The Improving Digital Identity Act of 2023

The Improving Digital Identity Act of 2023 is a significant legislative initiative aimed at enhancing and streamlining digital identity systems. In response to the growing need for secure and reliable online identification, this act was introduced aiming to establish a comprehensive framework to improve the management and verification of our digital identities. This week, a look at how we got here and what the bill seeks to do.

What is a "Digital Identity"?

A "digital identity" is defined by BeyondTrust as "a one-to-one relationship between a human and their digital presence. A digital presence can consist of multiple accounts, credentials, and entitlements associated with an individual." An identity is assigned to a user. Users usually refer to the actual person operating within an application, website, network, on-premise system, or more generally defined as a "resource". Usually, digital identities are assigned for the purposes of tracking and auditing user actions and activities while inside a resource.

Digital privacy is also a very important concept in relation to this conversation. BeyondTrust defines "digital privacy" as "the desire and/or right to have one’s identity, and sensitive data related to one’s identity, concealed and only authorized to access or know by those authorized by the identity." We have covered a decent amount over the years related to data privacy (see most recently The Washington My Health My Data Act and also the Oklahoma Computer Data Privacy Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act).

How did We Get Here?

The Improving Digital Identity Act of 2023 was introduced in response to the ever growing need for recognizing the importance of correctly managing digital identities. In recent years, the proliferation of online services and the digitalization of various sectors (like healthcare, showcased in the Washington My Health My Data Act) have highlighted the importance of secure and reliable identity creation, verification, and protection within the our digital realm. Existing identity systems do not have the appropriate regulations in place when it comes to conditions, privacy, security, and interoperability (the ability of computer systems or software to exchange and make use of information). Shortcomings in managing and protecting our digital identities can undermine user trust and hinder user experience.

The act aims to provide a comprehensive framework for enhancing digital identity management, addressing a few main challenges:

1. Increasing Cybersecurity Concerns: Every year, there are more and more cases of identity theft/fraud and cyber threats, creating a pressing need for stronger identity verification and protection mechanisms. Traditional methods, like username and password, can be susceptible to phishing scams and data breaches.
2. Streamlining Access to Online Services: As more services move online, individuals often face the burden of managing multiple usernames and passwords across various platforms.
3. Protecting User Privacy: The digital age has brought a slew of challenges when it comes to ensuring user privacy is protected and the bare minimum of what should be expected.
4. Facilitating Digital Transformation: Governments and businesses are increasingly embracing digital transformation to enhance efficiency and improve people's experience. However, cumbersome and fragmented identity verification processes pose great challenges to this area progressing.
5. Fostering Trust and Confidence: A robust digital identity system is essential for fostering trust between individuals, service providers, and government entities. This is the basis in which adoption of these services will be built on, If trust is lacking, it will severely impact general public adoption.

What will this Act Do?

The primary objective of the Improving Digital Identity Act of 2023 is to address the aforementioned challenges. The bill opens with "Congress finds the following: (1) the lack of an easy, affordable, reliable, and secure way for organizations, businesses, and government agencies to identify whether an individual is who they claim to be online creates an attack vector that is widely exploited by adversaries in cyberspace and precludes many high-value transactions from being available online... (5) The inadequacy of current digital identity solutions degrades security and privacy for all people in the United States, and next generation solutions are needed that improve security, privacy, equity, and accessibility."

It recognizes the importance of digital identities in various sectors such as finance, healthcare, and government services, and aims to create a more robust and user-centric system. The Act aims to create national for online identity verification, while promoting user privacy and data protection. "Digital identity verification" is defined in the act as "a process to verify the identity or an identity attribute of an individual accessing a service online or through another electronic means."

The Act would create a task force whose purpose is "to establish and coordinate a government-wide effort to develop secure methods for Federal, State, local, Tribal, and territorial agencies to improve access and enhance security between physical and digital identity credentials, particularly by promoting the development of digital versions of existing physical identity credentials."
There are a few key provisions of the Improving Digital Identity Act:

1. National Digital Identity Standards: Establish a set of national standards for digital identity systems, ensuring consistency and interoperability across different platforms and sectors. These standards promote the use of secure and reliable technologies for identity verification. The Act aims to promote the adoption of more secure and resilient authentication methods, such as multi-factor authentication and biometrics, to mitigate these risks.
2. Privacy Protection: Require organizations to adhere to strict privacy standards when collecting, storing, and processing digital identity information. Measure such as data encryption, consent-based data sharing, and regular security audits are encouraged to safeguard user information. The Act encourages organizations to adopt privacy-by-design principles, obtain user consent for data sharing, and implement strong security measures to safeguard sensitive information.
3. User-Centric Approach: Empower individuals by providing people greater control over their digital identities. The Act encourages the development of user-centric identity solutions that allow individuals to manage and control their identity information securely, promoting transparency and fostering trust between individuals and service providers.
4. Public-Private Partnerships: Encourages public-private partnerships to develop and implement digital identity solutions. By leveraging the expertise and resources of both sectors, the act aims to accelerate the adoption of secure and interoperable digital identity systems.
5. Research and Development: Promote research and development initiatives to advance digital identity technologies. The bill encourages funding for projects that focus on innovations in identity verification methods, biometrics, decentralized identity systems, and other emerging technologies.

The bill has been read twice and referred to the Committee on Homeland Security and Governmental Affairs, where it received a hearing at the end of March.

Conclusion

The Improving Digital Identity Act of 2023 was introduced to address the very real challenges associated with existing digital identity systems. We need a framework for enhancing security, privacy, and interoperability. We as a society are evolving, and the needs of individuals, organizations, and governments in the digital age are changing. By promoting user-centricity, protecting privacy, and fostering trust in the digital realm, we can make our lives in the digital age more secure and easier to navigate. I hope to see this bill take up more traction!

Cover Photo by Campaign Creators on Unsplash

About BillTrack50 – BillTrack50 offers free tools for citizens to easily research legislators and bills across all 50 states and Congress. BillTrack50 also offers professional tools to help organizations with ongoing legislative and regulatory tracking, as well as easy ways to share information both internally and with the public.