76 Digital identity and services delivery
Civic Tech Chat | 2022-05-26 | 48:52
We are joined by Jordan Burris (https://twitter.com/JordansRules), Senior Director of Public Sector Product Market Strategy at Socure(https://www.socure.com/) and former Chief of Staff at the US Office of Management and Budget to talk about digital identity and the impact it can have on the delivery of public services.<br><br>Resources and Shoutouts:<br>- https://podcasts.apple.com/us/podcast/public-sector-future/id1552507257
Top Keywords
- identity 0.012
- fraud 0.007
- particular 0.006
- ultimately 0.006
- government 0.005
- digital 0.005
- folks 0.005
- digital identity 0.005
- services 0.004
- order 0.004
- number 0.004
- associated 0.004
Transcript
Speaker 0
0:00 – 0:54
Hello. I'm Ryan Cook, and this is Civic Tech Chat, a show that looks at the way technology, politics, and policy impacts the world around us. The tools we use, the way services are delivered, and how we talk about and set policy all shape our society. We'll gather around and have a chat about these things together and more. Before we get started, I do wanna let you all know that we've started a Discord for the podcast. There will be a link with an invite down in the episode description. Do feel free to go check that out. It's a small community right now, but hoping to grow it. It's a great way to reach out to me and let me know things that you might want us to cover or to just hang out and talk about Civic Tech. Anyway, let's go ahead and start the show. Jordan, thank you so much for joining us here on Civic Tech Chat. Could you introduce yourself and tell us a bit about what you do?
Speaker 1
0:55 – 1:47
Yeah. Thanks for having me, Ryan. So I'm Jordan Burris. I'm a senior director for product market strategy, for public sector at Secure. And, really, you know, my my role there is to help, I would say, evangelize a lot of the concepts related to, identity verification, identity overall. I translate there really into insights for for government agencies. You know, previous I worked in the digital trust arena for a little over a decade now at this point. And and prior to joining SoCare, I actually served in the, White House Office of Management and Budget and the Office of the Federal CIO as chief of staff working on all things IT, cybersecurity, and even funding, which was absolutely fun. And so, I mean, really, for for me, you know, the opportunity here at Secur is really to talk about what can be done, you know, better to align government practices with, what is emerging out of, industry.
Speaker 0
1:48 – 1:54
Jordan, what would you say is your personal why, that thing that drives you to get out of bed each morning and do what you do?
Speaker 1
1:55 – 4:27
Yeah. For me, it's it's really about public service, you know, ultimately. One one thing I often remark, and maybe some of my team might, might be getting tired said is that, you know, public servants and those who, you know, join, civil service, they they they swear an oath. They, you know, they swear they raise their hand, they swear an oath, you know, to defend the constitution. And, really, for a moment in time, they do everything within their power to try to do, what is best, for the American public. Right? And it's, you know, kind of a duty that they've all taken on. Today, in my work, it's really about continuing really what is that that career arc and and, you know, continuing that journey, for doing what I can to make government services more secure and accessible, for different demographics and and YouTube populations. You know? Ultimately, my goal is to, work in this arena and try to do, what I can to make, you know, things a better place for my daughters, and and their future families. You know? And a lot of it comes down to how we have approached, identity historically, you know, some of the issues and challenges associated with that, opportunities that there are for advancing and changing, in particular. And, you know, one one thing I I learned early on in my career, and it's kind of been thematic, is that identity really serves as kind of the the crux or, foundation of everything that we end up doing, nowadays, whether you're considering physical, interactions or even, those that are those that are digital. And, you know, I saw some of the impacts associated with happens when you get that wrong, and and really that had served as a motivator for to say that, hey. We can't let those who are victims of identity theft be continued to left out to, you know, figure things out for themselves. There has to be a way in which we can try to address this up front. There has to be a way in which we're not unnecessarily blocking folks from access, to to services. And so, you know, it it's it's really about finding the way to bring, again, that best of breed innovation, and what really is a lot of work that's been done, across the industry over to support government, in in in what they're doing today. And I'm fortunate to be joined by a number of individuals in my, EdSecure who have bought into our mission. Right? And in our mission overall, I'd say to verify a 100% of identities, in real time and completely eliminate identity fraud for every applicant on the Internet. Now it sounds audacious, but it's something that everyone, kinda rallies behind within the the company, and it's, you know, something we're we're we're dead set on helping our governments
Speaker 0
4:27 – 4:36
solve. Are there any pieces of media, whether we're talking to podcast, book, video, some other such thing that you'd recommend to folks that are here listening?
