White House Plan for Web Identity Ecosystem a Tough Sell So Far

By: Chris Crum - January 13, 2011

Update: Read more on this from our conversation with Google Open Web Advocate and OpenID Board member, Chris Messina. 

Original Article: The White House is working on a "National Strategy for Trusted Identities in Cyberspace" in which it has placed the Commerce Department in charge of an "Identity Ecosystem". In a nutshell, the program is about giving consumers IDs they can use to log in across sites all over the web, which they can rely on as being secure, and not have to worry about remembering countless passwords (and thereby not having to use the same password over and over again on different sites, which is incredibly helpful to cyber criminals). 

Would you rather have a single web ID than use multiple passwords? Comment here.

Of course the announcement of this strategy has already drawn plenty of skepticism, backlash, and general controversy. For example, many are skeptical that government can succeed where technology giants like Microsoft or Google have not. As some have pointed out, the company that’s probably come the closest and has the best chance of accomplishing becoming online users’ universal ID would be Facebook, given not only its enormous amount of users, but its integration into a large portion of the web through Facebook log-in. Add mobile and the rest of the world outside of the U.S. to the mix, and Facebook does have a very widespread and portable reach. Of course not everyone trusts Facebook to be their universal ID, with many very concerned with how the company treats privacy issues. 

Much of the criticism of the White House’s efforts has been over the vagueness of the strategy, and of course many simply don’t want the government involved in this. 

Here is the explanation of the strategy from Howard A. Schmidt, the Cybersecurity Coordinator and Special Assistant to President Obama (from WhiteHouse.gov):

Howard A. Schmidt Talks Identity EcosystemThis holiday season, consumers spent a record $30.81 billion in online retail spending, an increase of 13 percent over the same period the previous year.  This striking growth outshines even the notable 3.3-5.5 percent overall increase in holiday spending this past year.  While clearly a positive sign for our economy, losses from online fraud and identity theft eat away at these gains, not to mention the harm that identity crime causes directly to millions of victims. We have a major problem in cyberspace, because when we are online we do not really know if people, businesses, and organizations are who they say they are. Moreover, we now have to remember dozens of user names and passwords. This multiplicity is so inconvenient that most people re-use their passwords for different accounts, which gives the criminal who compromises their password the "keys to the kingdom."

We need a cyber world that enables people to validate their identities securely, but with minimal disclosure of information when they’re doing sensitive transactions (like banking) – and lets them stay anonymous when they’re not (like blogging). We need a vibrant marketplace that provides people with choices among multiple accredited identity providers – both private and public – and choices among multiple credentials. For example, imagine that a student could get a digital credential from her cell phone provider and another one from her university and use either of them to log-in to her bank, her e-mail, her social networking site, and so on, all without having to remember dozens of passwords. Such a marketplace will ensure that no single credential or centralized database can emerge. In this world, we can cut losses from fraud and identity theft, as well as cut costs for businesses and government by reducing inefficient identification procedures. We can put in-person services online without security trade-offs, thereby providing greater convenience for everyone.  

"We are not talking about a national ID card," U.S. Commerce Secretary Gary Locke is quoted as saying at the event where the plan was announced. "We are not talking about a government-controlled system."

That’s not enough to curb the criticism, however. For example, Pascal-Emmanuel Gobry at Silicon Alley Insider says, "The big security/IT companies with the right Washington connections to get this gig don’t reassure us any more than the government does." Gobry does also suggest that having the Commerce Department, as opposed to the Department of Homeland Security run the program feels a little less "big-brotherish."

As far as I can tell, there’s nothing here indicating that people will be required to use IDs from this program. It will be interesting to see how it is adopted around the web. Will people trust this system more than they trust Facebook? Of course there are other options like OpenID, at least for the sites that support them.

Would you use an ID like the White House is suggesting? Share your thoughts in the comments or discuss with our Facebook fans.

Chris Crum

About the Author

Chris CrumChris Crum has been a part of the WebProNews team and the iEntry Network of B2B Publications since 2003. Follow Chris on Twitter, on StumbleUpon, on Pinterest and/or on Google: +Chris Crum.

