What's next for digital identity in the federal market?
Initiatives are coming out of the White House and there is movement on Capitol Hill that put securing digital identities at the center of efforts to improve government services.
Digital identity has undergone a transformation since the pandemic. Like other sectors, federal agencies saw millions of people create online accounts and access services online for the first time, whether that was for unemployment benefits, tax credits, or emergency relief.
However, the pandemic also highlighted the need for major overhauls to digital identity to halt rampant fraud and improve equitable access for all demographics.
The Biden administration acknowledged this new reality in its new National Cybersecurity Strategy, which outlined the need to build a digital identity ecosystem for the nation:
“Today, the lack of secure, privacy-preserving, consent-based digital identity solutions allows fraud to flourish, perpetuates exclusion and inequity, and adds inefficiency to our financial services and daily life…Operating independently, neither the private or public sectors have been able to solve this problem.”
This year is a critical inflection point for digital identity as the federal government learns from 2020-2022 and invests in the future. Key challenges for stakeholders include:
- Balancing between equitable access and fraud prevention – Solutions must be usable and easy for the entire population, regardless of background, while also guarding against potential fraud.
- Customer experience – Identity verification needs to have a good customer experience. Too many people don’t get government services because they are let down by bad design or slow customer service. The White House has made improving “customer experience” and day-to-day government operations one of its top goals, and identity verification certainly falls under this category.
- Scalability – Federal government programs serve millions of Americans; identity verification must be tackled at scale without forcing unnecessary burdens or exposing security breaches.
- Technology modernization – many government programs are run on outdated technology; the government’s tech stack needs to modernize and identity verification systems must find ways to adapt
Changing the status quo
The federal government has signaled it will make funding digital identity a key objective. In addition to its mention in the National Cybersecurity Strategy, the Biden administration is expected to issue a long-awaited executive order on identity theft in the next few months. A draft of the executive order has stated government agencies will be required to implement a government-run identity solution like Login.gov. Other ideas mentioned include encouraging data sharing and validation across government agencies, as well as making more tools available to help victims of identity theft.
The Biden administration also announced a Pandemic Anti-Fraud Proposal that proposed large investments for digital identity projects. The proposal outlined a $300 million investment to prevent identity theft in public benefits. If enacted, funding would go “to support the modernization of agency identity verification systems”. The Department of Labor will be using $1.6 billion from the American Rescue Plan Act to address digital identity verification at the state level, including $600 million to modernize vulnerable state IT systems and $380 million for fraud prevention.
Lastly, there could be formal action from Capitol Hill on the way. Last year, legislation was proposed in the House and Senate, both called the Improving Digital Identity Act of 2022. While it passed through a Senate committee markup, it did not make it into the year-end omnibus. However, with bipartisan support and some momentum building, some version of the legislation could eventually pass in 2023. While the legislation is far from final, both versions support giving the federal government authority to provide opt-in identity validation to “augment private sector digital identity and authentication solutions”.
Updating digital identity standards
The digital identity industry has made steady progress in adopting new technologies and improving processes over the last few years. Improvements in mobile document verification technology and biometric capture have become more widely used. Several states (Arizona, Colorado, Delaware, Louisiana, Mississippi, Oklahoma) have added mobile driver’s licenses. Machine learning, AI, and automation are all becoming increasingly important for digital identity solutions.
In response to new trends, the National Institute of Standards and Technology will be making a long-awaited update to its Digital Identity Guidelines. The last publication, SP 800-63-3, was published in July 2017, and a lot has changed since. These guidelines are the accepted standards for digital identity verification across the public and private sector, so any update will shape how the industry develops for years to come. The draft publication for NIST SP 800-63-4 has highlighted its attempt to make standards that advance equity, allow for consumer choice, and prevent fraud. This draft includes adding an alternative for facial recognition and a requirement to test biometric technologies on their success in identifying people across different demographics.
Citizens at the center
At the end of the day, the government has a responsibility to meet citizens where they are. The Biden administration has made improved customer service one of its top initiatives, and digital identity will play a large part in that effort. A more trustworthy digital identity system is a top priority to restore Americans’ faith in their government and I remain excited for what this year will bring to this cause.
Brian Chidester is head of public sector marketing for Socure.