Enhancing Online Privacy

Privacy Engineering at NIST.

A critical element of the National Strategy for Trusted Identities in Cyberspace (NSTIC) is to substantially improve the privacy of online transactions and support civil liberties like freedom of speech and freedom of association.

Right now the Internet is not a very private place. Passwords are the main form of account protection. But cyber criminals can use simple tool kits that break them or can trick people into giving up their passwords with phishing emails and spoofed websites. Additional security features usually require consumers to share all kinds of personal information like home towns, favorite books, and pet names.

There's a better way to put people in more control of their personal information and protect their online accounts. Some media organizations and bloggers have reported inaccurately that NSTIC would require that a government ID be used on the Internet or that NSTIC aims to track people's activities online.

Here's how the Identity Ecosystem envisioned by NSTIC will improve privacy:

  • Standards: Developed through a multi-stakeholder process, all Identity Ecosystem service providers would follow privacy best practices based on recognized privacy principles when issuing or relying on identity credentials. NSTIC requires that service providers abide by the Fair Information Practice Principles (FIPPs), consistent with the Consumer Privacy Bill of Rights.

    Key Principles: In brief, the principles say that personally identifiable information (PII) must be:
    • collected and used only in ways that are clearly communicated to individuals,
    • collected or kept only as needed for a designated purpose, and
    • secured against unauthorized access.
    • Auditing and accountability processes also must be in place to ensure the FIPPs requirements are being followed.
  • Individual control: The Identity Ecosystem will maintain the capacity for anonymity and pseudonymity in Internet transactions in order to enhance individuals’ privacy and otherwise support civil liberties. For example, if a teenager wanted to socialize online with other teenagers, an Identity Ecosystem credential could provide proof of age without disclosing an actual birth date, or even a name. People will still be able to surf the web without credentials as they do today. Participation is voluntary. No one has to get a "trusted ID" or credential.
  • Limited data access: Trusted IDs only reveal necessary personal information. For example, if an individual wanted to access her online magazine subscription, her credential could log her in with an anonymous user ID like Jane457, because the magazine doesn't need to know her real name. But if she wanted to access her medical records, the credential would prove that she is truly "Jane Smith." Thus, banks, online stores, and other organizations would rely on the credential to verify individual identities, without having to collect extra PII.
  • De-centralized: NSTIC envisions many different ID providers and multiple credentials that use technologies that inhibit the linking of people's online activities together. No centralized databases tracking credential use will emerge. In addition, digital credentials can limit the need for any one organization to aggregate information because they can combine identifying information from different sources. For example, a doctor who needs to access an electronic health record could use a credential that proves that her identity was validated by her cell phone provider and her medical license was validated by her state medical board. In this way, neither the cell phone provider nor the medical board has a complete set of information about the doctor.

Fewer PII Targets: Finally, thousands of organizations large and small that currently collect personal information from individuals to conduct transactions will no longer need to store this data, dramatically reducing the number of opportunities for ID thieves and other cyber criminals to find data security weak points.

                                                                                         

In a blog posting, Jim Dempsey, a respected privacy advocate and Vice President for Public Policy at the Center for Democracy & Technology, responded to these incorrect reports:

"The Obama Administration is not planning to create a government ID for the Internet. In fact, the Administration is proposing just the opposite: to rely on the private sector to develop identities (note the plural) for online commerce, in a system that allows individuals to have multiple identities and to engage in online activity anonymously and pseudonymously.

And let's get this straight too: I have not been criticizing the government's plan. Just the opposite: I have been praising the Administration for promoting improvements in online identity that would address concerns about identity theft, online fraud and cybersecurity without creating a centralized or government-managed system."