NIST Wants an Alternative to Facial Recognition for Digital Identity, and Is Asking for Advice

Take the survey for an invitation to an exclusive webinar previewing our research findings!

The National Institute of Standards and Technology (NIST) has published draft guidelines concerning the management of digital identities online, and will welcome public comment on the draft until March 24 of next year.

The “Digital Identity Guidelines” publication (aka NIST Special Publication 800-63 Revision 4) is primarily concerned with the identity proofing and authentication of users interacting online with government information systems. And in drafting the guidelines, NIST has focused on four overarching goals: advancing equity, emphasizing optionality and choice for consumers, deterring fraud and advanced cyberthreats, and addressing implementation lessons that have previously been learned.

One such lesson – though it isn’t mentioned in the document itself – may be that there is considerable skepticism from the public, or at least mainstream media publications, about the use of facial recognition as the only means of authentication.

It’s a lesson that was learned vividly in the IRS-ID.me fiasco that played out earlier this year. The Internal Revenue Service had attempted to make selfie-based identity verification mandatory for citizens filing their taxes online, and hired ID.me as the vendor of its biometric technology, only to prompt outrage from privacy advocates and scrutiny from lawmakers. The plan was quickly shelved.

As Homeland Security Today reports, “a significant portion” of NIST’s efforts in hammering out the new guidelines will involve exploring alternative methods of identity verification. “This draft update reinforces that NIST’s guidelines have always allowed for alternatives to facial recognition as well as appropriate and fair use of facial recognition technologies and that NIST will be more fully defining these alternatives in the final guidelines,” said the Office of Management and Budget’s deputy director for management, Jason Miller.

The document itself goes into more detail. “NIST sees a need for inclusion of an unattended, fully remote Identity Assurance Level (IAL) 2 identity proofing workflow that provides security and convenience, but does not require face recognition,” the Initial Public Draft states. To that end, NIST wants input on what kind of technologies could offer such an alternative, whether they are supporting by technical standards, and whether there are established testing methods to assess their performance.

NIST is also anticipating a growing role for virtual identity credentials, and wants to ensure that it considers how they might be addressed in its guidelines.

“What methods exist for integrating digital evidence (e.g., Mobile Driver’s Licenses, Verifiable Credentials) into identity proofing at various identity assurance levels?” the document asks.

Later, that line of thinking is followed to a question about whether the guidelines sufficiently address “emerging authentication models and techniques – such as FIDO passkey, Verifiable Credentials, and mobile driver’s licenses” – adding, “What are the potential associated security, privacy, and usability benefits and risks?”

Those questions aren’t rhetorical. In addition to requesting public comment, NIST will host a virtual workshop dedicated to its “Digital Identity Guidelines” on January 12, with registration for the event now open.

–

December 20, 2022 – by Alex Perala

Related News

Sponsored Links

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases.

Learn more: www.tech5.ai

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

HID powers the trusted identities of the world’s people, places and things. Our trusted identity solutions give people convenient and secure access to physical and digital places and connect things that can be identified, verified and tracked digitally. Millions of people use HID products to navigate their everyday lives, and billions of things are connected through HID technology. https://www.hidglobal.com/

As the world moves to a mobile-first economy, businesses need to modernize how they acquire, engage with, and enable consumers. Prove’s phone-centric identity tokenization and passive cryptographic authentication solutions reduce friction, enhance security and privacy across all digital channels, and accelerate revenues while reducing operating expenses and fraud losses. Over 1,000 enterprise customers use Prove’s platform to process 20 billion customer requests annually across industries including banking, lending, healthcare, gaming, crypto, e-commerce, marketplaces, and payments. https://www.prove.com/

Related News

Footer

Follow Us