United States Governments and Self Sovereign Identity
White House
-
The White House’s Future of the Internet is Available Today 2022-04-29 Indicio Tech
The Biden administration, in coordination with 60 other countries, on Thursday unveiled a “Declaration for the Future of the Internet” that “reclaims the promise of the Internet in the face of the global opportunities and challenges presented by the 21st century.” 2022-04-28
-
A Collaborative Approach to Meeting the Challenges in President Biden’s Executive Order on Improving US Cybersecurity 2021-06-14
One key aspect outlined in Section 4 of the Executive Order (EO) is securing the software supply chain. At issue here is the reality that the U.S. federal government—like nearly any other organization on the planet that uses computer technology in any form—relies on not just one but numerous types of software to process data and run operational equipment.
-
Recognizing Digital Identity as a National Issue 2021-06-14
we dove into creating a centralized and holistic approach to protecting and regulating identity in the United States and the specifics of why digital identity and cybersecurity are national issues that the private sectors simply cannot tackle on their own. Here are some of the key takeaways.
-
Industry Implications of Executive Order on Improving the Nation’s Cybersecurity 2021-06-03
President Biden’s recent issuance of the highly anticipated Executive Order on Improving the Nation’s Cybersecurity (EO or Order), in the midst of high-profile cyber-attacks on the Nation, brought new challenges to organizations looking to secure their cyber defenses. In this multipart podcast series, Wiley’s Government Contracts, Telecom, Media & Technology (TMT), and Privacy, Cyber & Data Governance attorneys provide a high-level overview of the Order.
-
Zero Trust Architecture in the White House Executive Order on Cybersecurity 2021-05-14 Adrian Gropper
Please read Section 3 in the EO […] It may be time for us to explain Zero-Trust Architecture relationship to VCs and DIDs. My not-so-hidden agenda includes priority for considering authorization and delegation in our protocol work but our diverse community of security experts will surely make this a much broader discussion.
-
Executive order on Improving the Nations Cybersecurity 2021-05-12
Sec. 3. Modernizing Federal Government Cybersecurity.
(a) To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties. The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.
-
ACE Selects Four Blockchain Innovation Challenge Winners to Expand Economic Opportunity to Underserved Learners 2021-02-11
The Lifelong Learner Project, Powered by Teachers, to develop a digital wallet in which teachers can store and access their credentials, certifications, and learning resources and securely share these verifiable credentials with entities such as state licensing systems, human resources departments, and learning management systems. The project is led by RANDA Solutions, in partnership with the Utah State Board of Education, ETS, Digital Promise, University Instructors, University of Colorado, Colorado Springs, Blockframe, Fluree, Evernym, Velocity Network Foundation, IDRamp, PhilosBDL, UPD Consulting, IATC, Credential Engine, and IMS Global.
USCIS - Digital Immigration Credentials
-
USCIS make public announcement about their plants to use Verifiable Credentials for Immigration credentials 2022-09-07 Jeremy Grant
Very interesting #FedID presentation on @USCIS plans for digital immigration credentials. Looking to use the @w3c Verifiable Credentials standard - this may be the first use of VCs at scale in the US government.
-
Great to see USCIS speaking publicly at the the #FedID Conference last week 2022-10
(https://lnkd.in/eWSc3RYA) about how digital immigration credentials using W3C Verifiable Credentials and W3C Decentralized Identifiers are a critical part of their ongoing work on digitizing the U.S. Citizenship and Immigration processes!
-
US Digital Immigration Credentials Overview 2022-12-13
USCIS Presentation at the 2022 Fed ID Conference on Using W3C VCs and W3C DIDs for Digital Immigration Credentials
Healthcare
-
“Member as API” - The Interoperability and Patient Access final rule and Verifiable Credentials 2021-07-26 PocketCred
The Interoperability and Patient Access final rule (CMS-9115-F) delivers on the government’s promise to put patients first, giving them access to their health information when they need it most and in a way they can best use it. As part of the MyHealthEData initiative, this final rule is focused on driving interoperability and patient access to health information by liberating patient data using CMS authority to regulate Medicare Advantage (MA), Medicaid, CHIP, and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs).
