Thoughts on Identity from the Gov 2.0 Summit
September 14, 2009
Filed under Open Government
Last week, the federal government announced a pilot project to develop digital identity solutions for federal websites, working with OpenID and Information Cards technologies. This will allow government agencies authenticate the public (for low and no security uses) and provide personalization and services. Online industry leaders have signed up as identity providers, and will allow citizens to use their existing identity online to interact with the government. Even six years ago, one third of online users logged in to government sites. The proliferation of online services and websites surely means that the identity program is something that agencies will be quick to take advantage of. Using a federated identity solution will allow agencies to stop developing and investing in independent solutions and instead use a plug-and-play system for identity. However, linking identities across the .gov web - let alone with the commercial web - carries new issues to be addressed. There are 300 million Americans, any number of whom may want to do business with government at any time of the day or night. Often, this may just be looking up an address or printing forms, but many interactions will require some way to identify the citizen who is asking for services from the website. Last week at the Gov 2.0 Summit, federal CIO Vivek Kundra noted that identity is crucial if government websites are to move beyond 'brochureware" and provide services to and interact with the public. Making government websites more interactive and useful is a key component to the Open Government Initiative, and identity is a step towards that goal. Identity, privacy, and security are related in any realm, but for government they pose a set of special problems. Government is not well equipped to deal with extra information about citizens, and is typically not allowed to track users. Using third parties and shared protocols to credential users is one solution to this problem, at least for relatively simple applications. While this could be a move forward in terms of using identity online in government websites and services, there are still quite a few details left to work out before integrating digital identity into government websites. These pilots bring up many questions around privacy and implementation of the identity. A Trust Framework has been developed to assess identity providers against federal requirements. These federal requirements, most accessibly laid out in an OMB Memo in 2004, have been well explained in the materials at IDmanagement.gov, but we have more questions around the implementation and privacy protections as the government moves forward with these pilot programs.