On July 16, Elizabeth M. Renieris, professor of the practice and founding director of the Notre Dame-IBM Technology Ethics Lab at the University of Notre Dame, testified before the U.S. House of Representatives Financial Services Committee. She addressed the committee’s Task Force on Artificial Intelligence in a virtual hearing titled “I Am Who I Say I Am: Verifying Identity While Preserving Privacy in the Digital Age.”
Task force chairman Rep. Bill Foster (IL) and ranking member Rep. Anthony Gonzalez (OH) opened the hearing, after which Renieris and four other expert witnesses shared five-minute opening statements, then answered questions.
The hearing focused on the future of digital identity frameworks in the United States; the development of secure, reliable and interoperable digital identity solutions that minimize fraud and identity theft while respecting individual privacy and security; and Foster’s proposed Improving Digital Identity Act of 2020, a bipartisan bill seeking to set government-wide policy to modernize U.S. digital identity infrastructure.
“As laid bare by the COVID-19 pandemic, we increasingly depend on digital tools and services for work, school, health care, banking and government services and nearly all aspects of our lives,” said Renieris, who researches cross-border data governance frameworks and the ethical and human rights implications of digital identity systems, artificial intelligence and blockchain.
“And unlike when we interact or transact in person,” she continued, “we have limited visibility into who or what is on the other end of a digital interaction or transaction. Even before the pandemic, vulnerabilities of digital identity systems contributed to attacks on our energy supply, hospitals, financial institutions and other critical infrastructure. As these factors are digitized, automated and algorithmically and computationally manipulated, they increasingly depend on secure digital identity.”
In a world with the internet increasingly in most everything, digital identity has become critical infrastructure, according to Renieris.
“Without secure, reliable and trustworthy digital identity for people, entities and things, this new cyber physical reality is increasingly vulnerable to attacks threatening individual safety and national security,” she said.
As Big Tech companies delve into health care, education, financial services and more, Renieris said privately owned and operated ID systems may threaten the privacy, security and other fundamental rights of individuals and communities.
“Often, they also incorporate new and advanced technologies such as AI, machine learning, blockchain and advanced biometrics that are not well understood and not subject to sufficiently clear legal or governance frameworks,” she said. “In order to engender trust, safety and security in the digital ecosystem, we need trustworthy, safe and secure digital identity.”
Renieris pointed out that governments in the European Union, Canada, New Zealand and elsewhere are prioritizing efforts to design and build the infrastructure needed to support robust digital identity and urged the federal government to take the lead on creating guidelines and standards for the design, development and deployment of digital identity systems as critical infrastructure.
In answering a question from Gonzalez, Renieris said she saw a red flag with the Improving Digital Identity Act in its reliance on consumer consent with known limitations on consent-based frameworks. She also cautioned that if sufficient privacy and security technical standards are created, upgrades across sectors — for example, health care infrastructure — likely will be necessary to allow digital identities to be ingested. She also recommended mandating inclusion in the conversation.
“There can be a real lack of diversity in these conversations and so, in addition to the interagency kind of diversity, I think the diversity of expertise and voices at the table is really critical.”
Other witnesses included Jeremy Grant, coordinator, Better Identity Coalition; David Kelts, director of product development, GET Group North America; Louise Maynard-Atem, research lead, Women in Identity; and Victor Fredung, CEO, Shufti Pro.
A recording of the hearing is available here.