Digital Identity
-
The Missing Ingredient for Globally Compatible ESG Data Collation and Reporting? Standardized Digital Entity Identification 2022-01-27 GLEIF
Research conducted by GLEIF and the Data Foundation, indicates that the U.S. federal government alone uses 50 distinct and incompatible entity identification systems. When this fragmentation is amplified, taking into account the volume of different identifiers globally, it is easy to understand the challenges.
-
US Lawmakers Ask Government to Deliver Better Digital Identity Framework 2021-07-07 FindBiometrics
witnesses should weigh any risks of voice and facial recognition software, which has historically exhibited bias against women and people of color, versus the potential benefits. This hearing will also discuss the future of digital identity frameworks, interoperability requirements and standards, and how the emerging technologies such as AI and distributed ledger technology could contribute to building a secure and effective digital ID.
-
Foster Introduces Bipartisan Digital Identity Legislation 2020-08-11
- Establish a task force made up of key federal agencies and state representatives.
- Direct NIST to create a new framework of standards to guide agencies in implementing identity systems.
- Establish a grant program within the DHS to support states in upgrading.
Department of Education
-
US Education Department promotes putting student records on blockchain 2021-02-23 Cointelegraph
The COVID-19 pandemic has exposed flaws across various sectors. As a result, a number of government departments are evaluating blockchain-based systems as possible solutions for challenges involving multiparty workflows, record-keeping, transparency and more.
For example, the United States Department of Education recently provided funding for the launch of the “Education Blockchain Initiative.” Referred to as the EBI, this project is led by the American Council on Education — an organization that helps the higher education community shape effective public policy — and is designed to identify ways that blockchain can improve data flow between academic institutions and potential employers.
-
CONNECTED IMPACT Unlocking Education and Workforce Opportunity Through Blockchain 2020-06 ACE
This report is the first phase of the Education Blockchain Initiative, funded by the U.S. Department of Education and managed by the American Council on Education (ACE). It summarizes an intensive research project to better understand the application of blockchain, a form of distributed ledger technology, to education. Its content is intended to inform policymakers, technology developers, education practitioners, and workforce entities about the state of and potential of interoperable digital credentials anchored on blockchains. This report also provides guidance to these stakeholders on the effective implementation of blockchain-based digital credentials infrastructure.
Personal Data Privacy
-
2 Signs the US is Getting Tougher on Data Privacy Regulation 2022-09 Anonyme
I know almost everyone can probably find something that they wished were different in the bill [ADPPA]. On the other hand, I do think we have a band-aid for the American people who are just fed up with the lack of privacy online
-
What is the American Data Privacy and Protection Act? 2022-06-20 IdentityReview
If a business has had an annual revenue less than “$41 million, did not collect or process the data of more than 100,000 individuals, and did not derive more than 50% of revenue from transferring personal information” in the last three years, they are not considered a covered entity in this bill.
-
Kids PRIVCY ACT 2022-01-10 Me2BA
We’re proud to support a bill that will:
- Strengthen the legal protections afforded to children under COPPA, and extend COPPA protections to adolescents ages 13 to 17, who have long gone without privacy protections online, while creating new rights for families.
- Prohibit surveillance advertising and other harmful uses of data on all digital services likely to be accessed by children, rather than limiting protection to ineffectual notice and consent on “child-directed sites.”
-
75% of Americans Want National Data Privacy Standards 2021-11-03 Anonyme
The clear majority of adults surveyed want national standards around how companies collect, process and share personal data to help protect users’ privacy and security online. Seven in 10 people agree with the federal government treating personal data security as a national security issue and investing in cybersecurity.