Speaker 1
4:37 – 5:45
Yeah. Within the last year, I came across, a podcast, Public Sector Future. It was a little ironic, for me because it came from it actually was, I think, one put on by Microsoft in particular, but it takes a different lens to some of the other ones. And it's very much very much like this particular podcast. It's it's really talking about, you know, what is being done, what challenges are being solved, as it relates to digital services to public sector in particular, but it takes it from the lens of, international, international governments. And and and it you hear the voices of public servants or former public servants, who, you know, were there serving their countries in particular. And so, for me, what it does is it helps kinda orient that, you know, a lot of the problems, challenges that, you know, we're discussing here within The US are not necessarily unique to The US. And in some cases, there's a lot of good creative thought, that have gone into solving those challenges. So maybe there's lessons learned that we can bring into, what would be the The US's approach, and then other things that we should just consider broadly, you know, as, the the the work continues to evolve.
Speaker 0
5:46 – 6:02
As you've mentioned, I think, you talked about this a bit in your personal why. You're the a leader in organization that has a focus on identity, particularly in in the digital space. For folks that are maybe hopping into this topic for the first time, can you describe a bit about what we're talking about when we use that term?
Speaker 1
6:03 – 7:30
Yeah. Absolutely. So, digital identity is the representation of who you are, your persona, if you will, when operating online. Right? We're we're very much accustomed to what would be kind of that that in person interaction, that that handshake. At one point in time, many, many, many years ago, it used to be that, you know, your identity was surrounded by those who knew you in your community. Right? Whether or not your your, you know, your neighbor, knew your family who knew you, etcetera. And that's just continued to evolve. So when we're talking about identity and digital identity in that context, you know, a lot a lot has changed and and really is everyone has their own, I'm gonna say, breadcrumbs, that they they leave behind at their digital footprint, if they will, whenever they're accessing technology or they're using services online. And digital identity really represent kind of the the amalgamation or the the consolidation of all those pieces to to really represent, how you are uniquely different from others who may be, you know, transacting on the Internet. And and, you know, it was an important discussion because when I can't necessarily see you, and I understand that there's a lot that goes on the daily video chats in particular, but, you know, you have no way of confirming that, you know, you are really Ryan or I'm really Jordan, behind the computer other than what we may assert or tell you, outwardly. Right? And so, you know, the practices and the work that goes into verification help that assurance, if you will, that someone is who they are claiming to be ultimately.
Speaker 0
7:31 – 7:57
Whether we're talking about Ohio with its OHID program, Illinois with their digital ID program, that, as far as I can tell, didn't have a, a a a name that was like a an acronym from the state like that, or others. There's, plenty of states are trying to work on improving the way that identity interacts with government services using digital technologies. In your experience, how can the implementation of programs like that have an impact on those services?
