The draft National Strategy for Trusted Identities in Cyberspace is a timely document that has the potential to contribute significantly to the development of better online identities for governmental and commercial uses – identities that can facilitate and secure a range of interactions while also protecting and enhancing privacy and other values.
The Strategy seeks to respond to a confluence of concerns over our ability to secure critical transactions and infrastructure. In recent years, there has been considerable movement in both the government and the private sector towards more effective, interoperable, and secure digital identity technologies. Now is the ideal time to develop a coherent national strategy, in order both to incentivize these efforts and to ensure that Federal and industry efforts are compatible. A national strategy should define the desired attributes for an identity ecosystem, recommend government incentives for the creation or adoption of online identity, delineate the differing roles of government and the private sector, and explicitly address how privacy, free expression and other values will be preserved. We offer here suggested amendments to the strategy to better serve these goals. Most importantly, the Strategy should specify as a guiding principle the concept of levels of assurance -- the concept that different transactions will require different levels of identity and assurance, ranging from very little to the highly secure. If the concept of levels of assurance is recognized as a guiding principle, other issues become easier to address. Also, the draft focuses to too large a degree on government development, use, and promotion of an identity ecosystem and on the creation and use of identities tied to physical identity. Instead, a guiding principle should be private sector leadership in the development of identity solutions for commercial transactions, with the government in an incentivizing role. Also, the Strategy should give equal attention to identities that are not tied to physical identity.