Homeland Security officials this year will test the extent to which software can verify the authenticity of an identification document based on just a smartphone photo and then correctly match an individual in a “selfie” to the photo ID.
The Department of Homeland Security’s “Remote Identity Validation Technology Demonstration” holds potentially crucial ramifications for agencies who are increasingly making public services and benefits available online using digital identity tools, while also responding to the fallout from tens of billions of dollars in COVID-related fraud.
“One of the questions here is, how well do these technologies work? Are they appropriate for government services?” Arun Vemury, director of the Biometric and Identity Technology Center at DHS S&T, told reporters during a recent press conference. “How much risk are we accepting by adopting these types of technologies?”
While agencies and private firms alike have increasingly allowed individuals to submit identity information line, especially after the pandemic, “there is little independent or objective data characterizing the performance and fairness” of the underlying technologies, according to DHS S&T.
The digital identity demonstration is the major focus for the Biometric and Identity Technology Center this year. It has held several “biometric rallies” in recent years focused on the performance of facial recognition technologies in places like airport settings.
This year’s tests, meanwhile, will be the first focused on remote technologies.
“We’re really going to be establishing this baseline of performance across the industry and going back and sharing that,” Yevgeniy Sirotin, a senior scientists at the Biometric and Identity Technology Center, said at the press conference. “We’ll be interested to see how well they improve over time, much like we did with the early rallies.”
The first track of the demonstration will focus on “document authentication.” The cutoff date for applications was Feb. 15.
The tests will focus on whether the participating vendors can correctly differentiate between a real ID and a fake one based on just a photo taken by a smartphone. Vemury said the tests will involve real IDs from volunteers, as well as more than 1,000 fraudulent documents.
“How well can you really tell from a white light photo of a driver’s license, whether it’s a real document or not, considering so many security features are in the [ultraviolet] or [infrared]? Is there enough information there to really actually tell that it’s real?” he said.
The second track will test the ability of different software to correctly match the photo of an ID to an individual’s selfie. Applications for track two are due in mid-May.
“If you go to a bar, if you’re buying cigarettes, or buying beer or whatever, this is the thing that the human being does,” Vemury said.
A third track of the demonstration will test whether software can detect a sham selfie being used to potentially trick the identification system. Applications for that track are due in September.
“This is where someone might try to have a photo of a photo, a photo of an iPad screen, someone wearing a mask,” Vemury said. “How well do these solutions actually tell that that really isn’t the human being, that’s somebody else or isn’t really the person who they’re portraying to be.”
Fraud and fairness
The DHS tests are coming together as the Biden administration pushes a $1.6 billion pandemic fraud proposal, including $600 million to help federal agencies and states invest in better anti-fraud and identity theft tools.
During his State of the Union address in February, President Joe Biden made calls to “crack down on identity fraud by criminal syndicates stealing billions of dollars from the American people.”
Meanwhile, federal IT leaders say it’s a “critical moment” for them in teaming up with agency chief financial officers and other organizations to learn lessons from pandemic-related fraud and secure systems for the future.
For the remote ID validation tests, DHS S&T is partnering with the Transportation Security Administration, the Homeland Security Investigations Forensics Laboratory, and the National Institute of Standards and Technology . The latter agency is instrumental in setting the underlying standards for digital identity technologies.
The results of the tests will be shared “within the government and with participating companies,” DHS S&T said. The results will also be shared publicly, but the performance of individual companies will be kept anonymous.
And Vemury said the demonstration is about more than reducing fraud. The tests will also evaluate whether the technologies maintain “fair access to services” as they become more ubiquitous and widely used by a range of government organizations.
“We also want to make sure that we understand how well people who are legitimate users can actually use these systems to gain the benefits they’re seeking,” Vemury said. “We need to make sure that these services are also available for legitimate users.”