By Chris Wiesinger
Recently, CSC joined the U.S. Chamber of Commerce in one of the first of what promised to be a full season of 10 years after 9/11 retrospectives. The session began with remarks by the founding Secretary of Homeland Security, Tom Ridge and current Secretary, Janet Napolitano, and it concluded with a panel discussion focused on the question of “where do we need to be in 5 years?”
The over-arching theme of remarks centered on and around a recognition of the importance of effective public-private partnerships in countering an evolving threat that has no physical, political, bureaucratic, or corporate boundaries. Early responses to the attacks of 9/11 were expressed in the language of a government committed to absolute prevention, and notions that implied homeland security was fundamentally a governmental function.
The thinking and rhetoric have clearly changed. Today, we recognize that the only way to respond effectively to this difficult threat environment is through active, consensual collaboration between government, the private sector and citizens. One way in which DHS is currently communicating that message is through its “See Something, Say Something” campaign. Secretary Napolitano has been very effective in communicating that we need a national approach to security, and that security is a shared responsibility. In her own words, this means building security “one person, one community, one hometown” at a time, and allowing individuals to “live with information, but not live in fear.”
And we are getting there. According to Secretary Ridge, the last 10 years have seen great improvement in information sharing, and the DHS culture has made significant progress transitioning from a need-to-know to a need-to-share culture. Information, he emphasized, only has value if it is shared. This requires an environment of trust.
Cultivating an environment of trust requires dramatic action, particularly with respect to improving the reliability of digital identity. It is difficult to understate the importance of having confidence of who is at the other end of a digital communication. Knowledge and confidence in identity are foundational to an environment of trust. Before you can trust, you need to know who you’re dealing with.
The National Strategy for Trusted Identities in Cyberspace (NSTIC) provides the outlines of how to get there. While the details of concepts of operation, technologies, and governance remain under exploration, NSTIC envisions a Trusted Identity Ecosystem in which the private sector offers identity services that enable individuals to better secure and manage their own digital identities. Although currently focused on the needs of the commercial sector, there is tremendous promise in NSTIC to revolutionize the management of identity in government.
In fact, there is an opportunity to turn traditional thinking about identity management on its head. Traditional notions of large-scale, coordinated identification systems create privacy concerns, particularly when controlled by government. A simple shift to the private sector is not enough to dissipate these reservations. But the user-centric philosophy at the heart of NSTIC creates an opportunity to place privacy at the center, rather than the periphery, of future identification solutions. And that’s a game changer.
In the near future, privacy-centric identity services will revolutionize the way citizens share information with enterprises public and private. The essence of privacy is control over the sharing of personal information. Over the last 30 years, the theory of the right to privacy has remained strong. But at a practical level, privacy has been weakened by the uncontrolled proliferation of personal information.
One of the first steps to help individuals recover privacy is to provide them with the tools they need to manage their own digital identities. These tools include the ability to biometrically secure the use of digital identities, but not under traditional concepts of operation where every enterprise rolls out biometric sensors and systems. Biometric authentication will be managed on personally owned, consumer devices like smartphones, which connect to always-on personal identity services that broker the sharing of personal information with enterprises.
Speaking to the Cambridge Union Society earlier this year — at an event that tried to ban cameras and recording devices, but was, of course, recorded and posted on YouTube — former MI-6 director, Sir Richard Dearlove provided the following, deft observation: “I would definitely draw parallels at the moment between the wave of political unrest, which is sweeping through the Middle East in a very exciting and rather extraordinary fashion, and also the WikiLeaks phenomenon. Really, what ties these two events together, and of course a number of other events, is the diffusion of power away from the states and the empowerment of individuals and small groups of individuals by technology… [T]here’s absolutely no question that technology is significantly shifting these domains and altering the relationship quite fundamentally between the citizen and government.”
Embracing and leveraging this shift – the empowerment of individuals by technology – to create a foundation of trusted identities will enable a new approach to homeland security, “one person, one community, one hometown” at a time.
Chris Wiesinger is the Principal Solution Architect for CSC’s Border and Immigration Solutions Center of Excellence.