Session: Tuesday 5C
Conference: IIW-11 November 2-4, Mountain View, Complete Notes Page
Convener: Jay Unger
Notes-taker(s): John Fontana
NSTIC, US Government, Policy
The meeting was attended by about 20 people.
NSTIC (pronounce nistick or en-stick) = National Strategy for Trusted Identities in Cyberspace.
Jay Unger gave a brief presentation (attached) on the history and present status of the NSTIC draft document. http://www.slideshare.net/JayUnger/iiw11-nstic-update
- NSTIC Document first published on the White House Blog by Howard Schmidt http://www.whitehouse.gov/blog/2010/06/25/national-strategy-trusted-identities-cyberspace on June 25th 2010
- Document still available at http://www.dhs.gov/xlibrary/assets/ns_tic.pdf
- Public comments were accepted at http://www.nstic.ideascale.com from June 25th to January 19th 2010.
- High-level document – mostly vision, examples, and goals and objectives. Very little technical detail or technology specifics. No specific implementation plan or schedule.
- Recognizes the need for a general identity mechanism on the internet to support and enhance both public and private interaction between citizens and government, businesses, organizations etc. Also, to reduce risks associated with identity theft and fraud for all citizens.
- Federal government intends to take a leadership role in the specification and exploitation of NSTIC. They say that they recognize the need to work with both the information industry and citizens to define the policy and technology of NSTIC.
- Open Letter to Howard Schmidt at the White House on July 16th 2010 by : Center for Democracy in Technology (CDT), Electronic Frontier Foundation (EFF), Liberty Coalition http://www.cdt.org/files/pdfs/20100716_nstic_extend_ltr.pdf
- “… that the public comment period be extended for at least 30 days to facilitate more robust public discussion … that subsequent public comment periods on this topic extend for at least 90 days”
- “… clarification on the agency's proposed timeline and process”
- “… an opportunity to convene an in-person discussion with an appropriate White House or DHS official to discuss this important matter and engage in further public discussion.”
- Results: No extension of public comment period (IdeaScale was closed to new posts on 7/19/2010). However, CDT personnel have had at least two follow-up meetings with the cyber-security staff at the White House between mid-July and the present and they have had the opportunity to review and comment on new document drafts being developed including an implementation plan and schedule.
- CDT has been informed that work is ongoing, internal agency reviews are being conducted, and no announcements are expected before the beginning of next year.
- Jay Unger reported that at a meeting on Cloud Computing on October 19th in Washington D.C., hosted by NSF/NITRD at the National Academy of Public Administration, Vivek Kundra, CIO of the U.S. in the Executive Office of the President (who was the introductory speaker) answered a question regarding NSTIC and said that he expected some sort of announcement this year. Thus we have somewhat conflicting statement from different government officials and we really don’t know when further details regarding NSTIC will be made public.
There was a good deal of discussion regarding the possible value / concerns about government leadership in the area of identity management on the internet but there seemed to be general consensus that the government could at least act as a catalyst to move technical and policy issues forward.
- Jay Unger expressed concern that the IIW community should try to exert some sort of influence and technical advice to the government in this area given the expertise and experience of the community. Several attendees agreed but we were all at somewhat of a loss as to how to approach the government given their present silence.
- Jay Unger asked the attendees to add their e-mail addresses to the sign up sheet if they were willing to join a mailing specifically for communication and action regarding NSTIC that he would try to get the OpenID Foundation or some other body to host. In later conversations with OpenID Foundation it was determined that perhaps the Open Identity Exchange (OIX) might be a better host for the list. Jay will follow up with the leadership of both bodies (and perhaps others) to establish this list and make an initial posting in the second half of November 2010.