The Better Identity Coalition (BIC), FIDO Alliance, and the Identity Theft Resource Center (ITRC) hosted its annual policy forum, “Identity, Authentication and the Road Ahead,” on Jan. 28. The day-long event featured panel sessions that focused on addressing the challenges and opportunities in digital identity and authentication, emphasizing a need for stronger digital identity standards to improve security, reduce fraud, and enhance efficiency across government and private sectors. 

The forum highlighted new strategies and initiatives for digital identity in response to the political transition within the U.S. government and the arrival of a new administration. Below are recaps of each of the sessions. 

‍BIC Updated Policy Blueprint for the New Administration 

BIC Coordinator Jeremy Grant unveiled the release of BIC’s “Better Identity in America: A Policy Blueprint for the New Administration,” which includes a 22-point action plan to address digital identity challenges under the new administration. This plan builds on BIC’s 2018 blueprint, reflecting both progress made by governments in digital identity as well as new areas where the government is responding to emerging threats. The blueprint highlights how identity fraud and compromised identities have been framed as a government issue, but are actually a broader infrastructure and national security concern, with organized crime and adversaries like China and North Korea exploiting vulnerabilities across multiple sectors. 

Grant outlined that BIC’s key initiatives focus on advancing next-gen identity proofing systems, rethinking Social Security number usage, prioritizing strong authentication, promoting international collaboration, and educating consumers and businesses, with the potential to significantly address digital identity issues over the next two or three years if implemented. BIC emphasizes a need for policy changes to close the "identity gap," where outdated, paper-based systems hinder progress.

‍BIC Open Letter to DOGE

BIC also published an open letter to the newly established Department of Government Efficiency (DOGE), emphasizing that identity fraud and crime are not just a government and benefits related issue, but a broader national security concern. Organized criminals and hostile nations are exploiting vulnerabilities in digital identity infrastructure to steal billions from various sectors, including government, banking, healthcare, and retail. Despite having recognized identity systems, the U.S. is hindered by outdated, paper-based methods. BIC, driven by companies reliant on strong identity solutions, advocates for policy changes to strengthen digital identity infrastructure and protect businesses and customers.

‍ITRC 2024 Data Breach Report

The 2024 ITRC Data Breach Report reveals a slight decrease in breaches from the all-time high in 2023, with over 3,100 total compromises and nearly 1.7 billion victim notices—a 312% year-over-year increase. Cyberattacks were the primary cause of breaches, followed by system errors, human mistakes, physical attacks, and supply chain vulnerabilities. Financial services, healthcare, and professional services saw the most compromises.

A significant driver behind the rise in breaches is the emergence of low-cost breach kits, allowing bad actors to target organizations with precision using AI and analytics tools. To reduce identity crimes, experts recommend improved monitoring, training, patching vulnerabilities, and more effective consumer information sharing.

ITRC President James Lee stated that the report stresses the importance of adopting passkeys across systems to prevent many breaches and suggests freezing credit, especially for children, to protect identities. He noted that AI and better cybersecurity practices in software development are also key to stopping bad actors.

Spotlight Session: Perspectives from an ID Theft Victim

• Eva Velasquez, CEO, Identity Theft Resource Center (Moderator)
• Linda Matchan, Writer and Documentary Filmmaker, Boston Globe

This spotlight session shed light on the profound impact of identity theft on both consumers and businesses. ITRC CEO Velasquez shared insights from the ITRC’s latest report, revealing that over half of consumers had their personal information stolen or misused, with nearly 47% of victims being re-victimized. As a victim of financial fraud, Matchan shared her personal experience. Matchan went through an extensive process to resolve the crime, including freezing her credit, notifying banks, and confronting the bank's management, which ultimately returned her money. However, she pointed out that many victims lack the resources to take these steps, and expressed feeling let down by her bank and losing trust and security after the incident. Panel: Identity Crime Sucks – So What Can We Do About it in an Era of Deregulation and Smaller Government? 

• James Lee, President, ITRC (Moderator)
• Dan Lips, Senior Fellow, Foundation for Research on Equal Opportunity
• Kemba Walden, President, Paladin Global Institute
• John Breyault, Vice President, Public Policy, Telecommunications, and Fraud, National Consumers League

The panel emphasized the need for government action on identity issues, focusing on strengthening national security, reducing fraud, and improving digital identity platforms. With a new administration quickly rescinding and implementing new executive orders, Walden and Breyault highlighted the need for a national data privacy law to improve the situation if the Biden administration’s Cyber EO is repealed. Both stressed the importance of shifting the responsibility away from fraud victims, dismantling opportunities for fraudsters, and preventing states from bearing the primary responsibility for digital identity.Lips expressed “broad optimism” about government modernization through DOGE, noting the increasing attention on fraud and improper payments, including support from figures like Elon Musk. He emphasized that for the government to effectively regulate the private sector, it must prioritize protecting Americans’ personal information and focus more on “deterring cyberattacks through law enforcement and national security” efforts. Panel: It’s Not Just About Benefits Fraud