Speaker 1
7:58 – 9:49
Yeah. And so there, I mean, there are a number of states, organizations, and companies, right, that are just advancing kinda how they've approached digital identity. I I would say that, you know, it it really comes down to kinda what happens if done right, what happens if done wrong. Right? But if done right, you you have a what would be a seamless, frictionless experience for the end user. You know, they're able to easily get access to whatever it is that they're they're wanting to to do. If done wrong, you have folks that are effectively locked out of the the system. There were a number of reports, like, over the pandemic where individuals, you know, were unable to get access to benefits in particular because it could not prove who they were online. That came from a number of factors associated with it. Right? Much attributed to some of the legacy ways in which we've approached identity, verification and, you know, how that's just evolved historically. And in those cases, like, folks had to hire lawyers to come in and basically help vouch for for who they are. Right? And it's because it wasn't good enough to try to provide some of those in person, or have that in person handshake, if you will, anymore. Right? And when we when we hit the pandemic, a lot of folks were doing things remotely. A lot of things were doing things in different different locations. And so, it it's important. Digital identity programs are are those that are really helping to augment what would be that user experience or customer journey would be important, for enabling, really, what is that access and and understanding that as we continue to move towards what would be a, digitally backed economy, that, you know, it it's paramount that, you know, folks are able to engage and transact, on via online channels the same way that they would, as if they were in person, showing up at a bank, showing up at their local grocery store, etcetera.
Speaker 0
9:50 – 10:06
Is this true? You you mentioned the the pandemic and its effect on, like, the needs people have for those sorts of interactions. Do you think this kind of pandemic world we've been in has added urgency for for states to try to put investment into the development of, programs like these?
Speaker 1
10:06 – 11:29
Yeah. You know what? The the reality is yes. I mean, to just, you know, put it short, it was, yes. It did accelerate a lot of work. And one thing that I observed while I was, you know, working within the federal government was that there was a lot of there's there's a lot of work that's been taking place over the, you know, again, the last decade to try to enhance and innovate and transform the the government digital experience. Right? When when the pandemic hit, it no longer became a thing about prioritization. And, you know, because the prioritization was that folks like, it was a it was a health issue. Right? It was a safety issue. You could no longer expect that people would have would be able to come in person. And then as such, we had to evolve the model, the way of thinking about how to engage with, the the broader public, rapidly and then somewhat overnight. Right? And that they gave way to a rise in a number of, solutions and deployments, etcetera, that, you know, had had the potential to, you know, transform the way in which business was conducted for for government. And there's still many lessons that are being learned in terms of what was what was deployed rapidly. Right? And some of these solutions were not meant to scale. They weren't designed really for the for to to be used long term. And then so there's there's an opportunity that a number of states and, even, you know, federal agencies have today to to rethink the art of the possible and and try to set themselves up for kind of that longer term, implementation or journey.
Speaker 0
11:31 – 11:40
I I think something I'm hearing there is, there's that old adage, you know, like, never waste a good crisis. I'm sensing that maybe there's, like, an element of that, going on in the answer there.
Speaker 1
11:40 – 12:57
Absolutely. Absolutely. And, you know, it it was the the moment that kinda spurred action across a number of folks. Right? Everyone was kinda dead set on what we could be done what could be done, to kinda knock down those roadblocks and barriers. And I remember talking with a number of CIOs, back when I was in in government, and, you know, they they they basically said that they they kinda got car blanche and the ability to go do the thing that they had wanted to do for the last five years or so, by their front office. The resources, you know, were were given to them in order to execute. And so it definitely was a powerful moment. And and then, you know, one that they they ultimately recognize that they have to, you know, continue to evaluate kind of the the future impacts of that. Right? Because today, we're we we still haven't necessarily landed on as a society how we are going to operate, going, you know, going forward. Right? There's still many debates about whether or not the remote world in which we live in is kind of the the new norm, if it is going to be more of a hybrid, whether or not we're all gonna have the pendulum swing back the other way. Right? A lot of those things are still up for debate. But, for the moment, we at least made a lot of progress within the, public sector ecosystem in order to to transform, remove a lot of those legacy barriers that we're holding, agencies and organizations back.
Speaker 0
12:58 – 13:15
With this flurry activity of going on, whether we're talking about things at the state level, programs at the federal level, there is the possibility that we end up with, kind of a bunch of disparate systems that, may have wildly different standards. Like, what's your take on that possibility and the, like, level of risk it it represents?
