Jeremy Grant Coordinator Better Identity Coalition info@betteridentity.org jeremy.grant@venable.com.

Slides:

Advertisements

Similar presentations

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state October.

Advertisements

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

S CENARIOS FOR THE F UTURE OF THE C ANADIAN P AYMENTS S YSTEM A UTHENTICATION AND I DENTITY W ORKSHOP N OVEMBER 3, 2010 Greg Wolfond.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

Digital ID and Authentication Enabling Services for the Digital Economy IDENTITY NORTH November 20 th, 2012 Dave Nikolejsin Government.

Electronic Authentication for Flexible Learning Workshop Presentation (5 August 2003) Chris Connolly, CEO, Galexia Consulting.

Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.

Intra-ASEAN Secure Transactions Framework Project Progress Report

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

National Smartcard Project Work Package 8 – Security Issues Report.

Digital Identity: Federation, Integration and Deployment of Trusted Identity Solutions Ryan Fox : JULY 19, 2014.

Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Track II: Introduction and Overview of Financial Services and Information Technology Privacy Policy: Synthesizing Financial Services Industry Privacy David.

1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.

Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.

© 2013 Federal Reserve System. Materials are not to be used without consent. Federal Reserve Financial Services Strategic Direction: Payment.

NIST Update: Part Deux Elaine Newton, PhD NIST

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Technology Supervision Branch Interagency Identity Theft Red Flags Regulation Bank Compliance Association of CT Bristol, CT September 3, 2008.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

NSTIC and the Identity Ecosystem Jim Sheire Senior Advisor NSTIC National Program Office, NIST 14 November 2012.

Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.

Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.

The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.

National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies NIST Industry Day February 10, 2016.

Enabling Secure Multi-Organization Collaboration Andrew Porter IT Director, Enterprise Architecture Merck & Co., Inc.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

A Bank’s Challenge to Protect Customers Sharon Vance.

Legal Aspects of Finance

Mastercard Identity Check Mobile

SASSA’s Report to the Portfolio Committee

Combating Identity Fraud In A Virtual World

NATIONAL e-STRATEGY Presentation to the Portfolio Committee on Telecommunications & Postal Services DG: ROBERT NKUNA AUGUST 2017 Building a better life.

MGMT 452 Corporate Social Responsibility

Identity on the Internet

Update from the Faster Payments Task Force

Modern Electronic Banking

Enterprise risk management

Smart Cities: What’s in it for the consumer?

Fraud Mobility Ken Meiser VP- Identity Solutions.

Helping Veterans to Protect their Identity and Online Privacy

Tokens & Proofing De-Mystified

How to Protect Yourself from ID Theft and Social Engineering

Making Blockchain Real for Business

Jack J. Bensimon Countering Identity Theft and Synthetic Identities:

SMART GRID IRELAND.

SAM Financial Services Cybersecurity Assessment

Who Uses Encryption? Module 7 Section 3.

General Counsel and Chief Privacy Officer

SECURITY MECHANISM & E-COMMERCE

CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

DATA BREACHES & PRIVACY Christine M

SMB practice development: Security play

SMB practice development: Security play

John Carlson Senior Director, BITS

A Funders Perspective Maria Uhle Co-Chair, Belmont Forum Directorates for Geosciences, US National Science Foundation.

Dashboard eHealth services: actual mockup

Web Information Systems Engineering (WISE)

Security Policies and Implementation Issues

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

E-identities (and e-signatures)

New Jersey Gasoline C-Store Automotive Association

How Is Digital Transformation Accelerating The Banking Industry?

Towards a frictionless social security

Presentation transcript:

Jeremy Grant Coordinator Better Identity Coalition info@betteridentity.org jeremy.grant@venable.com

About the Better Identity Coalition Focus: developing and advancing consensus-driven, cross-sector policy solutions that promote the development and adoption of better solutions for identity verification and authentication. Launched in February 2018 as an initiative of the Center for Cybersecurity Policy & Law, a non-profit dedicated to promoting education and collaboration with policymakers on policies related to cybersecurity. As government contemplates new policies to improve the quality of digital identity, the Better Identity Coalition is bringing together leading companies to help develop innovative ideas that improve security, privacy, and convenience for all Americans.

Members

Framing the Challenge Security Compliance Privacy Transaction Costs Customer Experience Trust

Trust is hard to get right.

Identity (when done right) enables Trust

Identity as “the great enabler”

Identity as the Great Enabler Providing a foundation for digital transactions and online experiences that are: Secure Easy to Use Protect Privacy

The challenge “Digital identity presents a technical challenge because this process often involves proofing individuals over an open network, and always involves the authentication of individual subjects over an open network...” “The processes and technologies to establish and use digital identities offer multiple opportunities for impersonation and other attacks.” - National Institute of Standards and Technology (NIST)

Our approach (to date)

Which has proven to be very practical

Especially when adversaries already know the answer WHAT …Are the Last 4 digits of your SSN???

SSNs are no longer “secrets”

The cost of outdated identity solutions

The cost of outdated identity solutions

Why has this been so hard to solve? The “identity gap” – the U.S. has many nationally recognized, authoritative identity systems All are trapped in the paper world

This was an attempt to get around the “identity gap” WHICH Industry needed something to enable trusted digital commerce – this was the best solution out there …of the following 4 banks gave you a loan in 2013?

It worked for a while But today, attackers have caught up “Out of wallet” questions are not as secret as they used to be

While any one of these breaches on its own creates serious policy issues, there now exists the potential for malicious actors to combine multiple stolen data sets into one, thereby enabling them to obtain more complete “packages” of identity information. -House Energy & Commerce Committee, 2017

Summary: Where we are today In an era where transactions are increasingly digital, our authoritative identity systems are stuck in the paper world Solutions that “papered over” that fact helped for a while – but now attackers have caught up “Shared secrets” like SSNs and passwords are no longer secret Industry innovation is helping to develop better, next-generation identity solutions such as passwordless authentication and identity proofing tools that scan and validate ID documents But – government remains the one authoritative issuer of identity. In this next phase of making identity “Better,” the government also has a role to play

What does “Better” look like? Better Security – with Less Fraud and Identity Theft Embracing the recommendation of the 2016 Commission on Enhancing National Cybersecurity that “Compromises of identity will be eliminated as a major attack vector by 2021.” Better Convenience for Consumers Allowing consumers to open new accounts online with ease, without having to go through duplicative, burdensome enrollment processes. Better Confidence for Both Consumers and Service Providers That identities asserted online are reliable and trustworthy. Better Privacy Shifting the predominant model for identity verification from one based on firms aggregating personal data without opt-in consent, to one where consumers proactively request that their identity be validated by parties with whom they already have a trusted relationship

How to Get There: A Policy Blueprint Five core areas where government can and should help A specific action plan detailing “who needs to do what” in Congress and the Executive Branch No single action or initiative can “solve” identity But: taken as a package, if this Policy Blueprint is enacted and funded, it will make identity better

A Policy Blueprint

How can FGS and genealogists support The Better Identity initiative? Questions for FGS How can FGS and genealogists support The Better Identity initiative?

Questions? Jeremy Grant Coordinator Better Identity Coalition info@betteridentity.org jeremy.grant@venable.com