Last year’s Equifax breach shined a light on the limitations of our current identity infrastructure; the theft of sensitive personal data from more than 147 million people – including “secret” data that had been used by consumers and businesses to verify identities online – made clear that some of our legacy systems were no longer good enough. In the wake of the breach, government and industry have both expressed an interest in solving these problems, and in some cases putting forth new ideas for how to do so.

This session will outline the challenges the United States faces in delivering secure, reliable identity verification solutions. It will also discuss potential solutions – some driven by industry, some by government, and some by partnership between the two.

“Where we are, how we got here, and what should happen next” – Jeremy Grant

As House Energy and Commerce Committee Chairman Greg Walden noted in a hearing last year, “Today, the information necessary to compromise identity is readily available to those who wish to find it.”

An understanding of U.S. challenges with remote identity verification starts with examining the history of identity verification in the digital age. While the United States has long rejected efforts to create a national ID, the lack of a national ID does not mean that the United States does not have a government-backed identity system. Instead, a patchwork system has emerged of identifiers and credentials issued by a variety of different Federal, state and local government entities. Of note, all of these government-administered systems are rooted in physical credentials, i.e., the Social Security card, the Driver’s License, the Passport, the Birth Certificate, etc.

This patchwork has worked relatively well for in-person transactions where it was important to verify someone’s identity; service providers could simply ask to see someone’s credentials. However, the model has fallen apart online. This session will review the history of identity in America and lay out a blueprint of what should happen next to enable identity solutions that are more secure and convenient, protect privacy, and enable digital commerce in the public and private sector.

Solutions to the nation's challenges with remote identity proofing and verification will come from both the private and public sectors - and in some cases, through approaches requiring partnership between the two.

These Lightning Talks will feature presentations from leaders in both government and industry to highlight different approaches that may be part of the solution here. Presenters will focus on a concrete proposal or product that government and/or industry either offer today - or should offer in the near future - with a focus on new solutions that can help to address the remote identity proofing challenge.

The Homeland and National Security Session will focus on shifting trends across the identity spectrum, spanning from policies on screening and vetting to the types of technologies and capabilities mission partners need to implement the Administration’s recently published Executive Orders.

This session will address the current state of identity in confronting national security threats, public safety concerns and counter-fraud, while also informing industry leaders on the U.S. Government’s interest in transitioning from the collection of individual modalities and encounter-based systems to an all-encompassing approach to person-centric identity.

The session begins with presentations from senior government officials, who will describe the administration’s two new identity-focused National Security Presidential Memorandums. Background, goals, current status, and remaining hurdles will be discussed.

During the Lightning Talk time, federal officials will discuss topics such as identity federation using artificial intelligence and machine learning, land/sea interfaces, and using next-generation biometrics to protect the border.

Digital Identity offer the promise of greater efficiency, security, interoperability, and trust in a variety of settings. From the provisioning of financial services to government payments and access to citizen services, digital ID can enable improved customer identification and verification in the digital age. However, the development of a digital identity ecosystem touches on issues that cross sectors and industries, implicate various customer identity rules and regulations, and require effective public-private partnerships and mutually informed public and private sectors. During this session, participants will engage with a panel from the public and private sector discussing the challenges and opportunities associated with digital ID for know your customer (KYC), Customer Identification Program (CIP) regulations under anti-money laundering (AML) and countering the financing of terrorism (CFT) compliance obligations.

This session will outline the potential uses of digital ID to support compliance with AML/CFT obligations. It will also discuss potentially viable applications of digital ID technology to support the identification of beneficial owners (BO) of legal entities under Treasury’s Customer Due Diligence (CDD) rule, which took effect on May 11, 2018, and which requires covered financial institutions to identify and verify the identity of beneficial owners of companies opening new accounts. This rule can help financial institutions better address the risk posed by legal entities in the US and bolster the ability of law enforcement to investigate criminals who use legal entities to launder money or finance terror.

Treasury’s Financial Crimes Enforcement Network (FinCEN) will discuss ongoing efforts related to digital ID for purposes of meeting AML/CFT requirements. Background, current status, and unmet needs will be discussed.

Speakers from the public and private sectors will discuss (1) challenges of using digital ID to meet regulatory requirements and compliance regulations; (2) opportunities of using digital ID for streamlining and improving customer onboarding and compliance processes, and strengthening identification and profile development to support financial services activity and associated risk management and compliance; and (3) potentially viable and real-world applications of digital ID technology to support CDD/CIP/BO requirements and compliance expectations.

Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. Many identity theft scams are intent on targeting government programs.

