

116 HR 8215 IH: Improving Digital Identity Act of 2020
U.S. House of Representatives
2020-09-11
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



I116th CONGRESS2d SessionH. R. 8215IN THE HOUSE OF REPRESENTATIVESSeptember 11, 2020Mr. Foster (for himself, Mr. Katko, Mr. Langevin, and Mr. Loudermilk) introduced the following bill; which was referred to the Committee on Oversight and Reform, and in addition to the Committees on Science, Space, and Technology, and Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concernedA BILLTo establish a governmentwide approach to improving digital identity, and for other purposes.1.Short titleThis Act may be cited as the Improving Digital Identity Act of 2020.2.FindingsCongress finds the following: (1)The lack of an easy, affordable, and reliable way for organizations, businesses, and government agencies to identify whether an individual is who they claim to be online creates an attack vector that is widely exploited by adversaries in cyberspace, and precludes many high-value transactions from being available online.(2)Incidents of identity theft and identity fraud continue to rise in the United States, where more than 164,000,000 consumer records containing personally identifiable information were breached in 2019, increasing the total number of data breaches by 17 percent from the previous year.(3)In 2019, losses resulting from identity fraud amounted to $16,900,000,000.(4)In 2019, the Director of the Treasury Department Financial Crimes Enforcement Network stated, “The abuse of personally identifiable information, and other building blocks of identity, is a key enabler behind much of the fraud and cy­ber­crime affecting our nation today.”(5)Trustworthy digital identity solutions can help under-banked and unbanked individuals better access to digital financial services through innovative delivery channels that promote financial inclusion. (6)The inadequacy of current digital identity solutions degrades security and privacy for all Americans, and next generation solutions are needed that improve both security and privacy.(7)Government entities, as authoritative issuers of identity in the United States, are uniquely positioned to deliver critical components that address deficiencies in our digital identity infrastructure and augment private sector digital identity and authentication solutions.(8)State governments are particularly well suited to play a role in enhancing digital identity solutions used by both the public and private sectors, given the role of State governments as the issuers of driver’s licenses and other identity documents commonly used today.(9)The private sector drives much of the innovation around digital identity in the United States and has an important role to play in delivering digital identity solutions.(10)The 2016 bipartisan Commission on Enhancing National Cybersecurity called for the Federal government to “create an interagency task force directed to find secure, user-friendly, privacy-centric ways in which agencies can serve as one authoritative source to validate identity attributes in the broader identity market. This action would enable government agencies and the private sector to drive significant risk out of new account openings and other high-risk, high-value online services, and it would help all citizens more easily and securely engage in transactions online.”(11)The public and private sectors should collaborate to deliver solutions that promote confidence, privacy, choice, and innovation.(12)It should be the policy of the Government to use the authorities and capabilities of the Government to enhance the security, reliability, privacy, and convenience of digital identity solutions that support and protect transactions between individuals, government entities, and businesses, and that enable Americans to prove who they are online.3.Improving digital identity task force(a)EstablishmentThere is established in the Executive Office of the President a task force to be known as the Improving Digital Identity Task Force (in this section referred to as the Task Force).(b)PurposeThe purpose of the Task Force is to establish a governmentwide effort to develop secure methods for Federal, State, and local agencies to validate identity attributes to protect the privacy and security of individuals and support reliable, interoperable digital identity verification in the public and private sectors.(c)DirectorThe Task Force shall have a Director who shall be appointed by the President.(d)MembershipThe Task Force shall include the following individuals or the designees of such individuals:(1)Federal Government membership(A)The Secretary of the Treasury.(B)The Secretary of Homeland Security.(C)The Secretary of State.(D)The Secretary of Education.(E)The Director of the Office of Management and Budget.(F)The Commissioner of the Social Security Administration.(G)The Director of the National Institute of Standards and Technology.(H)The Administrator of General Services.(I)The heads of other Federal agencies and offices who the President may designate or invite.(2)State government membershipThe Task Force shall include 5 State government officials who represent State agencies that issue identity credentials and who have knowledge of the systems used to provide such credentials. Such officials shall include the following:(A)A member appointed by the Speaker of the House of Representatives, in consultation with the Chairman of the Committee on Oversight and Reform and the Chairman of the Committee on Homeland Security of the House of Representatives.(B)A member appointed by the minority leader of the House of Representatives, in consultation with the Ranking Member of the Committee on Oversight and Reform and the Ranking Member of the Committee on Homeland Security of the House of Representatives.(C)A member appointed by the majority leader of the Senate, in consultation with the Chairman of the Committee on Homeland Security and Governmental Affairs of the Senate.(D)A member appointed by the minority leader of the Senate, in consultation with the Ranking Member of the Committee on Homeland Security and Governmental Affairs of the Senate.(E)A member appointed by the President.(3)Local government membershipThe Task Force shall include 5 local government officials who represent local agencies that issue identity credentials and who have knowledge of the systems used to provide such credentials. Such officials shall include the following:(A)A member appointed by the Speaker of the House of Representatives, in consultation with the Chairman of the Committee on Oversight and Reform and Chairman of the Committee on Homeland Security of the House of Representatives.(B)A member appointed by the minority leader of the House of Representatives, in consultation with the Chairman of the Committee on Oversight and Reform and the Chairman of the Committee on Homeland Security of the House of Representatives.(C)A member appointed by the majority leader of the Senate, in consultation with the Chairman of the Committee on Homeland Security and Governmental Affairs of the Senate.(D)A member appointed by the minority leader of the Senate, in consultation with the Ranking Member of the Committee on Homeland Security and Governmental Affairs of the Senate.(E)A member appointed by the President.(e)MeetingsThe Task Force shall convene at the call of the Director.