A very eventful 2022 is coming to a close, with a flurry of important news having set the stage for another busy year barreling toward us. So it’s a good time to take stock of some of the most salient developments that are likely to shape the biometrics and identity industries in 2023:
Revised Colorado Privacy Act Clarifies Biometrics Rules
The Colorado Attorney General’s office has published a revised draft of the proposed Colorado Privacy Act rules, with changes stemming from public comment. One change has removed a requirement for data controllers to draft privacy notices about processing purposes; another removed a provision that required controllers to obtain consent before processing biometrics or personal data generated from a photograph or audio or video recording. It also clarifies that biometric identifiers are only considered as such when they’re being used for the purpose of identifying an individual, which should help to protect companies that use biometrics for things like virtual try-on services.
Why it matters: Illinois’s Biometric Information Privacy Act (BIPA) is, at this point, infamous among biometrics industry professionals for having created what some have characterized as a cottage industry of lawsuits. It’s too early to say whether Colorado’s privacy rules will have a similar effect, but it’s definitely something to keep an eye on.
Google’s Mobile ID Goes Into Beta Testing in Maryland
Google has begun beta testing its digital ID in Maryland. Interested users can register by uploading photos of the front and back of their driver’s license or state ID, and submitting a selfie video. It isn’t clear if facial recognition is used to match the images; in its support page, Google explains that, “A photo from this video will be submitted to your ID issuer for verification.” As is the case with Apple’s mobile driver’s license, Google’s will be accepted by the TSA as official ID at certain airports.
Why it matters: The launch signals that a race to mobile ID is truly underway in the private sector as various state governments – and governments around the world – get started on their own mobile ID systems. And Apple’s use of a sophisticated biometric enrolment system on its own mobile driver’s license offering has set a high standard for security that could further encourage the use of biometric identity verification technologies among many stakeholders.
Inviting Comment, NIST Plans Workshop On Digital Identity Guidelines
The National Institute of Standards and Technology (NIST) has published draft guidelines concerning the management of digital identities online, and will welcome public comment on the draft until March 24 of next year. On January 12, NIST will host a virtual workshop dedicated to its “Digital Identity Guidelines” (NIST Special Publication 800-63 Revision 4), with registration for the event now open. As Homeland Security Today reports, “a significant portion” of NIST’s efforts on this front will involve exploring alternative methods of identity verification. “This draft update reinforces that NIST’s guidelines have always allowed for alternatives to facial recognition as well as appropriate and fair use of facial recognition technologies and that NIST will be more fully defining these alternatives in the final guidelines,” said the Office of Management and Budget’s deputy director for management, Jason Miller.
Why it matters: This could set up a counter-trend to Apple’s trailblazing use of selfie-based onboarding in its mobile ID solution. NIST is clearly anticipating the rise of mobile ID, but as a government agency, it has probably learned some lessons from how the IRS’s short-lived plan to require selfie onboarding backfired on that government agency. And NIST guidelines are profoundly influential, so its potential resistance to facial recognition in its digital identity guidelines could have a strong effect on vendors serving the public sector and beyond.
NOBID Selected for EU Digital Payments Trial
The NOBID (“Nordic-Baltic eID”) consortium was selected by European Union authorities for one of four separate digital identity pilots focused on enabling cross-border payments in line with the planned European Digital Identity Wallet. The news came shortly after Scytáles and its partner Netcompany-Intrasoft were chosen to develop the digital ID wallet itself, and made it clear that separate vendors will be involved in establishing the wallet’s payments functionality. The involvement of iProov as part of NOBID, meanwhile, points to a prominent role for the selfie-based identity verification technology in which it specializes. In announcing NOBID’s selection, iProov said that the EU Commission’s Digital Programme pilot will begin in March of next year, adding, “The consortium will now go into a contracting and grant negotiation process with the EU Commission.”
Why it matters: It’s another huge test case for the use of selfie-based onboarding in large-scale, government-led digital ID projects. iProov is a selfie onboarding specialist, and if NOBID succeeds in delivering a compelling solution, this approach could end up playing a very prominent role in the European Union’s overarching digital ID project.
U.S. Defense Sector Turns to Private Partners in Cybersecurity Push
The Department of Defense kicked off December with its announcement of a new Office of Strategic Capital that is specifically designed to “connect companies developing critical technologies vital to national security with capital,” as the DoD explained in a statement announcing the office. Shortly thereafter came reports that the National Defense Authorization Act would include a provision requiring the National Security Agency (NSA) and the Cybersecurity & Infrastructure Security Agency (CISA) to conduct a study and draft a brief concerning the development of a “cyber threat information collaboration environment program” that would span government and private sector entities.
Why it matters: The NSA/CISA brief will be due on April 30, 2023, and is likely to pave the way for an officially mandated cybersecurity partnership between government and private sector entities. At the same time, the DoD’s new OSC will be looking to funnel money ambitious firms serving the ends of cyberdefense. Biometrics and related identity technologies could end up playing an important role through both channels as the US government broadly seeks to get a boost from private sector players.
It’s impossible to know exactly what the future holds, but these recent developments suggest that new privacy legislation, the continuing emergence of digital and mobile ID, and growing demand for cybersecurity solutions from the defense sector will be key trends shaping 2023. Stay tuned to FindBiometrics as we report on how exactly all of this plays out in the months ahead.
December 23, 2022 – by Alex Perala