A commentary on the website of the Electronic Frontier Foundation challenges the underlying assumptions of the draft National Strategy for Trusted Identities in Cyberspace (NS-TIC).
Probably the biggest conceptual problem is that the draft NSTIC seems to place unquestioning faith in authentication — a system of proving one's identity — as an approach to solving Internet security problems. Even leaving aside the civil liberties risks of pervasive online authentication, computer security experts question this emphasis.
via www.eff.org
The commentary continues on to address anonymity:
The draft NSTIC "envisions" that a blogger will use "a smart identity card from her home state" to "authenticate herself for . . . [a]nonymously posting blog entries." (p. 4) But how is her blog anonymous when it’s directly associated with a state-issued ID card?
The proposal mistakenly conflates trusting a third party to not reveal your identity with actual anonymity — where third parties don’t know your identity. When Thomas Paine anonymously published Common Sense in 1776, he didn’t secretly register with the British Crown.
Indeed, the draft NSTIC barely recognizes the value of anonymous speech, whether in public postings or private email, or anonymous browsing via systems like Tor. Nor does it address issues about re-identification, e.g. the ability to take different sets of de-identified data and link them so as to re-identify individuals.
The commentary, published on July 20, 2010, concludes:
Much more could be said. The NSTIC is only a draft, and the Department of Homeland Security and the White House sought public input online through July 19th. Because of the importance of this issue, EFF has joined with a coalition of concerned civil liberties group to ask the Administrations for a longer comment period and a way to submit more detailed comments. We hope and expect that this will be only the beginning of a public debate about ID management online.
A search of the EFF website on 8/30/10 reveals no response from the White House, although I do know that a website run by the Department of Homeland Security offering the ability to post online comments did reopen without explanation later in July.
You can read the entire EFF commentary at the links above or here.
Leave a Reply