View all posts by Chris Crum

    Anything that the goverment becomes involved in is bound to fail!

  • Guest

    Since the first rule of security is DO NOT have the same log in for everything and the first rule of privacy is keep it the heck away from Facebook, I see this being as popular as a chilli sauce condom. It might make you feel safer, but it’s going to sting as it screws you!

    • Chris Crum

      Awesome analogy!

      • Guest

        I say replace democracy with the Like button. It’s safer.

  • sofakingdabest

    Who are you?
    Who who
    Who who
    I really wanna know

  • Tom

    I simply do not trust the government in this latest infringment on privacy. Should this new ID system becomes a reality, who knows how it will be misused and abused.

    • DM

      “The” government? Do you mean YOUR government? There are others, you know.

  • http://www.its-na.com Guest

    I hate this idea. How would you be able to separate your private life from your business life? Also, these would be the perfect target for hackers. Now they don’t have access to one of your accounts, they have access to your entire life!

  • Guest

    this is nothing short of absurd.

  • James “Rolin” Stone

    I never wanted a “Big Brother”. I don’t want one now. I don’t want one ever. Not when he also goes by “Uncle Sam” and “wants me”…

  • http://www.mlmbusinessmarketingcooperative.com SGolden

    Can anyone say NSA be careful of those bearing gifts !

  • Larry Jackson

    Heck, yes, I’d support the effort as long as it can be proven safe, that it’s free, and it’s not a requirement that we must use it. I get so tired of having to look up my passwords and usernames.

    • deacon

      “Heck, yes, I’d support the effort as long as it can be proven safe, that it’s free, and it’s not a requirement that we must use it. I get so tired of having to look up my passwords and usernames.”

      So in 10 words or less: you’re lazy.

  • janacpallc

    When did the government ever get anything right?
    When did the government EVER establish a dept or a service that isn’t screwed up?
    This is a truly stupid idea….the time is for the government to step back out of nearly everything they are currently messed up in – NOT turn something else into another one of their over-priced clusters.


    Nice, exactly what we need right know, the beasts mark so they can track every single thing that you do.

  • Guest

    I am much more afraid of “private” control than a big brother government control.

    • NoGovControl

      You should fear the Government more than private business. If a private business wants you to purchase something you can opt out, vote with your feet or wallet and there’s no reprecution and the government will back you. If the Government is in charge and you opt out, they can fine you or send you off to jail. (See new Healthcare law) And no one has your back. Be smart and choose private industry.

      Dean Flory had it right. The real reason for this to be controlled by the government is; once everyone gets comfortable with their Secure Government ID for all their online purchases, that’s when the bill passes to implement an internet sales tax and internet usage tax. All transactions will go through the IRS so they are recorded. These are the things that our politicians have been trying to pass for years unsuccessfully, let’s keep it that way.

      • deacon

        private control vs government control?

        take a close look, and you’ll see that corporations run the show now, and their board members also walk in the halls of power as members of the government.

        Mussolini had a word for this: fascism.

  • Guest

    Government only wants to have it all. All your money, all your subservience, all your body parts up on internet through their stupid airline frisks and xrays – which by the way are NOT safe for your body, especially frequent flyers – and now all your id. Roll over puppets, roll over.

  • DM

    No, thanks. I’ll take care of my own passwords, as well as my own privacy. But my very sincere thanks 😉 to the US Government for offering to do my such a big favor.

    Incidentally, they are aware that the Internet extends beyond their borders, aren’t they?

  • Lee

    No thanks and stop wasting our tax dollars on idiotic notions like this.

    I thought they were joking when I first heard the ridiculous idea that our government wanted to launch a universal internet ID system. Now I know that we have to get these fools out of office and find other people that can lead our nation. It is frightening to think that minds like these are making daily decisions that impact out life and standard of living.

  • http://www.deanflory.com/ Dean Flory

    Don’t you want the IRS to know about every single piece of gum you buy? This is the real reason they want to start this program up, to track online purchases, plain and simple.

    Don’t you want the government to be able to shut your entire log-in life over some small time thing? Can you imagine how that gatekeeper would feel in the coming years when everything is digital or tied to a check-in or something.

