Playbook: Decentralized Identity for State and Local Government
Playbook: Decentralized Identity for State & Local Government
What is a Decentralized Identity Approach?
In an average year, US residents exchange information with government agencies dozens of times: renewing a driver’s license, applying for unemployment, filing taxes, or enrolling children in public school—every transaction requires the resident to prove their identity and, in many cases, verify additional personally identifiable information (PII).
The current approach to identity verification is centralized—meaning that each time a resident transacts with a government agency or public education institution, their information is verified and stored by that specific organization or a private vendor used by the organization. The resident has no way to revoke access to that data, and each transaction requires redundant, time-consuming paperwork and manual validation.
Decentralized identity solutions, also referred to as self-sovereign identity solutions, put the resident in control of their own data and make identifying information independently verifiable – eliminating the need for redundant paperwork or centralized storage of sensitive data. The individual stores their information in a digital wallet, decides how much information they share and with whom they share it. Organizations that request identification do not retain any personal information.
Centralized Identity
- Residents’ data and PII is stored in centralized government databases.
- Each interaction with the government requires redundant paperwork and weeks of back-and-forth communication.
- Manual identity verification processes are costly and highly susceptible to fraud.
Decentralized Identity
- Residents own and control their own data and PII.
- Credentials are verified instantly, can be trusted indefinitely, and are usable across government agencies.
- Verification occurs via the distributed ledger, making identity theft highly unlikely.
How Do Decentralized Identity Solutions Work?
When we’re transacting with the government, we typically need to verify two types of information: (1) identifying information issued by a government agency like social security numbers, birth certificates, etc., and (2) personal information about our employment, income, housing, or health that may change over time.
With the current approach, both types of information must be individually validated each time a resident does business with an agency.
That validated information is then stored in a database. There’s no way for residents to prove that their information has been validated by another trusted government agency.
With a decentralized approach, when a government agency issues a resident a valid credential, it’s stored securely in the resident’s digital wallet. If they need to use that information to transact with another agency, it’s verified via the public ledger or blockchain. In other words, the agency can see that the information is authentic without manually verifying or storing it.
When a resident needs to verify personal information, like income, they can submit it for verification with a single agency, after which it’s trusted and usable everywhere—but only stored in their digital wallet.
Residents can grant or revoke access to their data as needed, preventing any entity from obtaining unnecessary PII or accessing it without consent. And, because agencies no longer store vast amounts of PII, there’s little incentive for cyber attackers to hack into their systems.
Residents, meanwhile, enjoy much better experiences when interacting with government. Their identities are already verified by the distributed ledger, so they don’t have to re-submit their data every time they want to consume a new government service. Nor do they have to worry about whether each agency is maintaining a secure system or sharing data without their knowledge.
Example: Decentralized Identity in Action
Jessica wants to apply for a fishing license with the state of Maryland. Under the current process, she’d have to create a username and password on the Department of Natural Resource’s website, log in to her account, and upload a picture of her driver’s license. A Department of Natural Resources employee would manually verify her date of birth, and a copy of all the information on her license, as well as her email address and phone number, would be stored in the agency’s database.
With a decentralized solution, Jessica’s driver’s license credentials, issued by the Department of Motor Vehicles, are stored in a secure app on her phone. When she’s ready to apply for a fishing license, she uses the app to allow the Department of Natural Resources to securely validate only the credentials required for a fishing license – her date of birth and home address. The Department of Natural Resources can instantly verify the information without storing it or requiring manual checks by an employee.
Self-Sovereign Identity & Blockchain Technology
Despite widespread interest in self-sovereign identity overall, some state, local or education leaders may be wary of decentralized solutions because they’re built on distributed ledgers, the technology behind blockchain and cryptocurrencies.
In the past, organizations relied on digital ledgers, or bookkeeping entries, that were centralized, owned, and managed internally. The major shortcomings of centralized ledgers are that they represent a single point of failure and are prone to cyberattacks and fraud.
In contrast, a distributed ledger is consensually synchronized across multiple sites and accessible by multiple entities. Every change to the distributed ledger is copied to all participants in near real time, so every transaction has multiple public witnesses.
Going further, blockchain – a type of distributed ledger – is made up of an expanding list of records, called blocks, that are linked by cryptography. Each block contains a cryptographic hash of the preceding block. The result is a chain of blocks that are irreversible, because retroactively altering data in one block would alter data in all subsequent blocks.
In fact, when applied to identity management, blockchain can significantly decrease the amount of time, resources, and funds dedicated to verifying resident information and maintaining database security. Identity theft will become nearly impossible, and the privacy of residents will be protected more effectively than ever before.
Decentralized Identity Across the Globe
Hover over the icons below to learn how nations around the globe are leveraging self-sovereign identity.
Use Cases for the Public Sector
Decentralized identity can simplify and accelerate delivery of services, ensure significantly stronger protection of PII, and provide individuals with better control over and confidence in the safety of their personal data. An effective decentralized identity solution can support a broad range of government and education use cases, including:
Transportation
Driver’s licenses, vehicle registration, vehicle inspection, fines, and fees
Taxation and Finance
Tax filing, tax payments, and online payments
Public Health
Vital records management, health and nutrition assistance, childcare, and child support
Resident Services
Voter registration, government assistance, passport services, professional and recreational licenses
Business Support
Permits and licenses, inspections and certifications, funding and loans
Education
Applications and enrollment, financial aid, and credits and program completions
These real-world use cases will deliver tangible benefits to state and local agencies, educational institutions, and the constituencies they serve. Organizations and residents will be able to validate personal information in minutes, not weeks. They can verify credentials when they’re first issued, and then trust them indefinitely. Agencies and programs can be confident they’re engaging with the right person, without the need for paperwork and manual checks.
