Getting Back Our Digital Identity – A Moonshot Proposal
American digital identity has rocketed away from us. Since the 1990’s, it has been used by organizations who have treated us as nothing more than money-making data fields. It is time for Americans to reestablish control over it. Americans want transparency in who is using it, effective enforcement mechanisms over those who misuses it and establish an American center that engages leadership – private, public, and non-profit, in what is a fundamental component of how we express ourselves as a people. We need to trust digital identity.
American’s most important identity is largely digital, not physical, and digital identity is well beyond their control. Who you are is now captured by a series of identifiers including mobile phone numbers, digital fingerprints, purchases, internet browsing, the apps you use, the toll booths you pass, and physical movements of your devices and more. This information is held by a hodgepodge of organizations, companies and intermediaries -some legitimate and many illicit.
Yet, many organizations who are digital identity stewards provide vital services. Live traffic via GPS and contactless payments and even tailored ads can make life and commerce more efficient and convenient. Banks can flag suspicious transactions, not only by unusual locations and amounts, but also detect if your keystrokes or smart phone movement is unusual using built in accelerometers and other sensors. Most people would opt-in to giving up privacy for this kind of convenience and security, but as users, we are generally not given that choice.
However, without ever thinking about it, Americans handed over digital identity to government agencies, service providers, marketers, and criminal networks who generate, manipulate, and use all the information of our digital lives every day without any involvement on part of its citizens.
Massive data breaches of digital identity information are commonplace and hardly make news any longer. The dollars stolen have reached unfathomable levels. It is widely estimated that well over $400 billion dollars was stolen from the United States Government in 2020 as criminals claimed pandemic assistance funds with bogus credentials. That money – our money – is now in the hands of international criminals, and they got it by stealing or in some cases even just borrowing our identities.
Criminal gangs, often operating from within adversary nations and with unclear ties to their governments, affect all of us by opening fake bank accounts, obtaining government benefits, and compromising national security by using our identities as tools to steal our nations secrets and weaken our country and erode our trust.
Meanwhile, the Government’s role in digital identity has been passed down to lower levels of authority, proposed legislation has been largely punted due to lack of support and woefully inadequate funding to upgrade in the plethora of digital identity programs at the Federal and State level.
Our failure to secure digital identity is part of a broader reality that the United States is strategically behind in digital identity. We have created a bonanza for bad actors because we allow digital identity disintermediation by sidelining the principle of every person should own their digital identity. This principle was recently echoed by Jamie Dimon in his 2020 shareholder letter in regards to owning your electronic health record. But how do you own health records or any other protected personal information if your very identity is insecure and being trafficked on the internet?
Our moonshot begins with new principles. First, American citizens should have transparent knowledge to the use and misuse of their personal identifiable information by any entity, be it government, commercial, or non-profit. Control over one’s identity, physical and digital, is a 21st century human right that must be protected in the interests of the American consumer with a national security mindset. Secondly, America must take a leadership position in what has become a field of light speed change.
Americans should be informed of compliance by organizations accessing their identity. A federally supported independent watchdog should enforce new digital identity standards in the same way we rely on trusted organizations such as the National Highway Traffic Safety Administration that protect highway safety. The Federal Trade Commission would be one natural place to house such an office. A first initiative could include turbocharging the FIDO2 (Fast Identity Online) across the private and consumer sector.
Without conflicting with Section 230 of the Communications Decency Act that provides immunity for website platforms, the initial role could begin as a monitoring process applying “Red/Yellow/Green” advisory to the public at large classifying how well organizations safeguard our digital identity. It can rely on existing standards published by the National Institute of Standards and Technology with additional support from the Department of Homeland Security and the Domestic Policy Council. This type of coordination not only protects the American consumer but will rightly send a message that American digital identity should be protected in the national interest.
For those organizations who do not practice said standards, the Federal Government should support the American public by giving them the right to act against the mis-users of our identities, and based on this knowledge, be able to suspend access to our digital identity regardless of how it was acquired.
Secondly, this strategic gap in digital identity calls for a broader collaboration that some currently advocate. A more robust and trusted center at arm’s length to the Government that instigates urgency and works outside the Washington DC framework will go much further in restoring public confidence to the American public. This digital identity center can go further by identifying game changing technologies beyond behavioral biometrics, FIDO based authentication and other now industrialized technologies and processes. Further it can serve as a hub & spoke for American allies to be close at hand in understanding of the unique dynamics of American digital identity.
It is time for Americans to stand-up and protect us by enshrining our fundamental right to be stewards of our own identity in the digital age. After all, we own it.
- Digital identity & KYC
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cyber risks
- Operational security
- Antifraud action
- Digital Sovereignty
- Digital transition