Return of the Guru

Feds Overreach Their Capabilities in the National Trusted Identities Program

Ara Trembly
Insurance Experts' Forum, June 28, 2010

President Obama’s new cyber-security chief is proposing to create an online “trusted identity system” with the goal of allowing individuals and organizations to “utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice and innovation.”

Like most federal trial balloons, this proposal is very short on details, but one can’t deny that the idea of being able to operate securely online with a minimum of passwords and other security measures is appealing. According to the Obama administration’s draft proposal, “the Strategy defines and promotes an Identity Ecosystem that supports trusted online environments. The Identity Ecosystem is an online environment where individuals,organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities.”

The proposal notes a key step in reducing online fraud and identity theft is to increase the level of trust associated with identities in cyberspace. “While this Strategy recognizes the value of anonymity for many online transactions (e.g., blog postings), for other types of transactions (e.g., online banking or accessing electronic health records) it is important that the parties to that transaction have a high degree of trust that they are interacting with known entities,” the document states. Certainly, any health insurer reading this will be nodding in complete agreement.

Unfortunately, as often happens with the government’s bright ideas to solve all our problems, this particular proposal is merely a tasty morsel of Swiss cheese, which is to say, full of holes. One particularly gaping aperture is the mindset behind this effort, as expressed in the proposal document: “Spoofed websites, stolen passwords and compromised login accounts are all symptoms of an untrustworthy computing environment.” No, actually those things are symptoms of a society and a world that is overrun with criminality. Merely creating a more “healthy” computing environment won’t stop criminal activity; in fact, it may even help to promote such skullduggery.

What do I mean? Simply that if I can now go to just one place to get all the passwords, logins, etc. that I want, then—as a cybercriminal—I need only concentrate on cracking the defenses wrought by the federal government to protect the “Identity Ecosystem.” In effect, by taking everyone’s private information and locking it into a single vault, I am inviting every safecracker out there to try their luck, with the prize being untold riches of ill-gotten information. Most of us know that there simply is no completely secure online computing environment (witness the feds’ own problems with hacking attacks on the Pentagon and other federal systems), so why make the bad guys’ jobs that much easier by putting so much juicy information in a single place?

In promoting the idea that it can create a safe cyberspace Nirvana, the federal government is overreaching not only its own limited capabilities in this area, but also the capabilities of any group of experts. The unassailable citadel against cyber-crime has yet to be built, and you can be sure this proposal will not result in its construction.

Instead, as I have mentioned before, the government needs to get much more serious about tracking down and punishing people who commit cyber-crimes. Guaranteed sentences at hard labor will do a lot more to dissuade criminals than yet another fruitless effort at universal protection. As it is, the Identity Ecosystem is merely a gathering of many information treasures behind a single wall that will inevitably be breached.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Boosting Performance with Integrated Underwriting Tools

A unified, comprehensive platform can help underwriters perform their jobs more efficiently — and profitably.

Apple's Way: Succeeding in the Enterprise Without Even Trying - Part 3

Today's data centers are doing far more with much smaller footprints.

Apply Mindfulness to Leadership

Managers can benefit from applying this theory both to their career aspirations as well as to interactions and expectations of staff.

Opinion: Halbig Decision Creates New Level of Uncertainty for Obamacare

Time will tell if the Halbig decision remains viable. But in the meantime, a new level of uncertainty has been injected into the process.

CIOs: "We Don't Have Enough People to Run Our Mainframes"

Insurers will be competing with other industries for both legacy and “new IT" talent.

4 Ways to Keep Insurance Data Quality Healthy

Continually building trust and credibility in the data is the key to a successful data warehouse.

Advertisement

Advertisement