How Will Federal Identity Management Technology and Policy Evolve?

Agencies could play a bigger role in identity verification and enhance government services in the process, officials say.

The Common Access Card is going to be staying for a while at the Defense Department as an identity and access management tool. But other forms of government identity verification may evolve in the years ahead. 

As more government services are accessed and delivered online, there will likely be a growing need for the government to get better at validating and protecting digital identities. And agencies will not have to reinvent the wheel to do so, according to federal officials. What they will likely need is money from Congress. 

The question of how to move forward is part of an “ongoing debate of what to do with identity proofing in a post-Equifax world,” James Sheire of the General Services Administration said at a Sept. 11 ACT-IAC event, “Authenticating the Digital Identity,” according to FCW.

The 2017 Equifax data breach, which exposed the data of 147 million consumers, looms large in the identity management arena, including for government. Several agencies are in a good position to play a bigger role in identity management, official said at the event. 

Cybersecurity-report_HowStrong.jpg

GSA, SSA Could Play Bigger Roles in Identity Management

As FCW notes, the GSA’s budget for fiscal year 2019, for instance, proposed the creation of a Modernizing Identity Proofing Program Management Office. GSA said that Login.gov, the agency’s single sign-on platform for government services, and the proposed PMO would improve public access to government services “through secure accounts and user-centered tools” and that they would “offer a diverse set of modern approaches to digital identity management.”

Additionally, Congress passed a law earlier this year that included a section directing the Social Security Administration to launch an identity validation service, according to FCW.

Sheire said government “clearly having the resources” will lead to greater discussions about what agencies’ roles should be, FCW reports. 

Patrick Eager, deputy director of the enterprise security services division within the Department of Homeland Security’s Office of the Chief Security Officer, agreed that government could do more to help validate digital identities: “I think it’s a good idea.”

Technology and Policy Hurdles to Identity Management

The speakers at the event said there may be some challenges to an expanded government role. 

Jeremy Grant, coordinator of the Better Identity Coalition, a nonprofit that promotes the development and adoption of better solutions for identity verification and authentication, noted that “some government entities are in a good position to do this, and others will need to create a system to enable this.”

“It’s less a question of whether an agency like SSA has the ability to do that today or not,” he said. Instead, the bigger questions center on how much such solutions would cost, where the funding would come from and which agencies have the best data to use. 

Agencies would not need Congress to pass new laws, and could rely on directives from the Office of Management and Budget or an executive order, Grant said, according to FCW

Indeed, the President’s Management Agenda says that “to help agencies modernize their systems, including the use of cloud email and collaboration tools,” the administration “will update or revise foundational policy documents that strengthen the Federal approach to key areas such as moving to the cloud, ensuring trustworthy internet connections, managing identity, and optimizing data centers.”

Combiz Richard Abdolrahimi, who previously worked at the departments of State and Treasury, said that agencies at all levels of government are sitting on a wealth of identity information, including birth certificates and Social Security numbers, that could be used as people take advantage of more digital services, 

“There’s a lot of government agencies that are doing the proofing already, so it’s just a matter of harmonizing it more,” said Abdolrahimi, now the global emerging technology and innovation strategy manager at Deloitte, according to FCW. “That could be a great service that could improve citizen services.”

However, as he has in the past, former Federal CIO Tony Scott warned that a snag in all of this could be outdated government IT, since many of the systems “that run the federal government are pre-2001 in their architecture, in their design, in their implementation.”

“That obviously presents a challenge when you have technology that’s either old or came from a different design era,” he said.

“We don’t need to create new ID systems,” Scott added. “We need to leverage what’s out there, so if consumers want to do things online, they can do the things they can in the paper world.”

dem10/Getty Images
Sep 13 2018