New US digital identity legislation promises more secure verification | #deepweb | #darkweb | #hacker

The COVID-19 pandemic has forced us to socially distance and do whatever we can digitally and remotely. For IT professionals, the pandemic likely brought a lot of unplanned headaches and long hours to ensure their organizations could remain securely operational while supporting a nearly 100% remote workforce.  

The pandemic has also revealed holes pertaining to digital identity, data protection and cybersecurity that expose individuals, businesses and government agencies to online fraud. Though numerous new technologies and commercial solutions are available, their value is limited to a single organization or within a trust framework, and there is a lack of interoperability for the benefit of users and organizations alike.

Recently, large-scale data breaches have resulted in terabytes of consumers’ personally identifiable information (PII) made available for sale on the dark web. The widespread availability of personal information has brought knowledge-based verification (KBV) solutions, once reliable methods to verify identities online, closer to obsolescence. Without the ability to trust personal data in a KBV solution, organizations will need a new method of verifying digital identities that still creates a positive user experience.

Unemployment agencies targeted during COVID-19

With millions of Americans applying for unemployment benefits, fraudsters have pounced on state government agencies responsible for unemployment assistance. A May 14, 2020, memo by the US Secret Service reports that Washington, North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida were victimized by a Nigeria-based fraud ring. The Secret Service states, “It is assumed the fraud ring behind this possess a substantial PII database to submit the volume of applications observed thus far.”

Canada is addressing this cybersecurity problem. Its Digital Identity and Authentication Council of Canada (DIACC) continues to develop its Pan-Canadian Trust Framework (PCTF). As the DIACC notes, “the PCTF supports the establishment of an innovative, secure, and privacy respecting Canadian digital identity ecosystem.”

Conversely, the United States lacks a comprehensive digital ID strategy. The Obama Administration developed one with the National Strategy for Trusted Identities in Cyberspace (NSTIC), but it never gained national adoption from service providers.

Improving Digital Identity Act of 2020: A government-wide approach

That may be changing as Congressman Bill Foster (D-IL) has recently introduced the bipartisan Improving Digital Identity Act of 2020. If enacted, the bill would “establish a government-wide approach to improving digital identity.” 

The bill leverages The Better Identity Coalition’s 2018 report, Better Identity in America: A Blueprint for Policymakers, which among other things, recommends that government agencies are best-positioned both at the state level via the Departments of Motor Vehicles and the federal level through the Social Security Administration (SSA) to offer new identity services to consumers.  

The SSA is already progressing in this area and will soon launch its electronic Consent Based Social Security Number Verification (eCBSV) service.  As noted on its website, “eCBSV will allow permitted entities to verify if an individual’s SSN, name, and date of birth combination matches Social Security records. Social Security needs the number holder’s written consent with a wet or electronic signature in order to disclose the SSN verification.”

The Improving Digital Identity Act would create an Improving Digital Identity Task Force within the executive office of the president. Its mission is to establish a government-wide effort to develop secure methods for federal, state and local government agencies to validate identity attributes and support interoperable digital identity verification in both the public and private sectors. The task force would be comprised of cabinet secretaries, heads of other federal agencies, state and local government officials, congressional committee designated members, and a position appointed by the president.

Additionally, the National Institute of Standards and Technology (NIST) would develop a standards framework for digital identity verification to guide federal, state and local governments in selecting their digital identity solutions. NIST would have one year to publish a final version of the framework.

The legislation requires the task force to publish a report with recommendations on research and development in systems that enable digital identity verification. Upon its completion and with consent of the individual, the framework will enable government agencies to securely vouch for its citizens in real-time when online.

Copyright © 2020 IDG Communications, Inc.

Click here to go to the original author and source to this story.


Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

.  .  .  .  .  .  . .  .  .  .  .  .  .  .  .  .   .   .   .    .    .   .   .   .   .   .  .   .   .   .  .  .   .  .

Leave a Reply