On the surface, the idea of having one centralized mechanism to verify a user could have some very positive aspects. There are certainly enough potential applications for such a technology that looking more closely at its use, institution and operation is a valid plan. But a closer look at a new idea from the  White House, the National Strategy for Trusted Identities in Cyberspace (NSTIC), shows that there are some very unsettling points indeed when it comes to putting the so-called “driver's license for the Internet” into play.

The idea started up back in 2011, by some reports, and began with one simple premise: to create a simple, easy-to-use basic identifier mechanism that incontrovertibly established a user's identity with several different websites, much in the same way a driver's license establishes identity at voting precincts, at a rental car business, at a liquor store, or anywhere else identity might need to be established. Now, nearly three years later, a pilot program version of this concept will be brought into play with the various government agencies in two states, the NSTIC.

The tests in question are set to start in Michigan and Pennsylvania, and seem to be aimed at getting access to government assistance programs and similar matter. With this central ID system, it's said that accessing such programs will not only be easier for the users, but also will cut down on fraud and overhead costs thanks to the removal of duplicate ID efforts across the variety of government institutions that need to identify users.

Sounds good on the surface; indeed, with all the concerns over identity theft and credit card hacking and the like, made manifest from the recent Christmas shopping season incident with Target, it might well be time to consider further the issue of log-in security just as much as password or biometric security. But the NSTIC's use as an identifier has many concerned. The NSTIC might well prove useful as a means to log into other websites, like Amazon or Netflix. This sounds like a feature as opposed to a glitch, but the further consideration of such a concept reveals one fatal flaw: NSTIC may well ultimately be used as a universal log-in mechanism for not just Amazon and Netflix, but also to various comment forums and the like. That in turn could mean that everything said under that particular NSTIC holder's account—from “I really like that movie” to “I disagree with our government”, with the particulars to be supplied as needed—could be traced back to one user.

That could have a chilling effect on free speech, a point which isn't lost on the Electronic Frontier Foundation, who raised concerns about just such a use for the NSTIC, calling it “radical” and “concerning,” amplified by noting that the NSTIC plan “...makes scant mention of the unprecedented threat such a scheme would pose to privacy and free speech online.” Plus, there's the issue of consolidating all that information in one place; such a repository of useful information would not only be prime hunting ground for hackers, but corporations would pay fortunes for access to such data.

NSTIC is an idea that has good intentions on the surface, but may ultimately be brought down by its sheer ambition. There's a lot of room for good and for value in this concept, but for it to succeed, it needs to be considerably restrained, perhaps sufficiently so that in the end it doesn't do much more good than a secure password.