On April 13, 2022, the Better Identity Coalition published a letter The report calls on President Joe Biden to draft and sign an executive order on digital identity. It urges the administration to address four key priorities:
- Give Americans the tools they need to protect themselves against identity theft.
- Ensure victims of identity theft have access to help.
- Establish a government-wide approach to enable identity attribute validation services.
- Ask the National Institute of Standards and Technology (NIST) to create a digital identity framework consisting of standards and best practices.
The letter was signed by the Cybersecurity Coalition, the Electronic Transactions Association, the Identity Theft Resource Center, the National Cyber Security Alliance, and the U.S. Chamber of Commerce’s Technology Engagement Center. Six months later, NIST released updated guidelines for digital IDs to “help combat online crime, preserve privacy, and promote fairness and convenience.” After a public review period, a second draft of these guidelines is now available.
We are at a critical juncture for the United States. Digital identity is coming, and it needs to be implemented right the first time. Unfortunately, there are still significant hurdles to overcome and a glaring blind spot that is being overlooked.
Identification in the digital world
A recent report from NOTUS suggests that the Biden administration will soon put all its weight behind digital identificationwith an upcoming executive order stating: “The policy of the executive branch is to strongly encourage the use of digital identity documents.”
An order like this, at first glance, is a response to the Billions of dollars lost by the US government Fraudulent applications for social programs are also on the rise. But once government-issued IDs go online, it will have much broader implications. We’ve already seen this in other countries around the world. Spain recently has set up a “porn passport” which aims to prevent minors from accessing adult content online. Australia’s digital ID system was introduced in May, but already Critics emerge on its security capabilities.
The need for decentralization
There is a fundamental problem with these initiatives. Regardless of the level of encryption, security protocols or penetration testing, it is essentially a big basket of credentials. Richard Buckland, a professor of cybersecurity at the University of New South Wales, said it was “I have never seen a system that is not hackable.“Centralized repositories of information will always be vulnerable. Earlier this year, 404 Media reported on a Security vulnerability involving AU10TIXan identity verification company that serves platforms like Fiverr, X, and Coinbase. Administrator credentials were stolen from AU10TIX and exposed online for over a year, giving hackers access to names, dates of birth, and identity documents. Even the companies hired to protect us have critical flaws, and centralizing all the data only makes it easier to exploit them.
Blockchain technology offers a potential solution to this problem. While no technology is completely foolproof, decentralized identity verification and authentication brings us as close as possible. In simpler terms, imagine a king’s treasure room filled with gold, jewels, and artifacts from all over the land. It’s heavily guarded, surrounded by thick stone walls, iron bars, and a deep moat. Nearly impregnable. Almost. Decentralized technology is like taking each piece of gold and hiding it in its own vault, in its own castle, behind its own guards. Each individual piece is worthless without the others. The thief (or even the king himself) can never see the treasure in its entirety.
A public responsibility
As governments continue to develop digital identification tools, the public must demand accountability, transparency, and privacy. Integrating blockchain technology into these programs will not only make them more secure against identity theft, but will also keep citizens’ information out of the hands of the government.
Trust is earned, and more than 70 percent of Americans Americans are already concerned about how the government uses their data, according to the Pew Research Center. We all deserve protection from identity theft, and the administration deserves credit for trying to address the problem. But collecting more information and feeding it into centralized government databases is not the answer. It’s like asking a bad actor, foreign or domestic, to breach the castle walls and steal the gold.
Instead, they should work with experts to create a decentralized, verifiable identity system built on irrefutable trust. Concordium has already built a regulation-ready blockchain with an identity layer to authenticate users and documents. Instead of running away from this technology, we need to move forward. Otherwise, we risk losing control of our unique identities.
THE NIST Guidelines Digital identity wallets are under review and feedback is welcome. This is a great opportunity for citizens to demand a different approach before it’s too late. As we’ve all seen time and time again, undoing a completed government action is incredibly difficult. It will be too late to reverse the trend once digital identity wallets are introduced in the US, Europe, and the UK.
This does not mean that there is will This would be a break with the systems currently proposed. But if we want to build something new, why not do it properly?
