White House 2023 cybersecurity plan calls for investment in digital ID

Privacy occupies surprisingly little real estate in the just-released U.S. cybersecurity strategy and President Joe Biden namedrops biometrics just once.

The strategy is the executive branch’s annual opportunity to tell the world about its concerns, priorities and, broadly, plans. The Congress appropriates all federal money, so the 35-page document is not exactly an edict.

To be fair, biometric privacy is integral to much of what is said, but specific language is important when sizing up Washington’s intentions.

The administration does briefly discuss digital ID programs and the need for updated privacy laws, however.

Liability and accountability mark where the Biden administration is straying farthest from its predecessors.

A couple decades of the federal government hoping that software companies would put sufficient effort into tight coding and security would appear to have been in vain. (That or without the industry’s voluntary work, the online world would be a hellscape.)

In response to that track record, the Biden administration is saying accountability needs to be enforced through incentives and regulation.

“We must begin to shift liability onto those entities that fail to take reasonable precautions to secure their software while recognizing that even the most advanced software security programs cannot prevent all vulnerabilities,” according to the published strategy.

Officials in the executive branch say they will develop an “adaptable safe harbor framework to shield from liability companies that securely develop and maintain their software.”

If it sounds like the administration is trying to soften the threat of ham-fisted regulation, it is. In another passage, officials write, “We must ask more of the most capable and best-positioned actors to make our digital ecosystem secure and resilient.”

And, in reading the document, it seems as though the Biden administration wants to get more active in developing relevant standards.

That is a controversial notion. At least with the internet and mobile communications, the United States has deferred to industry leaders when it comes to data and data services.

Federal investment is another touchy subject for businessowners, and it appears Biden wants to cross that line, too. The strategy calls for the government to handicap business investment strategies, laying out tax and other incentives for promising long-term plans.

“Public and private investments in cybersecurity have long trailed the threats and challenges we face,” according to the document. “The need to address this investment gap has grown more urgent.”

Specifically, executive branch officials say they will “encourage and enable” investment in digital IDs promoting financial and social inclusion, security, consumer privacy, accessibility and interoperability.

Using National Institute of Standards and Technology work as a beginning, the government’s efforts would “include strengthening the security of digital credentials; providing attribute and credential validation services; conducting foundational research; updating standards, guidelines, and governance processes to support consistent use and interoperability; and develop digital identity platforms that promote transparency and measurement.”

Privacy might get the shortest shrift in the strategy. The document says the president “supports legislative efforts to impose robust, clear limits on the ability to collect, use, transfer, and maintain personal data and provide strong protections for sensitive data like geolocation and health information.”

Although it is notable that Biden feels individuals bear too much of the responsibility for the safety of their data. He advocates rolling that back to the many companies that collect, analyze, commercialize and share that data.

Article Topics

biometrics  |  cybersecurity  |  digital identity  |  investment  |  legislation  |  standards  |  U.S. Government