National Internet ID program a risky proposition
January 24, 2011
The Obama administration recently announced plans to give the Commerce Department authority over a forthcoming cybersecurity effort to create a system of national Internet identification for Americans. The program will be part of the administration’s National Strategy for Trusted Identities in Cyberspace, which aims to enhance security, efficiency and convenience in online interactions.
Details on the identity program continue to be scarce, but so far it seems the goal is to create a system of government-issued identities that can be used to log in to multiple websites and facilitate more secure transactions for things, such as online banking or Internet shopping. The system will theoretically combat identity theft by giving people one secure government-issued identity they can rely on instead of using a different account for each service used online. Companies, such as Verizon Communications Inc., Google Inc., PayPal and Symantec, have already announced their support for the plan.
There can be certain benefits of using such a program. The U.S. government’s IT infrastructure and security is more secure than those of private companies, such as Facebook or Google, that have also made moves to allow people to use their services to log in across multiple websites.
It makes more sense to trust our identities to the government rather than large corporations. Much of our secure information—such as social security numbers, driver’s licenses, home addresses, phone numbers and so on—can already be accessed by the government, so we wouldn’t be giving it any information it doesn’t already have.
Furthermore, the government must answer to its citizens in the event something goes wrong or the identity system is compromised. We elect our leaders, and we can hold them responsible for their mistakes. Private corporations, such as Google, Facebook, Microsoft Corp. and Apple Inc., are under no such obligation and can theoretically do whatever they want with the personal information of their users. If I had to choose, I would much rather trust my identity with the government than with a corporate alternative.
That’s not to say I’ll be signing up for the national Internet identity program on day one, though. Several possible aspects of the idea make me uneasy. While I’m OK with trusting the government with personal information—much of it was issued by the government to begin with—I’m not comfortable with the possibility that using a government ID online will allow the government to monitor what I’m doing on the Internet. If the Commerce Department were to covertly share information with, say, the National Security Agency, it’s not hard to imagine the Orwellian implications of increased government surveillance and the loss of personal privacy.
However, it’s far too early to worry about those kinds of possibilities—those issues are merely speculation. My biggest problem with the proposed national identity system is it goes against everything I know to be practical about online security. Trusting everything you use online to one login—no matter how secure you think it is—is a bad idea. It would be like using the same password for everything from trivial blog commenting accounts to e-mail, PayPal and online banking access. Once hackers or identity thieves have access to one of those things, they have access to everything.
Rather than rely on either the government or corporations to provide the ease and convenience of one universal login across all online services, people should take responsibility for their online security by using some basic precautions. Using a different password for everything and creating strong ones that combine numbers, lowercase and capital letters and other special characters are the best ways to ensure online security.
It might be a bit more work, but it’s always better to rely on yourself rather than trust your identity to anyone else.