2011-04-15 New US Gov't Strategy for "Identity Ecosystems" in Cyberspace Unveiled at US Chamber of Commerce [Update:1]

The National Strategy for Trusted Identities in Cyberspace (NSTIC), which some believe could establish and require Internet users to have ID on the Internet, was unveiled today at the US Chamber of Commerce. NSTIC aims to establish "identity ecosystems," what the National Institute for Standards in Technology describes as a "a user-centric online environment, a set of technologies, policies, and agreed upon standards that securely supports transactions ranging from anonymous to fully authenticated and from low to high value."

Secretary of Commerce Gary Locke delivered the following remarks:

"I'm optimistic that NSTIC will jump-start a range of private-sector initiatives to enhance the security of online transactions. This strategy will leverage the power and imagination of entrepreneurs in the private sector to find uniquely American solutions. Other countries have chosen to rely on government-led initiatives to essentially create national ID cards. We don't think that's a good model, despite what you might have read on blogs frequented by the conspiracy theory set. To the contrary, we expect the private sector to lead the way in fulfilling the goals of NSTIC. Having a single issuer of identities creates unacceptable privacy and civil liberties issues. We also want to spur innovation, not limit it. And we want to set a floor for privacy protection that is higher than what we see today, without placing a ceiling on the potential of American innovators to make additional improvements over time. "

What might this mean for the Internet as citizens of the world know it today? As the US government, in cooperation with the private sector, works to preserve cyber infrastructure or networks that it considers to be “strategic national assets,” how might this protection of assets fundamentally alter key characteristics of the Internet, which many have grown to appreciate? In the age of WikiLeaks and Anonymous, in an era where the US government has been unable to prevent the Chinese government and military from stealing usernames and passwords for State Department computers, it seems that this strategic plan could transform the Internet into a realm that requires you to prove your identity with an approved and issued identification card every time you move in to a new website.

President George W. Bush, in the aftermath of the September 11th attacks, used the climate to fundamentally transform security. The Bush Administration led a conditioning and recalibration of the way citizens in the country thought of civil liberties. This made possible a warrantless wiretapping program, which the American Civil Liberties Union (ACLU) considers to be “part of a broad pattern of the executive branch using "national security" as an excuse for encroaching on the privacy and free speech rights of Americans without adequate oversight.”

A “global war on terror” and the memory of a horrific tragedy allowed for the metamorphosis of society into a suspect society. Born were two wars in Afghanistan and Iraq. Other countries became zones for launching unmanned aircraft or drone strikes. And, citizens saw the US government detain and imprison indefinitely terror suspects in Guantanamo Bay, Baghram Air Force Base and other prisons denying them due process and in many cases subjecting them to harsh interrogations or torture.

All of these developments have, for the most part, become something US citizens have found a way to justify. In a society where citizens are told “if they see something, say something,” they believe the escalation of security, the detention, the strikes, and all the expansions of the deep state, which controls and operates the national security apparatuses in the US, is allowable. The civil liberties one has are not to be given up except in cases where one might be in danger and then, in that case, it is okay. So, in the past months, the Transportation Security Administration (TSA) expanded the scope of its security forcing travelers to go through body scanners that might pose a risk to travelers’ health because of radiation or be subject to a pat-down procedure that if witnessed in public by a police officer would likely lead to the arrest of the person doing the pat-down.

Now, the connecting of systems in more and more ways, the increased complexity that has come as a result of innovation and the reality that, without cyber-connectivity, the economy of the United States could grind to a halt and its national security could be breached has pushed the US government in the past years to work in concert with the private sector to begin to bring order to a networked public sphere that many value because it does not require you to authenticate your identity and does not require you to be inspected before moving along to your destination.

A draft of NSTIC began to circulate in July of last year. Then, the Electronic Frontier Foundation (EFF) noted the possibility that this could lay a foundation for the establishment of a national identification card that would be required if one wanted to use the Internet. The draft explicitly said it did not advocate for such an establishment, but when considering the fact that the project went from being a “National Strategy for Secure Online Transactions” to a radically expanded project that called for “pervasive, authenticated digital IDs,” the EFF concluded that the strategic plan could not only pose huge risks to civil liberties but also “place unquestioning faith in authentication…as an approach to solving Internet security problems.”

Those advancing the cause of greater cybersecurity are already working to condition people to think of liberties and rights differently. Philip Reitinger, Deputy Undersecretary of Homeland Security for National Protection, provided testimony on cybersecurity before a House committee on homeland security just months ago. In the context of cybersecurity, Reitinger says, “DHS is committed to ancillary a public’s privacy, polite rights and polite liberties. Accordingly, a Department has implemented clever remoteness and polite rights and polite liberties standards into all of a cybersecurity programs and initiatives from a[n] outset. To support this, DHS determined an Oversight and Compliance Officer within NPPD, and pivotal cybersecurity crew accept specific training on a insurance of remoteness and other polite liberties as they describe to mechanism network certainty activities.”

