How to Preserve Privacy While Delivering Digital Government Services

All right, well, who are everybody? This is Michael Cichon, Chief Marketing Officer at 1Kosmos here with Mike Engle, our Chief Strategy Officer. Today, I want to talk Mike a little bit about government services. We’ve had a lot of conversations recently with various agencies of the federal government. Can you talk a little bit about the growing need for government to deliver services digitally?

Well, yeah, I mean, the big enabler here or event was COVID obviously. Not only was everybody stuck at home, but the government had to hand out tons of services electronically and offices were closed. So the time was already here, but that really accelerated things.

Okay. I guess the front door to a lot of this stuff is logging in and facial recognition has made its way into that discussion. Can you talk a little bit about some of the issues revolving around government agencies using facial recognition? Who are these agencies?

Well, I think first, if you take a step back, why do you need facial recognition, right? I log into my Bank of America today, and I don’t use my face or whatever website it is, right? It’s very rarely used. But the bad guys take advantage of that because if you’re not using something about me, my face, my voice, something you, something you have actually, then somebody else can impersonate. So the government, rightly so, wants to match your identity to the government identity that they have on file, driver’s license or state identity, whatever it is.

So now, if you’re going to look somebody in the face and say, “Yes, this is Michael,” you have to do it right. So yeah, a number of issues have come up. So that’s the kind of why. There’s no way to prove who somebody else is unless you can match something about them, right? So what the government’s doing today is looking you in the face, and we’ll talk about that, and matching that likeness to the credential that they gave you when you got your driver’s license in California.

Okay. Well, you use the word issue. So there are certainly issues I’ve read about in this use of facial biometrics. Decisioning bias or racial bias I’ve read has been one of them. Can you talk about either that issue or some of the other pressing issues in using facial recognition?

Yeah, there’s several, and we’ll talk about them all briefly. So you mentioned bias and there’s two forms of bias. One is when I am matching your face to this and it fails because I just don’t handle that kind of face well, right? Maybe it’s a certain ethnic persuasion or I don’t like females because my algorithm was made by a male, whatever it is. So that’s one thing you have to take into consideration. You need very low rates of false rejection. It’s called FRR is the industry term for that, false rejection rate.

The other is if you’re matching a face to a big database of other faces, this is where law enforcement gets in trouble a lot where they say, “Yeah, I think that’s the person in the database,” but it’s not. So they call that a one to many. That’s not really needed for the government to do what they do. But there’s been some issues where they’ve tried to do it and gotten into some heat recently. For example, at the IRS, there’s been some challenges over there where they were taking faces and comparing them to a database of other faces, and that’s a no-no.

So one of the other issues, and maybe this is just me, but there’s various services. For a while, to get in a sports arena, we had to either show a driver’s license there or use a system where we had already kind of shared a driver’s license online. I’m a little bit reticent every time a crypto service or Google, Google just asked me to provide my driver’s license. Am I out of line being concerned about providing my driver’s license images of my driver’s license online to prove who I am?

You should be careful, right? Because you don’t necessarily know where it’s going unless you read the fine print. So if that driver’s license goes into some big database and then all of a sudden you start getting advertisements for a new Chrysler, well, that’s not good. That’s using your data for nefarious purposes, right? On the other hand, if there’s a very clear disclosure that this driver’s license would be in your control and you present it when you’re asked, that’s kind of the new way to do it. So there’s the old way, take your picture, your license and throw it into a database, or there’s ways to do it now where the user stays in control of it the whole time. It’s kind of called the Apple way, right? Apple’s all about privacy and there’s ways to do it like that now.

Well, what is the right way to do this? We’re talking about facial matching. We’re talking about providing credentials online. Aside from the issues, what’s the best way to address the issues? What’s the right way to do it?

It’s with a wallet. So if you think about your physical wallet that you’ve had and enjoyed, just my fancy little wallet that I have here, it has credentials in it. I pull the credential out, I give it to somebody, I’m in control of it. Then you will look at the picture, look at my face, TSA agent, state trooper. I’ve never been pulled over, but maybe you have, and you’re proving your identity. Well, you can do that now digitally with a digital wallet. That wallet has to be in your control. A great form factor that for that is your smartphone, which has very secure technology in it and a great camera and all these things.

That’s the new way to do it. The key is that the data stays under your control at all times. It’s verified, right? So you get credentials, they’re verified, and you put them in that wallet, and then you use them whenever you give consent and give them to that stadium or whatever it is that you’re… In the example you gave earlier. So that’s the right way and the new way to do it.

Okay. So is government ahead of the curve or behind the curve on the use of these facial biometrics and verified identity?

It depends which government. Here in the U.S., we’re still a bit behind the rest of the world. In several other countries, they’ve been doing either government or bank sponsored digital identity and putting the user in control, but we’re heading in the right direction. I’m seeing lots of RFIs, right? Requests for information and some real projects spinning up where the government is seeing the right things and they’re trying to figure out how to navigate the monstrous organizations and cross agency stuff. So we’re optimistic that in the next couple of years that’ll happen. There’s been some recent legislation passed that is really encouraging this type of activity as well.

So what are some of the governments around the world that are leading the charge in regards to digital identities and facial matching?

Well, it just so happens, I have a picture. So if you check out this graphic here, it’s a map of the world. You’ll see there’s pockets of identity efforts going on and this isn’t necessarily all of them. But some big ones. You see in Korea, they have something called SK Pass, combination of the telcos, some tech companies and the government digitizing your identity information. In the Nordic regions, they have bank and government led partnerships where you can use your government credential digitally across hundreds of services. There’s something called NEM ID and Bank ID. So pretty exciting stuff over there.

There’s some consortiums here that are heading in the right direction. There’s a organization called the CARIN Alliance, that’s C-A-R-I-N, which is a bunch of healthcare payers, providers coming together to say, “Here’s how we’re going to do identity right in the healthcare industry.” So that would involve you proving who you are from a government perspective, but then leveraging it, do it once and leverage it across your whole medical ecosystem. So more to follow on that as it matures.

Okay. So at least in the U.S., it looks like we have a little bit of catch up to do. But I read recently, I mean, coming out of the White House, there’s further guidance and clarity on using NIST as the standards body moving forward to govern some of this. Is that accurate? Is that what’s happened recently?

It is, yeah. So the government agencies, three letter agencies that provide the services, the IRS, SSA, HHS, et cetera, they follow a standard known as NIST 800-63-3. What that does is it says, “If you’re going to onboard a remote identity, here’s how you do it with a high level of assurance. I need one or more strong forms of verification matching it to your face.” So it’s got all these rules. 1Kosmos is certified to the highest level that there’s certification for, and that has gotten us a lot of attention at these agencies, which need a certified solution to provide these benefits to citizens and residents.

That’s really great. All right, well, I appreciate the roundup, Michael. You have a good rest of your day and appreciate as usual all the great information.

Great to be here. See you soon.