Digital Identity in State Government


Digital Identity World 2002 ConferenceI'm trying to get my thoughts organizined for my talk at the Digital ID World conference in Denver on October 9-11th.  Here's what I've been thinking so far:

  • Like it or not, states are in the identity business.  We like to claim that we're just in the licensing business, but the truth is that, for better or worse, the state issued driver's license is the gold standard for identification in the physical world. 
  • Going one step further, states are also the keepers of vital records such as birth and death certificates.  These documents are a key part of identity since, in an ideal word, there should be a one to one correspondence between an ID and a live person (even if that ID has multiple personas that are manifest in various contexts). 
  • These foundation documents are linked to social security numbers (another group of people who vociferously disclaim any ties to identity).  A federal eGov project called eVital is about making the link between vital documents and SSNs more reliable. 
  • The federal government is likely to push this role even further.  There is considerable attention being paid to a "national ID card" but my belief is that its not politically practiable.  What is more likely is that Congress will tie federal highway dollars (or some other appropriation to the states) to states adhering to some common standard for issuing drivers license and a common format for the license---maybe even smart cards.  This way they can establish a national ID card and not have to suffer the slings and arrows of privacy advocates fearful of big brother. 
  • In addition to being one of the key players in creating identity credentials, state government is also one of the main drivers of the need for identity credientials.  Think about the places where you need ID, many of them are in someway encouraged or mandated by the government.  Government is a large consumer of identity credentials.
  • To move government services online, we need ways of authenticating citizens and businesses (ID) and storing authorizations.  Utah is moving toward a citizen directory that would serve as the identity foundation for our online initiatives.  The directory would be opt-in and we've taken steps to protect the data from GRAMA requests (Utah's version of FOIA).   The federal government is also building a directory for its online applications. 
  • Things like the Liberty Alliance and Microsoft Passport are more about helping businesses than they are consumers.  Doug Kaye has a great article on his site about this and makes a case for anonymous federated identity.  I think he makes some good points.  Most of the online applications that we're contemplating would work well in such an arrangement.    This isn't the case for federating state online applications however, such as what we're doing with the one-stop business registration

Now, to organize all these random thoughts into a talk.