The US government considered an internet security initiative a while back to improve cyberspace for everyone including individuals, businesses and government agencies who conduct business online. This initiative was announced by the Department of Homeland Security (DHS) and as mentioned aimed to create a more secure system of online identification. This internet security initiative is called National Strategy for Trusted Identities in Cyberspace.
Since then, the DHS has made significant progress in enhancing the security of the nation's critical physical infrastructure as well as its cyber infrastructure and networks through:
There are three other areas under National Strategy for Trusted Identities in Cyberspace which include privacy laws, consumer awareness of the risks and best practices which Identity Management Institute has been advocating and supporting for some time, as well as single sign on for select and related accounts.
The challenge is that there are too many redundant, incomplete, and distributed privacy and security laws at the Federal and State levels. While the government is addressing this particular area through its internet security initiative, they must focus on the existing laws and think about consolidation and completeness of the laws. Although the redundancy of the laws is less of a concern, their completeness must be addressed which brings up the next point.
Consumer awareness and education regarding identity theft risks and best identity protection practices is not addressed in any of the current laws. There are no laws requiring companies which collect their customer non-public information as part of their business transactions to educate their customers regarding best identity protection practices and provide them with some type of identity theft awareness education.
And lastly, the existence of excessive number of online accounts, IDs and passwords just increases the online identity theft risks which should also be addressed. For example, related accounts such as financial accounts from the same institution have a lot to gain from a single and strong identification and authentication mechanism. A good example is the Google strategy for linking and using the same access mechanism for its multiple user accounts. The excessive collection, retention and sharing of personal information is further addressed in the identity obesity concept and Identity Diet program.