Identifiers & Verification in a Post-Breach World

Description

Overview: Last year’s Equifax breach shined a light on the limitations of our current identity infrastructure; the theft of sensitive personal data from more than 147 million people – including “secret” data that had been used by consumers and businesses to verify identities online – made clear that some of our legacy systems were no longer good enough.   In the wake of the breach, government and industry have both expressed an interest in solving these problems, and in some cases putting forth new ideas for how to do so. 

This session will outline the challenges the United States faces in delivering secure, reliable identity verification solutions.  It will also discuss potential solutions – some driven by industry, some by government, and some by partnership between the two.  

Federal Presentation

“Where we are, how we got here, and what should happen next”
-Jeremy Grant (and someone from government TBD)

As House Energy and Commerce Committee Chairman Greg Walden noted in a hearing last year, “Today, the information necessary to compromise identity is readily available to those who wish to find it.”  

An understanding of U.S. challenges with remote identity verification starts with examining the history of identity verification in the digital age.  While the United States has long rejected efforts to create a national ID, the lack of a national ID does not mean that the United States does not have a government-backed identity system.  Instead, a patchwork system has emerged of identifiers and credentials issued by a variety of different Federal, state and local government entities.  Of note, all of these government-administered systems are rooted in physical credentials, i.e., the Social Security card, the Driver’s License, the Passport, the Birth Certificate, etc.  

This patchwork has worked relatively well for in-person transactions where it was important to verify someone’s identity; service providers could simply ask to see someone’s credentials.  However, the model has fallen apart online.  This session will review the history of identity in America and lay out a blueprint of what should happen next to enable identity solutions that are more secure and convenient, protect privacy, and enable digital commerce in the public and private sector.

Lightning Talks

• Phil Lam, VP – Product Risk Strategy, Early Warning Services
  • Reclaiming Control Over Personally Identifiable Information
• Catherine Schulten, VP – Product Management, LifeMed ID
  • Mobile Identity Verification in the Health Ecosystem
• James Loudermilk, Senior Director – Innovation
  • Embracing Electronic/Mobile Credentials for Identity Verification
• Geoff Slagle - AAMVA
  • The Mobile Driver's License (mDL)

Workshop

• Break into small groups for public-private discussion on the topics; using previous presentations and questions as launching point
• Setup: Numerous round-tables for small-group discussions 
• Approach:  Jeremy Grant will serve as the “Workshop MC” – and assign a series of brainstorming and discussion tasks, which each table will individually work through, culminating in a “recommended” path forward for the community.  Topics include:
  • What is the appropriate role of government in improving the identity ecosystem?
  • Can government offer identity services to the private sector (such as validation of attributes) in a way that is secure, protects privacy, and is designed to put the needs of the consumer front and center?  How?
  • What role, if any, does the private sector play in helping government address its identity challenges?
  • What steps, if any, do governments (Federal or state) need to take to drive progress?

Wrap Up

• Read-outs from small groups
• Moderator summation