The Smart Card Alliance endorses the Obama Administration's National Strategy for Trusted Identities in Cyberspace (NSTIC), developed under the auspices of the President's Cyberspace Policy Review by the National Security Staff and an interagency writing team.
The NSTIC initiative correctly recognizes that there are very real problems of identity management, privacy and security in our society today, and brings a much needed focus on solving the problems. Although its scope is limited to cyberspace, the Framework it outlines would also establish essential foundational elements that can help to strengthen identity, privacy and security in healthcare, social security administration, immigration reform and other programs in the physical world.
The NSTIC Framework draft is well conceived and written. It is intentionally broad in scope, providing a wide range of trusted identity constructs and identity protection technologies. The Framework is very pragmatic and practical in its approach, because it limits its role to being an enabler, facilitator and accelerator of the Identity Ecosystem development. There is a clear recognition that many different public and private stakeholders will be involved in working out the specifics of the Framework and ultimately, using it.
The Healthcare and Identity Councils of the Smart Card Alliance, a non-profit public/private partnership organization whose members include healthcare providers, financial institutions, payment brands, enterprises, government users and technology providers, prepared specific comments on the NSTIC Framework draft. Some top-level points are:
The Alliance strongly agrees with the ideas of using federal, state and local government and academia programs to accelerate development of the Identity Ecosystem, while leveraging existing procedures, standards and technologies such as FIPS 201 and the Federal Identity, Credentialing and Access Management Roadmap used to achieve Personal Identity Verification (PIV) and interoperability (PIV-I) in Homeland Security Presidential Directive (HSPD)-12.
The highest priority should be first defining the Identity Ecosystem for the most trusted digital transactions based on an identity medium, because this part of the Identity Ecosystem can have the greatest positive impact on identity, security and privacy and it is also the least developed commercially and therefore needs the greatest attention and leadership.
A suggested idea to make high-value identity transactions both secure and easy to use is the familiar approach of a card and PIN as an identity medium; however, to achieve high levels of security, the card must include smart card technology to carry PKI credentials, biometrics and other security features; other important advantages are that this would create a portable identity medium, and it provides a secure environment that is independent from the PC, thereby side-stepping issues involved with PC, website and service provider hacker threats.
The NSTIC document explains that the need for such a strategy is due to the rising tide of identity theft, online fraud and cyber intrusions, the proliferation of usernames and passwords that individuals must remember, and the need to deliver online services more securely and efficiently. The Framework mentions smart card technology as the kind of technology appropriate for an identity medium, or a personal security device to protect identities in online transactions, and prevent others from stealing or misusing identities.
Page 1 | 2 |