Personal Democracy Plus Our premium content network. LEARN MORE You are not logged in. LOG IN NOW >

[BackChannel] Prediction for 2013: Keep an Eye on Identity

BY Gadi Ben-Yehuda | Friday, December 14 2012

BackChannel an ongoing series of guest posts from practitioners and close observers at the intersection of technology and politics that, taken in aggregate, form a running conversation about the future of campaigns and government.

Gadi Ben-Yehuda is Director of Innovation and Social Media for IBM The Center for the Business of Government.

In 2013, I’ll be keeping my eye on Identity; it’s going to be a big story.

Identity management is so intrinsically uninteresting that in the time it takes to say “identity management,” people may fall asleep—even though they are directly affected by it. And it’s a pretty safe bet to say that, because anyone who uses multiple computers (or a computer, a tablet, and their smartphone), online banking, a cloud-based email account, a credit card site, online retailers like Amazon, and/or a social networking site relies on some kind of identity management system. And right now, those systems are a mess.

The identity management system that most people encounter on most of the sites they visit is a straight-forward login/password page. Some organizations require strong passwords—some so strong they were spoofed in this McSweeney’s article from 2007. The problem is that people are not always so good at remembering strong passwords, so they end up either writing them down or constantly forgetting them. And I wouldn’t be the first person (or the second or the third) to argue that passwords are not enough.

Further, identity isn’t just something that should be getting us into our email accounts. There is so much more that a robust identity management system could streamline. How many times—at a doctor’s or dentist’s office, when registering for a new school, or buying a plane ticket—are we asked for information that is a part of our identity? Where we live, how old we are, primary email address, company name and our role?

Though many browsers now come with AutoFill functions, how many of us feel comfortable sharing our social security numbers, credit card details, or other sensitive information with a browser? And for those of us using multiple computers—one at work, one at home, a tablet, and a smartphone—do we fill out the same information on each system? The promise of persistent computing was that we could work seamlessly across many types of computers, but poor identity management thwarts that goal.

This is where we are: bad identity management can lead to catastrophic damage (think, losing hundreds of thousands of dollars, digital pictures and correspondence, and/or credit rating), while good identity management can reap huge rewards in recovered productivity (because time recovered from filling out forms can be rerouted into getting actual work done!).

The good news is that there are two fronts open in the battle for better identity management. The first is an offensive against the wasted time of filling out information over and over again. Companies like LastPass, Personal, and RoboForm offer applications that users can install on multiple machines and will store login and password information as well as all types of other identifying information—home address, credit card numbers, etc.

Offerings from these companies are helping here and now, and it’s safe to say that more people will be using these services, or ones like them, in 2013 and beyond.

But the more important action has been on a slow burn for at least a decade, has heated up in the last four years, and is going to begin to boil in 2013: the activities of the National Strategy for Trusted Identities in Cyberspace, or "NSTIC," and its constituent organizations to create a standard for identity management across platforms.

When I spoke with Dan Chenok, who has been involved with NSTIC since its inception and serves as the Interim Chair of its Policy Coordinating Committee, he used this metaphor to explain why a standards-based identity management system was the best approach. (Full disclosure: Dan is also the Executive Director of the IBM Center for The Business of Government, where I work.)

Imagine that you go to a market and you’re at the cash register. You can pay with cash, or with any number of credit cards; MasterCard, Visa, Discover, AmEx, or a debit card. You might have half a dozen different kinds of payment options in your wallet, or you could have only one, but it’s up to you. All of these payment methods are based on the same set of standards, and each can add to the basic requirement of paying for your purchase with different incentives at different costs. But the bottom line is, each one can be used to buy a pack of gum or a steak dinner.

The same thing should be true with identity. Whether you’re logging into your online banking or your social network or the DMV for your state, there should be a set of requirements that checks your identity while at the same time preserving your privacy. This is one of the seven requirements that NSTIC set for a standard identity management scheme. In total, those seven requirements are that the standards must be:

  • Privacy-enhancing: users relinquish as little privacy as possible when they opt into the system
  • Voluntary: users must not be required to opt into the system to manage their identity
  • Secure: identity administrators must fortify the system against breaches
  • Resilient: in the event of a breach, administrators must be able to recover quickly
  • Easy to use: users should not have to have a password like this: J8JΒΝzγΨfΛδ@6%vΤfShr57w/
  • Interoperable: the system should work on a tablet, a phone, or a computer running any major operating system and should work for any online tool that requires a login
  • Cost-effective: the system must not impose undue financial strain on businesses or consumers that use it

Mr. Chenok is quick to point out, however, that though the benefits of a standards-based identity management system are easy to grasp, there are still three major impediments to its adoption. The first is, ironically, convenience. Most people know how to navigate their current identity schemes, even if it is ungainly; switching would be a chore, at least initially. Second, is culture. Every company and organization has its own way of dealing with identity and most institutions would have to change their methods, at least a little. And riding on that is third, and perhaps strongest barrier: cost. Mr. Chenok estimates that the cost of switching to a new identity management scheme will be significant, though the accrued benefits would likely far outweigh those initial costs.

