The ability of individuals to recognize and trust each other plays a fundamental role in our economic and social interactions. Prior to the digital age, identification systems relied on physical documents and face-to-face interactions, a system that came with a high level of assurance.
However, the proliferation of internet-enabled devices has made it substantially easier for malicious actors to disguise, hide, or misrepresent who they are. While service providers and cybersecurity firms work to keep up with the evolving threat environment, digital identity continues to be the easiest — and, by many accounts, the primary — vector by which fraud and other cybersecurity intrusions occur.
President Biden’s American Rescue Plan addresses this by calling on Congress to provide $300M in funding for GSA Technology Transformation Services (TTS) as part of a larger effort to modernize federal IT and secure U.S. cybersecurity against attacks such as the recent SolarWinds breach.
However, a recent report indicates that a proposed $9B for the Technology Modernization Fund has been dropped, and it is unclear if the proposed $300M for GSA TTS will be part of the final relief plan.
I believe that excluding the proposed TTS funding would be a mistake.
In the face of the COVID-19 crisis and the nation’s cybersecurity crisis, TTS is uniquely positioned to build and improve shared services that would strengthen and modernize capabilities across government. These funds would also allow TTS to deliver on its vision of providing trusted modern government experiences for all, especially historically underserved communities.
Here are three ways that TTS could use the proposed funding investment to help everyday Americans.
1. Support equitable access to government services
Challenge: Access to online government services remains out of reach for many vulnerable populations. This is because many common methods of remote identity proofing (e.g., validating a driver’s license) are challenging for underserved Americans who often face hurdles such as a lack of financial information, driver’s licenses, or a long financial history.
Additionally, most remote identity proofing services need a smartphone, a requirement that excludes many populations, including:
- 47% of adults over the age of 65,
- 29% of rural adults, and
- 29% of adults with an income under $30,000
How TTS could help: Shortcomings in legacy identity verification tools could be overcome by using existing federal (e.g., SSA, US Postal Service, Dept. of State) and state authoritative sources for data validation. While this has previously been called for in federal guidance such as NIST SP 800-63-3 and OMB M-19-17, it has not yet been operationalized due to a lack of dedicated government funding and the absence of a statute permitting agencies to disclose Privacy Act records for data validation purposes.
TTS could use the proposed funding to launch a shared service that addresses these challenges by validating data against authoritative federal sources. The proposed funding would not only help TTS operationalize the service at federal agencies, but it could also be used to modernize the legacy systems still in use at those agencies, enabling their participation in the validation service.
2. Tackle the recent surge in benefits fraud
Challenge: The COVID-19 pandemic has exposed the fact that state-administered benefits portals are unable to effectively scale and meet a surge in demand for benefits.
States are swamped – as of November 2020, 47 states were failing to meet federal standards for disbursement of benefits payments. Fraud has surged as well – during the same timeframe, over $36B of disbursed payments were found to be fraudulent.
Federal Trade Commission data (charted below) shows a 82x year-over-year surge in government benefits fraud.
How TTS could help: TTS could use the proposed funding to help states accelerate the processing of benefits claims, reduce fraud, and increase cybersecurity by implementing and scaling the following shared services:
- Identity Veriﬁcation: Centrally funding login.gov would help states adopt strong identity verification.
- Digital Forms and eSignatures: TTS could scale the existing Forms as a Service solution to accelerate the digitization of paper-based forms used to fill out benefits applications.
- Beneﬁts Disbursement: TTS could implement a platform to standardize payment disbursement and provide funds quickly and securely to applicants.
TTS could also use the funding to provide no cost technical consulting to help low-capacity departments utilize shared services.
3. Address cybersecurity weaknesses at the state and local level
Challenge: Significant cybersecurity weaknesses at the state and local level leave systems and services vulnerable to attack. This is evidenced by the SolarWinds attack, which affected at least three states and several federal agencies. Additionally, cities such as Austin, TX, were compromised for months and used as infrastructure to stage additional attacks.
While federal cybersecurity guidelines have established a high watermark to protect citizen data, resourcing constraints have made it untenable for state, local, territorial, and tribal (SLTT) governments. The Technology Modernization Fund (TMF) was developed to enhance cybersecurity across the federal government, but no comparable funding exists to enable SLTT governments to modernize their infrastructures.
How TTS could help: TTS could use the proposed funding to help state governments meet federal cybersecurity standards by expanding cloud.gov, FedRAMP, and login.gov to provide secure online shared services. An effort like this, especially if provided at no-cost to states, could spearhead the strengthening of U.S. cybersecurity and deliver on the goals set out in the American Rescue Plan.
An investment into digital identity is crucial for securing U.S. cybersecurity and building shared services that will help Americans, and GSA TTS is best positioned to execute on this goal.