I have just received a note from FIPR on the US Department of Homeland Security consultation on a “National Strategy for Trusted Identities in Cyberspace”. This is a long overdue approach to the problem of persuading average americans that they should trust those who wish to link them to electronic identities and digital footprints. Meanwhile the cancellation of ID cards has removed but one fallen tree from the jungle of ID initatives in the UK. Will the current moratorium and review lead to a cull of those which are not fit for purpose and a sharing of those which are. If so, how will that process take place, under what governance?
The work of the Information Society Alliance sub-group on Identity Governance has recently acquired a new importance. It seems to be the only group currently bringing players together across department and agency boundaries, let alone public and private sector boundaries – other than at the technical level.
The problem is to focus minds away from the comfort zone of designing perfect systems for a world that will never exist and onto the identification of those that already work, deliver business benefit and are respected and trusted (including by voters). The quicker we can do this, the quicker we can begin moving essential applications off those systems that do not command trust and thus reap the benefits of better service and reduced fraud. That has to be done on positive cash flow, because there is no funding other than from the savings from switching off that which is not essential.
The good news is that we are dealing with bright people. Once that task is spelt out, they understand and respond. The bad news is how little they know of what others are actually doing – as opposed to describing on the conference circuit.
I therefore did not know whether to lauch or cry when I read the note from FIPR
National Strategy for Trusted Identities in Cyberspace
US Department of Homeland Security
How does it work?
• Users submit their ideas.
• Our community discusses and votes for ideas.
• The best ideas bubble up to the top.
The Nation faces sophisticated threats against the sensitive and confidential data of our citizens, industries and government. The Nation’s dependence on online transactions significantly increases the potential losses (financial and non-financial) associated with identity theft, fraud, intellectual property leakage, and privacy breach. Securing identities in transactions and creating a trusted online environment has become a critical national priority, and the President’s Cyberspace Policy Review called for development of a strategy to address this issue.
This draft strategy, referred to as the National Strategy for Trusted Identities in Cyberspace, focuses on the protection of the identity of each party to an online transaction and the identity of the underlying infrastructure that supports it. This Strategy seeks to improve cyberspace for everyone – individuals, private sector, and governments – who conduct business online.
Public ideas and recommendations to further refine this Strategy are encouraged.
I only know that my mixed reaction would puzzle all those who believe in the self-evident need for us to have a national strategy – just like the Americans. But at least they have begun by appearing to ask the people. More-over they may still be rich enough to have time to waste – as opposed to taking action on the many quick wins available from replicating good practice and mandating adequate practice.