Good, Bad News on Trusted Identities
Commerce Secretary's Tales Illustrative of Internet TrustworthinessIn making a case for the National Strategy for Trusted Identities in Cyberspace, or NSTIC, Commerce Secretary Gary Locke tells two stories to demonstrate the need for new technologies to identify users.
One involves cancer research and the other identity theft. One has a happy ending, the other not. Here are Locke's stories, as he related in a speech Friday unveiling the Obama administration's NSTIC strategy:
"Each year, medical researchers make discoveries that save lives and improve the well-being of those afflicted with disease. Part of this rigorous scientific research is the review and approval of clinical trials, such as the Cancer Therapy Evaluation Program run by the National Institutes of Health (see Digital Credentials Ease Clinical Trials).
"To conduct these trials, paper signatures are needed for approvals at every turn. This adds hundreds of dollars of cost, and more importantly, weeks of time that could be better spent getting patients into treatment more quickly. But the system has been stuck in paper as the world moves digital for a simple reason: because there has been no reliable way to verify identity online. Passwords just won't cut it here, as they are too insecure and the stakes are too high to risk fraud.
"The good news is that today, NIH has come together with private sector groups - including patient advocates, researchers and pharmaceutical firms - to eliminate this inefficient paper system through new identity technology that enables all sides to trust the transaction. With trusted identities, patients can be enrolled more quickly in potentially life-saving therapy programs, saving hundreds of dollars per transaction.
"Trusted identities enable trials to run faster, researchers to spend more time in the lab and a faster and cheaper way to move new therapies from the lab to the treating cancer patients."
One Scheme Leads to Another
In his second story, Locke spoke of the scourge of identity and data theft, with phishing schemes being among the most prevalent. "Every second, phishing e-mails show up in people's inboxes, asking unwitting consumers to type their username and password into a fraudulent site."
Locke related the tale of Kimberly Bonney of Bethesda, Md., who fell victim to a scheme last year when she received an e-mail that she thought was from her Internet service provider. The e-mail warned Bonney that her account was in danger of being closed and asked for her password, which she provided.
"Then, her co-workers, fellow members of her church and her landlord began receiving emails that appeared to be from her stating that she was overseas and in need of a $2,800 loan to fly back to the United States. It was a fraudulent e-mail of course. Kimberly had become one of the 8.1 million Americans who were victims of identity theft or fraud last year. These crimes cost us some $37 billion a year."
Bonney isn't alone. A factsheet from the Commerce Department cites a study from secure website provider Trusteer showing that nearly half of targets divulge their personal information when redirected to a phishing site.
The factsheet also says the average out-of-pocket loss of identity theft in 2008 was $631 per incident. And, consumers reported spending an average of 59 hours recovering from a new account instance of ID theft.
The Internet, Locke says, "will not reach its full potential - commercial or otherwise - until users and consumers feel more secure than they do today when they go online."