The Obama administration is talking about creating a unique “Internet ID” for web users in the U.S. Commerce Secretary Gary Locke is quick to say it isn’t a national ID card, or even a government-controlled system, but private creation of “trusted digital identities”. Although there are plenty of times where the need for a trusted digital identity is real, I really don’t think e-commerce is one of those times. The benefits of such a system for e-commerce are far outweighed by the costs.
One alleged benefit of such a system would be to “eliminate the need to memorize a dozen passwords”. To me, that’s like saying that carrying around a dozen keys is a problem, and instead I should just have one key for my car, home, office, safe, and everything else. A single point of failure, such as using one key for everything or one ID for everything, is very poor security. Especially when there are no details as to who would control such an ID, where it would be required (don’t think that “opt-in” means that the largest e-commerce sites like Amazon wouldn’t soon require them), and most importantly, how it can be revoked in case it is compromised.
Supposedly, e-commerce is hampered by people feeling insecure on the internet. I’m not sure I follow this. By creating separate, complex passwords for every site I visit (and then keeping track of those passwords in a password manager), I feel much more secure than if I had just one “Internet ID” I had to protect. If somebody gets my Amazon password, for example, they won’t have my banking password because they are different. I also feel fairly confident about my online activities because I check my credit card activity on a daily basis; personal finance software like Quicken makes this easy, as does a website like Mint. In all the years I’ve been buying things online, I’ve had a problems on maybe two occasions, and the day I found the fraudulent activity I called the card and took care of it immediately, before it spiraled out of control.
You may argue that using a password manager, and checking your credit card activity every day is an inconvenience. And yes, it is. So is locking your door and having separate keys for everything. Once you get used to taking these steps to protect yourself, though, they become pretty inconsequential. What would really be inconvenient is having a single ID for everything you do online, and waking up to find that somebody has stolen it and now has access to everything. That’s not my idea of improving e-commerce.