The NSTIC NPO has just announced a new funding opportunity with a special focus on privacy enhancing technologies. NSTIC is soliciting applications from eligible applicants to pilot privacy-enhancing technologies that embrace and advance the NSTIC vision and contribute to the maturity of the Identity Ecosystem the NSTIC envisions: promote secure, privacy-enhancing, and user-friendly ways to give individuals and organizations convenience in their online interactions.
Despite many recent improvements to the security and usability of online identities, the marketplace continues to struggle with the privacy-enhancing Guiding Principle of the NSTIC
. This Guiding Principle is intended to address concerns that the development of more trusted and federated identity solutions could create risks for privacy and civil liberties, including risks that arise from the crossing of contextual boundaries (e.g., risks to privacy created by entities in different sectors linking individuals’ transactions) and the capacity for more tracking and profiling of individuals. Solutions in the identity marketplace tend to rely on policy-based mitigations to privacy risks even though, in many cases, privacy-enhancing technologies or architectural design choices could be more effective.
Barriers also exist to the implementation of privacy-enhancing technologies (PETs), including a lack of: protocols or standards for deployment of PETs that can be readily integrated with existing technologies in the marketplace; awareness that specific PETs exist and the types of risks these technologies can effectively mitigate; usability of PETs; and demonstrated proof of performance and scalability. Thus, the NSTIC NPO is interested in funding projects with innovative approaches to overcoming these barriers that align with all four of NSTIC’s Guiding Principles. Ideal projects will provide practical, market-ready solutions that appropriately balance policy and technical controls to mitigate specific identified privacy or civil liberties risks.
Examples of objectives that projects may strive to achieve include, but are not limited to:
- Create and demonstrate technical standards or solutions for enabling the exchange of specific attributes associated with identities while minimizing the disclosure of incidental or non-operational personal information, including:
- Operational technical standards or protocols to obscure intermediaries’ visibility into the identity attributes being shared in the online transactions they are facilitating;
- Solve contextual boundary concerns that discourage user adoption of federated identity solutions such as blinding identity providers from relying parties, and vice versa.
- Improving the usability of PETs, especially in establishing user understanding of what is occurring with user data.
- Balancing transparency to individual users and ease-of-use.
The NSTIC privacy pilot program is new
. NIST anticipates that awards will be in the range of approximately $750,000 to $1,500,000 per year per project for up to two years. For more details about the pilot program (along with deadlines and submission information), please visit http://go.usa.gov/3CSAk
. Feel free to also share this important news with anyone you think may be interested!
The deadline to apply is: Thursday, May 28, 2015 by 11:59 p.m. Eastern Time
Follow the NSTIC NPO on Twitter
for the latest updates.