DHS wants answers on how well digital identity systems work

The Department of Homeland Security's Science and Technology Directorate is testing whether identity documents can reliably be verified through new technology.

The Department of Homeland Security's Science and Technology Directorate is testing whether identity documents can reliably be verified through new technology. Yagi Studio / Getty Images

Natalie Alms By Natalie Alms,
Staff Reporter, Nextgov/FCW

By Natalie Alms

|

The Science and Technology Directorate is moving forward with another round of testing for its remote identity validation technology demonstration. 

The research arm of the Department of Homeland Security is moving forward with ongoing testing to evaluate the effectiveness of remote identity validation technologies. 

The hope is that DHS can answer basic questions about how well these technologies work. 

DHS’ Science and Technology Directorate said Tuesday that it would conduct new tests that focus specifically on the ability of systems to match selfies to photos on identity documents, a process meant to weed out any fraudsters trying to use stolen IDs.

They’re taking applications from tech developers who want to participate through June 22.

The so-called remote identity validation technology demonstration also includes tests on the efficacy of systems meant to authenticate identity documents like driver’s licenses as valid by assessing a photo of them, said Arun Vemury, the lead of the directorate’s biometric and identity tech center.

Future tests will look at so-called liveness tech meant to confirm that it’s a real person on the other end of the screen submitting identity documents.

“There’s a lot of questions we just don’t really have good answers for right now,” said Vemury, ticking off the unknowns.

“Does this really work? Or, how well does it work? If we do this on a massive scale, does that open the door for fraud if we don’t actually have a good understanding of how this actually works,” he said. “Will it work for all people equally? Do they have to have the newest, latest and greatest phones for it to work well?”

The ongoing research is happening as these types of remote identity technologies have been garnering more attention in the government space, where they are sometimes used to vet applicants for government benefits. 

The use of identity proofing technology that utilizes selfie matches against identity documents has proliferated across the unemployment system, for example, in an effort to suppress increases in fraudulent claims during the pandemic.

But remote identity proofing is also used in other contexts to check people trying to open a bank account or verify a social media account.

Still, the use of facial recognition has been fraught, with advocates and even some government watchdogs expressing concern about the equity implications of the use of facial recognition systems.

And getting a system to clear a standard for identity proofing set by the National Institute of Standards and Technology is currently most easily done with a biometric like facial recognition. NIST is currently revising the standard and appears to be planning major updates on the use of facial recognition while investigating potential new options that don’t use the technology at all.

All this is happening as the landscape continues to shift in terms of the threats these technologies are trying to address and how remote identity-proofing tech is used, Vemury said. 

“A lot of the security features in the ID documents are in different wavelengths of light… and you need special lighting sources to be able to even see them,” he said. “So the question then is, when I take a photo with my smartphone, which wasn't really meant to take photos of IR or infrared or UV light, and now we're trying to detect the security features… Are we really getting the security that we expect out of these documents when we use it in this new type of process?”

How bad actors might try to evade liveness detection tests is changing quickly as well, said Vemury, pointing to 3D printers, digital inject attacks where fraudsters bypass the camera altogether and high-resolution screens. 

The tests will look at both how well these sorts of remote identity proofing technologies recognize bad actors and how often they accidentally tap a legitimate person as a fraudster, said Vemury. 

The stakes are high for both.

In terms of fraud, online programs and systems potentially open up the door for sophisticated bad actors to do more attacks more quickly than they would be able to with the restrictions of defrauding programs in person, said Vemury, pointing to the banking context as an example, where operating online might be easier than going to defraud many, individual bank tellers.

And when legitimate people are flagged as fraudsters by the systems, that’s the difference between accessing a government benefit easily after the first try to be identity proofed, or not.

How many legit people are getting caught up in systems is another unknown, said Vemury.

“Some people will report out, ‘We accepted X percent of transactions or X percent of transactions were successful,’” he said. “But we don't know if the remainder were because of fraud or legitimate people who just weren't able to complete the steps for whatever reason or the software wouldn't work for them.”

NEXT STORY: Lawmakers have questions about online passport renewal

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.