recommended reading

Doodle-recognition technology could help curb voter fraud

Flickr user Jeremy Roof

Motor vehicle officials and a biometric firm are piloting a federally-funded online program to let citizens renew driver’s licenses by drawing a passcode with a mouse or finger on a touchscreen -- a method with the potential to stanch voter fraud.

The maneuvering will be similar to scribbling on an Etch-a-Sketch toy, said Jeff Maynard, president and chief executive officer of Biometric Signature ID, the company providing the handwriting recognition service. “Instead of your Etch-a-Sketch machine, it’s now a mobile device, like an iPhone or an iPad,” or a personal computer.

The $1.6 million project led by the American Association of Motor Vehicle Administrators is one of several trials the National Institute of Standards and Technology is funding to lay the foundation for an online login network, akin to a credit card system, where computer users can access separate sites without resubmitting personal data.

Other participants in the licensing pilot program include the Commonwealth of Virginia Department of Motor Vehicles, CA Technologies, Microsoft and AT&T.

The planned login network, called the National Strategy for Trusted Identities in Cyberspace, or NSTIC, aims to ensure Internet users are who they say they are when they interact online.  

With handwriting capture, “those strokes are unique to you. And we store that in an encrypted database when you enroll. If the biometrics match, you are allowed access to the next level” of identity verification to conduct the online transaction, renewing a license in this case, Maynard explained. The technique, called gesture biometrics, allows the computer to distinguish the physical person from imposters by using “whatever pointing device they have at their desk right now,” Maynard said. (Click here for a test drive)

The technology is delivered through the Web, or the “cloud,” so there is no app to download or hardware to attach.

Motor vehicle administrators feel compelled to advance the NSTIC network, due to “the driver’s license increasingly becoming the de facto identity document,” Neil Schuster, the association’s president and chief executive officer, said in a statement.  

Some local governments require that voters show a driver’s license or similar ID to vote. And DMV websites are the de facto voter registration location in many states. These realities create the risk that bogus driver’s licenses could impact voting results.

“Man, that thing in the wrong hands can create your ID for somebody else,” Maynard said.

NSTIC proponents say the envisioned chain of validated IDs could thwart such fraud and make all online transactions, perhaps even online voting, more secure than it is today. There are hurdles, however. The network will require compatibility standards, privacy policies, buy-in from e-commerce businesses, the trust of citizens, a new marketplace of credential providers, and global adoption.

Ian Grossman, vice president of member services and public affairs for the motor vehicle association, said, “If there’s a way an elections commission can leverage what we’re doing to reduce the fraud of the initial identity document then I think the benefits of that will be flowing in a lot of different directions.”

Within the NSTIC system, the data on a driver’s license may be needed to obtain a stronger Web credential from, for instance, authentication firm VeriSign, to perhaps one day file taxes through IRS.gov.

"The same entities who issue a driver’s license -- that provide you an identity card -- would be involved in a broader community that gives someone credentials,” Grossman said. “Our intent is limit and minimize the amount of fraud around these identity documents.”

The problem of fraudulent online ballots and voter registration rolls are beyond the immediate scope of the $9 million worth of pilot grants that NIST announced on Sept. 20.

“Our efforts in the NSTIC National Program Office are centered around creating an identity ecosystem where individuals can choose from a variety of different credential offerings in the marketplace for online transactions that are more secure, convenient and privacy enhancing,” said Jeremy Grant, NIST Senior Executive Advisor for Identity Management. “But we would imagine that once an identity ecosystem exists, it would enable a wide range of online transactions that are not possible today.”

He added, “Secure authentication is certainly one of the missing pieces to that puzzle [of online voting] but it is hardly the only one.” The other obstacles include viruses on voters’ computers, as well as a 2011 NIST finding that “Internet voting systems cannot currently be audited with a comparable level of confidence in the audit results as those for polling place systems.” 

Grant said, “I’d personally love it if I could one day vote from my smartphone.  But given that the challenges to online voting extend well beyond the scope of NSTIC, this is not a focus of the NSTIC National Program Office.” 

Among the other NSTIC grants is a $1.8 million pilot led by ID management company Daon to demonstrate how senior citizens and other individuals can use smartphones and tablet devices to maximize customer choice, with support from AARP, the American Association of Airport Executives and PayPal, among others. In addition, Resilient Network Systems is pursuing a $2 million program to secure sensitive health and education transactions with the help of the American Medical Association, Aetna, LexisNexis, Riverside Unified School District, Santa Cruz County Office of Education and others. 

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.