No plans for Aussie online ID

No plans for Aussie online ID

Summary: The Federal Government has said that it doesn't intend to follow a United States plan to impose an online identity for its citizens.

SHARE:

The Federal Government has said that it doesn't intend to follow a United States plan to impose an online identity for its citizens.

The Obama Administration says that the National Strategy for Trusted Identities in Cyberspace (NSTIC) plan would be a "verified", or trusted, identity that can be used to access participating websites, with the backing of PayPal, Symantec, Verizon and AT&T.

It would go further to verify identity than the federated identity schemes like Facebook Connect and OpenID, because identities would be checked against government-held records, possibly social security numbers.

The administration has pushed the plan as a means to improve online security and reduce the need for users to remember passwords, but is keen to distance its scheme from comparisons to a national identity card.

The Attorney-General's Department, responsible for the lion's share of Australia's online security initiatives, has said that it has no plans currently to implement a similar scheme.

"We understand, however, the importance of online security to the Australian community and we're monitoring best practice from around the world," the department said.

It said bureaucrats had "not specifically" investigated the identity scheme, but said it is "aware of the breadth of options available and the need to take account of privacy, security and accessibility for government services online".

The Obama Administration handed oversight of the sensitive project to the Commerce Department, scrapping a prior consideration to leave it in the hands of the National Security Agency or the Department of Homeland Security.

NSTIC is a component of the government's Cyberspace Policy Review, which called for the creation of an "identity ecosystem".

Cyber tsar Howard Schmidt, US special advisor to President Barack Obama, said in a White House blog that the NSTIC aims to build an environment where "individuals and organisations can complete online transactions with confidence, trusting the identities of each other and the infrastructure that they run on".

"Privacy and security require greater emphasis moving forward and because of this the technology that has brought many benefits to our society has … also empowered those who are driven to cause harm."

The NSTIC will become part of a string of US opt-in plans that use technology to toughen the validity of identities and improve the security of public and private transactions.

Divided

Identity schemes, sometimes called online passports, have divided industry pundits.

Securus Global managing director Drazen Drazic said Australians lack the appetite for the US identity scheme, and questioned whether it would improve online security.

"It scares me to think about the impact of this. To throw trust into developers and the implementers," Drazic said. "And what happens if [criminals] nail it and compromise the identity database?"

Asked if consumers would be safer to allow the government to protect a single database than rely on multitudes of online companies to do so, Drazic voiced concerns about what would happen if the government database was hacked.

"With [the identity scheme] all eggs are in one basket. What's the fall back?"

Kaspersky Labs chief Eugene Kaspersky has called for a verifiable online identity — an online passport — like that drafted by the US, because he believes the adoption of the internet by a mass audience went awry.

"The internet was designed not for public use, but for American scientists and the US military. That was just a limited group of people — hundreds, or maybe thousands. Then it was introduced to the public and it was wrong … to introduce it in the same way," Kaspkersky told ZDNet Australia's sister site ZDNet Asia.

"I'd like to change the design of the internet by introducing regulation — internet passports, internet police and international agreements — about following internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off."

Denmark already has a complex federated identity management system in place through the government-funded WAYF (Where Are You From) organisation. It holds some 2 million verified online identities which can be used at more than 50 institutions, including banks, hospitals, schools and public services.

The network also extends into Nordic countries and contains details of some 500,000 Danish school pupils.

WAYF manager David Simonsen, told ZDNet Australia last year that the project goal is to allow users to be identified while limiting the need to distribute personal information.

"A driver licence is way too much information," Simonsen said.

At the time, Denmark banks were meshing electronic identities with the government's citizen log-ins, meaning consumers will be able to access accounts via an identity verified against social security numbers.

It's a surprise

Topics: Government, Government AU, Privacy, Security

Darren Pauli

About Darren Pauli

Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Oh come on, do we really need the government to issue individual identification which we will then be forced to use online?

    At the risk of sounding like the tin foil hat brigade:

    For all the wonders of the US governmental system, the hypocrisy of trading freedom for the perception of safety seems to escape them. Take a look at the fall of Roman Empire, the US is merely repeating history.

    Eugene Kaspersky is just a businessman, who will happily trade the freedom of others for his financial gain. Of course he supports forced identification schemes.
    Scott W-ef9ad
  • Careful with that axe, Eugene*...indeed. Just a trifle arrogant for a rep of a security tool consistently dropping in comparative ratings. "I'd like to"..."NOBODY CARES WHAT YOU'D LIKE TO!!!"**

    * kudos to Pink Floyd

    ** kudos to The Rock...if you smmmelllllll...
    btone-c5d11
  • The IT Security business must be doing it tough when they can't rely on the relative merits of their products/services and try to force the government to legislate for their benefit.
    Scott W-ef9ad