Ultimately, though, both he and I are bullish that NSTIC will succeed in drafting standards that meet the committee’s requirements and overcome these three barriers. The first to fall will likely be convenience as the current system begins to fail more often—meaning more breaches and greater hassle for users. The second, then, will be culture, as people become more accustomed to new ways to manage their identity. And the last to be surmounted will be cost, as it will become more expensive for companies not to comply than it will for them to adopt a new system.

There may not be an end-state in identity management, even as there is no “end-state” in developing an operating system for computers. We may simply experience upgrades throughout our entire lives. But I believe that we are on the cusp of a significant transformation in how we manage our identity both online and off, and I think that by this time next year, we will see the contours of the next version of identity management, and perhaps will have even begun to implement and benefit from some of the changes.

News Briefs

RSS Feed today >

Brazilian President Signs Internet Bill of Rights Into Law at NetMundial

Earlier today Brazil's President Dilma Rousseff sanctioned Marco Civil, also called the Internet bill of rights, during the global Internet governance event, NetMundial, in Brazil.


tuesday > Reboots As a Candidate Digital Toolkit That's a Bit Too Like launched with big ambitions and star appeal, hoping to crack the code on how to get millions of people to pool their political passions through their platform. When that ambition stalled, its founder Nathan Daschle--son of the former Senator--decided to pivot to offering political candidates an easy-to-use free web platform for organizing and fundraising. Now the new is out from stealth mode, entering a field already being served by competitors like NationBuilder, Salsa Labs and And strangely enough, seems to want its early users to ask for help. GO

Armenian Legislators: You Can Be As Anonymous on the 'Net As You Like—Until You Can't

A proposed bill in Armenia would make it illegal for media outlets to include defamatory remarks by anonymous or fake sources, and require sites to remove libelous comments within 12 hours unless they identify the author.


monday >

The Good Wife Looks for the Next Snowden and Outwits the NSA

Even as the real Edward Snowden faces questions over his motives in Russia, another side of his legacy played out for the over nine million viewers of last night's The Good Wife, which concluded its season long storyline exploring NSA surveillance. In the episode titled All Tapped Out, one young NSA worker's legal concerns lead him to becoming a whistle-blower, setting off a chain of events that allows the main character, lawyer Alicia Florrick (Julianna Margulies), and her husband, Illinois Governor Peter Florrick (Chris Noth), to turn the tables on the NSA using its own methods. GO

The Expanding Reach of China's Crowdsourced Environmental Monitoring Site, Danger Maps

Last week billionaire businessman Jack Ma, founder of the e-commerce company Alibaba, appealed to his “500 million-strong army” of consumers to help monitor water quality in China. Inexpensive testing kits sold through his company can be used to measure pH, phosphates, ammonia, and heavy metal levels, and then the data can be uploaded via smartphone to the environmental monitoring site Danger Maps. Although the initiative will push the Chinese authorities' tolerance for civic engagement and activism, Ethan Zuckerman has high hopes for “monitorial citizenship” in China.


The 13 Worst Bits of Russia's Current and Maybe Future Internet Legislation

It appears that Russia is on the brink of passing still more repressive Internet regulations. A new telecommunications bill that would require popular blogs—those with 3,000 or more visits a day—to join a government registry and conform to government-mandated standards is expected to pass this week. What follows is a list of the worst bits of both proposed and existing Russian Internet law. Let us know in the comments or on Twitter if we missed anything.


Transparency and Public Shaming: Pakistan Tackles Tax Evasion

In Pakistan, where only one in 200 citizens files their income tax return, authorities published a directory of taxpayers' details for the first time. Officials explained the decision as an attempt to shame defaulters into paying up.


wednesday >

Facebook Seeks Approval as Financial Service in Ireland. Is the Developing World Next?

On April 13 the Financial Times reported that Facebook is only weeks away from being approved as a financial service in Ireland. Is this foray into e-money motivated by Facebook's desire to conquer the developing world before other corporate Internet giants do? Maybe.


The Rise and Fall of Iran's “Blogestan”

The robust community of Iranian bloggers—sometimes nicknamed “Blogestan”—has shrunk since its heyday between 2002 – 2010. “Whither Blogestan,” a recent report from the University of Pennsylvania's Iran Media Program sought to find out how and why. The researchers performed a web crawling analysis of Blogestan, survey 165 Persian blog users, and conducted 20 interviews with influential bloggers in the Persian community. They found multiple causes of the decline in blogging, including increased social media use and interference from authorities.