Last week, CNET’s Declan McCullagh reported that the government was trying to create an “Internet ID for Americans,” and that the Department of Commerce was orchestrating the plan. The article quickly spread around the Internet, leading to a common understanding that Obama was trying to replace systems like Facebook Connect or OpenID with a top-down, government-controlled competitor.
But if the Department of Commerce was supposed to create from whole cloth a national Internet ID for all Americans, somebody forgot to tell the Department of Commerce.
The agency leading the initiative for the Department of Commerce says that they have no intention of developing their own proprietary, let alone mandatory, internet identification system. “The federal government is not going to provide an alternative to Facebook Connect or any other services. What we’re going to do is help to convene the existing people that are doing authentication and try and make sure they’re moving in an interoperable way and a way that protects privacy and security,” said Ari Schwartz, the senior Internet Policy Advisor at the National Institute of Standards and Technology.
A preliminary draft of that strategy has been released, but how that strategy will be implemented is yet to be determined. For now, NIST is focusing on ways to improve security, efficiency, and privacy. Eventually the goal is give the government’s stamp of approval to vendors or authentication systems — not because the vendor would use a government system, but because the system they would be using complies with the government’s established standards.
Schwartz stressed that following the guidelines will be strictly voluntary, so if Facebook or others don’t wish to comply with the guidelines, they won’t have to do so. But, as with other governmental seals of approval (like that used for organic products), consumers may express a preference for or show more confidence in a product that carries the government’s imprimatur.
Commerce’s willingness to work with outside vendors is heartening to Jim Dempsey, the Vice President for Public Policy at the Center for Democracy and Technology (and Schwartz’s former colleague). He wrote on the Center’s blog, ” I have been skeptical of the federal government on many issues, from PATRIOT Act to FBI proposals for tapping the Internet. But this time, on Internet identities, I have to say that the Administration is on the right path.”
But it’s a path that will take some time. Schwartz estimates that it’ll will be “towards the end of the decade” before there is fully interoperable system of identity online assurance.