President Donald Trump has rolled back digital identity provisions from a Biden administration executive order in a move that experts say could leave the U.S. less secure.
A Friday executive order amended and struck down several parts of the Biden order deemed “problematic.” Trump also added new directives on software security, post-quantum cryptography and artificial intelligence.
The cyber-focused January executive order, issued at the end of the Biden administration, included directions for new guidance on how agencies can use mobile drivers licenses — or mDLs — to verify people online.
It also included a push for the Social Security Administration to help other agencies verify people for public benefits, and for the Treasury Department pilot sending notifications to people when their information is used to get government money, giving them a chance to stop the payment if they weren’t behind the request.
A White House fact sheet stated that the new Trump executive order removed “a mandate for U.S. government issued digital IDs for illegal aliens that would have facilitated entitlement fraud and other abuse.”
But the gutted Biden policies included nothing about immigrants lacking permanent legal status. The White House didn’t provide more details on their claims.
The fact sheet also said that the Biden-era policies “[introduced] digital identity mandates that risked widespread abuse by enabling illegal immigrants to improperly access public benefits.”
Many government programs require applicants to go through digital identity verification checks in order to get benefits, although these controls are meant to ensure that someone is who they say they are. Verifying if someone is or isn’t eligible for a program is the job of the agency running a benefit, and immigrants without permanent legal status are largely not eligible for government benefits, with limited exceptions.
“Nothing in January’s EO included a mandate for the U.S. government to issue digital IDs to anybody — immigrants, or otherwise,” said Jeremy Grant, a longtime digital identity expert who now runs the Better Identity Coalition trade group.
The now-repealed digital identity section “had strong bipartisan support and was praised by cybersecurity and fraud experts,” he said.
The reversal comes even as the Trump administration, especially its Department of Government Efficiency, has put a stake in cutting government waste, fraud and abuse — something that the now-defunct Biden policies “would have supported,” Carole House, formerly a special advisor at the National Security Council and currently a senior fellow for the Atlantic Council, told Nextgov/FCW.
Identity theft is one vector for fraud. During the pandemic, for example, fraudsters siphoned off up to $135 billion from the unemployment insurance program, and identity fraud was a major contributor. One Trump official even said back in March that Login.gov, the government’s identity proofing service, is a priority for fraud prevention.
Cybersecurity and identity experts have long asked the federal government to coordinate a digital identity approach. The National Institute of Standards and Technology — charged under the Biden order with releasing guidance on the use of digital identity documents like mDLs — didn’t immediately respond to a request for comment on whether that guidance will still be released.
The recession of “lackluster digital identity provisions” makes it “more imperative than ever before that government takes a strong stance to curb digital identity fraud,” said Jordan Burris, the head public sector at digital identity vendor Socure, encouraging the administration to set up a blueprint for digital identity moving forward.
“If we don’t secure our digital identity infrastructure, we are giving the upper hand to cyber criminals and nation states to do harm,” Kemba Walden, former acting national cyber director, told Nextgov/FCW. “They exploit weaknesses in our identity infrastructure to defraud Americans and hold our critical infrastructure at risk.”
Within the government, the new edict has created uncertainty and confusion on how to approach the zero trust cybersecurity framework or counter emerging cyber threats stemming from AI, one cybersecurity expert told Nextgov/FCW. They asked not to be named, as they’re not authorized to speak on the record.
“The U.S. is at risk of falling even further behind” because of that confusion, they said. “It increases the likelihood that our citizens, government services, and industries will continue to be targeted by malicious actors.”