-
The US Data Privacy Law “Floor”: What Deserves Basic Protections? 2021-10 Anonyome
The New York Times recently did a deep dive into the United States’ lack of a national data privacy law
- Data collection and sharing rights
- Opt-in consent
- Data minimization
- Non-discrimination and no data use discrimination
-
A US National Privacy Law Looks More Likely Than Ever 2021-04
-
Consumer Online Privacy Rights Act (COPRA) (Democrats)
Sponsored in November 2019 by Democratic Senator Maria Cantwell of Washington, this bill is considered by some to be “GDPR-esque” and more consumer than business friendly.
-
Setting an American Framework to Ensure Data Access, Transparency and Accountable Ability Act (SAFE DATA Act)) (GOP)
Combining three previous bills, the SAFE DATA Act is considered by some as more “business friendly”.
-
Information Transparency and Personal Data Control Act –
Re-introduced by Congresswoman Suzan DelBene (WA-01) for the fourth time (the latest on March 10, 2021), this bill “… protects personal information including data relating to financial, health, genetic, biometric, geolocation, sexual orientation, citizenship and immigration status, Social Security Numbers, and religious beliefs. It also keeps information about children under 13 years of age safe. ”Beyond this it requires businesses to write their privacy policies in simple language.“
-
Consumer Online Privacy Rights Act (COPRA) (Democrats)
-
Self-sovereign identity in the context of data protection and privacy 2020-11 YourStory
SSI Explainer + Comparison with Personal Data Protection Bill, 2019.
From a techno-legal perspective, data protection regimes like PDPB and GDPR regulate the processing of personal data—which has a broad and evolving definition. An authoritative paper on the subject classifies SSI data components into four categories — DIDs, credentials, revocation of credentials and hashes (relating to the first three).
FTC
-
FTC proposed consent order prohibits perpetual retention of personal information 2023-03-26
We had previously written about an FTC proposed consent order that would prohibit a company from perpetual retention of personal health information. On March 2, 2023, the FTC announced a complaint and proposed consent with BetterHelp, Inc. that would prohibit the company from perpetual retention of personal information—a broader category. Also unlike the previous matter, the FTC did not cite to the health breach notification requirements, but instead included claims only under Section 5 of the FTC Act. Under the proposed consent, BetterHelp would pay $7.8 million, which the FTC may use for consumer redress.
-
FTC weighs new rules to protect Americans’ personal data 2022-08-11 Guardian
The FTC is issuing an advanced notice of proposed rule-making to address commercial surveillance, the “business of collecting, analyzing, and profiting from information about people”. […] The public can offer input on the FTC notice and the commission will hold a virtual public forum on 8 September.
-
FTC announces Ed Tech prohibited from common data collection and monetization 2022-05-26 Me2BA
Specifically, the FTC will be more closely monitoring all companies covered by the Children’s Online Privacy Protection Act of 1998 (COPPA), with particular attention to ed tech, to ensure that children have access to educational tools without being subject to surveillance capitalism.
-
Senate Asks FTC to Investigate ID.me for Deceptive Business Practices 2022-05-20 FindBiometrics
The Senators’ complaints stem from comments that ID.me and CEO Blake Hall made about the nature of its facial recognition system. More specifically, they call attention to statements and a blog post in which Hall claimed that his company only performs one-to-one matching to compare a new selfie to an image on a photo ID during the identity verification process. One-to-one matching is considered to be both more accurate and more secure than alternative one-to-many solutions, since the user’s image is never cross-referenced against a larger database.
-
FTC on Commercial Surveillance and Data Security Rulemaking 2022-02-08 IdentityWoman
There is a very real risk that because two companies control the mobile handset operating systems – Apple and Google – the will work to limit access to the APIs within the phone preventing any wallets created by other companies working well.
This doesn’t have to happen and the risk of it happening will be reduced if the FTC gets involved to ensure a level playing field for wallet makers – and ensuring consumers will have a choice of who they trust with the sensitive data about who they transact with across the digital world. Thank you.
-
We Applaud the Confirmation of New FTC Commissioner, Alvaro Bedoya 2022-05-13 Me2Ba
Bedoya’s research has shined a light on digital surveillance and its impact on people of color, immigrants, and the working class. He founded the Center on Privacy & Technology at Georgetown Law to focus on the importance of consumer privacy rights.
