FB pixel

Key US lawmakers ask for more info on NIST’s Digital Identity Guidelines

Key US lawmakers ask for more info on NIST’s Digital Identity Guidelines
 

Three U.S. lawmakers with sway over federal technology policies asked the director of the National Institute of Standards and Technology (NIST) to provide them the findings of NIST’s “digital identity and face recognition technology work,” and to explain how NIST’s Digital Identity Guidelines will “alleviate concerns about the reliability, accuracy, and security of these technologies.”

The lawmakers made the request in a letter they jointly penned to NIST Director Dr. Laurie Locascio. In their letter they stated that they want to know how NIST’s recently updated Digital Identity Guidelines “can help federal agencies address concerns with the use of facial recognition technologies.”

Following a two-day workshop, a second public draft of the Digital Identity Guidelines was published on August 21 that NIST said was designed “to ensure security, privacy and accessibility during the identity-proofing process for people accessing government services.” It is the fourth revision of NIST Special Publication (SP) 800-63 and related publications, and incorporated feedback that NIST received last year as part of a separate comment solicitation and a year-long period of stakeholder engagement.

Locascio said at the time that “everyone should be able to lawfully access government services, regardless of their chosen methods of identification,” and that the “improved guidelines are intended to help organizations of all kinds manage risk and prevent fraud while ensuring that digital services are lawfully accessible to all.”

Jason Miller, deputy director for management at the Office of Management and Budget, stated: “By incorporating feedback from private industry, federal agencies, privacy and civil rights advocacy groups, and members of the public, NIST has developed strong and fair draft guidelines that, when finalized, will help federal agencies better defend against evolving threats while providing critical benefits and services to the American people, particularly those that need them most.”

Ryan Galluzzo, NIST’s Digital Identity Program lead, added, “We are trying to make sure we maintain as many pathways as possible to enable secure online access to services. We want to open up the use of modern digital pathways while still allowing for physical and manual methods whenever they may be necessary.”

The letter to Locascio was signed by Rep. Frank Lucas, chair of the House Committee on Science, Space, and Technology; Rep. Mike Collins, chair of the

Committee’s Subcommittee on Research and Technology; and Rep. Jay Obernolte, Chair of the committee’s Subcommittee on Investigations and Oversight.

“Despite the many advantages of face recognition technologies, their trustworthiness has long been questioned, particularly as it relates to personal privacy issues,” the three lawmakers wrote. “There have also been concerns raised about the accuracy of face recognition technology and the use of biometrics to authenticate a user.”

A statement announcing their letter to Locascio said “the proper use and application of NIST’s Digital Identity Guidelines can help address these concerns and are crucial for federal agencies, providing essential direction on strengthening and securing access to their digital services. These guidelines encompass using facial recognition to access personal, proprietary, or government information.”

“Taken together, the Digital Identity Guidelines provide agencies with a set of voluntary risk management capabilities intended to minimize risks associated with failures of identity systems resulting from impersonation, account take-overs, and fraud,” the legislators wrote,” pointing out that “within the context of these guidelines, agencies may use face recognition technology as one method to verify the identity of an individual attempting to access information related to federal online services, including potentially sensitive personal, proprietary, or government information.”

“Despite the many advantages of face recognition technology, its trustworthiness has long been questioned, particularly as it relates to personal privacy issues,” the lawmakers wrote, adding that “there have also been concerns raised about the accuracy of face recognition technology and the use of biometrics to authenticate a user.”

The lawmakers said Jim St. Pierre, THE NIST Acting Director of the Information Technology Laboratory, had “assuaged some of these concerns as they relate to the Identity Assurance Level standards,” but added that “some concerns remain with the reliability, accuracy, and security of the technology as well as future developments in face recognition technology and other forms of digital identity.”

The three lawmakers gave Locascio until to October 22 to respond to the following questions:

  • What is NIST’s process for updating and refining its digital identity guidelines as new threats and challenges emerge;
  • How does NIST participate in the development of standards for face recognition;
  • What measures has NIST implemented to promote the accuracy and reliability of face recognition technology, particularly in terms of identifying users across diverse demographic groups;
  • How do NIST’s Digital Identity Guidelines, including revision 3 and the recently released revision 4, address privacy concerns and the potential for misuse of Personally Identifiable Information (PII);
  • What safeguards are in place regarding the storage, duration, and potential use of sensitive PII data collected through facial recognition technology, and
  • How does NIST support federal agencies with implementation of the digital identity guidelines and face recognition technology?

NIST has received criticism for its digital identity guidelines, including on the use of facial recognition and syncable authenticators (passkeys). In 2019, NIST testing found that nearly all facial recognition algorithms have performance disparities based on race and gender.

However, the latest draft guidelines maintain NIST’s approach to biometrics-based identity verification, with the caveat that systems must perform accurately, adhere to privacy requirements, and include manual processes to address errors.

NIST’s original digital identity guidelines considered syncable authenticators to be non-compliant, but the agency issued a supplement to provide additional requirements and considerations to allow for their use.

In a March 31, 2023 Alert Memorandum, the US Department of Labor’s Office of Inspector General (OIG) warned that it was “concerned that the use of identity verification service contractors may not result in equitable and secure access to unemployment benefits,” noting longstanding concerns over “empirical evidence the algorithms used in current facial recognition technology have a racial and gender bias.”

The OIG said that unemployment insurance programs “have become a target for fraud with significant numbers of imposter claims being filed with stolen or synthetic identities. Although the exact number of imposter claims is unknown, the OIG previously identified that from March 28, 2020, through September 30, 2020, four states paid $9.9 billion on 1.1 million likely fraudulent claims.”

The OIG said it “is concerned that the use of identity verification service contractors may not result in equitable and secure access to unemployment insurance (UI) benefits in the processing of UI claims,” and that “these risks must be addressed and mitigated by appropriate oversight and guidance” from the Employment and Training Administration.”

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Liquid identity verifications surge past 60M as Japan leans into chip-scanning

Liquid has reached the 60 million digital identity verification milestone with its online KYC service, with a surge in verifications…

 

Car dealerships rev up digital ID verification to counter rise in identity fraud

Whether it’s a fake credit history, a phony license or a test driver with a stolen identity who makes tracks…

 

GovTech to deliver $10 trillion in value by 2034, says WEF

At the meeting of the World Economic Forum (WEF) in Davos this week, tech is front and center – and…

 

Davos discusses digital wallets, AI economy

This year’s Davos World Economic Forum (WEF) is bringing not only tense trade talks between the U.S. and Europe but…

 

ASEAN updates guidance on deepfakes

The threat of deepfakes is entering high-level discussions from Southeast Asia to Davos. The Association of Southeast Asian Nations (ASEAN)…

 

Philippines faces 36 million backlog in ID cards

The Philippines are still facing a 36 million backlog in distributing the country’s national ID cards which will need additional…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events