    Don’t you dare! Here’s an idea for ya, get a 10 cent piece of paper and pencil and write down your logins and passwords and just keep it under your computer. You’d have less of a chance of being robbed and the burglers finding that piece of paper over the government using that ID against you in numerous ways.

    This is a national ID system, exactly, hard one to argue against there. Then they’ll slip in some fine print and just debit out your taxes and whatnot anytime they want, didn’t you read the 38 page SLA?

    If everyone in America liked the direction our government was heading, this would be a good idea, since it isn’t, it’s horribly wrong for them to ask that of us and proves there is no limit to the roots of evil.

  • http://www.connecticutplastics.com Michele

    Gee a unique ID, per individual. Just like social security numbers, which get stolen all the time.
    I’ll keep my passwords, thank you. White House, stick to what you are good at…..waging war.

    • deacon

      don’t you mean “wasting money that should be used to rebuild infrastructure, schools, hospitals, highways etc”?

      wars in general are very efficient at that.

  • http://www.sitebyjames.com/ James

    I thought that was what OpenID is… and what OAuth is all about.

    Identification services complemented with an encryption protocol.

    • http://www.sitebyjames.com/ James

      Just to expand this… I don’t see an issue with it so long as it can be turned off when required.

      I mean I could of swore that we all have social insurance numbers. So, why not something that works with the web to a certain degree.

      But then again, for what purpose? Just to log in? So long as I can log out or turn it off.

      I could see it increasing consumer and possible merchant confidence to a certain degree as well. Maybe???

  • http://www.creative-domains.net Eric R

    Less than 90 days after 2,000,000 classified documents were published on Wiki Leaks, I can’t imagine trusting the governments ability to safeguard anything.

    They want to have our medical records …
    They want us to use one secure ID …

    My question is this: Who is going to be responsible WHEN (not if) these systems get hacked. It takes YEARS to get identity theft cleaned up – how long would it take if my “secure id” got hacked? How do I clean up my life if my medical records are part of a Wiki style dump? How many paper pushers would I need to have sign off on my new ID? Who would pay for it? Could I be certain that my private information would never be used against me?

    So I’ll finish this post with the last thing I want to hear: “I’m with the Government, I’m here to help!”

  • http://zaibzoomers.biz Steve Cee

    Great ! Let’s let them screw up the internet like they screwed up
    everything else ! “RoboForm” works just fine thank you !

  • Scott

    I’ll keep my passwords. Since when does the govt. think it can keep this secure? It can’t even keep social security numbers from being stolen.

  • Patriot

    The government has its fingers in too much of my business already. I am capable of managing my own passwords.

  • Guest

    I’ll manage my own logins and passwords, thank you very much! The last thing we need is an incompetent and inefficient government bureaucracy managing our security for us.

    I know, “inefficient government bureaucracy” is an oxymoron… well, so it government security!

  • geoughx

    A government that cannot provide physical security by securing it’s own border, and cannot provide cyber-security by preventing the Chinese from stealing our nukes right off servers in Lawrence-Livermore….

    and they want to KEEP ME SAFE ONLINE?

  • Tom

    “We are not talking about a government-controlled system.” This is just nonsense. This administration and its supporters in the Congress want more control of the Internet and more incursion into the lives and privacy of average Americans. This IS all about control and it is all about tracking the movements of Internet users. Who are they trying to kid? The Internet has some obvious faults, but letting the government gain more control of it is just a problem waiting to happen. On balance, the Internet has been one of the last free frontiers. It has been a vehicle for thought and commerce. Government intrusion can only ruin a good thing as it so often does.

  • http://www.actnowcenter.com Mel Jackson

    Absolutely no way! What are they going to call the program, “Hacking for Dummies”? Honestly it must be driving the govy crazy to not be able to get a bigger piece of the internet pie. Unfortunately, they probably won’t stop until they do. As usual, politics is the art of looking for trouble, finding it whether it exists or not, diagnosing it incorrectly, and applying the wrong remedy.