-
FTC’s Shot Across the Bow: Purpose and Use Restrictions Could Frame The Future of Personal Data Management 2021-11-03 Identity Praxis
So that there is no uncertainty or doubt, however, Duball4 reports that, while consumer privacy is a chief concern for the commission, it is not the primary concern to the exclusion of other concerns. The commission is also worried about algorithmic bias and “dark patterns” practices.
Crypto
-
Executive Order on Ensuring Responsible Development of Digital Assets 2022-03-09 White House - President Biden
We must promote access to safe and affordable financial services. Many Americans are underbanked and the costs of cross-border money transfers and payments are high. The United States has a strong interest in promoting responsible innovation that expands equitable access to financial services, particularly for those Americans underserved by the traditional banking system, including by making investments and domestic and cross-border funds transfers and payments cheaper, faster, and safer, and by promoting greater and more cost-efficient access to financial products and services. The United States also has an interest in ensuring that the benefits of financial innovation are enjoyed equitably by all Americans and that any disparate impacts of financial innovation are mitigated.
-
The Infrastructure Bill and What it Holds for Crypto 2021-08-30 SelfKey Foundation
Reports state that an amendment to the bill is unlikely when it is discussed during the autumn session. Moreover, the treasury has reportedly said it would provide clarifying guidance after the bill is passed to allow exemptions to firms that do not actually operate as brokers. The reported clarification from the Treasury is potentially a welcome sign that would improve the morale of the crypto community regarding the proposed bill.
-
New Directions for Government in the Second Era of the Digital Age 2021-02-05 Kuppinger Cole
The Blockchain Research Institute™, in collaboration with the Washington DC based Chamber of Digital Commerce and other experts have produced a 120-page report on how the Biden-Harris administration could reimagine US technology strategy and policy—and take action to implement it.
FATF
-
Three Key Takeaways from the FATF’s Latest 12-Month Review on Virtual assets 2021-07-05 Elliptic
Financial Action Task Force (FATF), the global standard-setter for anti-money laundering and countering the financing of terrorism (AML/CFT), released its second 12-month review on virtual assets (You can read our summary of its first report from July 2020 report here).
-
What Are the Six Key Areas of the FATF Consultation? 2021-04-16 Elliptic
On March 19th, Paris-based Financial Action Task Force (FATF), the global standard-setting body for anti-money laundering and counter-terrorism finance (AML/CFT), released its Draft Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers. Or, in compliance acronym speak the FATF’s draft guidance for its RBA to VAs and VASPs.
-
FATF and Global Crytpto Regulatory News 2021-03-03
The Financial Action Task Force (FATF) held its winter Plenary session on 22nd, 24th, and 25th February and welcomed over 205 delegates to its third virtual conference since the start of the pandemic.
-
DeFi regulation must not kill the values behind decentralization 2021-08-22 Cointelegraph
Financial Action Task Force (FATF) recently proposed guidelines making it clear that “The owner/operator(s) of the DApp likely fall under the definition of a VASP [virtual asset service provider] […] even if other parties play a role in the service or portions of the process are automated.
-
State of Crypto: FATF’s New Guidance Takes Aim at DeFi 2021-03-30 Coindesk
FATF’s new draft guidance, published on March 19, now draws a distinction between fungible tokens and non-fungible tokens (NFTs), adds descriptors for decentralized exchanges and decentralized finance (DeFi) and specifies who might be held liable for enforcing KYC requirements for DeFi platforms, according to my colleague Ian Allison:
IRS
-
ID.me and the future of biometric zero trust architecture 2022-04 Mike Vesey, IDRamp
By combining verifiable digital credentials, which can be stored on a person’s mobile device, with biometric assurance, only the person who actually owns the device can use the credentials to prove their identity.
