Friday, February 25, 2011

Internet Regulation: A Different Tactic

I've posted before about how the Obama administration has taken steps toward regulating the Internet and net neutrality, but here's a new tactic that's recently come to light. It sounds harmless enough on the face of it, but there are some real questions that need to be asked and answered before a secure online ID is made standard practice.
President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today.

It's "the absolute perfect spot in the U.S. government" to centralize efforts toward creating an "identity ecosystem" for the Internet, White House Cybersecurity Coordinator Howard Schmidt said.


The Obama administration is currently drafting what it's calling the National Strategy for Trusted Identities in Cyberspace, which Locke said will be released by the president in the next few months. (An early version was publicly released last summer.)

"We are not talking about a national ID card," Locke said at the Stanford event. "We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities."

The Commerce Department will be setting up a national program office to work on this project, Locke said.

Details about the "trusted identity" project are remarkably scarce. Last year's announcement referenced a possible forthcoming smart card or digital certificate that would prove that online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions.

In my opinion, the first red flag is the fact that it's another initiative coming from the Obama White House. The second red flag is the fact that details are 'remarkably scarce'. The third red flag is that this is completely unnecessary:
...its relatively benign purpose doesn’t make it a good idea. Users would essentially trade self-management of security to third parties, which sounds great in theory but in practice could mean all sorts of problems once hackers know how to break the codes. If that happens, then neither the user nor the vendor could protect their data or systems from incursions, and the damage and its source would take longer to discover.

Besides, if the private sector sees a need for this, why does government need to intervene to create the demand? No one is preventing innovators from creating online secure IDs now. If vendors see value in this approach, and users see value in adopting the IDs, then the open and free market on the Internet will produce such a market. It would be a lot more likely to produce a product class that actually meets the needs of the market than something designed not by stakeholders but by bureaucrats at Commerce. The government has better ways to spend its money, or more accurately, hasn’t got the money to waste on creating voluntary security products that few seem to want or need.

Most Americans seem to agree with all of these red flags, as a recent survey revealed that a whopping 77% of Americans think that the government has no business regulating search engines. Only 21% think that the FCC should regulate the Internet like it does radio and TV, and most people think that such regulation would be used for pushing political agendas. Interestingly, this opposition spans almost all demographic groups, with more opposition occurring in groups who use the Internet more, and vice versa.

Smart people, us Americans. Too bad we've been asleep at the wheel of the voting booth for too long, and only recently woke up.

Still, it's a good sign, because what the American people want, the American people usually get. Eventually, anyway.

I came across this video recently and thought it was a great explanation of net neutrality and Internet regulation:

This is definitely something to watch. For my thoughts on precisely why, check out my earlier blog posts on the subject here and here.

No comments:

Post a Comment