Agencies move on digital ID while critics say Biden plan misses it

The White House is taking flak because its new cybersecurity strategy implementation plan for federal agencies ignores actions regarding digital identity.

Reading the implementation plan, that is fair criticism; many people working with identity in government and industry continue to insist on a coherent federal approach to identity.

There are large identity programs worth mentioning, of course. It’s just that, as critics have pointed out, their scale is insufficient for the challenge.

Administration officials have responded to the criticism by saying the plan will evolve. That has been an unsatisfying explanation for some.

According to reporting by trade publication Nextgov/FCW, industry insiders with close ties to federal cybersecurity policies are expressing shock that nothing substantive about digital identity is in the government’s strategy implementation plan.

Always good for pithy analysis of industry news, Jeremy Grant, who once worked with the National Institute of Standards and Technology and now leads the advocacy group the Better Identity Coalition, said people are “gobsmacked.”

Jordan Burris, head of public-sector strategy at ID verification provider Socure and another former federal official, took to LinkedIn to express his disappointment.

Burris pointed what several before him have noted – that the U.S. president in February specifically called for action on digital identity in the nation’s uniquely high-profile state of the union address. And in March, the White House released a cybersecurity strategy document that does discuss investment in digital id, albeit briefly.

“Transparency and action are needed now,” Burris wrote. “Else we will continue to see nation-states and criminal enterprises win the day.”

Although they are not all-encompassing, large-scale digital ID programs are in the works.

One of them is $377 million in grants to states announced last week by the Labor Department as part of a modernization of unemployment-insurance programs.

The money can be used to improve a state’s ability to verify people’s identities.

It also is being provided for improvements to Login.gov, the single sign-on application designed to give residents a single identification profile to use securely in working with the government and accessing services.

Separate from the grant program, a physical avenue has been created for people wanting to verify their identity with the federal government to collect unemployment insurance benefits without going online.

The many-headed U.S. unemployment process was shown to be deeply vulnerable to all kinds of fraud attacks as governments raced to financially support the nation when jobs evaporated during the darkest days of Covid.

The Labor Department, the U.S. Postal Service and the General Services Administration have created a process, piloted in the rural Midwest state of Arkansas, for in-person ID proofing.

It is an online process, still, but one that is handled by postal workers, reportedly in 90 seconds.

Article Topics

cybersecurity  |  digital identity  |  fraud prevention  |  identity verification  |  Jeremy Grant  |  Socure  |  U.S. Government