with Aaron Schaffer

Coronavirus has brought more scams than any event in the last decade. Lawmakers and advocates are proposing a way for the government to protect Americans: Giving everyone a digital ID that could prove they're really who they say they are. 

The covid crisis just laid bare many of the inadequacies in the identity system in the United States, particularly as our economy becomes more reliant on the digital space in our efforts to combat the epidemic and in our ordinary lives, said Rep. Bill Foster (D-Ill.) yesterday at a policy forum on identity and authentication hosted by the Better Identity Coalition, Fido Alliance and Identity Theft Resource Center.

Right now, the government and private sector rely on personal information – ranging from your Social Security Number to a self-chosen password – to make sure you're you. But as the theft of pandemic unemployment and stimulus payments show, those identifiers are far from secure. Anyone whose data has been exposed in a data breach is at risk. 

Advocates such as Foster claim that a digital ID would help prevent this, in addition to solving other problems, such as reducing confusion over vaccine distribution. “All these sort of things would be made massively easier with a secure digital I.D. and a means for our citizens to demonstrate who they are,” he said.

Foster introduced legislation that would create a framework for tools that allow Americas to verify their identities online in the fall. 

Foster seeks to give states funding to use the same systems they use to issue driver's licenses to support digital identities. The idea is that everyone would have a unique digital identifier that could be scanned online and verified by the government – not unlike two-factor authentication. 

He says that he and his co-sponsor Rep. John Katko (R-N.Y.) plan to reintroduce the legislation this session.

I think its prospects are better now that the Senate is not going to be purely the place where good legislation goes to die, he said. [There is] bipartisan recognition that the time has come to raise our game.

Digital IDs could help fraud victims.

The ID Theft Resource Center, a nonprofit group that offers help to victims of identity theft, saw the number of individuals contacting it for help with unemployment insurance fraud spike from 19 people in 2019 to more than 1,000 between 2020 and 2021 so far. They're expecting victims reaching out to the center to only increase as stimulus-related scams follow with the next relief package, president and CEO Eva Velasquez said at the policy forum yesterday.

She says that states simply don't have the resources to deal with fraud claims on top other mounting issues with antiquated state unemployment systems.

The Identity Theft Resource Center has endorsed digital IDs as a way to protect against insurance fraud as well as a way to help prevent to password theft-based cyber attacks such as phishing, 

Identity theft isn't just a consumer issue.

“I view identity as a national security issue, and it will take the intellectual power and creativity of all of us to figure out how to secure identities and keep people from harm,” Michael Mosier deputy director and digital innovation officer at the U.S. Treasury Financial Crimes Enforcement Network said in a keynote at the event.

He said that his agency has criminals take over about $400 million from bank accounts per month over the last two months by using identity theft.

A shift to more secure government IDs is already happening.

Some states including Colorado have begun to experiment with digital drivers licenses, which allow drivers to pull up a virtual version of the ID that can be scanned.

Other countries have also introduced digital IDs to varying degrees of adoption.

But as with many digital transitions, some Americans won't benefit because of a lack of access to a reliable smartphone.

Without solving that problem, a digital ID would be “making it easy for the people who can already afford easy,” said Matthew Donahue, a government technology consultant.

But Paul Rosenzweig, a senior fellow for cybersecurity at the R Street Institute, compared it to clash over the end of cash transactions because of the impact on citizens who don't have access to a bank. Instead of stopping a digital transition because of the gap in technology access, the government should find ways to address the digital divide, he said.

The keys

Social media companies take action against account thieves.

Facebook, Instagram, TikTok and Twitter disabled accounts stolen by hackers tied to an online forum where criminals trade stolen accounts, Krebs on Security’s Brian Krebs writes. The companies also sent the hackers cease-and-desist letters demanding they immediately stop all action violating the platforms' terms of service.

The users say they’ve facilitated tens of thousands of trades of the stolen accounts.

Motherboard’s Joseph Cox reported on the immediate fallout:

A Facebook representative said that this is the first public enforcement takedown it has taken against the community. Twitter said its investigation was done “in tandem with Facebook,” and TikTok said it “will continue to focus on staying ahead of the ever-evolving tactics of bad actors, including cooperating with third parties and others in the industry.”

Secretary of State Tony Blinken discusses SolarWinds attack with his Russian counterpart.

The State Department said the cyberattack was mentioned along with Russian interference in the 2020 election. A Russian readout of the call did not mention the discussion of the cyberattack.

Word of the call came as President Biden delivered a speech in Foggy Bottom, where he touted the United States’ cybersecurity posture.

“We've elevated the status of cyber issues within our government, including appointing a first deputy national security adviser for cyber and emerging technology,” Biden said, referring to former NSA cyber director Anne Neuberger, who recently joined the NSC. “We're launching an urgent initiative to improve our capability, readiness and resilience in cyberspace.”

U.S. officials have said that the Russian hacking campaign was far-ranging and has affected at least eight federal agencies.

Voting machine company sues Fox News, Trump lawyers.

Smartmatic wants $2.7 billion for defamation and disparagement, our colleagues Jeremy Barr and Elahe Izadi report

Smartmatic, whose role in the 2020 election was limited to Los Angeles County, accused Fox News of fomenting a “disinformation campaign” against it. Other lawsuits might be in the works. Smartmatic has sent legal demand letters to Newsmax and One America News over fraud accusations but has not yet indicated how it will proceed. “We are taking a measured approach to pursuing our claims,” the company said.

The lawsuit comes weeks after Trump lawyers Sidney Powell and Rudy Giuliani were sued for similar reasons by another election technology company, Dominion Voting Systems, which has sent letters to social media companies asking them to preserve their records.

Hill happenings

Lawmakers say they’re reintroducing a bill to combat online child exploitation.

The Democrat-backed bill would create a White House office to coordinate government action on the issue, quadruple the number of prosecutors and agents in the Justice Department office working on it and require tech companies to hold onto evidence for a longer period of time. 

The lawmakers characterized the bill as a rebuke to the former administration's Justice Department, which demanded back doors in encryption, which would weaken security for every American, and make it easier for predators to find and exploit children and other vulnerable populations.

Industry report

Global cyberspace

Daybook

  • The “Identity, Authentication, and the Road Ahead” virtual conference takes place today. 
  • Anne Neuberger, the deputy national security adviser for cyber and emerging technology, speaks at a meeting of the National Security Telecommunications Advisory Committee on Feb. 10 at 1 p.m.

Secure log off