COVID-19 has exposed the US’s lack of a comprehensive digital identity strategy. If passed, the Improving Digital Identity Act of 2020 will address this need through engagement among federal, state and local governments. The COVID-19 pandemic has forced us to socially distance and do whatever we can digitally and remotely. For IT professionals, the pandemic likely brought a lot of unplanned headaches and long hours to ensure their organizations could remain securely operational while supporting a nearly 100% remote workforce. The pandemic has also revealed holes pertaining to digital identity, data protection and cybersecurity that expose individuals, businesses and government agencies to online fraud. Though numerous new technologies and commercial solutions are available, their value is limited to a single organization or within a trust framework, and there is a lack of interoperability for the benefit of users and organizations alike.Recently, large-scale data breaches have resulted in terabytes of consumers’ personally identifiable information (PII) made available for sale on the dark web. The widespread availability of personal information has brought knowledge-based verification (KBV) solutions, once reliable methods to verify identities online, closer to obsolescence. Without the ability to trust personal data in a KBV solution, organizations will need a new method of verifying digital identities that still creates a positive user experience. Unemployment agencies targeted during COVID-19With millions of Americans applying for unemployment benefits, fraudsters have pounced on state government agencies responsible for unemployment assistance. A May 14, 2020, memo by the US Secret Service reports that Washington, North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida were victimized by a Nigeria-based fraud ring. The Secret Service states, “It is assumed the fraud ring behind this possess a substantial PII database to submit the volume of applications observed thus far.” Canada is addressing this cybersecurity problem. Its Digital Identity and Authentication Council of Canada (DIACC) continues to develop its Pan-Canadian Trust Framework (PCTF). As the DIACC notes, “the PCTF supports the establishment of an innovative, secure, and privacy respecting Canadian digital identity ecosystem.”Conversely, the United States lacks a comprehensive digital ID strategy. The Obama Administration developed one with the National Strategy for Trusted Identities in Cyberspace (NSTIC), but it never gained national adoption from service providers. Improving Digital Identity Act of 2020: A government-wide approachThat may be changing as Congressman Bill Foster (D-IL) has recently introduced the bipartisan Improving Digital Identity Act of 2020. If enacted, the bill would “establish a government-wide approach to improving digital identity.” The bill leverages The Better Identity Coalition’s 2018 report, Better Identity in America: A Blueprint for Policymakers, which among other things, recommends that government agencies are best-positioned both at the state level via the Departments of Motor Vehicles and the federal level through the Social Security Administration (SSA) to offer new identity services to consumers. The SSA is already progressing in this area and will soon launch its electronic Consent Based Social Security Number Verification (eCBSV) service. As noted on its website, “eCBSV will allow permitted entities to verify if an individual’s SSN, name, and date of birth combination matches Social Security records. Social Security needs the number holder’s written consent with a wet or electronic signature in order to disclose the SSN verification.” The Improving Digital Identity Act would create an Improving Digital Identity Task Force within the executive office of the president. Its mission is to establish a government-wide effort to develop secure methods for federal, state and local government agencies to validate identity attributes and support interoperable digital identity verification in both the public and private sectors. The task force would be comprised of cabinet secretaries, heads of other federal agencies, state and local government officials, congressional committee designated members, and a position appointed by the president.Additionally, the National Institute of Standards and Technology (NIST) would develop a standards framework for digital identity verification to guide federal, state and local governments in selecting their digital identity solutions. NIST would have one year to publish a final version of the framework.The legislation requires the task force to publish a report with recommendations on research and development in systems that enable digital identity verification. Upon its completion and with consent of the individual, the framework will enable government agencies to securely vouch for its citizens in real-time when online. For example, it is customary for an individual applying to open a bank account online or from their mobile device to provide a scan of a government-issued ID, typically a driver’s license, and a selfie-photo to assert their identity. Behind the scenes, the image of the driver’s license is verified to ensure that microprinting, holograms and other physical security features are consistent. Using biometrics such as facial recognition technology, the selfie photo is compared to the photo on the ID card to ensure they match.Process improvements to verify digital identities and identity systemsThe current process is good, but it can be made better with a government service. Financial services organizations will gain a public service allowing them, with the customer’s consent, to ping a state DMV database or the SSA’s database. They’ll then receive a clear answer whether the identity data presented is contained in their respective database. This improvement to the identity management process will provide an additional layer of security in real-time to confirm that the person is who they claim to be. The Improving Digital Identity Act is an exciting piece of legislation. If signed into law, it will significantly improve our digital lives and benefit consumers and relying parties alike in the years to come with support for secure digital identity verification. Disclosure: The author represents his employer, OneSpan, Inc., in The Better Identity Coalition and the Digital Identity and Authentication Council of Canada (DIACC). Related content news WordPress users not on Windows urged to update due to critical LiteSpeed Cache flaw Updating to version 6.4 or higher will prevent exploitation of the vulnerability that allows attacker to gain admin access. By Lynn Greiner 23 Aug 2024 3 mins Threat and Vulnerability Management Identity and Access Management Vulnerabilities how-to 3 key strategies for mitigating non-human identity risks For every 1,000 human users, most networks have around 10,000 NHIs, and that can be a huge task to manage. Here are 3 fundamental areas to focus on when securing NHIs. By Chris Hughes 22 Aug 2024 6 mins Data and Information Security Identity and Access Management Risk Management news Dashlane study reveals massive spike in passkey adoption One in five users has at least one passkey stored, but a security consultant issues a reality check, saying in a sense ‘they are still passwords.’ By Paul Barker 31 Jul 2024 5 mins Identity and Access Management Security feature NHIs may be your biggest — and most neglected — security hole Because IT has so little visibility into non-human identities, attackers are increasingly seeking them out as ultra-easy onramps to everything of value in your enterprise. The solution? Stop treating NHIs as though they are another human end-user. By Evan Schuman 23 Jul 2024 9 mins Application Security Identity and Access Management Network Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe