State officials in Michigan and Pennsylvania have been awarded roughly $2.4 million in federal funds to test an online ID system that’s been called a “driver's license for the internet," and it could soon exist from coast to coast.
The "National Strategy for Trusted Identities in Cyberspace”
program has been in development for years, but it’s about to
finally be rolled-out to a degree in two locales in order to see
if using government-certified IDs on the web is something worth
considering on a much larger scale.
“The goal is to put to bed once and for all our current
ineffective and tedious system of using passwords for online
authentication, which itself was a cure for the even more
ineffective and tedious process of walking into a
brick-and-mortar building and presenting a human being with two
forms of paper identification,” reporter Meghan Neal
wrote for VICE’s Motherboard website on
Tuesday this week.
In theory, the program would also help curb a major problem
rampant within both the worldwide web and the federal government:
abuse. The United States government loses billions of dollars a
year due to fraud, Neal reported, and the White House thinks that
number could be drastically cut if a new system was implemented
to authenticate the people that use government programs and
websites alike.
“What if states had a better way to authenticate your
identity online, so that you didn’t have to make a trip to the
DMV?” Jeremy Grant, the senior executive adviser for
identity management at NIST, told the New York Times in 2011.
To see if there may be success on a national level, the NIST has
awarded Michigan and Pennsylvania hefty grants to fund programs
that would implement a “trusted identity” system as sought by
Washington. Earlier this month, the GCN tech website reported
that Michigan received $1.3 million to pilot an automated system
that validates identities online in order to replace the
in-person proofing system currently in place for those looking to
apply for state benefits, and Pennsylvania was offered $1.1
million to develop a similar program that stretches across
multiple state offices.
According to GCN’s William Jackson, Pennsylvania’s pilot
program combines “both automated identity proofing with
federated use of credentials so that the same token can be
accepted for multiple programs without duplicating effort and
personal data across departments.”
“The Commonwealth of Pennsylvania pilot will offer residents
the opportunity to obtain a secure, privacy-enhancing credential
to conduct online transactions with a number of participating
agencies including the departments of Public Welfare and
Health,” NIST said when they awarded the grant to the Keystone
State. “Citizens will be able to register just once to access
a variety of services, eliminating the need to create multiple
accounts and to validate their identity multiple times.”
In Michigan, “[t]he program will aim to help eliminate
barriers citizens face in accessing benefits and services by
streamlining the applications process, while also reducing fraud
and improper payments,” the NIST explained.
A database of identities in Pennsylvania already maintained by
the state’s Department of Public Welfare, Jackson reported,
containing millions upon millions of names. That agency’s chief
information security officer said that the NIST’s vision is
pretty complex, however, and would allow other offices across the
state to access that information in order to authenticate people
using government services in other sectors.
Privacy advocates predictably don’t see these systems as being
all that good. In 2010, the Electronic Frontier Foundation called
the program a “pervasive” one that “would pose to
privacy and free speech online” by putting so much
sensitive, personal information into the hands of Uncle Sam.
“The whole thing is fraught with the potential for doing
things wrong,” Microsoft engineer Kim Cameron told the New
York Times when they reported on the program in 2011. In that
same article, Electronic Privacy Information Center associate
director Lillie Coney suggested that implementing such a system
simply puts too much at stake.
“Look at it this way: You can have one key that opens every
lock for everything you might need online in your daily
life,” Coney said. “Or, would you rather have a key ring
that would allow you to open some things but not others?”
Just this week, Neal at Motherboard warned of the consequences
such a scenario could give way to: “Then there's the problem
of putting all your security eggs in one vulnerable basket. If a
hacker gets their hands on your cyber ID, they have the keys to
everything,” she wrote.
According to GCN’s Jackson, the two pilot programs about to be
rolled out “will help to determine the effectiveness of these
tools with an eye toward getting them widely adopted.” The
NIST is expected in September to award new grants valued at
roughly $2 million to the winners of this year’s pilot program
funding.