The White House set out a sweeping strategy to make online transactions more secure on Friday. The move is the most ambitious initiative to emerge from a cybersecurity policy intended to blunt the growing menace of online crime.
Howard Schmidt, president Barack Obama’s cybersecurity co-ordinator, who took up his duties in early 2010, released the strategy paper after 12 months of discussions led by the National Security Council and involving scores of private sector groups, critical infrastructure owners and privacy advocates.
The strategy seeks the creation of a system for identity management that would allow citizens to use additional authentication techniques, such as physical tokens or modules on mobile phones, to verify who they are before buying things online or accessing such sensitive information as health or banking records.
A set of standards would let multiple vendors offer authentication services, while people whose identities have been verified would be able to move from website to website without resubmitting information.
Privacy protections would require companies involved to limit their collection and dissemination of personal data, for example confirming that a consumer is over 21 without passing along the person’s birth date.
The government would take the lead by establishing the standards and subscribing to authentication services.
Internet companies and government agencies have long supported the idea of multipurpose identification systems, but adoption has foundered in part because of limited incentives for participation. As a result, a bank will have one set of protocols for establishing a client’s identity, while a state agency and hospital have others.
The matter has taken on increased urgency as more valuable data pours online and malicious software grows more sophisticated. Industry estimates for the theft of intellectual property and online fraud run as high as $1,000bn annually.
Congressional and private sector support will be critical for the new effort.
“This is a vision and you need that, but they’re going to need to work with Congress and get government agencies to test out different pieces of this,” said Aris Schwartz, vice-president of the Center for Democracy and Technology. Congress would need to fund test programmes and, perhaps, approve tax incentives.
It has been hard to formulate legislation because internet security issues intrude into so many political areas. But Harry Reid, Senate majority leader, recently urged committee chairmen to harmonise pending bills for cybersecurity overhauls, making it likely new laws will emerge from Congress this year.