THE BLOG
08/28/2013 09:12 am ET Updated Oct 28, 2013

Federal Online IDs: A Bad Idea in 2011 Looks Even Worse Today

In April 2011, President Obama unveiled the National Strategy for Trusted Identities in Cyberspace (NTSIC), a plan to get around the relatively minor inconvenience of having to remember multiple passwords for various web sites and services by implementing a single, federally standardized online identification that would be used everywhere.

A solution in desperate search of a problem, it was immediately panned by privacy experts, who pointed to major flaws with the scheme that, instead of improving online security, actually makes it precipitously worse.

It's not that hard to see why, either. One of the first things you learn about password security is to not use the same password all over the place. If someone steals your password to a single site, the damage is limited to that site. If you have a single online password, the damage covers literally everything.

The multi-site authentication idea has a precedent, of course, as sites like Yahoo, Google and Facebook often can be used to authenticate elsewhere. But this is usually limited to trivial secondary sites like online forums where the risk is limited. It'd be unthinkable for a bank or a credit card site to let you use your Facebook login, and would be a very bad sign of their security if they even suggested it.

The Obama administration has pumped millions of dollars into that plan, with a lot of effort centering on tackling the huge problem of third party identity theft, a problem that is more easily avoided by just using different authentication for different sites.

Authentication schemes aren't foolproof. Single sites will occasionally face a break-in or a disgruntled employee making off with their password data. That hurts their credibility a lot more than it hurts us, however, because it's not our only form of identification across the entire Internet.

Two and a half years later, the administration is funding another $15 million pilot program in an effort to sell this "use everywhere" password as a feasible idea. Yet the problems that existed in 2011 are still the same. Efforts to mitigate the risk still leave the plan way more risky than the existing system.

It was a bad idea in 2011, but now it just seems ridiculous in retrospect, as NSA surveillance schemes like PRISM show the federal government to be incredibly untrustworthy on matters of Internet privacy.

As mad as the American public is about the NSA getting their telephone metadata or parsing through their emails, it's completely unfathomable that those same people would willingly create a "use everywhere" password that would be under the federal government's control.

This is a time when people are focusing on getting more secure with their online activities, not less secure. Dumping millions of dollars into the scheme at this point is just absurdly wasteful, especially for a plan that was never really a good idea, and gets less and less reasonable sounding all the time.

Jason Ditz is news editor at Antiwar.com, a nonprofit organization dedicated to the cause of non-interventionism. His work has appeared in Forbes, Toronto Star, Minneapolis Star-Tribune, Providence Journal, Washington Times and Detroit Free Press.