  • Guest

    Oh great, 1st they screw up healthcare, then the military and now the web? I guess when you think of it…it was Al Gore who invented it…

  • Phillip Ross

    The dilemma is between security and privacy, which seem to be mutually exclusive. If the issue us just password security, Lastpass should do it (http://www.youtube.com/watch?v=r9Q_anb7pwg). But I don’t know what this does for Internet security (against hackers, etc.).


    HELL NO!
    This is a plan to collect OUR information and they will spy on everyone, make up something that THEY think is going on and cause trouble.
    Everything is becoming Communist based a little at a time. They are already cutting out benefits for the elderly to kill them off faster by denying tests and treatment.
    Everything being done SCREAMS COMPLETE CONTROL, Freedom is being taken away from us!

  • Gene

    I can’t believe we are even talking about this, it is absolutely rediculous. I thought it was rather humorous how they spoke about how the government is so concerned that consumers might be taken advantage of online resulting in losses due to fraud and identity theft. The government is just concerned that they aren’t able to tax all of the commerce that is taking place out of their reach. They didn’t say one thing about taxes but you know they are thinking it. I would rather take my chances with one purchase through one company. If the purchase ends up being a scam I stand to lose that purchase amount, if the government has this kind of access into our lives you know they are going to lose the files to some hacker and then won’t we be vulnerable! Yes, identity theft is a real threat but do you really think we won’t be vulnerable with big brother watching over our passwords? I can’t believe our government has the balls to even suggest something like this, everything they touch is an absolute trainwreck.

  • http://www.dogdazedesigns.com Guest

    MORE government in our lives?? Haven’t they messed up enough stuff already without messing with my IDENTITY???

  • Guest

    Revelation 13:17
    so that they could not buy or sell unless they had the mark, which is the name of the beast or the number of its name. Think about this prophecy.

  • Guest

    They may say they want to give you a universal id in the interest of safety, but this is a LIE!

    They just want more control over the information we access and to police our activity.

    One possible agenda may include better tracking of all internet surfing, to see who reads top secret leaks about the government’s evil deeds on the likes of the WIKILEAKS website, and who distributes or talks about that information on the likes of Twitter and then the big bad government could decide to criminally charge us for reading top secret information exposing their evil doings.

    Such a plan would work great to scare everyone away from reading uncensored news like WIKILEAKS or interacting with any website that is opposed to government.

    This is just one idea, but the government has been real nasty since this lastest WIKILEAKS.

    It may start as a web id, but you can be sure it will turn out to be much more!

    Be Free! Be Safe! Say No To Government Control!

  • http://www.sciencelives.com Sciencelives

    I just found it interesting that in one paragraph the government rep is talking about protecting people from not knowing if people are who they say they are online, and in the next paragraph he is talking about making sure people can blog anonymously.

    As a Canadian this would not really affect me, but I probably wouldn’t join if our government offered something similar.

  • http://.WWW.RTR.org Cheryl

    If you haven’t figured out your own computer and internet security by now; do you really want the GOVERNMENT to do that for you?

    I had a friend hook me up. (She is the administrator for a university campus computer system)

    AVG checks out all the sites you visit and checks if they are tracking you; it comes with its own search engine and searches sites that are safe.

    Zone Alarm for a fire wall

    CCleaner.com for a daily sweep of cookies and temporary files.

    All of these are absolutely FREE ; she only uses the free stuff and does not upgrade to the paid for EXTRAS.

    SAFE TRAVELS ;)……………c

  • Jean

    This is just another come-on to the American people. Another under-handed way for government to stick in where government doesn’t belong. WE the people are capable of managing our websites we visit and control our passwords. We don’t need the goverment to give us an ID. We have achieved our own idenity without the help of the goverment. Get the White House in order and practice what the Constitution teaches. It won’t include internet control. Remember we are a “FREE” people!

  • valerie

    Who in their right mind wants to give the government easy access to every site you sign up for or purchase you make. Granted, theoretically they can get all that anyway, but let’s not make it too easy. Aside from the fact the the government has an abysmal track record when it comes to securing their OWN info, so you really want them handling any more of yours?

    Can’t remember passwords? Jot ’em down, or better yet, get a program, like 1Password to remember them for you.

  • Guest

    The government has more important things to worry about than what identities people use on the internet. In fact its none of their damn business. This is just another ploy of the government to be big brother and keep track of what people say and where they go on the internet.
    Let them secure borders and make the country safe, not evesdrop on people. The government is way out of hand and is prying into privates lifes and liberties way too much with Obama as president.

  • rhonda

    the government needs to stay out of our internet!

  • Guest

    Give in to the government and give up your freedoms…it is as simple as that. Look at what government regulation has done to small businesses. I don’t want them regulating mine. Just another power grab.


  • http://www.jubejube.net Svedenmacher

    As the title suggests, borrowed from the movie – the Government is delusional in thinking they can safeguard our “webecosystem” identify. It would take a Chinese or Russian hacker an evening plus one jolt cola break to gain access to everyones ID. Right now with many passwords and areas we keep our info – hackers are guessing where to look (I had a nice SMS from a china source “fishing” for my ID and personal info). It is so friendly of the US Gov’t to try to store all info in one tidy place for a good crackin…

    Personally I am pro (and always have been) for a government free internet as cyberspace should be the new International waters. My kids are protected with routers and computers that block crap I don’t need some overpaid officials doing this for me (have you ever seen Gov’t websites?) They obviously know little…

  • Walker

    With any luck, this will go the way of the clipper chip that they tried to force on us a few years back.

    I use several proxy servers outside the U.S. All of my accounts will refuse access unless it comes from a specific proxy.

  • Guest

    This is just another way for the government to monitor us, only this way they won’t violate anyone’s rights because we would have consented to it. I definitely believe that it’s better to have multiple passwords for many things than one, because if someone hacks their “secure” system, they’ll have the password to enter all your account across the internet, and not to mention if the government wanted to watch you 24/7, it would be simple because they have the one password to access all your information. THIS IS COMPLETE CRAP! AND SHOULD NOT BE ALLOWED.

  • Guest

    One username and password for everything is a bad idea. It is not secure … it leaves you more vulnerable than if you were to have many usernames and passwords…

  • http://www.ckfswebpagedesign.com Carol

    Such a overall bad idea on many levels. So many security risks with this. What are they thinking.

    First the government is in charge of keeping these ids safe somewhere. What a target for hackers.

    Second, only one ID is just a bad idea — so easy for others to get hold of and be able to get into all your information. Its making identify theft even easier than before.

    Third, it will allow the government to track our movement on the web.

    Is this a opt in program?

    Do children get an ID also. If not do they have to us a parent’s ID.
    That would be a security problem right there. Or if they do get an ID using it on a school computer or at the library would certainly lead to a scenerio for identity theft.

    What a waste of tax payer money.

  • Guest

    re: White House Plan for Web Identity Ecosystem…..
    Hell no. I’ll keep my passwords, the White House can keep their change.

  • Guest

    Hahahahahahaha! They can’t keep their own secrets secret! Why would I trust them with mine? Hahahahahahaha!

  • McCoy Pauley

    The issue of convenience is a Red Herring. If you’re not using Last Pass (or some other) get with it. It is secure, private and portable. A national system would be out of the individual’s control and something is going to go wrong

  • http://www.truckstuffusa.com Mark

    No thanks! We don’t need another one of your programs sucking up our tax dollars, taking away our freedom, and turning a system that works fine into a cluster.

  • tm

    This is a blatant attempt to get what they asked for weeks ago. Access to everyone’s accounts on face book and twitter and access to encrypted files and messages.

    If we just give the gov a master password they can then access any of our accounts on any website we use anytime they want. And we know they no longer get search warrants.

    Right now they are having trouble accessing accounts on twitter and face book without a search warrant. And they can not access encrypted mail and files.

  • http://www.GiftBasketJewels.com Guest


    I have a great memory and a rolodex. I don’t need anymore safety features, especially when an ID would jeopardize my privacy. Those ID’s have to be stored somewhere . . . And what customer wants to be tracked to make sure they pay their fair share of taxes?

    Just flat NO!

  • http://forum.smobot.com smobot

    All risk should be put into perspective, pros and cons of risks and solutions weighed simultaneously.

    US GDP = 14.12 trillion.
    Annual losses from ID theft = 50 billion.


    %00.3 GDP.

    While that’s not an insignificant figure, compared with proposed federal budget cuts on the table between 100 to 500 billion, the number is dwarfed.

    What risk might be associated with an individual electing to have a single online identity? Well, what you end up with is a solution that causes another problem. The next generation of identity thieves, certain to emerge, would then have access to your entire online presence and every website you frequent – private and public. In my opinion, this poses greater risk than what is now, for the most part, a well-fragmented system.

    So now the American public has to swallow the spider to catch the fly to catch the identity thief… you end up with progressively smarter criminals, and progressively more invasive social policy.

  • Chris Crum

    Read more on this from our conversation with Google Open Web Advocate and OpenID Board member, Chris Messina. http://www.webpronews.com/topnews/2011/01/14/googles-open-web-advocate-talks-white-house-web-id-plan

  • http://www.easysecured.com Gurudatt Shenoy

    MyCloudKey requires you to register just one number or paraphrase and then use that to generate unique passwords or identities for all the websites without the user having to remember each of them.

    The unique feature of this solution is that the MyCloudKey ID is registered and locked to a device owned by the user such as their cellphone. So no one can use the key even if they know what it is from their device or cellphone.

  • aiki

    As long as the US govt will assume all responsibility for any losses occurring due to security breaches then I’m happy about this. Is that likely to happen? I think not:)

  • http://www.jaywick.net Guest

    Well as a non US citizen, I find the idea that such a system could be in any way secure Laughable.

    With the advent of all things financial being dominated by the use of Social Security Numbers in the US and the amount of fraud that has precipitated I cannot see how yet another costly Government project aimed primarily it seems at tracking individual use of the web would benefit anyone except Government and criminals, not mutually exclusive.

    In the UK we have had much discussion about the introduction of Biometric ID cards which would contain ridiculously large amounts of personal information. It seems to me that the more personal information is centralised, the more at risk it is prone to abuse.
    Lets face it the Security Services in most countries already have pretty much unfettered access to this information if they so choose.
    So I would say a definite NO to such a move, if for no other reason than where the US leads the rest of the world tends to follow.

    • Guest

      From the UK – Do you honestly think that the goverment are doing anything for the people by putting this proposal forward – NO – this is another sure way for the Three banking dynasties to get richer for taxes to be applied – and its another move forward to a Police State and Big Brother to take away any ounce of freedom you THINK you currently have. Until questions like WHY are we at war are really answered – how, what, why and when was it ok to train terrorists to kill our people and pay them off to do it, why did they blow up the twin towers – why did they let bin laden receive hospital treatment or pay his family thousands of dollars – and for us in the UK why do we let known terrorists wander our streets protected, why was the only London Bus on the day of the london bombings the only one to blow up in its non-usual route in tavistock place and why did an innocent electrician get shot in the head, and be accused of wearing thick pucka jackets and carry bags with wires sticking out – tell the truth to these and global warming and who benefits – then the American and UK people may finally realise just how much they are being deluded – democracy no – anyone who agrees with this has got to be one of them.

  • ModernFeudalism


  • http://www.glenwoodfin.com SEO

    They want to roll it out as a help to you when the purpose is to track everything you do.

    Let the Internet alone.

    • http://sansabalongdrive.info Guest

      Alibama and his band of thugs has no business in what I do on the web. Dam commies are trying to take us over.

  • http://www.oohdale.com Tommy Brown

    This will not help but, rather give the hackers a free run. Anything the government is in I am out of. Leave the internet alone please.

  • Guest

    My brother, their is only one thing left to do.

    Kill the rich and eat them.

    Sounds callous, but they could care less about what happens to you.

    Revolt, Revolt, Revolt, Revolt, Revolt, Revolt, Revolt, Revolt, Revolt.

    Just glad i am old enough that i won’t have to live through the

    New World Order!

  • Elco

    If this ID project goes on, then the government will be able to track every bit of information about you. Every search performed in a web browser, any bought item on ebay, every single transaction on your bank account, and all the info of you emails.