US law could give nation 50 digital IDs backed by many other databases
Digital ID legislation that couldn’t even make it out of committee last year in the US House of Representatives has cautious optimism at the moment.
The nation could be set to follow Indonesia, Italy, India and dozens of other, mostly developing, economies that have at least begun national biometric ID programs. (World Privacy Forum has a good visualization here.)
But this is the United States, so the news comes with a list of caveats as long as a basketball player’s arm.
The House and Senate have the same or very similar digital ID bills, reactions to the seemingly ever-increasing amount of money that has been stolen from the federal government, funds meant to help businesses and people survive financially to the first mega-wave of Covid cases.
The “model” bill as it stands is here. It could change or be defeated, as happened to a similar bill introduced by Rep. Bill Foster (D-Ill.) in 2020. That legislation died in committee at a time when the scale of relief fraud was not widely known.
As with that effort, both new bills have bipartisan sponsorship, which isn’t the green flag it used to be in the nation’s capital.
Foster’s new legislation was rejected by the committee late last week, paving the way for debate in the House. (The Senate version is late.)
This would require the government to create secure and reliable means for federal, state, and local bureaucrats to “validate identity attributes” that protect citizens’ privacy when transacting with public and private organizations.
The bill highlights the 300 million people the government says were ‘affected’ by data breaches last year and the $56 billion in fraud losses across the world. economy in 2020.
But the reason there is movement on Foster’s bill this year is because politicians want it to be nearly impossible to steal so much government money again.
Venable chief executive Jeremy Grant said “it was difficult to get the relevant committee to pay attention to this bill until recently”.
Grant, who frequently appears to comment on cybersecurity, calls it a “great bipartisan bill” during an online discussion hosted by trade publisher Information Security Media Group.
“You’re starting to see some momentum,” he says before quickly qualifying that there’s nothing close to a guarantee that a bill will pass both houses of Congress.
Even if it becomes law, the bill intentionally ties the hands of the government to some degree.
It prohibits the creation of a “unilateral central national identification register relating to the verification of digital identity”. This is a political decision taken in the hope of placating people who fear that the government knows too much about them.
But IT professionals have long lamented broken databases. The integration of many large databases complicates analyses. Analyzing a consistent dataset is the only reason for having large databases.
Similarly, the bill’s sponsors also agreed to prohibit the law from resulting in a “one-sided central national identity card.” This is again a nod to politically active people who believe that a national ID card will lead to dictatorship and even metaphysical dangers.
This would be easier to circumvent than to impose a tower of babbling databases. The common standards allow the driver’s license to be used for many purposes in all 50 states and yet each has its own formatting.
data privacy | digital identification | digital identity | fraud prevention | government services | identity verification | interoperability | legislation | United States