A universal login for individuals accessing federal agency information, called Connect.gov, is currently “production ready” and is being tested by a variety of federal agencies, according to a report from NextGov. The service may also affect — and possibly contribute to the integration of — state and local data systems.
Quoting Jeremy Grant, head of the National Strategy for Trusted Identities in Cyberspace (NSTIC):
Connect.gov “is going to launch with a few key anchor agencies that will be testing it out in the first round,” including the Department of Veterans Affairs, Grant said. The IRS, one of the most high-traffic federal sites, will not use the security system. A big wave of other agencies is expected follow within the next 18 to 24 months, he said.
“The goal from the White House is that this quickly grows into a governmentwide shared service that all agencies are using — across all government sites,” Grant said of Connect.gov. “It’s basically production ready right now and agencies are doing integration testing.”
The effort is part of a larger White House strategy to address cybersecurity and online identity theft. According to a 2011 White House report laying out its plans:
In the current online environment, individuals are asked to maintain dozens of different usernames and passwords, one for each website with which they interact. The complexity of this approach is a burden to individuals, and it encourages behavior—like the reuse of passwords—that makes online fraud and identity theft easier… Moreover, both businesses and governments are unable to offer many services online, because they cannot effectively identify the individuals with whom they interact.
The login system may eventually be extended to state and local government data (a good resource on city data issues is Harvard’s Ash Center and its Data-Smart City Solutions site). According to the 2011 White House report:
Individuals interact with their State, local, tribal, and territorial governments as much or more than with the Federal Government. The Identity Ecosystem can help these governments decrease their costs, even as they increase the services they offer their constituents online.
Much like the Federal Government, these governments are well-positioned to lead efforts to protect individuals, help standardize policies, and act as early adopters in the provision and consumption of Identity Ecosystem services. As such, State, local, tribal, and territorial governments are encouraged to align with the Identity Ecosystem Framework and to support its establishment by participating in its development.
The new system is being watched closely by privacy advocates, including the American Civil Liberties Union, which is participating in its steering committee. According to NextGov:
The long-term NSTIC approach is being guided by the National Institute of Standards and Technology. The government affiliation has raised questions about the program’s integrity, however. The National Security Agency reportedly pressured NIST into weakening a widely used cryptographic standard so NSA could break into private communications, a revelation that cast NIST as an accomplice to NSA surveillance. And it did nothing to quell criticism that NSTIC might become a big brother national ID card recording a citizen’s every point and click.
Grant, who is the NIST senior executive adviser for ID management, acknowledges he has received more questions about the government’s participation in NSTIC in recent months. But he insists it is a nonissue among the initiative’s diverse industry partners.
For starters, the program’s private sector-led steering group consists of entities often considered adversaries in the online privacy debate — AARP, LexisNexis, Microsoft and both the American Civil Liberties Union and NSA. The steering group will soon be spun off into a nonprofit, according to members.
- Other recent stories on data issues from SIRC’s blog.