What do Public Agencies Need to Know about Digital Identity Verification?

The past few years have brought renewed attention to the important role that identity verification plays in accessing government services. In particular, the pandemic increased the number of digital applications for government services. This shift created a greater need for digital identity verification, or the process of checking that a user is who they say they are on the internet. It also became clear that some popular forms of identity verification were insecure and made it easy for fraudsters to steal millions of dollars from government agencies. Biometric verification, a proposed solution to widespread fraud, has also been controversial.

In light of these developments, what do public agencies, especially at the local and state level, need to know about digital identity verification? 

How can they make identity verification fast, resistant to fraud, and equitable?

To help answer these questions, CDT has prepared guidance that can be used by public administrators to assess how digital verification could make a difference in their work. 

The report first provides a brief overview of how digital identity verification can help government agencies with service delivery. It also outlines the risks that digital identity verification presents. Although digital identity verification has the potential to be fast and more accessible for many users, government agencies need to think about how to prevent fraud and protect privacy.

Additionally, the guidance delves into several kinds of digital identity verification that local and state government agencies are considering. They include: videoconferencing for remote but supervised verification, cross-referencing applicant data with private databases like credit agencies, sharing data with other government agencies, and using biometric technologies.

Finally, the report provides several best practices to lessen the likelihood that these systems do more harm than good, including:

1. Minimize the chance of fraud by adopting techniques used by cybersecurity professionals;
2. Provide non-digital alternatives as a means of tackling cyber threats and equity issues; 
3. Implement privacy-forward data governance policies and practices to safeguard user data;
4. Plan and test systems with equity in mind; and 
5. Develop clear standards, requirements, and processes for procuring and auditing third-party systems.

Access to government services is critical, and identity verification is the initial threshold applicants must cross to access those services. We hope this report offers useful guidance for agencies who are interested in broadening access to public services by using digital identity verification.