The U.S. Digital Identity Crisis

Font Size:

A national digital identity framework is key to unlocking equitable financial technology.

Font Size:

When the COVID-19 pandemic hit the United States, the U.S. Congress quickly approved the CARES Act to—among other things—send emergency “economic impact payments” to struggling Americans. Millions of people, however, had to wait for months to cash physical checks that arrived through the mail, and millions more never received their stimulus payments at all.

An early version of the CARES Act included a provision to create “digital dollars” issued by the Federal Reserve to speed up the delivery of future government-to-person payments at scale. But creating a digital currency would not, on its own, solve the challenge of disbursing government aid to individual citizens. The Internal Revenue Service (IRS) would also require a digital infrastructure to verify the identity of individuals receiving the payments before the agency could implement a more efficient and secure method for transferring payments. To this end, Treasury Secretary Janet Yellen recently remarked that “just as much as we need responsible innovation, we also need equitable innovation; tools that can help bring the benefits of the financial system and modern IT to more people. … The same digital ID technology that protects against money laundering can also help us reach more people with relief.”

A visit to the Department of Motor Vehicles in any state would show that the United States currently has an outdated identity system. Moreover, Social Security numbers are not suitable as a universal ID tool. They lack digital connection and, due to their misuse as an identifier, have been breached on a massive scale. The cost of identity fraud to society is high. In 2020 alone, identity fraud cost Americans a total of about $56 billion, with about 49 million consumers falling victim. The REAL ID Act of 2005 was perhaps the most recent national policy to address identification, but 99 million Americans still do not have REAL ID-compliant identification 15 years after the law’s enactment.

In general, identity verification rules and requirements vary across entities, resulting in processes that are repetitive and fragmented for end users, and expensive for service providers. Financial services offerings are predicated on the ability of providers to perform Know Your Customer (KYC) due diligence and comply with anti-money laundering (AML) regulations. Financial providers often meet their KYC requirements by collecting information from customers when they create new accounts. But verifying that information poses challenges without a single source to confirm a customer’s identity.

A digital ID that can be authenticated remotely is key for access, inclusion, participation, and innovation in a digital economy. The promise that many technology-driven innovations offer, whether by way of financial services, transportation, or education, can be enhanced by digital identification solutions. These solutions can consist of combinations of attributes that range from biometrics, behaviors, and issued credentials.

A digital ID framework comes with many complexities. The building blocks of a coherent ID system in the United States would need to address the unique aspects of the country’s federalist system, challenging privacy and security considerations, and the role of the private sector.

Although select governmental and industry efforts are underway, a more comprehensive federal effort would help coordinate and facilitate what should be viewed as public infrastructure. A mix of public and private actors manage the components required for identity verification in the United States, which are subject to a range of legal requirements at both the state and federal levels. By convening core public and private sector stakeholders, the federal government could help spur necessary standards, privacy protections, innovation, and consumer choice.

The following four design principles are critical for a robust digital identity framework:

First, privacy protections must be at the center of a digital identity framework. Information should be shared and used only at the explicit direction and consent of consumers. This basic tenet has been central to most global digital identity programs and initiatives, including Singapore’s National Digital Identity project, the Business Roundtable’s proposal in 2019, and the Better Identity Coalition’s digital identity policy blueprint.

Second, a sound digital identity framework should avoid the creation of centralized “honey pots” of information that could be readily subject to cyberattack or misuse. In addition, centralization would be inconsistent with historical opposition in the United States to centralized control of national identity data. Instead, federal models that allow uniform access to information across systems for identity verification and authentication should underpin the U.S. approach.

Third, digital identity solutions would benefit from API access to government-held data that can increase the speed and accuracy of identity confirmation. There have been discrete efforts to build such APIs—including an IRS income verification initiative—but agencies need to scale them further to ensure a more comprehensive and coordinated approach across agencies at both the state and federal levels.

Finally, standards around privacy, security, interoperability, and authentication should be crafted to foster an open and innovative environment, where private sector stakeholders could compete to improve consumer choice and ensure equitable access for all, without deepening the digital divide. A national digital identity framework should allow for technological innovations in tokenization, biometrics, and other developing authorization methods. Providers should not be able to lock consumers into their services, and information should not be trapped in siloed ecosystems.

To the contrary, open standards—perhaps offered by organizations such as the National Institute of Standards and Technology (NIST)—should drive a dynamic digital identity framework that advances consumer interests and operates within the structure of the marketplace. The NIST has been active in this space. In 2016 it awarded six pilot grants totaling $15 million to a combination of public and private sector entities to develop trusted identities that enable more secure access to online services. One of the projects focused on improving access by offering a Digital Driver’s License that is accessible through a mobile application in Colorado, Idaho, Maryland, and Washington, D.C.

Although these select efforts are positive, we suggest a federal agency, such as the U.S. Department of Treasury or Commerce—or even the White House—lead a more comprehensive initiative.

A forward-leaning digital identity framework is necessary to support robust and inclusive economic infrastructure. It is important to anchor national efforts around common principles and coordinate disparate efforts, which might include: sharing information derived from specific initiatives; researching and promoting standards; organizing information and education campaigns to drive adoption; hosting techsprints or other events that leverage private sector innovation; and recommending specific legislative or regulatory change. A national framework can help organize and catalyze an otherwise fragmented digital identity effort subject to collective action challenges.

The importance of this effort cannot be overstated. As we emerge from the COVID-19 pandemic, we have an opportunity to rebuild the economy by reshaping our identity framework in ways that give us access to better and more equitable financial technology innovations.

Usman Ahmed

Usman Ahmed is the Head of the Global Public Policy and Research team at PayPal Inc. and an Adjunct Professor at Georgetown University School of Law.

Daniel Gorfine

Daniel Gorfine is the founder of Gattaca Horizons LLC and an Adjunct Professor at Georgetown University School of Law.

No Photo

Ivy K. Lau is a member of the Global Public Policy and Research team at PayPal Inc.

This essay is part of an 11-part series, entitled Regulation In the Era of Fintech.