President Biden last week signed the mammoth CHIPS and Science Act into law. After more than three years of intense lobbying from the global semiconductor and technology industry, the package enacted last week will jumpstart domestic investment in new semiconductor fabrication plants to decrease reliance on Chinese suppliers. The Act is a huge win for the global tech industry and the industries that rely on chips that power everything from vacuum cleaners to cars to our ubiquitous electronic devices. While most of the media have focused on the $52 billion in incentives for domestic semiconductor manufacturing, the Act also offers additional support for broader technology initiatives that are just as vital to US economic and national security.
The CHIPS Act is about much more than just semiconductors—all told, the bill authorizes more than $200 billion in spending on a wide range of vital industries that will drive the technology in the future. The legislation includes $170 billion in new authorizations and the creation of a new technology directorate at the National Science Foundation that will accelerate R&D investments in areas as diverse as artificial intelligence and machine learning, data storage, and robotics, among others.
The legislation also provides significant new authority for the federal government’s standards and testing arm, the National Institute of Standards and Technology. As part of this effort, Socure contributed to the inclusion of new requirements for identity verification and fraud prevention and detection. This was in response to the COVID-19 pandemic, which exposed real weaknesses in our ability to deliver services and benefits to individuals in an equitable and frictionless manner. With government offices closed for months, federal, state, and local agencies had to move services online overnight in order to provide unprecedented aid to those affected by the economic losses associated with the pandemic. These new requirements are going to help efforts to reduce fraud and ensure the government is equipped to move quickly to get aid and services to those most in need.
Improving digital identity technologies with CHIPS and NIST
The CHIPS Act includes new requirements for NIST to develop voluntary standards to improve digital identity technologies that undergird virtually all trusted transactions on the Internet. Socure has been advocating for the modernization of standards used by government agencies to prove and secure identities with accuracy. Existing standards have not been updated in years, and old mechanisms for validating identity, such as dreaded knowledge-based authentication quizzes, have been surpassed by new AI-driven techniques that provide much greater certainty in identity attributes and underlying risk. Fraudsters are networked online and have developed and published widely available roadmaps to defeat existing controls and approaches. The reality is that the legacy standards of identity verification used by the government have not kept up with market innovations or evolving fraud techniques. The Act’s specific focus on attribute validation services is something Socure believes will accelerate the transition from an outdated reliance on credit header-based models that create significant challenges for approximately 20% of the US population to confirm identity in digital transactions.
Identity proofing and verification mechanisms are specifically called out in the legislation, and Congress recognized that proofing systems must be risk-based and adaptive to continuously evolving fraud schemes to ensure trust and security. One-size-fits-all approaches that leverage static rules have not met the market’s needs for years. The new requirement for NIST will accelerate the adoption of novel risk and identity verification approaches like Socure’s graph-defined identity verification, which is built to address rising synthetic and third-party fraud vectors that networked fraud rings use to steal money and take over legitimate users’ identities.
Existing systems have also exacerbated inequities in access to benefits and programs because they rely heavily on credit data that ignores more than 40 million Americans who are unbanked, underbanked, or have little or no credit history. The CHIPS Act directs NIST to improve the accuracy and inclusivity of digital identity management systems. Socure looks forward to working with NIST to demonstrate how modern approaches can ensure that traditionally hard-to-verify and hard-to-reach populations aren’t prevented from using services they’re entitled to.
Users continue to be frustrated by how digital identity works in the public sphere today, as technology presents significant usability challenges and reinforces systemic biases that limit equitable access. Moreover, Congressional and state legislative furor continues to grow over approaches that mandate the use of facial recognition and other controversial technologies while misrepresentations by vendors in the identity space have increased mistrust. The reality is that modern data-driven approaches can make it easier for individuals to access programs without resorting to controversial techniques to move people through enrollment and onboarding systems.
The CHIPS Act addresses this tension head on by requiring NIST to measure and evaluate the effectiveness of biometric identification systems with a specific emphasis on bias, accuracy, fairness, and appropriate models of consent. The CHIPS Act requires the Government Accountability Office to submit a report to Congress on the impact that biometric identification technologies have had on historically marginalized communities. Combined with the focus on equity in overarching identity management programs, Socure believes these provisions will help build trust and ensure that the solutions deployed in the public sector are available and accurate for all.
Time for identify innovation leadership
The amount of fraud that occurred during the COVID-19 pandemic was unprecedented. At the same time, our existing systems left a significant number of people behind in our economic recovery because the data and validation systems used failed to account for nearly 20% of the US population. For America to truly lead in innovation, our identity efforts must receive the same attention and focus as other critical industries. There’s too much at stake for us to keep making the same mistakes. Socure is pleased to have played a role in ensuring identity receives the attention it deserves and we look forward to working with NIST, Congress, and broader stakeholders to ensure the next generation of technology fosters American competitiveness and equality.
Brendan M. Peter has 25 years of executive-level experience at the intersection of global public policy and strategic business growth with a specific focus on identity-related policy. Brendan serves as Socure's Vice President of Government Relations. Immediately prior to joining Socure, he served as Head of U.S. Government Relations for Seagate Technology, the world’s leading advanced storage technologies company. Brendan's identity-related government relations experience includes serving as Vice President of Government Relations for IDEMIA, the largest biometric and identity security company; Vice President and Head of Global Corporate Affairs for CA Technologies, one of the world’s largest independent software companies; and Head of Government Affairs for LexisNexis. In these roles, Brendan had led global public policy, corporate social responsibility and thought leadership programs and served as the principal executive advisor to the CEO and Executive Management team on a wide range of public policy issues globally.
SoCandid Spotlight: Beyond NIST - Why Higher Standards...
Socure recently achieved a milestone when the Kantara Initiative certified our identity verification...
Federal Charges Associated with PPP Loans Uncover Elaborate...
The Paycheck Protection Program (PPP), included under the CARES Act, made...