Infra
Socure calls for US digital identity taskforce, critical infrastructure status | Biometric Update
The United States needs a unified vision for how to move forward on digital identity, and leadership to implement that vision, Socure says. The company warns in a letter to the next government that the cost of further delay will be more fraud, while the benefits of advancing digital identity would be felt by American people, businesses and government agencies alike.
Socure’s open letter to the incoming Trump administration sets out recommendations in the form of five pillars for protecting identity and reducing fraud.
General Manager of Public Sector Jordan Burris tells Biometric Update in an interview that the pillars are intended to fit together, with the first setting a foundation for how to orient the other activities.
The recommendations start with a request for a Presidential Directive declaring digital identity to be critical infrastructure.
“It is paramount that we start to give it the prioritization that it deserves in terms of securing it, making sure we’re able to defend against advanced attacks from nation states et cetera, otherwise it is going to be the thing that effectively cripples us,” Burris says.
He notes that the IT sector, wastewater transportation, financial services are all considered critical infrastructure, and that “identity underpins all of that.” CISA already considers identity and access management to be a “national essential function.”
Classifying digital identity as critical infrastructure would give it “the right level of urgency,” and in theory, could pave the way towards a framework for protecting digital ID.
That would include technologies like biometrics and MFA, but also many other aspects.
“What I’ve witnessed, frankly over the last decade but more importantly over the last few years,” Burris says, “is that digital identity is usually the last thing to get prioritized in that holistic manner. It’s usually piecemeal in how it’s handled, and instead what we need to do is shift to thinking of it being holistic, and the way that we approach it.”
Cohesion, leadership and measurement
The administration should also “address the lack of cohesiveness and leadership” across the country and internationally, Socure writes in its letter. It could do so by establishing a National Strategy for Digital Identity Trust and a unified approach to identity policy that replaces the current patchwork of legislation.
“Without bold vision or a commitment to action there will be no progress as it relates to digital identity. We have to find a way to move forward because we’re far behind everyone else here,” Buriss predicts.
Socure also wants the government to work with the international community. Other countries and regions around the world have moved forward, he observes, albeit to varying degrees of success.
“Effectively, we’re watching the rest of the world pass us by on this critical topic,” Burris warns.
Public awareness and education would also be part of this effort.
The Trump White House should make transparency and consistent measurement requirements for digital identity providers, the company recommends.
That would involve policies that promote the adoption of performance reporting for identity verification, fraud prevention and customer service. The government could publish periodic reports and public audits, and promote public feedback mechanisms.
“When it comes to serving the American public, when it comes to using digital identity to better enable digital service delivery, we have to think of this as more of a community problem in terms of how digital identity is being handled and what we can do collectively to make improvements overall. The only way we’re going to get better is if we’re able to better measure and basically put out publicly what we are doing to make progress in improvement.”
Apples-to-apples comparisons may be tricky, Burris acknowledges, but there are ways to allow for nuance. He compares the idea to the health inspection system. That system applies to different kinds of restaurants, and if there’s an issue, the needed improvement is clear.
“There are so many individuals in this country today that cannot engage in what is effectively a growing digital economy, and it’s because we have not taken and prioritized the right steps intended to bring them in part of the process,” Burris says. “We’ve left alternatives processes and experiences for them instead of finding ways to make improvements overall.”
Common criteria that could be created that any organization could adopt to measure performance. The measurement doesn’t have to involve NIST, though the agency could help develop the criteria.
“It’s not for them to put on a website, it’s for the organizations themselves to transparently make that available to the constituents that they deal with,” Burris argues.
Task force and AI catch-up
A Digital Identity Task Force should be set up within the Executive Office. Its goals would include improving threat detection and intelligence sharing, strengthening public-private partnerships and work on cross-border cooperation to stop identity theft and fraud.
Burris advises the new administration to start with organizations and agencies that are part of how digital identity is managed today, and then expand to those with other viewpoints and roles in administering or facilitating digital identity processes. The Social Security Administration, DHS (Real ID) and State Department (passports) are all involved in setting the standards for credentials and ID documents used today. They would be obvious choices for the Task Force, along with financial regulators or the Treasury Department.
Burris imagines other stakeholders participating in “sub-bodies, components dedicated to tackling different discrete problems” that would “roll up to the whole.” The initial Task Force would determine these collaborations with industry, academia and non-profits. All voices are important, he says, but need to have a concrete outcome in mind, which is “getting identity right for everyone.”
“All this goes back to: if you’re making it then its own sector and you’re focusing on it, now you’re establishing the framework in order to govern and manage and provide all this feedback in order to make these improvements.”
For the fifth pillar, Socure believes the government should turn American innovation, particularly in AI, to defending against cyber threats.
The U.S. is “woefully behind” on AI protections, Buriss says. AI has been around for long enough the government need to understand “what could develop from AI-driven attacks coming from nation states.” The way to do this, he says, is by “harnessing” AI to improve defenses through better understanding a wide range of signals, including device characteristics, networks and behavior.
Early indications for how digital identity policy might change under the Trump Administration include a focus on deregulation and potentially new consumer data privacy protections.
Article Topics
biometrics | digital identity | identity management | Socure | standards | U.S. Government