President Obama Releases the National Strategy for Trusted Identities in Cyberspace

Strategy Seeks to Protect Online Consumers and Support Innovation

The Internet has become an indispensable convenience for innumerable daily personal and professional transactions, from shopping and banking to social networking and paying bills. But cyber crime is on the rise and growing in sophistication, posing threats to consumers and businesses alike. In 2010, 8.1 million U.S. adults were the victims of identity theft or fraud, with losses totaling $37 billion.

In order to enhance privacy and security in cyberspace and e-commerce, the Obama Administration released last week the National Strategy for Trusted Identities in Cyberspace (NSTIC). The strategy seeks to better protect consumers from fraud and identity theft, enhance individuals' privacy, and foster economic growth by enabling industry to move more services online and create new services.

"By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation. That's why this initiative is so important for our economy," said President Barack Obama.

"We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords," said U.S. Secretary of Commerce Gary Locke. "Working together, innovators, industry, consumer advocates, and the government can develop standards so that the marketplace can provide more secure online credentials, while protecting privacy, for consumers who want them."

NSTIC envisions a cyber world - a so-called Identity Ecosystem - that improves upon the passwords currently used to log-in online. The goal is to create an environment in which there will be interoperable, secure, and reliable credentials available to consumers. Those who choose to participate will obtain a single credential (i.e., a unique piece of software on a smart phone, a smart card, or a token) that generates a one-time digital password. Rather than having to remember dozens of passwords, consumers can use their single credential to log into any website, with more security than passwords alone provide. Consumers can use their credential to prove their identity when carrying out sensitive transactions, such as banking, and remain anonymous when they are not. The Identity Ecosystem would rely on a set of technologies, policies, and agreed upon standards that securely support transactions ranging from anonymous to fully authenticated, and from low to high value.

To ensure that the ecosystem provides strong privacy protections for consumers, NSTIC calls for a private-sector led effort, facilitated by government, to develop the technologies, standards, and policies necessary to create the Identity Ecosystem and to enable a self-sustaining market of different credential providers.

The U.S. Department of Commerce will establish a National Program Office (NPO) led by the National Institute of Standards and Technology and the National Telecommunications and Information Administration to coordinate the federal activities needed to implement NSTIC. Working closely with White House Cybersecurity Coordinator Howard A. Schmidt, the NPO will coordinate the NSTIC implementation activities of federal agencies, including the U.S. Department of Health and Human Services, the U.S. Department of Homeland Security, the U.S. Department of the Treasury, General Services Administration, and the Department of Veterans Affairs.

For more information, visit www.nist.gov/nstic.