States Test New Credentialing ApproachesMichigan, Pennsylvania Latest Recipients of NSTIC Grants
Two states are testing new technologies that, if successful, should make it easier for citizens to securely access government services online with the side benefit of mitigating fraud and identity theft.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Michigan and Pennsylvania have received $1.3 million and $1.1 million, respectively, from the National Institute of Standards and Technology to pilot new online identity technologies. The money comes from the federal government's National Strategy for Trusted Identities in Cyberspace initiative, or NSTIC. The program managed by NIST is designed to create a so-called identity ecosystem that lets individuals choose from an array of credentials to transact business online.
The Michigan Department of Human Services will pilot the use of secure online identity verification and authentication solutions with Bridges, the state's integrated eligibility system that supports online enrollment and registration for citizens seeking public assistance.
Pennsylvania's pilot will enable residents to obtain a secure credential to conduct online transactions with participating agencies, starting with the Department of Public Welfare. If the pilot is successful, residents would register just once to access a variety of services, eliminating the need to create multiple accounts and to validate their identity multiple times. These higher security accounts could pave the way for new types of online transactions, increasing convenience while also helping the state reduce fraud, a NIST spokeswoman says.
NIST also awarded $300,000 to the Research Triangle Institute to evaluate the benefits and impacts of identity solutions deployed in the Michigan and Pennsylvania pilots.
Last week, NIST also announced that five groups would share more than $7 million in a second round of grants under NSTIC to pilot reliable, easy-to-use online credentials (see Pilot Projects Aim to Replace Passwords).
The Michigan Pilot
Michigan state officials say their program aims to help eliminate barriers citizens face in accessing benefits and services by streamlining the applications process while also reducing fraud and improper payments.
"We have made a special effort to detect fraud upfront, at the time of application for benefits," says Human Services Director Maura Corrigan. "But we know that many clients are themselves victims of identity theft. The new system will help us verify and authenticate those who desire a more streamlined process at the beginning, benefiting the client and [the department]."
Michigan ranks No. 4 among states in identity theft complaints filed with the Federal Trade Commission, according to the FTC's Consumer Sentinel Network Data Book January-December 2012.
"Solving the issue of false identity and identity theft is a crucial one for our agency in the days to come," says Duane Berger, Corrigan's chief deputy. "Right now, we receive half of our public assistance applications online. With that number growing each day, it's imperative that we make certain we know who are clients are and, more importantly, who they are not."
Michigan, in some situations, requires applicants for public assistance and other services to show up in person to have their identities verified. That's an expensive process for the state and a burden on those citizens. Plus, this approach often delays either the start or continuation of benefits. By providing a secure, online process to register, clients would make fewer trips to state offices. The pilot project also will evaluate how residents can access their private information more securely by using multi-factor authentication solutions in lieu of passwords..
With its NSTIC funding, Michigan will work with LexisNexis, a service provider, and Deloitte Consulting to test the automatic online identity authentication system.
The Pennsylvania Project
In most states, including Pennsylvania, constituents using the services of multiple agencies have multiple identities, including user names and passwords, even when different agencies interact with one another. A resident may be known as jsmith at one agency, johnsmith in another and 123456 at a third. Each agency validates a user's identity independently, rarely sharing the process with other agencies.
"There is much duplication of effort, both on the part of the agencies as well at the user who must respond to multiple requests for such information," says Erik Avakian, Pennsylvania's chief information security officer.
During the pilot, Avakian says, the state plans to break down some of the barriers by providing a centralized service to validate a person's identity on a voluntary, opt-in basis.
"Once the identity has been validated, the user will be able to use that identity with all participating agencies," he says.
Pennsylvania's pilot project initially will be conducted at the Department of Public Welfare. It will be extended to other agencies as the state validates the new credentialing approach.
Jeremy Grant, the NIST senior executive adviser for identity management who oversees the NSTIC program, says states play a vital role in providing identity credentials and relying on them. "States are ideal partners for NSTIC pilots because of the many services they offer online, and the many more they could offer online if the costs and risks involving identity fraud could be reduced," he says.