DHS to issue identity tech “challenge” for industry
The Department of Homeland Security is leading an effort to better test the performance of remote identity validation technology and help develop standards for its operation. Yuichiro Chino/Getty Images
By
Natalie Alms
The testing effort for identity validation tools, led by the Department of Homeland Security with other agencies, is meant to push for the development of better tech and to set a performance baseline for its operation.
The Department of Homeland Security’s Science and Technology Directorate will be holding a series of “challenges” next year to test the performance of remote identity validation technology used to verify identities online and weed out fraudsters.
The Transportation Security Administration, Homeland Security Investigations Forensic Laboratory and National Institute of Standards and Technology will also be collaborating on this effort, called the “Remote Identity Validation Technology Demonstration Challenge.”
Specifically, the group will be testing the performance of tech used to verify identity documents as legitimate, “liveness” tech used to analyze selfie photos to determine that a real person is in them and facial verification tech that matches selfies to photos in identity documents.
A major goal: to get a performance baseline. Tech used to deliver benefits remotely proliferated during the pandemic as the public health crisis pushed services online, but there are still unknowns.
“While these technologies provide transformative improvement in user convenience, there are a wide range of questions about the performance and fairness of the technologies, as well as concerns that bad actors could exploit weaknesses in the new process to commit fraud at scale,” said Arun Vemury, lead of S&T’s Biometric and Identity Technology Center, in a statement.
Despite “widespread adoption,” there is “little independent or objective data characterizing the performance and fairness of the technologies, as well as the degree to which they may reduce fraud at scale,” reads a DHS fact sheet on the effort.
The use of facial recognition technology in particular is controversial.
Earlier this year, the IRS changed course and added new options after garnering bipartisan pushback on its use of facial recognition to set up new online accounts.
NIST studies done in 2019 found that algorithms vary significantly in their performance. At the same time, though, biometrics are required to reach certain standards for digital identity proofing set by NIST, which is currently working on a refresh for those standards.
The forthcoming testing effort is meant to push industry to develop secure, accurate and easy-to-use tech and “inform efforts to standardize and certify technologies that are effective against sophisticated and rapidly evolving attacks.”
The Biometric and Identity Technology Center will “identify vulnerabilities and risks to inform DHS stakeholders and standards developers” and “establish more robust test procedures based on increasing sophistication of attack methods.”
DHS is not the only corner of government with an eye studying digital identity tech. GSA also signaled in April that it would be running a study on facial recognition to help it decide if its own service, Login.gov, should use facial recognition technology.
All this comes as the government continues to grapple with fraud in government programs – NBC reported this week that at least $20 million in pandemic benefits has been stolen by a Chinese hacking group called APT41 – and the balancing act of preventing fraud in a complicated, high-stakes landscape of equity and privacy concerns around the tech.
DHS is holding a webinar on the effort Dec. 13, and applications for the forthcoming challenge will open next year.