The long march to an approved federal budget began in earnest on March 28th of this year when President Biden unveiled the administration’s proposed 2023 government fiscal year budget. While the media often reports on the budget submission as if it’s already the law of the land, those of us who follow the budget and appropriations process in Washington know all too well that this ceremonial unveiling represents only the beginning of a long, often vexing process. It’s been said that the true outcome of compromise is disappointment on all sides; sadly, when it comes to federal budgeting and the appropriations processes, disappointment is usually an understatement.
The administration’s budget proposal is just that—a proposal. It’s the Congress that ultimately decides where federal dollars are spent, and while the budget proposal is a useful guidepost of administration priorities and values, the real sausage-making of appropriations always results in something markedly different than what’s released in the thousands of pages by the Office of Management and Budget each year. Inasmuch as death and taxes are a certainty in life, the confounding path the budget takes from proposal to enactment is nearly as certain.
One thing is clear about the current state of affairs – irrespective of how and when the budget gets finalized, the end result is missing critical pieces that are essential to our country’s infrastructure. This is especially important now, as we come to the realization that our national digital identity infrastructure is broken. Appropriators and program managers need to think fundamentally differently about how we apply solutions – and budget – to solve rapidly evolving identity fraud issues.
Overnight, our entire economy shifted online in the midst of COVID shutdowns, which created an opportunity to shed the weight of inequitable in-person processes. But because identity was not adequately funded, and because the federal government lacked processes and the willingness to prioritize identity and relentlessly measure effectiveness, they missed an important opportunity. The result was that the government made it harder and more complicated for those in need of aid to get it, and it invited more fraud into an already-vulnerable system.
For decades, our approach to confirming identity has been based largely on querying credit data and using outdated binary matches to confirm that someone is who they say they are. Unfortunately, reliance on these old models ignores the nearly 45 million Americans who are not in the credit or banking system, and ignores the agility and sophistication of fraud rings who are adapting their attacks in real-time. The inability of these existing systems to identify such a large swath of our population results in roadblocks to access programs in the same way as those who participate in other parts of our digital economy. In other words, our digital identity systems too often penalize people for not having the kind of credit history deemed acceptable by our federal government.
There have been equal amounts of outrage about the scope of losses we’ve faced during the pandemic on the one hand and about the use of more invasive technologies like facial recognition and document authentication to access tax filings and social security earnings statements on the other hand. Dozens of letters have been fired off to agency heads demanding accountability and answers to the same questions that have plagued our programs for decades.
These oversight motions are important to ensure we’re keeping an eye on performance and that our taxpayer dollars end up where intended. But unless we craft funding expectations centered on the challenges at hand, we shouldn’t expect performance to improve dramatically. Congress should go much further and place much more specific conditions and expectations on federal agencies in the twelve Congressional appropriations subcommittees. What kinds of conditions? Let me offer a few suggestions:
- Mandate that programs and systems relying on identity-proofing implement processes to document and validate the performance of the vendors. Yes, the industry should be graded and it should be transparent for all to see. Old solutions can be massively outperformed by newer approaches that leverage advanced data science and machine learning techniques.
- Require that agencies and state-level counterparts receiving federal funds retain and share the output of their identity verification processes to a collective government-only information sharing repository that will enable cross-comparison across disparate programs and systems. Fraudsters use the same attack vectors across multiple systems and current policies limit the ability of agencies to retain and share information with their counterparts. Fraudsters are also sophisticated; to defeat them, we must network ourselves to ensure common attack vectors can’t be reused across multiple systems and programs.
- Measure and publish the actual performance of identity verification processes BEFORE requiring that citizens submit copies of identity documents and/or utilize facial recognition to confirm their identity. The reality is that poor performance of legacy solutions funnel huge amounts of the population into additional checks that introduce friction and delay access to benefits. Defaulting to these manual processes wastes time and money and further disadvantages individuals who need benefits the most.
- Treat the funding of identity programs at agencies as a critical priority, either through centralized funding or dedicated funding by agency. Identity is the key enabler of mission delivery and without it, everything breaks down. It’s imperative that agencies not be forced into the position to make tradeoffs where identity efforts (just like IT historically) fall on the backburner.
Fraud and friction don’t need to be the default for federal programs. Now that we are on the other side of the pandemic, we need a fresh approach to drive performance and accountability in federal identity programs. Socure is looking forward to working with the administration and Congress to bring long-needed innovation to improve citizen service and access while dramatically reducing fraud.
Brendan M. Peter has 25 years of executive-level experience at the intersection of global public policy and strategic business growth with a specific focus on identity-related policy. Brendan serves as Socure's Vice President of Government Relations. Immediately prior to joining Socure, he served as Head of U.S. Government Relations for Seagate Technology, the world’s leading advanced storage technologies company. Brendan's identity-related government relations experience includes serving as Vice President of Government Relations for IDEMIA, the largest biometric and identity security company; Vice President and Head of Global Corporate Affairs for CA Technologies, one of the world’s largest independent software companies; and Head of Government Affairs for LexisNexis. In these roles, Brendan had led global public policy, corporate social responsibility and thought leadership programs and served as the principal executive advisor to the CEO and Executive Management team on a wide range of public policy issues globally.