White House says an anticipated executive order on identity theft is coming, here’s what experts want in it

White House officials have repeatedly described an anticipated executive order on identity theft as in the works, but stakeholders are expressing urgency on the matter.

White House officials have repeatedly described an anticipated executive order on identity theft as in the works, but stakeholders are expressing urgency on the matter. Jakub Porzycki/NurPhoto via Getty Images

Although stakeholders have big wish lists for the anticipated proposal, few details are known about what the White House expects to include.

The White House “still plans on coming forward with an executive order” on identity theft in public benefit programs that it previously promised would be released “in the coming weeks” in March, a White House spokesperson recently told FCW.

At the time, the administration said the forthcoming order, led by American Rescue Plan coordinator Gene Sperling, would have “broad government-wide directives… to prevent and detect identity theft involving public benefits” with a focus on privacy, equity and civil liberty protections, as well as provide help for identity fraud victims. 

Stakeholders say the need for action is urgent, pointing to the promise of the White House’s agenda and its policy-setting ability to address both equity concerns and internal government policy barriers that often hinder identity proofing.

There’s obvious interest in the anticipated executive order, with stakeholders champing at the bit to see White House action. 

“I've done more government briefings in the last two years than I had in like the previous eight,” said Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center. But “as far as doing something about it and acting on it, the jury's out… I'm not sure how much longer we can go on without at least something coming out with some kind of structure about what we're going to do.”

The issues are high stakes. In question is exactly how the government uses identity proofing and fraud prevention technology in public benefits programs like unemployment insurance, one of several government services still grappling with the spike in identity-based fraud since the onset of the pandemic.

The White House isn’t the only government actor working on this issue.

NIST is working on the first refresh of guidelines for digital identity verification in years. On Capitol Hill, a digital identity bill has made progress in moving through the House and Senate, although it’s unclear if it will make it into law in the remainder of a lame duck Congress. 

And likely incoming chair of the House Committee on Oversight and Reform, current ranking member James Comer (R-Ky.), told FCW in a comment that “investigating COVID-19 pandemic relief fraud is a top priority for Oversight Committee Republicans,” saying that the current administration has “sat on their hands for the past two years, pushed to spend more taxpayer money and allowed fraud within these federal assistance programs to run rampant.”

Given the role of identity and fraud tech in providing or preventing access to government benefits, a top concern for many is equity.

Linda Miller, fraud expert and partner at Guidehouse, told FCW that privacy and equity are the biggest issues for government identity verification, pointing to the backlash around privacy and equity concerns the IRS suffered in regards to its use of facial recognition tech via vendor ID.me.

Outgoing chairwoman of the House Oversight and Reform Committee Rep. Carolyn Maloney (D-N.Y.), whose committee has been investigating ID.me, told FCW in a statement that “millions of Americans have had to turn over their biometric information to private companies in order to access essential government services with little clarity on how their information will be safeguarded.”

The use of biometrics like facial recognition, although required by current NIST standards for certain levels of digital identity proofing, is fraught. 

Charles Romine, director of NIST's Information Technology Laboratory, told lawmakers in 2020 that there is significant variance in how facial recognition algorithms perform, with some but not all producing differential outcomes based on demographics.

But Velasquez cautioned the administration from precluding the use of consent-based biometrics, which she said “absolutely has a positive role” in identity validation.

Ben Winters, counsel at the nonprofit Electronic Privacy Information Center, is zeroed in on fraud detection and prevention tools in government programs. 

“We don't need an executive order that just increases the capacity to buy more tech that will ‘fight fraud’... but we could use any executive order that implements transparency and accountability requirements around the purchase of these tools,” he said. “The delay [of the executive order] has been frustrating because the federal government has a substantial role in the purchase of these tools, like giving grants to state and local governments.”

How exactly the government should address digital identity isn’t uniformly agreed upon. 

Although some groups have asked the White House to push the use of mobile driver’s licenses, Jordan Burris, former federal CIO chief of staff and current senior director of product market strategy for the public sector at digital identity verification company Socure, emphasized that he doesn’t think the administration should back any single solution.

Many do agree on the need for more help for victims of identity fraud. Currently, the process of recovering one’s identity is burdensome and confusing, requiring individuals to contact multiple agencies and companies depending on their situation.

And several stakeholders also told FCW that a major step the administration can take is helping to set standards.

One specific area is privacy and data-sharing, said both Miller and Burris. Government agencies don’t necessarily agree on how to approach data sharing, but confirming and triangulating data about someone is often part of the equation of digital identity proofing.

Burris also has a push for the digitization of identity documents like birth certificates on his to-do list and suggested that the White House designate identity management and services as critical infrastructure.

For now, the inaction is making it difficult for government agencies to act, said Miller.

“It is unfortunate that it’s been months and we haven’t seen this executive order,” she said. “I think a lot of agencies won’t take action until they see what the White House wants them to do… While they're waiting, identity theft based fraud is continuing at a pace.