizing the ability to link credential use among service providers, preventing them from developing a complete picture of an individual’s activities online.

The Secretary of Commerce will establish within the Department of Commerce an interagency office, the National Program Office (NPO), charged with achieving the goals of the strategy. The NPO will be responsible for coordinating the processes and activities of organizations that will implement the strategy. Commerce will host the interagency function because it is uniquely suited to work with the private sector and with government to implement the strategy, according to the national strategy. The NPO will lead the day-to-day coordination of NSTIC activities, working closely with the Cybersecurity Coordinator in the White House.

“The standardization of policy and technology and the initial implementation of the Identity Ecosystem will not occur overnight,” according to the strategy document. The Identity Ecosystem could begin operations within three to five years, according to the national strategy.

Click here to access the document.

 

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.