The Benefits of Decentralized Identity
For agencies, decentralized identity combines cyber protections with interoperability, portability, and control. Those capabilities equip organizations to achieve stronger cybersecurity and greater operational efficiencies when managing identities, and to deliver services to residents more effectively.
Improving Security
State and local governments are acutely aware that cyberattacks are on the rise, and that perpetrators are becoming more capable. Multiple state governments have been hacked by attackers backed by adversarial nations. Local governments and municipalities are also increasingly at risk, the Department of Homeland Security (DHS) warns. In fact, government is now the sector most targeted by hackers, accounting for 48% of all attacks, according to a detailed analysis by Microsoft.
These trends should be no surprise. Sophisticated attackers motivated by the potential for financial gain or geopolitical advantage know that agencies manage vast volumes of PII. Exfiltrating and selling that data, or holding it for ransom, has become big business.
In this context, decentralized identity is a game changer. In a decentralized approach to identity management, no unnecessary data is stored in a single, agency-managed location. As a result, resident data remains better protected. Equally significant, agencies become a less attractive target for hackers.
By untethering agencies from centrally managed resident data, decentralized identity eliminates many of the incentives for breaking into agency IT resources. It also tangibly reduces the cost, time, and effort for agencies to manage PII in on-prem databases or cloud-based data storage.
Leveraging Interoperability for Efficiency
With centralized identity, agencies can spend days or weeks processing a single application for services – anything from unemployment benefits to business licenses. A request for services from a single resident using different logins to multiple systems can’t easily be cross-referenced, requiring each application to be handled separately. As a result, agencies dedicate significant time, effort, and human resources to validating, approving, and storing the associated PII.
Decentralized identity does away with those inefficiencies. Agencies can quickly validate resident requests through distributed ledgers – reducing processing times from weeks to hours. Frontline employees are freed to focus on more strategic or value-added activities. Technical staff can manage leaner IT resources. Furthermore, by providing faster, more user-friendly identity validation, agencies can build trust in government.
Plus, the government use cases for decentralized identity are virtually limitless. From SNAP benefits to vaccine passport programs, from medical marijuana licenses to education loans, every benefits application that requires identity validation can be streamlined through decentralized identity.
Making Identification Portable
Decentralized identity also aligns with resident demands for more digitized interactions with government. Consumers have become accustomed to electronic transactions enabled by digital wallets and smartphone-enabled management of banking and other PII. Proof of identity is increasingly an electronic affair.
Agencies can leverage decentralized identity to respond to these trends and meet resident demands for better customer experiences. They no longer need to require residents to locate and provide physical documents as authenticators of identity. A state department of motor vehicles, say, could issue a digital driver’s license that appears on the driver’s smartphone. The data would be tied to a blockchain with the appropriate verification components. Any agency interacting with the user could immediately verify that the information he or she presents is accurate.
In this way, resident identification becomes portable, traveling with the resident from program to program and from agency to agency. Government gains the benefit of a single, accurate, and up-to-date view of the resident, without the need to redundantly gather, validate, and manage.
Maintaining Control Over Information
Decentralized identity gives residents control over their own identity and PII. Users prove their identity once in a distributed ledger and then specify which data can be shared with which agencies and for what purpose.
But decentralized identity also gives better information control to government organizations. Agencies get the resident data they need, when they need it. They can quickly and cost-effectively validate resident PII for specific purposes. They don’t need to maintain and protect repositories of information they don’t actually require. Organizations spend less time, effort, and budget gathering resident data, while a large portion of their data management is effectively offloaded to a distributed ledger.
Delivering Long-Term Outcomes with Decentralized ID
As public sector service providers transition to online engagement with residents, the ability for individuals to prove who they are and verify personal information is becoming more critical for accessing benefits and services.
Some state and local governments have rolled out digital drivers’ licenses and other solutions that allow residents to verify “tombstone information”—e.g. contact information, date of birth, etc. While these offer convenience, truly valuable solutions must be built for scale—and the new reality of what our digital identities encompass.
Scalability is key
When individuals transact with the government, they are often required to verify far more information than their name and date of birth. Residents applying for nutrition benefits must prove their income. Business owners must verify certifications and licenses. Landlords must validate lead paint inspections.
The information that makes up our digital identity will continue to evolve over time. Government-issued credentials that are normal today—medical marijuana licenses, vaccine cards, or TSA Pre-Check status—didn’t exist 20 years ago. The pace of change is unlikely to slow down, so it’s important that any SSI solution is built for scale and interoperability.
An opportunity for equity
Self-sovereign identity solutions not only improve security and data privacy, but—implemented correctly—can improve equity and accessibility for all residents. For individuals who need government services the most, providing proof of identity can be incredibly difficult. Roughly 11% of the population, and 25% of the minority population, has no government issued ID. Physical documents like birth certificates or social security cards require physical space and can be easily lost, damaged, or destroyed.
The siloed nature of existing identity verification processes also places an undue burden on individuals whose job, physical abilities, or lack of access to transportation make it difficult to file paperwork, travel to in-person meetings, or make calls during business hours.
Decentralized identity solutions could help eliminate the barriers to access without sacrificing the privacy or data security of the individual.
Restoring trust in government
Reports show that 80% of Americans feel that they can’t control how their data is used and collected by public institutions or private companies. With public trust in government near historic lows, it’s not surprising that residents and business owners are skeptical of digital identities managed by the government
But self-sovereign solutions are just the opposite – all data is owned and controlled by the resident. He or she can revoke access at any time. Because information is verified via public ledger, the resident can prove information without revealing the information itself—a huge shift from today’s verification protocols.
By returning data control to the resident, not the government, SSI solutions can play a pivotal role in strengthening trust in public institutions.
