美国数字身份的发展:更好的身份联盟发布有关改善美国数字身份的报告

On July 19, 2018, The 贝特r 身分识别 Coalition, an organization focused on developing better solutions for identity verification and authentication, published the "贝特r 身分识别 in America: A Blueprint for Policymakers" (“报告”)。该报告概述了用于改善数字身份解决方案的隐私和安全性的全面政策议程。

根据该报告,2017年由于身份欺诈在美国损失了168亿美元,同年数据泄露数量增加了44.7%。暴露了近1.79亿条包含个人信息的记录,这说明当前的身份识别系统不足。该报告提出了一系列共识性,跨行业,与技术无关的政策建议(“政策蓝图”) to 地址 existing inadequacies and to improve digital identity in America. Specifically, the 政策蓝图 outlines the following five key initiatives and corresponding action plan to achieve better security and privacy in identity systems and a more convenient and confident consumer market.

1.优先开发下一代远程身份证明和验证系统

各国政府应优先开发下一代远程识别校对和验证系统。由于美国没有正式的国家身分识别系统,因此私营部门已通过创建解决方案来做出回应,例如基于知识的验证,该解决方案依赖于主体回答安全性问题以验证其身份的能力。但是,近年来越来越多的数据泄露和身份欺诈暴露了私有开发系统的弱点。

报告认为,政府在领导身份识别系统现代化方面处于独特地位。社会保障局和州政府-后者已经颁发了驾驶执照和身份证,应提供新的数字服务来验证属性。为了为该计划提供资金,报告建议联邦政府设立为期五年,每年2亿美元的联邦赠款,以支持各州制定持续投资的前瞻性投资策略。&D and 事件ual migration to digital identity systems. In addition, governments should encourage the active partnership between public and the private sectors by 地址ing barriers that inhibit private sector entities from innovating around identity and creating incentives that promote innovation.

2.更改美国人使用社会安全号码(“ SSN”)的方式

The 报告 argues that both public and private sectors should stop using the SSN as an authenticator and reduce its use as an identifier wherever feasible. After years of massive data breaches and millions of SSNs thefts, its value as an authenticator or identifier is largely diminished. Many members of the 贝特r 身分识别 Coalition also believe that using SSN beyond government-mandated applications has become a risk for companies. In response to this recommendation, the 报告 argues that Congress and/or the Administration should launch a task force to review and amend existing laws and regulations that require companies to collect and retain SSN. Government and industry alike need to move away from existing common practice of using the SSN as an authentication factor and migrate to alternative solutions that can more securely authenticate consumers. To ensure the government can lead the way in the movement away from SSN, the 报告 urges that the President should issue an Executive Order, first banning agencies from using the SSN as an authenticator. In Canada, individuals are usually under no obligation to provide the Social Insurance Number (SIN) to any private-sector organizations other than some that collect the SIN for income reporting purposes. 

3.促进并优先使用强身份验证

联邦政府应继续进行中的工作,以促进金融服务,医疗保健,政府和消费者应用等部门的强力认证。强身份验证是一种身份验证方法,其安全系统足够严格,可以承受可能遇到的任何攻击。为了补充现有计划,政府应现代化法规以管理数字身份验证平台,并减少采用创新安全系统的障碍。报告特别指出,有关隐私和安全的新法规的撰写不应过于广泛,以至于它们可能会阻止使用有前途的技术进行基于风险的身份验证。

4.追求身份标准的国际协调和统一

The 报告 provides that the U.S. should coordinate with international partners to align global efforts in developing better identity solutions. This multilateral effort is especially important in the financial services industry, which hosts a substantial number of cross-border activities and require reliable identity authentication to 地址 special requirements for managing risks associated with Customer Identification Program requirements of the Bank Secrecy Act, as well as related Know your Customer and Anti-Money Laundering rules currently in place in the U.S. market. For example, the U.S. government should develop a plan to engage EU’s eIDAS office and Financial Action Task Force (FATF) to harmonize international account openings.

5. Educate consumers and businesses 关于 better digital identity solutions

该报告鼓励各国政府与业界合作,对消费者和企业进行有关身份保护和验证的现代方法和最佳实践的教育。具体而言,该报告举例说明了国家网络安全联盟(NCSA)作为潜在合作伙伴的情况,因为NCSA在推动公私合作伙伴关系教育公众网络安全方面已有良好记录。

对加拿大的影响

随着数字身份这一主题日益引起全球关注,许多国家的组织已经发布了有关该主题的白皮书。美国的做法在许多方面反映了加拿大在数字身份方面的发展。最近 白皮书 关于加拿大数字身份的问题还鼓励各国政府在开发数字身份系统的基础架构中发挥领导作用。尽管加拿大和美国之间的隐私制度存在显着差异,但是隐私和网络安全一直是开发两国更好的数字身份系统的首要问题。这两套建议的结果是,随着数字身份的发展,金融服务和银行业可能成为影响最大和相关性最强的行业之一。此外,这些建议还建议,政府和企业之间的国际协调与合作对于有效保护和认证个人身份很有必要。

在加拿大,保护隐私立法的原则旨在保护个人控制个人信息的自主权。但是,人们正在评估个人应如何以及在何种程度上控制如何使用其个人信息。在加拿大,更广泛的背景是由创新部长纳维普·贝恩斯阁下发起的最近宣布的全国数字和数据转换磋商。鉴于指数技术的迅速兴起,这些磋商旨在告知加拿大关于数据的立场。看我们的 博客 post 有关加拿大国家网络安全战略的更多信息。 McCarthyTétrault在促进与加拿大企业的这些磋商中发挥着关键作用。

For more information 关于 our firm’s 金融科技 expertise, please see our 金融科技集团的 页。

s

订阅

保持联系

Get the latest posts from this 博客

Please enter a valid 电子邮件 地址