In an era marked by unprecedented cybersecurity threats, the Biden administration’s new cybersecurity strategy has drawn criticism, primarily due to its lack of comprehensive measures addressing digital identity (ID). However, amidst the uproar, skeptics are urging caution, viewing the issue through the lens of privacy protection.
Despite the outcry from industry insiders, who are closely linked with federal cybersecurity policies, some voices argue that a careful approach is necessary when dealing with digital ID. Their primary concern revolves around the potential infringement on individual privacy that an extensive digital ID system might entail. Many suggest that digital IDs shouldn’t be implemented at all.
While proponents argue that the new strategy should have incorporated digital ID from the beginning, privacy advocates see a silver lining in this omission. They argue that an ill-conceived, rushed approach to digital ID might risk violating individuals’ privacy rights and could be exploited for nefarious purposes.
Jeremy Grant, former National Institute of Standards and Technology member and leader of the Better Identity Coalition, and Jordan Burris, head of public-sector strategy at ID verification provider Socure, have both expressed their disbelief at the plan’s digital ID oversight.
On the other hand, the administration has begun the implementation of several identity verification measures, which are attracting similar concerns. The Labor Department’s announcement of $377 million in grants for states to modernize unemployment-insurance programs, aimed at boosting state’s capacity to verify identities, has sparked debate. Critics worry about potential misuse and the erosion of privacy rights that might come with such an initiative.
The same concerns surround the improvements being made to Login.gov, a single sign-on application for interacting with the government securely. The question here remains, at what cost does this security come, and is personal privacy being adequately safeguarded?
A physical ID verification process for those seeking unemployment insurance benefits has also been introduced. Piloted in Arkansas, the process uses resources from the US Postal Service and the General Services Administration. Although positioned as an alternative to online processes, it still raises eyebrows about whether it truly respects privacy norms.
The need for a robust digital ID system cannot be disputed, given our increasingly digital society. However, as the criticism of the government’s cybersecurity plan shows, it’s not just about having a system in place. It’s equally crucial to ensure the system respects privacy rights and provides comprehensive protection against cyber threats. In this context, the absence of an all-encompassing digital ID strategy in the cybersecurity plan might be seen not only as an oversight, but also as an opportunity to reconsider the privacy implications of such a system.