One can imagine what Homeland Security might wish to deem polite rights and polite liberties and what it might seek to not designate as such. One can also imagine numerous civil rights and civil liberties protected by the US Constitution right now, which might be prohibited by an ever-growing and pervasive security agency. The use of the adjective “polite” is clearly an aim to shift the culture. Indeed, Reitinger describes a public relations or propaganda campaign the US government aims to use to change citizens’ way of thinking:

While substantial activity is focused on open and private zone vicious infrastructure protection, DHS is committed to building innovative ways to raise a ubiquitous public’s recognition about a significance of defence America’s mechanism systems and networks from attacks. Every October, DHS and open and private zone partners foster efforts to teach adults about guarding opposite cyber threats as part of National Cybersecurity Awareness Month. In Mar 2010, Secretary Napolitano launched a National Cybersecurity Awareness Challenge, that called on ubiquitous open and private zone companies to rise artistic and innovative ways to raise cybersecurity awareness. In Jul 2010, 7 of a some-more than 80 proposals were comparison and famous during a White House ceremony. The winning proposals helped surprise a growth of a National Cybersecurity Awareness Campaign, Stop. Think. Connect., that DHS launched in and with private zone partners during a Oct 2010 National Cybersecurity Awareness Month. Stop. Think. Connect., a summary grown with a private sector, has developed into an ongoing inhabitant open credentials debate designed to boost open bargain of cyber threats and how sold adults can rise safer cyber habits that will assistance make networks some-more secure. The debate fulfills a pivotal component of President Obama’s Cyberspace Policy Review, that tasked DHS with building a open recognition debate to surprise Americans about ways to use record safely. The module is partial of a NIST National Initiative for Cyber Education (NICE).

Lest you think that government officials aren’t going to begin to hype “threats” to our cybersecurity to expand control, establish greater order and grant the private sector increased access to alter and restructure the networked public sphere to serve their business interests, Sen. Joe Lieberman (I-CT) spoke at a US Chamber of Commerce event and said, “If there’s going to be another 9/11-type attack, it seems to me it will probably be carried out through cyberspace.”

Would these “identity ecosystems” make it possible for government and private companies to increasingly do what PayPal and Amazon did to WikiLeaks in December when it decided it would no longer let them use their services? In the latest annual “Worldwide Threat Assessment of the US Intelligence Community” presented by Director of National Intelligence James R. Clapper, WikiLeaks is considered an intelligence threat.

In addition to the threat posed by state intelligence services, the intelligence capabilities and activities of non-state actors are increasing in scope and sophistication.” And, the cyber environment provides unprecedented opportunities for adversaries to target the US due to our reliance on information systems.

The spectrum of threats includes espionage, cyber intrusions, organized crime, and the unauthorized disclosure of sensitive and classified US Government information, a notable recent example being the unlawful release of classified US documents by WikiLeaks. While the impacts of the WikiLeaks disclosures are still being assessed, we are moving aggressively to respond by protecting our information networks with improved CI analysis of audit and access controls, improving our ability to detect and respond to insider threats—while balancing the need to share information—and increasing awareness across the U.S. Government to the persistent and wide-ranging nature of foreign intelligence threats.

Finally, how appropriate is it that this plan is being unveiled at the US Chamber of Commerce? As reported by ThinkProgress in February, the US Chamber of Commerce communicated with private contractors that provide cybersecurity services to the US government — HBGary Federal, Palantir, Berico Technologies. It discussed with these cybersecurity service providers how ChamberWatch, the SEIU, MoveOn, ThinkProgress and other groups could be targeted and proposed efforts “to steal private computer information, spy on the families of the Chamber’s critics, and plant false documents within organizations opposed to the Chamber’s agenda.” (These same companies were also discovered to have developed plans to help Bank of America by sabotaging WikiLeaks through similar tactics.)

The US Chamber of Commerce conspired against citizen groups it deemed to be a threat to their operations. It was willing to steal information and destroy the lives of people. Does anyone really think this is an entity that should be behind any government plan to establish “identity ecosystems” to make the Internet more secure? One might ask, secure for whom?

Thus, it should be explicitly established that those behind this plan do not have the same philosophy or understanding of the Internet as American legal scholar Yochai Benkler, who in a recent paper outlined power and freedom in the networked society or economy. They do not view the realignment and change in “organization of production, power, and meaning making in contemporary society” as a good development. They do not celebrate how the Internet has changed power dynamics through democratization or the rise of “libertarian-anarchist cluster of radical individual freedom” from state and corporate power.

Those behind this plan cannot be expected to find acceptable the new freedom, which Benkler describes — a freedom that makes an entity less susceptible to another entity. And so, citizens of the world should understand, in order to ensure there will be no risks to business operations or bottom line profits, the private sector is likely to fight for an organization of the Internet that does away with users’ freedom and power. And, the easiest way to do that is under the guise of homeland or national security.

Photo by Truthout.org