Amit Mital, senior director for cybersecurity and policy on the White House’s National Security Council (NSC), is on the hunt for a unified and trusted secure digital identity technology that he said has the potential to dramatically reduce identity-based fraud and the success of attempted ransomware attacks.
Speaking at a June 23 event organized by Okta, Mital said the unifying themes of such a technology would include interoperability, ease of use, and the ability to be legally binding. The White House NSC official did not point to any particular technologies under development, but he did offer a list of requirements and payoffs.
“The question is how to tie together [identity technologies] for a solution that is interoperable,” he said. Individual identity solutions, he said, tend to get “stove-piped,” and lead to “ever-more-complex password requirements.”
“We need a solution that works for all domains,” he said.
One of the defining requirements for future identity technologies is the critical need for people to present online identification that rises to the level of legality now offered by the presentation of a driver’s license, or a passport.
Mital endorsed the usefulness of multi-factor authentication schemes, saying that they work well in enterprise settings, but also explained that they cause unnecessary “friction” for users because they also are time-consuming.
That larger stumbling block of user friction, he said, becomes evident when citizens try to manage their health records. The problem is especially troublesome, he said, because Americans on average have 17 healthcare “relationships” with service providers ranging from doctors to insurance providers. The need to prove identity across that range of relationships “causes a tremendous amount of friction,” he said.
“Imagine if I could prove my identification all at once” through a trusted secure digital identity that would be “reusable across all scenarios,” he said. Getting to that goal, he said, would take a big bite out of identification-based fraud and ransomware attacks driven by credential theft.