Making Identity Better: Government and Industry Efforts Take Form
A key lesson from 2017 was that attackers have caught up with many of the “first-generation tools” we have used to protect and verify identity. The recent Equifax breach may have driven this point home, but the reality is that these tools have been vulnerable for quite some time. There are many reasons for this – and certainly blame to allocate – but the most important question is:
“What should the government and industries do now?”
In Washington, the United States government is starting to focus on this topic. The House Energy and Commerce Committee held a hearing late last year on “Identity Verification in Post-Breach World.” President Trump’s Cybersecurity Coordinator has called for government to look at moving beyond the Social Security Number (SSN), and set up an inter-agency task force to create recommendations. And on the industry side, firms in financial services, e-commerce, healthcare, technology and other key markets are grappling with the steps that they should take to improve consumer identity solutions.
The U.S. is hardly alone here. In Canada, major banks and mobile network operators (MNOs) have partnered with the government through the Digital ID & Authentication Council of Canada (DIACC), with a goal of creating a Pan-Canadian Trust Framework for interoperable identity. In Europe, the e-IDAS initiative is letting citizens from 28 member states use their digital credentials interoperably across all of Europe.
And in the developing world, organizations like the World Bank and the Omidyar Network are launching major new investments in digital identity, with the aim of leveraging identity to improve human rights, advancing financial inclusion, and empowering people to more fully participate in the digital economy.
Across the globe, it’s becoming clear that governments have a significant role to play in making identity solutions better. The activities of governments vary from country to country, but there are common themes emerging where government, working together with the private sector, can help address the weaknesses of “first-generation” identity verification and authentication tools. The goal is to deliver next-generation identity solutions that aren’t only more secure, but also better for privacy and customer experiences.
I’m excited that we’ll have the opportunity to explore some of these initiatives this summer at the Identiverse conference through a dedicated track on identity and government.
By Jeremy Grant
Managing Director, Technology Business Strategy, Venable LLP