Bipartisan Bill Looks to Create Secure Digital IdentitiesLegislation Seeks to Address ID Theft and Fraud Stemming From Breaches
A bipartisan bill introduced Friday in the House of Representatives looks to take some initial steps in creating nation-wide digital identity standards that attempt to address a range of security issues, including theft and fraud stemming from data breaches.
See Also: A Guide to Passwordless Anywhere
The bill, "Improving Digital Identity Act of 2020," was introduced by Rep. Bill Foster, D-Ill., who serves on the House Financial Services Committee and has previously held hearings about using emerging technologies, such as artificial intelligence, to improve identity and make it more secure (see: Congress Hears Ideas for Battling ID Theft).
The legislation is also sponsored by Democrats John Katko of New York and Jim Langevin of Rhode Island, along with Republican Rep. Barry Loudermilk of Georgia.
The bill would create an interagency task force composed of federal, state and local agencies that would develop uniform standards for digital identities that would offer more security and privacy protections for individuals. It also calls for creating new verification tools that public and private organizations could use.
One goal is to move away from over-reliance on Social Security numbers and other outdated methods to prove identity, according to the bill's backers.
In addition, the bill looks to create standards at the federal level while offering cash grants to states to help them upgrade their own digital identity programs, such as drivers' licenses, and ensure uniform standards are followed.
"It's become vitally important to ramp up safeguards to protect against identity theft and fraud, so that both consumers and businesses can have confidence in online transactions and the peace-of-mind of protecting sensitive information," Foster said.
The bill already has support from the Better Identity Coalition, which advocates for more secure identities and is backed by a wide coalition of technology companies, such as Microsoft and Ping Identity, as well as financial firms such as MasterCard and Wells Fargo.
The bill is an effort to reduce fraud related to identity theft, which has accelerated over the past several years as more personally identifiable information has been compromised in data breaches.
In 2019, losses from identity fraud reached nearly $17 billion worldwide, according to a study published in April by Javelin Strategy. The report noted that fraudsters have moved away from more traditional schemes and have now embraced account takeover and other high-impact scams. This shift is likely to accelerate this year due to the COVID-19 crisis.
"The type of identity fraud has drastically changed from counterfeiting credit cards to the high-impact identity fraud of checking and savings account takeover," according to Javelin. "At a time when consumers are feeling financial stress from the global health and economic crisis, account takeover fraud and scams will increase. It is too early to predict how much higher the fraud rates will go; however, criminals become more active during times of economic hardships."
Another concern is the rise of synthetic identities, where cybercriminals use stolen information to attempt to mimic a person to carry out identify-related frauds.
Loudermilk, the Republican backing the bill, notes: "With more Americans going online to purchase basic life necessities, this also means more Americans’ personally identifiable information [PII] is at risk of being stolen."
The bipartisan bill looks to reduce these losses and security gaps by creating more secure digital identities as well as uniform standards that businesses and government agencies can use to ensure that services are provided to the right people. This includes:
- Establishing an interagency task force that will create new methods of creating digital identities and verification methods;
- Directing the National Institute of Standards and Technology to create a framework of standards to help guide federal and state agencies when providing digital identity verification services, including an emphasis on privacy and security;
- Creating a grant program through the U.S. Department of Homeland Security to give money to states to help with their own digital identity programs, such as drivers' licenses and other types of credentials. The grants would also help ensure that the uniform standards created by NIST are followed.
"We must take steps to modernize these systems and address vulnerabilities," Kato said. "Our bill does this by forming a task force on securing digital identities, establishing a standard framework for federal agencies when providing digital identity verification services and creating a grant program for states to modernize their systems."
The Better Identity Coalition, which backs the measure, has been pushing lawmakers to create more secure digital identities since 2018 when it published its own "blueprint" for creating better standards.
Jeremy Grant, the coalition's coordinator Coalition, notes that the U.S. has fallen behind other countries when it comes to creating more secure digital identities, while fraudsters are adopting new methods faster than companies and government agencies can keep up.
Two years ago, we launched @MakeIDbetter to craft common sense policy approaches to improve the privacy, security & convenience of digital identity.— Jeremy Grant (@jgrantindc) September 11, 2020
I am thrilled to see @RepBillFoster @RepJohnKatko @JimLangevin @RepLoudermilk partner on legislation to tackle these challenges! https://t.co/GNF9jsuefU
"So many services - in banking, healthcare, government and e-commerce - depend on knowing 'who is on the other side' of a transaction," Grant said. "But our old identity systems have not transitioned well to the digital world - creating friction in commerce, fueling increased fraud and theft, degrading privacy, and hindering the availability of many services online."
In a conversation with Information Security Media Group in June, Grant noted that while digital identity efforts have improved over the past five years, more needed to be done (see: Secure Digital Identity in the Age of Coronavirus).
"When I look where we are today, relative to where things were back in 2015, I'd say we're more secure in the authentication space and that authentication is getting easier," Grant told ISMG. "We're sort of on the cusp of the post-password world, but where we aren't as secure is in the identity proofing space, where that's getting much harder."