Identity, Compliance Management

Lawmakers want to know if the government should validate digital identities

US Capitol dome

The Senate Homeland Security and Governmental Affairs Committee voted 11-1 to pass the Improving Digital Identity Act, which would establish an Improving Digital Identity Task Force. 

Sen. Rand Paul, R-Ky., was the lone dissenting vote. Paul also signaled opposition to the proposed Tik-Tok ban this week.

The legislation’s passage joined the approval of nearly two dozen critical cyber bills, including the bipartisan Securing Open Source Software Act that would task the federal government with ensuring the security of open-source software like ChatGPT to prevent another Log4J debacle.

The bills now move to the full Senate for debate.

Centered on privacy, the Improving Digital Identity Act comes in response to calls from the bipartisan Commission on Enhancing National Cybersecurity for the government to create an interagency task force designed to find a secure, user-friendly method for agencies to serve “as an authoritative source to validate identity attributes in the broader identity market.”

The legislation is built on the idea that the government is “uniquely positioned to deliver critical components that address deficiencies in the digital identity infrastructure of the United States and augment private sector digital identity and authentication solutions.”

In its current state, there’s no easy, affordable method for entities and government agencies to verify whether an individual is who they purport to be online, which has created a vast attack vector widely exploited by threat actors “and precludes many high-value transactions from being available online.”

“The inadequacy of current digital identity solutions degrades security and privacy for all people in the United States, and next generation solutions are needed that improve security, privacy, equity, and accessibility,” the legislation noted.

Breaches of personally identifiable information and health data have become par-for-the-course, leading to troves of data exfiltration and subsequent fraud, abuse, identity theft, and other malicious acts, further exacerbated by a lack of a universal identification verification system for online transactions.

In 2021, over 293 million people were impacted by data breaches, with identity fraud losses rising 333% since 2017. The losses totaled $56 billion in 2020.

The creation of an online verification method would empower government agencies and the private sector to reduce the “significant risk” tied to opening new accounts, as well as securing the privacy of other high-risk, high-value online services” to support individuals with more secure online transactions.

The bill also calls on state governments that are “particularly well-suited” to support enhancing digital identity solutions in the public and private sectors. The federal government would support these efforts by providing opportunities for these governing bodies to upgrade current systems that provide identity credentials like driver’s licenses.

If passed in its current state, the legislation would mandate that the Government Accountability Office audit the potential savings from the increased use and adoption of these digital identification efforts.

The legislation also calls on GAO to conduct a report on the estimated potential savings, due to the increased adoption and widespread use of 

The same committee session also advanced the Securing Open Source Software Act that aims to prevent the exploit of known vulnerabilities by directing the Cybersecurity and Infrastructure Security Agency (CISA) to ensure these software types are safely and securely used by the federal government, critical infrastructure entities, and other industries.

The bill would also empower CISA to develop a risk framework for evaluating how open source code can be used by the government, while ensuring the same framework could be voluntarily used by critical infrastructure owners and operators to identify ways to mitigate these types of risks.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.