Some industry experts are expressing concern about a proposal from the White House to develop a "National Strategy for Trusted Identities in Cyberspace," now up for public comment, saying it is vague, might no longer allow online anonymity, potentially gives government too much access to personal information, and provides a single point of failure for identity thieves.
The plan postulates security tokens such as a "smart identity card," possibly from state government, or a digital certificate from a smart phone, that would contain all sorts of identity information about a person, rather than people having to remember a long string of user names and passwords for different websites. The person would need to possess the token to have access to their online information, which the plan says would make identity theft more difficult.
However, while the plan talks a lot about different security layers, and different providers, it doesn't talk much about who would actually be doing the providing. Indeed, Appendix B -- "Participants" -- is blank.
And in an era when people supposedly posting anonymously are finding out that their postings aren't anonymous after all, some people are concerned that the proposal will eliminate anonymous posting altogether. While the potential smart identity card would allow for anonymous posting, the very aspect of using an identity card makes it inherently un-anonymous, say critics.
"[A]nonymous to what extent?" wrote Lauren Weinstein on his blog. "Perhaps a blog comment would appear on the Web anonymously, but when the lawyers show up demanding to know who posted that critical comment -- something that's happening with increasing frequency even now -- I'll bet you dollars to donuts that the initial authentication records will be available through some means to unmask the poster, or to correlate pseudo-identities that users may prefer to use for different purposes and "roles" on the Net."
In addition, some people are concerned about giving the government access to all of a person's identity and security information. In 1993, the White House proposed an encryption chip, the "Clipper," that turned out to have a back door that would enable law enforcement to decrypt information on the chip.
Finally, critics point out that should identity thieves find a way to steal or duplicate the security tokens, they could get access to all of a person's information, not just that from a single compromised account -- the same sort of criticism that has been levied against the so-called REAL ID driver's license.
Comments on the plan will be collected through July 19.