US law could give nation 50 digital IDs backed by many more databases

Digital ID legislation that could not even get out of committee last year in the U.S. House of Representatives has some guardedly optimistic at the moment.

The nation could be ready to follow Indonesia, Italy, India and dozens of other mostly developing economies that have at least begun biometric national ID programs. (World Privacy Forum has a good visualization here.)

But this is the United States, so the news comes with a list of caveats as long as a basketball player’s arm.

The House and the Senate have the same or very similar digital ID bills, reactions to the seemingly ever-growing amount of money that was stolen from the federal government, funds intended to help businesses and people financially survive the first mega-wave of Covid cases.

The bill “template” as it stands is here. It could change or be cast off, as happened to a similar bill introduced by Rep. Bill Foster (D-Ill.) in 2020. That legislation died in committee at a time when the scale of the relief fraud was not widely known.

As with that effort, the two new bills have bipartisan sponsorship, which is not the green flag it used to be at the nation’s Capital.

Foster’s new legislation was voted out of committee late last week, clearing the way for debate on the House floor. (The Senate version is lagging.)

It would have the government create secure, reliable ways for federal, state and local bureaucrats to “validate identity attributes” that protect citizens’ privacy as they transact with public and private organizations.

The bill highlights the 300 million people that the government says were “impacted” by data breaches last year and the $56 billion in fraud losses across the economy in 2020.

But the reason there is movement on Foster’s bill this year is politicians want to make it as close to impossible to steal so much government money again.

Venable managing director Jeremy Grant, said “it was hard to get the committee with jurisdiction to pay attention to this bill until recently.”

Grant, who pops up frequently to comment on cyber security, calls it a “great bipartisan bill” during an online discussion organized by trade publisher Information Security Media Group.

“You’re starting to see some momentum,” he says before quickly qualifying that there is nothing close to a guarantee of any bill being passed by both houses of Congress.

Even if it becomes law, the bill intentionally ties the government’s hands to an extent.

It prohibits the creation of a “unilateral central national identification registry relating to digital identity verification.” It is a political move made in the hopes that it will assuage people who fear the government from knowing too much about them.

But IT professionals have long bemoaned fractured databases. Integrating many large databases complicate analyses. Analysis of a coherent dataset is the whole reason for having large databases.

Likewise, the bill’s authors also have agreed to prohibit the law from resulting in a “unilateral central national ID.” This is a nod again to politically vocal people who feel a national ID will lead to dictatorship and even metaphysical dangers.

This would be easier to work around than mandating a tower of babbling databases. Common standards allow driving license to be used for many purposes in all 50 states and yet each has its own formatting.

Article Topics

data privacy  |  digital ID  |  digital identity  |  fraud prevention  |  government services  |  identity verification  |  interoperability  |  Jeremy Grant  |  legislation  |  United States