Government agencies are currently wrestling with how exactly to verify Americans who want to access federal programs and services.
Digital identity is a key piece of improving customer experience for users of federal government programs. But identity proofing poses special challenges in balancing privacy, security and accessibility. At an FCW's CX Summit on Wednesday, officials talked about efforts to give Americans safe and secure access to programs and services.
"We have been working on identity as a piece of most of the programs that we are supporting agencies in," U.S. Digital Service Administrator Mina Hsiang said.
Federal Chief Information Officer Clare Martorana said that in her previous work with the Veterans Administration during her time at USDS, her team used a photo of a computer monitor with "six or or seven Post-it notes on it that had six or seven usernames and passwords for different systems at VA" as a guiding "story" and selling point for their efforts on login experiences. The photo, Martorana said, is still relevant.
The General Services Administration's Login.gov, which has some identity proofing capabilities, is looking to scale dramatically in coming years with the hope that it can be a shared service for more agencies to use for identity verification and sign-ons.
Still, many government agencies are currently confronting how exactly to verify that someone is who they say they are online.
The IRS faced criticism from lawmakers and digital privacy groups earlier this year over its use of facial recognition via identity verification company ID.me, before announcing the availability of verification options without facial recognition and its intent to add Login.gov as an option.
Several talked on Wednesday about the importance of providing identity verification options to customers, including Ken Corbin, the chief taxpayer experience officer at the IRS.
"We have to make sure that we create different ways for people to be able to authenticate with our agency because we have to protect their information," he said during a different panel. "If you think about a highway, we're creating different exits. So let's say for example you may not want facial recognition… there's a way for you to exit off, to get that same service and make sure that service is available for you."
But lining up the policies, rules, technology and data on the backend of government systems to verify identities can be difficult.
One barrier is data about Americans, which is subject to certain rules around collection, use and sharing within and among government agencies.
"We have rules in place where agencies cannot share data with each other, which actually makes citizens do more work" in terms of identity verification, said Suzette Kent, former federal CIO, during a media roundtable June 17.
But changing how the culture views—and what laws govern—the sharing of data in and amongst government entities would likely be a difficult cultural and political shift, despite the proliferation of personal data outside of government, said Linda Miller, principal at Grant Thornton's advisory services and former deputy executive director of the Pandemic Response Accountability Committee.
Still, the attention on "redesigning our whole customer interaction" could be an "entry point" to test ideas about how agencies can provide cross-agency services and tap into information, Kent said.
Current digital identity guidelines from the National Institute of Standards and Technology require the use of a biometric for the highest levels of digital identity proofing. NIST is currently working on remaking their digital identity guidelines, with a draft scheduled for this fiscal year and final text in fiscal year 2023, according to an agency roadmap.