NSTIC’s Effect on Privacy Tomorrow – Analysis white paper from Identity Finder

The Department of Commerce released the final draft of the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Strategy for Trusted Identities in Cyberspace last week

Attached is a white paper from Identity Finder, LLC that examines possible impacts of the (NSTIC) on Privacy.

Identity Finder has found that to successfully implement its visions of privacy, security, and secure identities, NSTIC must call for Federal regulation that will:

· Hold all Identity Ecosystem Participants to legal and technical standards which implement Fair Information Practice Principles (FIPPs) and baseline privacy and security protocols

· Create incentives for businesses to not commoditize human identity

· Compensate for an individual’s unequal bargaining power when establishing privacy policies

· Subject Identity Providers to similar requirements to the Fair Credit Reporting Act

· Train individuals on how to properly safeguard their Identity Medium to avoid identity theft

· Ensure that consumers and advocates have a meaningful voice in the development of NSTIC policy

Identity Finder’s Chief Privacy Officer, Aaron Titus, warns, “We all have social security cards and it took decades to realize that we shouldn’t carry them around in our wallets. Now we will have a much more powerful identity credential that lets us carry it in our wallets, phones, laptops, tablets and other computing devices. Although NSTIC aspires to improve privacy, it stops short of recommending regulations to protect privacy. The stakes are high, and if implemented improperly, an unregulated Identity Ecosystem could have a devastating impact on individual privacy.”

If NSTIC fails to implement the necessary regulations, the resulting Identity Ecosystem could turn into a free-for-all Identity marketplace, and create the following risks:

· Powerful identity credentials which, if lost or stolen will enable hyper-identity theft

· A false sense of control, privacy, and security among Users

· New ways to covertly collect Users’ personal information

· New markets in which to commoditize human identity

· Few consumer protections against abuse or sharing personal information with third parties

· No default legal recourse against participants who abuse personal information without consent

A free copy of the whitepaper can be downloaded at: Identity finder NSTIC white paper

See the NIST video to get the context