In the internet era, the digitization of government is essential for the efficient and fair provision of public services. From faster access to unemployment benefits and food stamps to easier taxpayer retrieval of IRS tax records, digitization has the potential to make federal and local government work better, especially for lower-income Americans who need its services the most. It is not an exaggeration to say that “making government work better” requires digitization.
But successful digitization of government was slowed until recently by several factors. First, the “digital access divide” meant that many low-income or rural Americans did not have good enough quality Internet to seamlessly make use of digital government services. As a result, digitization of government ran the risk of widening existing inequities. Moreover, government had to maintain non-digital legacy systems as well as the new digital means of access, driving up the expense of service delivery and undercutting potential cost savings.
True, the original digital access divide has been narrowing. Post-pandemic efforts to bring highspeed broadband internet to everyone, such as the BEAD program, are in the process of successfully reducing the obstacles to access.
However, government agencies face a more subtle but pervasive issue — what we call the “digital verification divide.” Verification is the process by which a user verifies that they are who they say they are. Verification includes identity proofing, in which an individual provides sufficient information (e.g., identity history, credentials, documents) to establish a trusted identity online. That’s a prerequisite for higher levels of authentication, which verifies the identity of a user, process, or device, in order to allow access to more protected resources in an information system.
The process of identity proofing and authentication is especially important when users are trying to tap into government systems that contain sensitive personal data, such as individual accounts at the Internal Revenue Service (IRS), the Social Security Administration (SSA), Federal Student Aid (.gov) or Veterans Administration (VA). If government agencies make verification too easy relative to the risk of the transaction, then the wrong people can get access to sensitive personal data. If agencies make verification too hard relative to the risk of the transaction, then it becomes more difficult for constituents to prove their identity, unnecessarily locking them out of services and data that they are entitled to.
A “digital verification divide” is created by two factors that make it harder for low-income and other Americans with sparse document trails to take advantage of digital government. One issue is that low-income and marginalized Americans are less likely to have bank accounts, mortgages, passports, or any of the accumulation of documentation that most people can use to establish their identity and help authenticate themselves for government systems.
The second issue in closing the digital verification divide is that the use of biometrics for identity verification has been mistakenly conflated with the use of biometrics for
surveillance and law enforcement, which poses a very different set of technological and implementation challenges. A typical identity verification system might use a face-matching algorithm that does a “1 to 1” comparison between an individual’s face and a particular government-issued ID. A law enforcement application, by contrast, might use a facial recognition algorithm that does a “1 to many” comparison between an individual’s face and a database of millions of potential matches.
National Institute of Standards and Technology (NIST) testing has shown a steady reduction in the errors from the sort of face-matching algorithms used for identity verification, with the top-scoring ones performing consistently across demographics. Nevertheless, the continuing debate over the use of biometrics in situations such as surveillance and law enforcement has made policymakers reluctant to mandate biometrics for identity verification.
Closing the digital verification divide should be an important goal of policy, both for equity and efficiency reasons. Enabling government to interact digitally with all citizens in a safe way is essential to move the government into the future. Unfortunately, that progress has been slowed by challenges facing “Login.gov,” the widely-used identity proofing and authentication system originally launched by the General Services Administration (GSA) in 2017. The GSA was faced with conflicting demands: On the one hand,
guidelines issued by NIST required a physical or biometric component to achieve a high level of assurance needed by federal agencies to ensure legitimate access to restricted information or accounts requiring identity verification. On the other hand, the GSA apparently felt pressure to stay away from biometrics.
The result: the GSA ended up significantly misrepresenting the capabilities of Login.gov to the agencies using (and paying for) the system, according to a report released in March 2023 by the GSA Inspector General. GSA officials claimed that Login.gov met NIST guidelines which required a physical or biometric component. But “Login.gov has never included a physical or biometric comparison for its customer agencies,” according to the report, titled “GSA Misled Customers on Login.gov’s Compliance with Digital Identity Standards.” Along the same lines, the Treasury Inspector General for Tax Administration came out in September 2023 with a report raising concerns about Login.gov’s ability to stop the types of fraud experienced by the IRS and other government agencies — though its deployment across agencies continues to expand.
This policy brief will examine new evidence about how government agencies on the federal, state and local levels can digitize without creating or widening a digital verification divide. First, we note that the digitization of government needs to both boost efficiency and promote inclusion in order to meet its goals. Second, the success of
digitization of government requires fair treatment to all individuals who need to log on remotely to public-facing government systems. In practice, this may mean following NIST guidelines that suggest providing an alternative video chat with a “trusted referee” for anyone who chooses and is verifying remotely. Finally, we conclude that with the availability of “trusted referees” or a similar alternative channel, biometric facial verification using leading NIST-tested algorithms can provide a high level of security and strong performance, while closing the digital verification divide.
In particular, an integrated system that includes both biometric face matching and the ability to verify users via alternative channels, such as video chat or in-person, can produce better access to digital government for low-income and other Americans with sparse document trails while limiting fraud. By contrast, an approach that relies only on online records is likely to be both less secure and less inclusive
Summarizing, this policy brief identifies and names a major roadblock to digitization of government on every level, and explains how following the NIST guidelines helps overcome those obstacles. Indeed, misguided opposition to biometrics as part of a well-constructed digital verification process has been slowing down effective digitization, and widening the digital verification divide.