• Jeremy Grant, Coordinator, BIC (Moderator)
• Kate Griffin, Director, Inclusive Financial System, Aspen Institute Financial Security Program
• Eva Velasquez, CEO, ITRC
• Matthew Noyes, Cyber Policy & Strategy Director, U.S. Secret Service
• Shoshana Weissmann, Digital Director and Fellow, R Street Institute
• John Carlson, Senior Vice President, Cybersecurity Regulation and Resilience, American Bankers Association

This panel discussed the challenges of combating identity theft, focusing on issues such as the rise in financial crimes, ineffective authentication methods, and the impact on victims who face multiple forms of identity abuse.Several panelists discussed the significant challenges in combating fraud, highlighting the lack of communication between different systems that prevent effective information sharing about bad actors and emerging threats. They emphasized the need for a unified approach across industries and government to better validate identities across platforms, address gaps in authentication, and create a national strategy focused on fraud prevention.Calling for modernization, Noyes highlighted impersonation and identity authentication issues, emphasizing that the reliance on outdated, static information for security is ineffective in the digital age. He stressed the need for better authentication methods, collaboration with law enforcement, and deeper examination of what drives these criminal activities.While discussing minors’ digital identities, Weissmann highlighted a growing issue of young people falling victim to fraud, and expressed frustration that more attention is being given to regulating “Big Tech” rather than solving the underlying problems of identity misuse.Fireside Chat 

• Jeremy Grant, Coordinator, BIC
• Congressman Bill Foster, 11th Congressional District of Illinois 

Grant hosted a fireside chat with Congressman Foster (D-IL) where they discussed secure digital identities to prevent fraud, improve national security, and address challenges like COVID-related identity theft. Regarding possible opportunities for advancing digital identity, Foster shared his vision for a regulatory sandbox tailored to financial institutions. It would allow banks and fintechs to onboard customers using mobile IDs while ensuring compliance through checks with FinCEN. Foster emphasized that “fraud can be fixed when we have a secure and reliable way of authentication,” and urged DOGE to focus on tackling preventable fraud. In examining how other nations are managing digital identity, Foster pointed to Poland as a prime example, emphasizing the country’s successful implementation of a national identity app. He noted that the app was quickly embraced by the public, describing it as something that "took the country by storm." The widespread adoption of the app is a model for other nations to consider as they look to modernize their own digital identity systems.Keynote: Secure Sign-Ins: Passkeys for Consumer Protection 

• Andrew Shikiar, Executive Director and CEO, FIDO Alliance

In his address, Shikiar highlighted the importance of passkey implementation and consumer adoption. He explained that FIDO passkey specifications offer governments newer, better options for strong authentication, but governments must update current policies. Shikiar explained, “as technology evolves, policy needs to evolve with it.” Shikiar outlined several key predictions for 2025, particularly that passkeys will emerge as a mainstream authentication method, with major banks adopting them at scale and governments fully integrating the technology. He also highlighted a potential rise of deepfakes that will fuel a boom in biometric security across enterprises. Additionally, Shikiar stated that identity wallets will gain significant traction, driving the EU to spearhead the development of industry standards.

‍Spotlight Session: Securing the 2024 Campaign with Better Authentication

• Tiffany Schoenike, Strategy Initiatives, Defending Digital Campaigns

In this session, Schoenike emphasized the importance of securing political campaigns with advanced authentication strategies, focusing on tools, training, and partnerships that can help combat rising cybersecurity threats and ensure the integrity of U.S. democracy. In the most recent 2024 presidential campaign cycle, Schoenike described an increase in misinformation, fake endorsements, disinformation tactics by foreign adversaries, and campaign hackers. Panel: Phishing Resistance Matters More Than Ever

• Andrew Shikiar, Executive Director and CEO, FIDO Alliance (Moderator)
• Christine Owen, Field CTO, 1Kosmos
• David Treece, Vice President of Solutions Architecture, Yubico
• Grant Dasher, (Acting) Deputy Technical Director for Cybersecurity, CISA

The panel explored the evolving market readiness for security keys, the role of government agencies in driving phishing-resistant technology, and the industry trends shaping the adoption of passkeys and identity verification standards.Several panelists highlighted the increasing adoption of passkeys in the commercial space and on personal phones. Treece noted a “more clear” possibility of implementation in various sectors. Owen emphasized a need for strong, phishing-resistant credentials, and the adoption of passkeys “across the board.” Within the federal space, Dasher explained that CISA’s focus has been on promoting phishing-resistant authentication and clarifying the interrelationship of various policies and guidance in the identity space, particularly through collaboration with NIST.

