The federal government faces a huge challenge when it comes to federal identity management. Since the creation of the first smart card initiative 30 years ago, threats have increased and the country’s digital identity infrastructure has fallen behind private industry while spending an increasing amount on security efforts.
Federal identity efforts are highly disconnected from the security employed in state government and industry. This disconnect has shown itself in the growing impact of suspicious activity tied to identity theft. In 2023, there were $400 billion in suspicious banking transactions, an increase from $212 billion in 2021, and pandemic-era unemployment fraud was more than $100 billion.
Jeremy Grant, managing director of technology business strategy at Venable and former leader at the National Strategy for Trusted Identities in Cybersecurity housed at the National Institute of Standards and Technology, has more than 30 years of experience in federal identity management and remembers the start of the federal identity management journey in 1994.
History of identity management
“The history I know in this space goes back to 1994 when I got into this space. My boss in the Senate in the ’90s was Virginia Sen. Chuck Robb, who was the father of smart cards and [public key infrastructure] in government,” Grant said. “In 1994, Robb in the defense authorization, the [National Defense Authorization Act], directed [the Defense Department] to start doing the smart card pilot.”
Grant is concerned that the federal government is losing ground. He notes that until the last 10 years, federal efforts continued to expand government knowledge. The Clinton administration introduced smart card technology partnerships. The Bush administration fostered HSPD-12 and e-authentication, and the Obama administration launched the National Strategy for Trusted Identities in Cyberspace.
“In the ’90s and in the 2000s, up through around 2016, government was actually ahead of the private sector, both in anticipating the threats and in coming up with initiatives,” Grant said on Federal Insights: Federal Identity Management. “In the last 10 years, as the identity threats are only getting worse, this continues to get pushed further and further down the priority list.”
According to Grant, the past decade has shown a declining strategic focus. New policies and initiatives have created siloed systems used in pockets versus uniform applications. For example, Login.gov operates independently from state motor vehicle systems. Mobile driver’s licenses are acceptable for the Transportation Security Administration but are not acceptable for banking activity, and age verification differs from one state, locality or system. By these rules, identity fraud is viewed as a benefits fraud situation rather than a national security issue. Every one of the United States’ peer nations has a strategy and plan to elevate identity fraud as a national priority.
Siloed systems
The Government Accountability Office has recommended a closer look at the Electronic Consent Based Social Security Number Verification (eCBSV).
“If I’m applying for a credit card, I can with my consent authorize my bank to ask the [Social Security Administration] if the data matches. But if I’m applying for benefits in the states or to set up an account at Login.gov, they don’t do that today, because it’s siloed,” Grant told Federal News Network’s Justin Doubleday. “If I need a physical ID, I can stand in line at the DMV and get a plastic card after a pretty robust in-person identity proofing process that allows me to drive a vehicle and have a card I can show in person at a government office. But if I need government services, I’m either going to Login.gov or some of the private providers like ID.me, where they’re basically putting you through a digital version of that process you went through at the DMV.”
While the current issues pose distinct concerns, there are some positives and solutions on the horizon. In the last few years, the Biden administration issued a zero-trust memo that instructed agencies to use phishing-resistant authentication whether it was a personal identity verification card or fast identity online authentication. NIST has also advanced authentication efforts, including a Digital ID playbook with banking partners, and the Login.gov director has imposed improvements. With authentication issues addressed, identity proofing remains a challenge.
Infrastructure investment
Moving forward, federal identity management needs renewed strategic leadership. Recommendations include treating identity as infrastructure like the REAL ID Act and funding state programs.
“While we’ve never created a grant program, we documented where the government has spent well more than a billion dollars on a lot of these legacy siloed systems instead. So we’re already spending the money; our take is we’re just not spending it very strategically,” Grant said.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
