'Trusted Identities' Plan Needs More Public Feedback
We've been working to put together comments on the government's National Strategy for Trusted Identities in Cyberspace (NSTIC) plan, as I mentioned earlier this month. The initial NSTIC plan has been criticized as vague and short on details - and the comment period is ending on Monday.
Although work on NSTIC started on June 25th, CDT and others from industry and public interest groups have been working with those developing the strategy for some time. The public draft differs in a few significant ways from the previous, nonpublic drafts, so CDT and others are working hard and pushing the deadline to complete our analysis. Extending the deadline is one of the more popular suggestions now on Ideascale site set up by the government to take public comments. Last I checked, this suggestion had three times more votes than other ideas (but for some reason isn’t showing up on the front page).
We joined EFF, the ACLU and Liberty Coalition in calling for an extension of the public comment period; we're not alone, many other groups are asking for the same thing. We believe those working on the plan are dedicated to a vision of a diverse, rigorous identity ecosystem that spans government, industry, and citizen interests. Meanwhile, we are committed to the development of a document that fully reflects the privacy, security, and implementation challenges that an identity system must face.
It is clear that the Administration is genuinely interested in receiving detailed comments about the NSTIC plan. Extending the comment deadline is an excellent way to help ensure the best possible suggestions get submitted. CDT, EFF, ACLU and Liberty Coalition sent a letter to White House Cybersecurity Coordinator Howard Schmidt today asking for a 90-day extension of the commenting period. That letter says in part:
The NSTIC outlines an ambitious identity management strategy for the United States, but public discussion has been extremely limited. The NSTIC is a very significant policy document that may have an impact on Internet commerce, online speech, identity management, identity trust frameworks, and online anonymity… the current public comment period is insufficient for a policy document of this magnitude… We are concerned that the NSTIC is silent on an implementation timeline and other significant details currently missing from the draft.