Thursday, 23 July 2009

US national identity management system will allow anonymity, multiple personas

Information Week reports remarks by Thomas Donahue, director of cyber policy for Obama's National Security Staff, at an identity management conference in Washington (it didn’t say which).

It’s good news. As the Information Week report shows, Mr Donahue clearly understands there are complex and multi-faceted issues facing society in relation to digital identity management, and difficult technological challenges involved.

Some selected quotes:

“Donahue said a national strategy for identity management was critical because authentication and identity management remain gaps in the world of cybersecurity…

A national policy won't come without open discussion among government, industry, and the public…

Basic issues remain, including defining the roles of government and of private industry in creating a standard way to deal with digital identity, and a system architecture. Anyone who opted in to a government-led or -guided identity system would likely be able to use an authorization mode of their choice..

Privacy is a major concern for the Obama administration, Donahue stressed. Any system will have to allow for some level of anonymity, with room for a user to shed some anonymity in order to demonstrate trust with another person or a Web site in a digital relationship, Donahue said. Non-negotiable in any identity management plan would be a requirement of voluntary enrollment and discretionary use, he said. People would likely be able to create multiple identities for different roles, such as work and home…”

The big issue is of course how to strike a fair and appropriate balance between security on the one hand, and privacy / anonymity / individuals’ control of their own identity on the other, but it looks like the USA are thinking along the right lines.

The UK government would do well to follow suit. We can but hope.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.