Today is Data Privacy Day, an annual international celebration to raise awareness and generate discussion about information privacy designated by both the U.S. Senate and U.S. House of Representatives in 2009. In honor of Data Privacy Day, here’s an update on the latest Commerce Department initiative to protect the privacy of the American people.
On Jan. 7 at a discussion forum with business and academic leaders at Stanford University, Secretary of Commerce Gary Locke and White House Cybersecurity Coordinator Howard A. Schmidt unveiled plans to establish a National Program Office at the Commerce Department to help implement the National Strategy for Trusted Identities in Cyberspace, an administration initiative that aims to foster private-sector development of new technologies that can improve both the privacy and the security of sensitive online transactions.
Cybercrime and identity theft cost U.S. consumers hundreds of millions of dollars annually. So the idea is that the private sector would lead the development of better technologies for consumers and businesses to establish their identities before they conduct sensitive transactions like banking, shopping or downloading health care records. The Commerce Department would facilitate the process by building consensus on standards and managing collaborative efforts with other federal agencies.
These technologies could be devices like a smart card or fob that generate one-time passwords. They could be software or devices on your smart phone or personal computer that match a digital certificate issued by your computer or phone with a personal pin number. Because these technologies would require both something you have, like your cell phone, and something you know, like your pin number, an identify thief or hacker could not pretend to be you simply by guessing your password to your bank’s website.
We’re not talking about a national ID card, a mandated digital identity, a centralized identity database or an Internet driver’s license… not even a learner’s permit. Individuals who want a secure Internet credential would be able to choose among multiple identity providers, both private and public, and among multiple digital credentials. And people could continue to communicate anonymously online if they choose.
For additional information on this privacy-enhancing initiative, visit www.nist.gov/nstic.