NSTIC

NSTIC is the National Strategy for Trusted Identities in Cyberspace, "a White House initiative to work collaboratively with the private sector, advocacy groups, public sector agencies, and other organizations to improve the privacy, security, and convenience of sensitive online transactions." The government wants a way for people to be able to sign in to government sites without using government-issued identities.

NSTIC & Ethical Data Markets

Today I sent a letter out to the Startups in the Consortium. I thought I should post some of what I said to them here.

There are now a few work products that we [PDEC] should review, the NSTIC Functional Model Elements & contents of Trust Frameworks. 

I will be hosting a session at IIW to discuss how personal clouds can fit in their model and bringing the leaders of that in via skype. 

Trust frameworks one way to think of them is the contract glue that enables ID Technologies to operate in the real world. I am concerned by the number of companies and pilots that have strong defense industry ties.  It is clear to me that the predominant world view they have as companies is not user-centric.  I think we should consider writing a letter to NSTIC to explain key aspects of our worldview – essential elements to making the vision of NSTIC real.

Ethical Data Markets & New Business Models have surfaced in NSTIC. 

They were listed as a node we co-created last week. We should also work to share some of our progress on making this happen with the organization. 

White Paper: What Could Kill NSTIC? A friendly threat assessment

I shouted “Death to NSTIC!” and my session filled up. This was at the Spring 2011 Internet Identity Workshop and the National Strategy for Trusted Identity in Cyberspace program office was getting its act together, meeting the identerati in Mountain View, California. We took over a room and a whiteboard and imagined what could keep NSTIC’s vision from coming true. The dozen folks in the room were diverse. We were from startups and big companies, governments and NGOs. We were tech geeks, policy wonks, and executive suits. We dredged up failures we’ve known, obvious challenges and barriers unique to the notion of an “identity ecosystem.”

Death to NSTIC!

18 months later I did it again, with a different group, at the Fall 2012 IIW. Again, a whiteboard full of threats.

"Death To NSTIC" session at IIW15

I sat down in December and correlated the two sets of findings. PDEC is putting this out as a whitepaper, full of the details. Read on Scribd or download the pdf. I have a presentation version on Slideshare or you can download the deck as a pdf too.  

Two threats stood out. First, a user experience failure could destroy user adoption, ruin trust in the ecosystem, and twist user behavior counterproductively. Second, the ecosystem’s success depends on being strong in four areas (technology, economy, policy, and culture) and in having each of those areas balance the others. An imbalance could rip the ecosystem apart. 

Something stayed constant between the two sessions: performance anxiety. Execution risk was the overarching concern. Few attempts at something this complex ever go live, let alone thrive. 

Something changed between the two sessions, however. Where the first had many outside threats, the second session focused on internal risks. Less we-may-be-tackled-by-opponents and more we-may-fumble-without-interference. [Sorry for the US football metaphor.] Speculating, it may be that people had shown up to the program, light bureaucracy was being worked out, and it had all become more real.

It’s important to get digital identity right. It affects everyone, every business, every institution.

To that end, NSTIC’s Identity Ecosystem plenary (the people and companies that make up the ecosystem) is meeting this week in Phoenix, and PDEC’s Kaliya Hamlin is there to speak for our startups as part of her “Personal Data World Tour” taking her from Arizona, to D.C. to Austria (conference) to London (seminar) to Manhattan (seminar). Starting now, Kaliya is running to represent all small businesses and entrepreneurs on the IESG’s management councilsign up to vote for her by 14 February.  

What do you think could kill NSTIC? 

 

PDEC Whitepaper – What Could Kill NSTIC 2013 by evanwolf on Scribd

Could the Fiscal Cliff Kill NSTIC?

montgomery burns explains the fiscal cliff

Cuts are coming to US federal government spending in the new year. Cuts will come by cleaver if a “fiscal cliff avoiding” budget is passed or with a chainsaw if Congress and the President fall over the “cliff.”

High hopes fly for an international identity system that works across industries, technologies, governments, regulatory schemes and still manages to be user centric. This is driven in the United States under a program initiated by the National Strategy for Trusted Identity in Cyberspace through the National Institute of Science and Technology (NIST).

Direct effects. Nobody knows if this will directly affect NIST and the NIST staff managing the NSTIC project. NIST DoC logoCould the stream of Department of Commerce funding for NSTIC innovation grants dry up and will existing projects be halted? Will NIST’s funding for the Identity Ecosystem’s Secretariat, that coördinates and supports the work of the IE, be sustained or cut? In a trillion dollar budget, today’s spending on NSTIC is a rounding error.

Indirect effects. We don’t know how cuts in federal spending will affect the program indirectly as participating businesses and NGOs lose government contracts, experience greater risk, or enjoy new opportunities.

eGovernment as customer. Will the largest government agencies stay in the game? Constituent-facing services would be among the first implementors of these open, user-centric, identity frameworks. Having huge customers as “anchor tenants” provides strong incentives for the private sector to invest and make the identity ecosystem work. Will spending cuts affecting the these major clients throughout government interfere with their projects’ continuity? Will key personnel assigned to identity ecosystem governance, design, and engineering stay engaged? Stay employed?

Lots of unknowns.

And no strategy to respond to these risks from the Identity Ecosystem Steering Group. Yet.

NSTIC Governance Workshop, March 15

Kaliya will be attending:

Thursday, March 15, 2012

Main Auditorium, U.S. Department of Commerce – Herbert C. Hoover Building, 1401 Constitution Avenue NW, Washington, DC

Since the creation of the Internet, there have always been difficult questions surrounding privacy, security and trust. How do we know with whom we are interacting? How do we know they are trustworthy? How do we balance the desires for anonymity and personal privacy with the need to secure our information and transactions? In an effort to address these questions, President Obama signed the National Strategy for Trusted Identities in Cyberspace (NSTIC or “Strategy”).

The U.S. Department of Commerce and the National Institute of Standards and Technology (NIST) will host a workshop with thought leaders from government and industry to discuss aspects of the Identity Ecosystem governance structure called for in the NSTIC.

This workshop will review and take questions on NIST’s February 2012 paper, Recommendations for Establishing an Identity Ecosystem Governance Structure, and on specific issues concerning the establishment of that governance structure.