Identity fraud for FEMA disaster relief raises questions on timeline for digital ID

In the worst tradition of disaster capitalism, fraudsters have targeted victims of California’s wildfires, committing identity theft to access financial assistance and other disaster relief through the Federal Emergency Management Agency (FEMA).

KTLA has the story of the Zweig family, who went to apply for aid – and discovered that their names and personal information had already been used to file an application, using an unfamiliar email address and phone number to commit identity fraud. As a result, the family has faced lockouts and delays of up to 30 days as the agency processes their fraud claim.

Judy Zweig says ID fraud is a “rampant problem” for FEMA. Stolen identities, acquired in data breaches and hacking attacks, can be modified to create fake accounts or claim benefits intended for real people. The result can be especially damaging for those, like the Zweigs, whose homes have been destroyed in climate disasters.

White House razes main consumer protection agency for financial sector

Stronger regulations are decidedly not forthcoming, with the regime in Washington currently vying to dismantle the Consumer Financial Protection Bureau (CFPB) – the primary consumer protection agency for the financial sector. As CNN puts it in a headline, “Consumer watchdog ordered to stop fighting financial abuse.”

The Center for Democracy and Technology (CDT) has issued a release saying the move by new Treasury Secretary Scott Bessent, a former hedge fund manager, “threatens to severely undermine efforts to protect consumers’ privacy – and furthers a pattern of attacks on critical federal agencies charged with protecting the public.”

Alexandra Reeve Givens, CDT president and CEO, says the CFPB plays a crucial role in protecting against the most harmful impacts of the data broker industry. “When Americans’ private data, like Social Security numbers, banking history, and location and health data, gets sold to the highest bidder, consumers are more likely to be targeted with predatory offers for loans and other financial services. They’re also more likely to be doxed or face identity theft.”

4th revision of NIST digital ID standard covers government benefits

The push is on, then, to establish U.S. federal government standards for digital identity management, which could help alleviate difficulties arising from the planned regulatory flush, and put some guardrails around privacy and security in issuing disaster relief.

A post from Spruce ID Senior Product Manager Libby Brown notes that NIST’s fourth revision of its 800-63 Digital Identity Guidelines  describes how user identities are proven and recorded for accessing government benefits or tax systems.

“NIST standards now include various roles and guidelines for digital credentials (such as California’s mobile driver’s license) for logging on to government systems,” Brown says. “That means digital credentials are going to be a much bigger part of our future.”

She predicts a “huge step forward in adoption and acceptance” of digital credentials like mDLs and user-controlled wallet technologies. “For the vast majority of users, this will be a new experience of logging on,” she says – “not with a password, but with a digitally-signed proof of identity stored on a secure hardware chip on your phone. This should lead to broad improvements in security, since passwords have been the chronic target of malicious hackers.”

The standard also includes guidance on federated identity credentials that use one account to access a host of different services and platforms, and presents an overarching approach to risk management for online services, defining three levels of assurance for identity proofing and authentication. For instance, the highest of these, Authentication Assurance Level (AAL3), specifically requires encrypted credentials based on key-pair cryptography, and a “hardware-based authenticator with a non-exportable private key.”

Digital credentials could provide easier access to disaster relief

Brown says updates to the NIST-800 identity standards mean there will be “more opportunities to use secure digital credentials, kicking off a virtuous cycle with many, many benefits.” Among those is easier access to disaster relief for those who have suffered devastating loss.

Article Topics

Center for Democracy & Technology  |  digital identity  |  fraud prevention  |  identity theft  |  NIST  |  SpruceID  |  U.S. Government  |  United States