At the tail end of the Biden-Harris administration, a bill designed to advance digital ID in federal agencies got pushed through the legal process.
The Congress last week passed the GSA Technology Accountability Act, and Biden signed it into law on Dec. 30.
We obtained a copy of the bill for you here.
Proponents hail the new law as a potential way to usher in “effective and inclusive” governance – but that will depend on the level of support it manages to garner going forward from both the public and private sector, and of course, the federal agencies themselves.
The law is about setting digital ID standards, and from there allowing for “efficient and secure” management of digital identity.
More than anything, the latter is sorely needed in order to get the public on side – the same public that is getting increasingly wary of what digital ID will mean in terms of not only security, but also privacy and protections relating to a plethora of civil rights.
The bill – amending Title 40 of US Code – was first introduced in May as HR 7524 to address spending earmarked for, in this instance, information technology management.
The bill required the General Services Administration to report to Congress each year on projects funded by the Federal Citizen Services Fund and the Acquisition Services Fund, HR 7524’s description said.
Now, the gist of the bill that has just become law is interpreted as a stepping stone for “modernizing digital identity frameworks” as “the cornerstone of modern governance.”
The law’s main goal is said to be standardization and integration of digital identity standards as those are applicable to a host of federal agencies, in order to facilitate the creation of a single digital identity.
This, in turn, provides different agencies with a streamlined way of accessing information about users that range from public health “initiatives” to issues pertaining to “cybersecurity.”
“Strict privacy safeguards” is what the law promises, and those subjected to it are expected to accept and “embrace” those promises (funding is also provided to promote “engagement, awareness, and acceptance”).
Online attacks by “malicious actors” from the category of those looking to make money off vulnerabilities, or exploit the wide-ranging field of “national security” are underlined in the act.
The law “mandates compliance with existing privacy laws such as the Privacy Act of 1974 and introduces additional measures to enhance transparency and accountability,” reports say, regarding “strict privacy protections.”