-
THE IRS AND ID.ME: PRIVACY OPTIONAL 2022-02-15 Trust Over IP
While it is not clear why the IRS would relinquish this extremely sensitive capability in its entirety to a single, private-sector entity using a proprietary solution, there are clues
-
Rough Seas Ahead People 2022-01 MoxyTongue
from the man who invented the term Self-Sovereign Idenitty, ID.me and the IRS.
Humanity does not come into existence inside a database. The American Government does not come into authority “of, by, for” database entries.
People prove birth certificates, birth certificates do not prove people.
-
IRS Using Facial Scanning 2022-01 Phil Windley
The IRS will use ID.me’s authentication and identity proofing service exclusively starting sometime this summer. The identity proofing portion employs facial scanning by a third party, causing some concern.
-
IRS Will Soon Require Selfies for Online Access 2022-01 Krebs on Security
If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me
US Patent and Trademarks (USPTO)
-
USPTO: CIO Jamie Holcombe 2021-01-04 Spreaker
CIO Jamie Holcombe says identity verification with blockchain might be in the future for USPTO and talks about navigating changes in policy & law when considering a distributed ledger to store patents & trademarks. Among the interesting questions: do we start with patent #1 (applicant: George Washington)?
States
California
New York
-
Excelsior Pass Plus to be recognized out of state, internationally WGRZ
Excelsior Pass Plus will be compatible with the globally recognized SMART Health Cards Framework developed by VCI. VCI is a coalition of 570 public and private organizations including major health networks and Microsoft.
Austin, TX
-
City of Austin dabbling in SSI 2020-03
Many folks within the identity space see VC infrastructure as the future of identification. If much of our online identity is reputation based, then VCs represent a formal method for linking reputations and vouching for others to form a web of trust within which individuals are able to conduct identity transactions in a less centralized way.
Illinois
- illinoisblockchain.tech
-
Illinois Partners with Evernym to Launch Birth Registration Pilot
August 31, 2017 (Chicago/Salt Lake City) — Today the Illinois Blockchain Initiative announced its partnership with self-sovereign identity solutions leader Evernym, leveraging distributed ledger technology to provide secure digital identity solutions. The concept will augment work from the W3C’s Verifiable Claims Task Force and use the Sovrin Foundation’s distributed identity ledger to create a secure, “self-sovereign” identity for Illinois citizens during the birth registration process.
Wyoming
-
Principal Authority 2021-09-15 Blockchain Commons
Principal Authority focuses not just on a single person’s authority to act digitally, but also on their ability to delegate to and require duties from other entities. In other words, these peer-to-peer relationships works within the context of a state who recognizes the concept of Principal Authority. Thus the use of Principal Authority to empower Self-Sovereign Identity provides a legal foothold for many of the original 10 #SSI principles. It also suggests five additional duties that are generally defined under the Laws of Agency to be due from agents to Principals.
- 2020 Select Committee on Blockchain, Financial Technology and Digital Innovation Technology - Click on 11/2/2020 meeting details, and find the discussion on Disclosure of private cryptographic keys @ 9:30 am.
In the morning session I shared about establishing a legal template for DAOs using Wyoming LLCs, but the real interesting discussions for me was on a legal definition for Digital Identity & Self-Sovereign Identity #SSI that started at the 2h39m mark: https://t.co/rdv9eih5tP
— Christopher Allen (@ChristopherA) September 23, 2020
Utah
-
January Walker (UT04) on the Future of Self-Sovereign Identity 2022-09-03 Web3 Domains
There are so many things that build into your identity and you’ll take all this information and it’ll be issued to you through a decentralized ID. These wallets will have layers of protection that protect your information, like your Social Security number or your birth certificate, or your marriage license. You’ll have this extra layer of protection when you need to prove your identity, and this could apply to a passport as well.
-
Utah State Legislature Passes Facial Recognition Bill 2021-03-05
The Utah bill, on the other hand, allows public agencies to use facial recognition as long as certain guidelines are followed. Most notably, law enforcement officers must submit a written request before performing a facial recognition search, and must be able to provide a valid reason for doing so.