Main Nav

Privacy, Security, Interoperability, and Ease-of-Use Are Guiding Principles of NSTIC

The White House released today the National Strategy for Trusted Identities in Cyberspace (NSTIC).  At an event held at the U.S. Chamber of Commerce in Washington, D.C. attended by 200 invited guests including members of Congress, Federal agency representatives, private sector companies, and non-profit organizations such as EDUCAUSE, there was a sense of excitement and enthusiasm as the Obama Administration fulfilled its promise to develop a “cybersecurity-based identity management vision and strategy” called for in the May 2010 Cyberspace Policy Review.  The Strategy is being introduced to make online transactions more secure for businesses and consumers.

The Guiding Principles for the Strategy are that Identity Solutions will be:

  • Privacy-Enhancing and Voluntary
  • Secure and Resilient
  • Interoperable
  • Cost-Effective and Easy To Use

There has been considerable concern that NSTIC could result in a National ID or not fulfill its mandate to enhance privacy.  Leslie Harris, Executive Director of the Center for Democracy and Technology, said, “The Obama Administration is not planning to create a government ID for the Internet. In fact, the Administration is proposing just the opposite: to rely on the private sector to develop identities for online commerce, in a system that allows individuals to have multiple identities and to engage in online activity anonymously and pseudonymously.”  Howard Schmidt, The White House Cybersecurity Coordinator, said, “NSTIC not only protects consumer privacy but it enhances it.” While identification and authentication for sensitive transactions is a key part of the strategy, several speakers at the NSTIC launch event applauded the strategy for recognizing the important role that anonymity can play for some online transactions.

The NSTIC vision is as follows:

Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.

Innovation has been a cornerstone policy of the Obama Administration and several of the speakers applauded the designation of the National Institute for Standards and Technology (NIST) as home of the National Coordinating Office for NSTIC.  The Federal Government role in setting a course for digital identities has also been of concern.  Senator Barbara Mikulski (Dem.-Maryland) declared, “While NSTIC is federally supported, it will be private sector led.” The Strategy reinforces that point noting that “the private sector will lead the development and implementation of this Identity Ecosystem, and it will own and operate the vast majority of the services within it.”  The Federal Government role, on the other hand, is described in the strategy as “to foster cooperation across all levels of government, to deliver integrated, constituent-centric services” and to “partner with the private sector”. 

According to the Strategy, NSTIC differs from past efforts to encourage trusted IDs in several ways. From the outset, the NSTIC has involved the private sector as a partner in the effort. The private sector has the expertise to implement the Identity Ecosystem and has already demonstrated that the technology is ready and that an emerging market for trusted IDs exists. This means that while some past efforts focused on technical solutions, NSTIC is instead focused on policy and standards to ensure interoperability.

The Strategy outlines the following as “The Way Forward”:

The National Program Office will continue the national dialog among the private sector, public sector, and individuals on the implementation of the Strategy.  Shortly after the release of the Strategy, the NPO will hold a series of meetings to highlight the existing work in this area and to support the private sector’s standardization of policies and technology for the Identity Ecosystem.

Representatives from industry, academia, civil society organizations, standards-setting organizations, and all levels of government are encouraged to attend and collaborate on the design of the Identity Ecosystem.  Together, we will work towards technology and policy standards that offer greater identity security and convenience; create new commercial opportunities; and promote innovation, choice, and privacy.

For more information, visit