A very common form of government identity theft is the fraudulent use of stolen identity information to apply for various assistance programs. It could be SNAP benefits (commonly referred to as “food stamps”), unemployment benefits, disability benefits, even Social Security benefits. Medical identity theft can occur when someone steals personal identification number to obtain medical care, buy medication, access your medical records, or submit fake claims to Medicare, Medicaid, or private insurers. The fundamental problem is that government is paying for benefits or claims for which the intended recipients are not receiving and may not even qualify for. The other major issue is that you individuals whose identities are stolen could find themselves legitimately in need of these benefits, but may not receive them because the identity thief is already claiming them.

During this session, an overview will be given on identity theft and fraud against government programs. Discussion will follow to identity policies or practices Federal agencies can employ to guard against identity theft, reducing improper payments and fraud against federal benefits programs. This session is supportive of the President’s Management Agenda, CAP Goal 9: Getting Payments Right.

• Joseph S. Beemsterboer, Chief, U.S. Department of Justice, Criminal Division, Fraud Section, Health Care Fraud Unit
• Allison Lefrak, Senior Staff Attorney and Identity Theft Program Manager, Federal Trade Commission, Division of Privacy and Identity Protection

Experts from industry, academia, and government will discuss mitigation strategies to prevent identity theft and fraud. Areas of interest include financial services, information security, biometrics/identity management and others with best practices that could be applied in the health care sector specifically and/or government benefit programs generally.

The need within the national security domain to operate in a person-centric manner continues to grow, which necessitates the ability to share (within legal and privacy bounds) identity information across federal screening systems, as well as with international and state/local partners. To assure information can be shared, specifically identity data, adherence to standards and specifications is imperative to minimize labor intense data manipulation, facilitate efficient information exchange, protect privacy, and achieve interoperable systems.

This session is intended to present the history of standards and specifications, specific agency uses, the future of standards, and a “what if?” discussion regarding all USG agencies and international partners establishing a global exchange model to facilitate more streamlined information exchange.

A panel of presenters from the three primary national security screening entities (DoD, DHS, and FBI) will discuss current standards practices and their remaining obstacles. Additional presenters from National and International standards-development bodies will then discuss in-development plans for new and updated standards, and their anticipated future impacts. While each organization has committed to participate, specific individuals identified at this time are:

• Will Graves, DoD
• Kamran Atri, NIEM

These Lightning Talks will help address the following questions:

• What interoperability issues currently exist?
• What system constraints need to be (if possible) overcome?
• How do we accomplish global interoperability (language barriers, data format, other?)

Across the market, public and private sector innovation and collaboration are driving better identity solutions. Governments – Federal, State and Local – have a supporting role to play in helping to grow a more effective and responsible identity ecosystem by working with industry to identify and reduce barriers, encourage the development of shared principles, governance, standards and trust frameworks, evaluate and document the performance realities of commercial solutions, and offer services that improve identity. The private sector, as the main developers, innovators, and suppliers of identification system infrastructure, equally have a critical role to play as the technology and product developers and as identity providers, preserving consumer choice with respect to individual privacy. Building a more secure, trusted, interoperable, and accessible identity ecosystem thus requires stronger public-private partnerships. This session will focus on various approaches to strengthening collaboration between the government and private sector for the continued development and advancement of a more secure, trusted, interoperable, and accessible identity ecosystem, what emerging technologies – from biometrics and machine learning to distributed ledger/blockchain and artificial intelligence – offer tremendous potential to transform and enhance the digital identity ecosystem, and how we can work together to develop shared standards and principles alongside innovations in technologies and trust frameworks, thus serving as a launching point for the learnings and collaborations that conference organizers hope to see in the exhibit hall throughout the week!

A “fireside chat” describing the Administration’s approach on innovation and technology policy, and leveraging of public-private partnerships to enhance the identity ecosystem.

Presenters from government and industry will discuss 1) successful (or unsuccessful) approaches to partnerships, the mutual benefits of these partnerships and what's made them successful (or not) and 2) ideas for improving collaboration (what information does industry need from government to succeed and vice versa).

The law enforcement and forensic communities have long leveraged identity technologies as a major enabler for their critical capabilities. Recent advancements, such as contactless fingerprints and rapid DNA, are introducing new possibilities – but also creating new issues for these communities. This session will discuss the changing technical landscape, the challenges and opportunities these capabilities present and the implications they have on the community.

The recent NIST assessment on forensic face examiners and AI-based recognition capabilities found that trained humans perform best when coupled with a computer, rather than another person. This research is challenging the community to investigate new techniques to harness human-machine collaboration to improve performance of identity related technologies in this community. This session will discuss this study and seek to identify other areas where human-machine collaboration may lead to improved performance.

