Wednesday, April 20, 2011

Is This Another Initiative We Need To Have a Close Look At? Maybe Some Ideas Could Be Useful.

Clearly we are not the only country wondering about identity management in the digital, internet enabled world.

White House issues online privacy strategy

By Joseph Conn

Posted: April 15, 2011 - 12:00 pm ET

Tags: Data security, Information Technology, Patient privacy, Policy

President Barack Obama today released the National Strategy for Trusted Identities in Cyberspace, a 45-page outline (PDF) of how the government will work with the private sector to develop what's described as an electronic "identity ecosystem" to protect privacy and curb online fraud.

"The Internet has transformed how we communicate and do business, opening up markets and connecting our society as never before," Obama said in a news release accompanying the release of the plan. "But it has also led to new challenges, like online fraud and identity theft, that harm consumers and cost billions of dollars each year. By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation."

Commerce Department Secretary Gary Locke said in the same statement that government will work with industry and consumer advocates to develop identity proofing standards "so that the marketplace can provide more secure online credentials while protecting privacy, for consumers who want them."

The resulting identity ecosystem will be based "on the full set of the Fair Information Practice Principles," or FIPPS, according to the release.

More here:

http://www.modernhealthcare.com/article/20110415/NEWS/304159959/

Coverage also appeared in Australia - courtesy of the ‘fair and balanced’ Fox News,

Sick of remembering your online passwords? Let the White House manage it for you

  • From: NewsCore
  • April 16, 2011 5:08PM

THE US Commerce Department has unveiled a plan for a national cyber-identity system that gives consumers a single secure password and identity for all their digital transactions.

FOX News reports the National Strategy for Trusted Identities in Cyberspace (NSTIC) will be a voluntary system designed to protect consumers from online fraud and identity theft - which hit 8.1 million people in the US last year, at a total cost of $27 billion.

The problem? The current system of half-remembered passwords jotted down on Post-it notes and based on pets and maiden names simply isn't good enough.

"Passwords just won't cut it here," said Commerce Secretary Gary Locke, who announced the initiative at the US Chamber of Commerce.

"We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords," he said.

The "identity ecosystem" will create secure online IDs for Americans who elect to join the program.

Instead of having to remember all those disparate passwords, a consumer would use a "single credential" to log in, with far more security than a password alone would provide, the agency said.

That log in could be anything: a smart card, a cell phone, a keychain fob, or some other type of gizmo.

And if a user so chooses, they can elect to have several log-ins from different credential providers.

Want a key fob from Google and cell phone software from Verisign? Go for it, both will work - though having two would reduce the simplicity factor, of course.

More here:

http://www.news.com.au/breaking-news/sick-of-remembering-all-your-online-passwords-let-the-white-house-manage-it-for-you/story-e6frfku0-1226040173034

It is very interesting that in the introduction to the report President Obama specially singles out internet enabled access to health records as one of the issues that the Strategy was aiming to address.

Interestingly the OECD has just published a paper (March, 31) on what is being done in digital identity management in the OECD.

Australia is summarised thus:

Australia

The Australian National Identity Security Strategy sets standards for identity security in areas such as enrolment, document security and electronic authentication, and it establishes a real-time Document Verification Service (DVS) whereby agencies across jurisdictions can check the validity of documents presented by clients as proof of identity documents in real-time. The Australian Strategy is based on a decentralised registration policy where each agency is responsible for managing its own identity system. Several components of the strategy have been developed (e.g. guidance for identity data integrity) or implemented but not yet fully rolled out throughout all government agencies. To support interoperability, agencies are encouraged to follow a National e-Authentication Framework. The Australian Government has also agreed to a lead agency model for the provision of authentication services to government agencies. Single sign-on to e-government services is also being developed. Security and privacy are addressed through the Australian Government’s Cyber Security Strategy and via existing legislation such as Australia’s privacy legislation. In lack of a national identifier, the development of an alternative registration mechanism is considered as a key challenge.

Four of five pages of detail follow.

The full 89 page document can be downloaded here:

http://www.oecd.org/dataoecd/61/39/47504631.pdf

It will be interesting to see how all this fits with what is happening with NASH as it is developed and implemented.

It will also be interesting to see how access to the PCEHR for the ordinary citizen is ultimately managed, if indeed the system ever actually goes live in any substantive way in our lifetime.

David.

No comments: