Mozilla and San Francisco Look to Get Citizens Logging In to Government
BY Sarah Lai Stirland | Thursday, May 3 2012
The city of San Francisco and Mozilla have made it into the next round of a competition being run by a federal government standards body that is designed to produce a better system for managing verified identity online.
Mozilla hopes to allow citizens to send forms to the city electronically, hooking up to a new document management system that's been in the works in San Francisco for the past several months. In order to do that, city officials need a way to be certain that people filing forms over the Internet are who they say they are — which is where Mozilla comes in. The nonprofit has created Persona, a system that would enable individuals to use their personal email address, without repeatedly entering their password, to log in around the web similar to the way they might use Facebook or Twitter now. The difference is that Persona is more of a framework than a centralized service: Mozilla operates a sort of identity provider of last resort, but the idea is that others, like email providers, can do the job of storing sensitive personal data and verifying for sites around the web that people are who they say they are without passing too much of that data around.
It's an early test of a White House-backed plan to build out new and different ways of linking real-world identity with online activity even as the Internet titans Facebook and Google seem to be taking up ever more room in the exact same line of business, and it has implications not just for other interactions with government, but for commerce and for free speech online.
Mozilla and the city propose to use a grant from the National Institute of Standards and Technology (NIST) to build a bridge between San Francisco's document management system and a new Mozilla system for rendering PDFs without having to use browser plug-ins. It would also help the two organizations sort out some of the other legal and logistical issues related to managing identity online. At least that is what NIST wants to happen when it hands out the $1 million to $2 million grants to up to eight final pilot projects.
All of this is happening in the shadow of the White House National Strategy for Trusted Identities in Cyberspace, the aforementioned federal plan to sketch out how online identities work going forward. Mozilla's Persona system might sound a lot like using Facebook to log in to other sites around the web, or a Twitter login. The point of the NSTIC was to start sketching out how systems similar to these might be made to work in situations where there needs to be more trust that the service verifying the identity — the Facebook or Twitter in the scenario — really knows as much about the person in question as they do, such as during interactions with the government.
A core part of this strategy is "user choice." In effect, the White House could be said to be asking for an environment where users can pick from a variety of providers to have access to their detailed information — about who they really are — and then vouch for them around the Internet. This vision is divergent from one in which, for example, Facebook becomes the arbiter of identity across the entire web. NSTIC also suggests that anonymity and pseudonymy, both of which are not possible on Facebook, are both important parts of free speech online and should stick around.
As Nancy Scola pointed out when the strategy was released, however, it's also a little iffy in the U.S. to talk about federal government taking a lead role in validating identity for all Americans. "National ID" is a loaded term.
The San Francisco-Mozilla proposal is part of an administration initiative to kickstart ideas within NSTIC through grant incentives. It offers up an intriguing look at how one vision of the initiative could make interactions between governments, businesses and citizens more efficient.
It all starts with trying to submit city forms, or might, if Mozilla and San Francisco win a grant. The proposal is one of 27 finalists; NIST has not announced the full list.