Key Initiatives

What role does the state Department of Motor Vehicles (DMV) play in digital identity?

The DMV – as the one government entity where nearly every adult goes through a robust, in-person identity verification process to get a driver’s license or state ID card – is uniquely positioned to help make digital identity work better for Americans. Unfortunately, most DMVs are just issuing plastic ID cards that can’t be used online. And at a time when adversaries have caught up with the systems America has used for remote identity proofing and verification, the DMV is ideally positioned to address this problem. States should modernize legacy identity systems and embrace new privacy-protecting mobile Driver’s License (mDL) solutions that empower residents to protect themselves from identity theft in the digital world.

How can state-based attribute validation services at vital records bureaus support
next-generation, consumer-centric remote identity proofing and verification systems?

Next to DMVs, vital records bureaus are the most important agencies in the state identity ecosystem. In their role of issuing birth certificates, marriage certificates, and death certificates, vital records bureaus are on the front line of identity, and often have foundational information that can be used to validate identities. Americans should be able to ask these agencies to vouch for them in the online world – by validating the information from their credentials and other vital records.

What are some of the identity innovations that can enable better services?

States should embrace modern technologies to enable a broader array of services for constituents. Specifically, states should pass Remote Online Notarization (RON) laws that would enable a secure, standard approach to virtual notarization services. Additionally, states can complement mDL and other government-based attribute validation services with commercial identity tools that are certified as meeting rigorous NIST standards.

What can states do to make sure identity works for everybody?

While state DMVs are the logical starting point for most residents, they don’t work for everybody. Roughly ten percent of adults do not have a driver’s license or state ID, and in many cases, people lack critical identity documents, like birth certificates and Social Security cards, needed to get one. This disproportionately impacts the most marginalized communities, including people of color, the elderly, the poor, as well as survivors of domestic violence and those reentering society after time in prison. As states invest in new digital identity tools, they should also invest in services to ensure that their most vulnerable residents are not left behind.

How can states promote and prioritize the use of strong authentication?

Passwords continue to provide the attack vector in the majority of breaches and cyber incidents, and some legacy tools used for MFA are coming under attack as well. State governments should adopt strong phishing resistant authentication as well as the use of electronic signatures, and update legacy policies that create barriers to the adoption of strong authentication solutions.

How can states “do no harm” when it comes to digital identity and authentication?

Some states have passed security and privacy legislation that has inadvertently precluded use of some identity security technologies, or mandated non-standard approaches to identity verification or authentication that put government, business, and residents at risk. In many cases, these have been driven by sincere efforts to protect residents but have ended up creating risks that are far greater than the things legislators intended to guard against.
‍
States should leverage digital identity standards published by NIST rather than create requirements for new, one-off approaches. Additionally, states should consult with security and identity experts when crafting new policies to ensure they do not inadvertently create new mandates that make things worse.

STATE KEY INITIATIVES

Better Identity in America: A Blueprint for Federal Policymakers

Better Identity at Five Years: An Updated Blueprint for Federal Policymakers

Better Identity in America: A Blueprint for State Policymakers