‍Panel: The State of the mDL Ecosystem

•  Zack Martin, Senior Policy Advisor, Venable LLP (Moderator) 
• Stefan Schubert, Managing Director, JP Morgan Chase
• Jason Lim, Identity Management Capability Manager, TSA
• Ryan Galluzzo, Digital Identity Program Lead, Applied Cybersecurity Division, NIST
• Angelique McClendon, General Counsel, Georgia Department of Driver Services

This panel delved into the current landscape and future of mobile driver’s licenses (mDLs) and verifiable digital credentials, exploring the challenges, collaborations, and advancements needed to drive adoption and standardization across different stakeholders.Within the state of the mDL ecosystem, several panelists expressed optimism that standards are rapidly evolving and various components are driving towards a common set of goals, leading to movement towards standardization within the space. Schubert explained that achieving “adoption and ubiquity across both consumers and citizens” is key to the success of mDLs.  To find effective standardization and progress, McClendon noted the importance of collaboration between verifiers, relying parties, and wallet providers to promote the use of digital identity and mDL. Lim added the need for relying parties, pointing out the inconsistency of mDL issuance across states.Specifically, for mDLs, Galluzzo highlighted the importance of bringing together financial institutions as relying parties and multiple wallet providers to ensure the process is clear and straightforward for financial services, so they will be motivated to adopt and implement these solutions.Spotlight Session: Making Identity Work for Everybody

• Tracy Goodhue, Founder, More Good Solutions

In her spotlight session, Goodhue highlighted the importance of creating technology and security policies that consider the diverse needs of all individuals. She stressed that availability and accessibility go hand in hand, urging organizations to consider the barriers employees face daily and to ensure that security guidelines are user-friendly and not unduly burdensome, especially for employees with disabilities.

‍Panel: The Coming Deepfakes Tsunami 

• Amy Shuart, Vice President, Technology and Innovation, Business Roundtable (Moderator)
• Ajay Amlani, Vice President, iProov
• Dr. Stephanie Schuckers, Center for Identification Technology Research
• Jenni Katzman, Senior Director, Microsoft

This panel outlined the growing challenges posed by deepfakes and synthetic media, analyzing trends in AI-generated content, financial fraud, and the importance of certification standards to address these threats.Speaking to the trends and challenges of synthetic content, Katzman explained that while AI-generated content presents significant opportunities, it also brings challenges, including the abuse of deepfakes and “media manipulation,” making it increasingly difficult to discern authentic content, with the use of AI expected to grow exponentially. Schuckers noted the growing concern over digital attacks, especially those that are scalable, as they pose an increasing threat. While the situation is concerning, Schuckers emphasized that the work done to combat these digital threats will ultimately help in dealing with the challenges posed by deepfakes.Comparing the U.S. to countries adopting widespread digital identity, Amlani stated that for a digital identity framework to work effectively in the U.S., it would likely require a “massive catastrophe” to spark the necessary conversations and action. He pointed out that the current system in the U.S. is “broken,” with vendors “having a field day” on the lack of cohesion, making it a lucrative market due to its disjointed nature. 

‍Panel: Making Identity Work for Everybody

• Natalie Alms, Staff Reporter, Nextgov/FCW (Moderator)
• Pastor Ben Roberts, ID Ministry
• Tracy Goodhue, Founder, More Good Solutions
• Wes Turbeville, Senior Vice President, Federal, ID.me
• Connie LaSalle, Senior Advisor, NIST

The last panel described the challenges and opportunities surrounding identity and making sure these solutions are available to all. The panel offered insights into how different populations navigate the complexities of both physical and digital identity systems.Often, the understanding of digital identity and availability is misunderstood. Goodhue explained that digital identity “is not the same for everybody and should be based on ability.” She stressed the need for digital identity tools that meet and exceed accessibility standards. LaSalle added that NIST is focused on ensuring “true optionality and choice” in digital identity systems, striving to balance accessibility and security across various factors. She noted that NIST is in the process of updating its standards, with new policies coming soon to guide federal agencies in a practical and helpful way. Roberts and Turbeville highlighted the challenges vulnerable populations face with digital identity systems. Individuals dealing with mental health issues or addiction often distrust the government, making it difficult to convince them to adopt biometric solutions, despite their potential benefits. Additionally, barriers extend beyond identity itself, pointing out that veterans seeking housing benefits face obstacles due to the need for physical documents sent by mail. Both emphasized the need for more accessible systems.

A recording of the session can be found here.