(f)DutiesThe Task Force shall—(1)identify Federal, State, and local agencies that issue identity information or hold information related to identifying an individual;(2)assess restrictions with respect to the abilities of such agencies to verify identity information for other agencies and for nongovernmental organizations;(3)assess any necessary changes in statute, regulation, or policy to address any restrictions determined under paragraph (2);(4)recommend a standards-based architecture to enable agencies to provide services related to digital identity verification in a way that is secure, protects privacy, and is rooted in consumer consent;(5)identify funding or resources needed to support such agencies that provide digital identity verification, including a recommendation with respect to additional funding required for the grant program under section 5;(6)determine whether it would be practicable for such agencies to use a fee-based model to provide digital identity verification to private sector entities;(7)determine if any additional steps are necessary with respect to Federal, State, and local agencies to improve digital identity verification and management processes for the purpose of enhancing the security, reliability, privacy, and convenience of digital identity solutions that support and protect transactions between individuals, government entities, and businesses;(8)assess risks related to potential criminal exploitation of digital identity verification services; and(9)to the extent practicable, seek input from and collaborate with interested parties in the private sector to carry out the purpose under subsection (b).(g)RecommendationsNot later than 180 days after the date of the enactment of this Act, the Task Force shall publish a report on the activities of the Task force, including recommendations on—(1)priorities for research and development in the systems that enable digital identity verification, including how such priorities can be executed; and(2)the standards-based architecture developed pursuant to subsection (f)(4).4.Digital identity standards(a)Establishment of a standards frameworkThe Director of the National Institute of Standards and Technology (in this section referred to as the Director) shall develop a framework of standards, methodologies, procedures, and processes (in this section referred to as the Framework) as a guide for Federal, State, and local governments to follow when providing services related to digital identity verification.(b)ConsiderationIn developing the Framework, the Director shall consider—(1)methods to protect the privacy of individuals;(2)security needs; and(3)the needs of potential end-users and individuals that will use services related to digital identity verification.(c)ConsultationIn carrying out subsection (a), the Director shall consult with—(1)the Improving Digital Identity Task Force established under section 3;(2)potential end-users and individuals that will use services related to digital identity verification; and(3)experts with relevant experience in the systems that enable digital identity verification, as determined by the Director.(d)Interim publicationNot later than 240 days after the date of the enactment of this Act, the Director shall publish an interim version of the Framework. (e)Final publicationNot later than 1 year after the date of the enactment of this Act, the Director shall publish a final version of the Framework.(f)Updates to the FrameworkThe Director shall, from time to time, update the Framework, with consideration given to—(1)feedback from Federal, State, and local agencies that provide services related to digital identity verification; and(2)any technological changes to the systems that enable digital identity verification.5.Digital identity innovation grants(a)EstablishmentNot later than 18 months after the date of the enactment of this Act, the Secretary of Homeland Security (in this section referred to as the Secretary) shall award grants to States to upgrade systems that provide drivers’ licenses or other types of identity credentials to support the development of highly secure, interoperable State systems that enable digital identity verification.(b)Use of fundsA State that receives a grant under this section shall use—(1)grant funds for services related to digital identity verification using the Framework developed pursuant to section 4; and(2)not less than 10 percent of grant funds to provide services that assist individuals with obtaining identity credentials or identity verification services needed to obtain a driver’s license or State identity card.(c)Authorization of appropriationsThere is authorized to be appropriated to the Secretary such sums as may be necessary to carry out this section.6.Report and recommendation on the use of social security numbers by nongovernmental organizationsNot later than 1 year after the date of the enactment of this Act, the Comptroller General of the United States shall submit to the Committees on Ways and Means and Financial Services of the House of Representatives and the Committee on Finance of the Senate a report that includes the following:(1)An analysis of legal and regulatory requirements with respect to the collection and retention of Social Security numbers by nongovernmental organizations.(2)A recommendation on the necessity and effectiveness of any legal and regulatory requirement analyzed pursuant to paragraph (1) and the use of a form of identification other than a Social Security number.7.Security enhancements to Federal systems(a)Directives for Federal agenciesNot later than 6 months after the date of the enactment of this Act, the Secretary of Homeland Security shall issue binding operational directives to Federal agencies for purpose of implementing—(1)the guidelines published by the National Institute of Standards and Technology in Special Publication 800–63 (commonly referred to as the Digital Identity Guidelines); and(2)the memorandum of the Office of Management and Budget issued on May 21, 2019, which includes the subject Enabling Mission Delivery through Improved Identity, Credential, and Access Management.(b)Reports(1)Federal Agency reportsNot later than 1 year after the date of the enactment of this Act, the head of each Federal agency shall submit to the Secretary of Homeland Security a report on the efforts of each such Federal agency to implement the directives issued pursuant to subsection (a).(2)Report to Congress Not later than 2 years after the date of the enactment of this Act, the Secretary of Homeland Security shall submit a report summarizing the efforts from the reports submitted pursuant to paragraph (1) to the following:(A)The Committee on Homeland Security of the House of Representatives.(B)The Committee on Oversight and Reform of the House of Representatives.(C) The Committee on Homeland Security and Governmental Affairs of the Senate.8.DefinitionsFor purposes of this Act:(1)Digital identity verificationThe term digital identity verification means a process to verify the identity of an individual accessing a service online or through another electronic means. (2)Identity credentialThe term identity credential means a document or other evidence of the identity of an individual issued by a government agency that conveys the identity of the individual, including a driver’s license or passport.