Developing and managing larger interconnected identity systems has been a longstanding challenge in the law enforcement community. This session will discuss the current status and challenges in an effort to continue to engage the private sector in the identification of mitigating strategies.

An FBI executive will discuss the future of biometric identification (including latent prints and DNA) within the national law enforcement domain. Current capabilities and challenges will be discussed.

These Lightning Talks will discuss (1) obtaining lessons learned from other domains that can be applied by the law enforcement and/or forensic communities, (2) learning about innovative concepts and solutions that have the potential to transform the community and (3) identifying novel approaches to strengthening the human-machine collaboration in the private sector.

As a foundational capability, Identity and Access Management (IdAM) is becoming more critical to effective government services and missions, and central to modernizing information technology to achieve security and efficiency goals. The US Government is energizing ICAM/IdAM by establishing aggressive policy, standards, and goals to strengthen identity proofing, credentialing, authentication, and authorization as a core feature of broader modernization efforts. Sweeping modernization prioritizes shifting services to the cloud and embracing mobility as the new normal. Supporting citizen-facing services and government missions offer commercial providers and vendors significant challenges at scale. This session will dive into the changes in Federal direction, and explore innovative approaches to scaling modern solutions with an improved assurance model for identity.

The session begins with a panel of senior federal officials that will (1) describe the government’s updated policy (DRAFT available at https://policy.cio.gov/identity-draft/) and associated goals for IdAM in both the near- and far-terms, and (2) discuss various implementation challenges that are limiting agency’s ability to meet the policy goals.

There has been a long-time chasm between government IdAM policy requirements and what is commonly available for use or supported by the broader commercial marketplace of products and services. Requesting private-sector input in the updated White House policy reflects government efforts to overcome this chasm, but additional work remains.

During FedID, we are particularly interested in three areas: use of the cloud, enabling mobility, and leveraging federation with external partners. In this Lightning Talk session, we will discuss significant lessons-learned from other domains that the federal government should know, and novel ideas with transformational potential.

Government, enterprises and communities can no longer ignore the extensive array of digital threats with new hacks and breaches occurring daily all over the world. These breaches are not only costly, but affect the safety and health of the people trusting online services. In 2017, a major event with ransomware occurred named WannaCry which hit over 99 countries affecting thousands of hospitals, businesses, banks and more. Identity as a Service platforms are emerging as ideally suited to extend enterprise defense perimeters to the identity layer. These internet-scale, extensible service platforms enable cost-effective, real-time adaptive authentication services driven by application, enterprise and community policy requirements.

Presenter – Matt Cochran, VP Product Management and Operations, ID Dataweb

As identity breaches continue to make headlines, several organizations are moving to continuous identity verification as a way to close the trust-gap between end user account opening and ongoing authentication. In this presentation, Matt Cochran will present several industry use cases on this emerging technique, which allows existing federated identity platforms (like CA SSO, PingFederate, Okta or SailPoint) to evoke adaptive authentication services that inject 3rd party verified attributes into their federated login flows. Using this technique, organizations can quickly modify security policy and detect and react to real world changes in ways not possible before.

A panel of Lightning Talk presenters will cover Identity as a Service (IDaaS) with a focus on government customers and contractors. Industry, academic, and government experts will address the three questions below during this panel and subsequent workshop discussions.

• What solutions are customers looking for that cover a broader set of requirements than can be offered in existing enterprise class platforms?
• What is currently available in the marketplace to satisfy customer needs regarding IDaaS?
• How does IDaaS compliment and enable existing enterprise class platforms to fulfil all current needs related to human identity authentication online?

The Internet of Things (IoT) is the increasing connection of devices beyond smart phones, tablets and computers to include devices like wearables, smart appliances, home devices, smart grid, and vehicles for consumers, as well as specialized devices to support specific industries including energy, finance, health care, manufacturing, distribution, etc. IoT devices include sensed information of the devices, environment, and person. This information can be used for monitoring, decision making, and control of the physical world. As the number of devices increases, there is an increasing vulnerability of these systems to attacks, such as the Mirai Distributed Denial of Service (DDoS) attack that involved insecure IoT devices in 2016. During this session, an overview will be given on cybersecurity for IoT. Additionally, the workshop will focus on the role of identity in IoT.

Speakers will discuss its ongoing activities related to cybersecurity for Internet of Things (IoT).

In this set of Lightning Talks, industry, academic, and government experts will address the intersection of internet of things (IoT) and Identity.