Speaker 1
13:17 – 15:51
Well, you know, it's something that was told to me a while ago. If you've seen one state, you've seen one state. And so I think that really goes to the the premise that there isn't really a one size fits all approach when you're looking at how many states have implemented, their solutions. And and that's really because they're all different. Right? Their their populations, although, you know, may the population demographics may be similar, the way in which they approach problems, the way in which they have programs set up, they they do differ, broadly. Some of the risks associated with, you know, know, what happens when you're having multiple solutions being implemented and there's not necessarily a one, you know, concise approach or standard that's followed is that, you you will have a risk of interoperability. Right? Especially if you look at the link between federal and state programs such that that, you know, you may not be able to exchange data and information at the same time. You know, one thing, you know, one one particular use case or an example that I, you know, can go back to is is a death master file that is used by Social Security Administration and basically highlights, you know, when someone when someone has passed away so that they know that their Social Security number should relatively not be used anymore. In a number of instances, depending on how the state a state has implemented that solution, right, it may, connect and transact with the Social Security Department, Social Security Administration in a in a helpful way, or it may, be delayed significantly. Right? There's also been instances where because of, you know, the way data has been submitted, there is an incorrect submission. Folks have had their Social Security numbers effectively deactivated, and they had to go through this long, arduous process in order to, you know, restore what was what previously there. And I think that, you know, ultimately, without that standard or without a, you know, similar approach, the guiding principles, if you will, that folks can, operate under, you're you're likely to see, again, differences in implementation. It doesn't have to be that way, but it's more of making sure that everyone understands kind of or is coming from the same perspective of how of how you can approach it. Right? In some cases, a lot there's a lot of, learning that's just needed broadly, across the the whole industry in particular, across the community US about, like, what is available out there, what could we do to potentially, you know, do things in a similar fashion. And it's this is no different for us than it is many other countries. Many other countries go through this exact same thing. And at some point, there's that light bulb moment where everyone comes behind. They rally towards that that that central premise of, like, how they can do this better.
Speaker 0
15:52 – 16:14
Something that I think is impacted similarly to the interoperability, point you brought up is, the idea of, like, securing these these these, like, digital identity systems and, like, how they're implemented. Do you think, like I I guess as we go, that kinda state and federal policy frameworks are are ready to, like, to provide that guidance for these programs as they get spun up from that, like, cyber security perspective?
Speaker 1
16:15 – 18:02
Yeah. So, I mean, there's so today, there's existing guidelines. Right? The National Institute of Standards and Technology, I mean, puts out, or has put out a kind of a digital identity guideline, if you will, that talks about how identities should be constructed and the process associated with that. To take that a step further, I know that there's been multiple, attempts by Congress to introduce legislation, by representative, Bill Foster in particular. I think he recently introduced what was the Improving Digital Identity Act of 2021, where, you know, among other things, it would create a framework for digital identity similar to what we've seen with the cybersecurity framework, the privacy framework, or even the the current, AI framework that would be being debated. And this becomes what is potentially a powerful tool because it could set, if you will, a common way in which everyone could approach, digital identity. I've seen, you know, countries such as Australia take this type of approach, where, you know, they they find ways in in how you establish an identity, how it transacts, how what is the difference between an identity that is established, through a financial institution versus one that's established by the government? What roles, do everyone does everyone have to play within that broader ecosystem? And so I think there's, you know, potentially a benefit that may come from that, but, you know, I definitely think there's a lot of work that has to be done, in order to to better shape, and make sure that we're really focusing on outcomes associated with, these systems or these frameworks as as they pull together. Right? Ensuring that, really, these are done in a way that is, you know, privacy preserving, ways in which, we're continuing to let, you know, users be at the the forefront of choice, related to that. And and then, ultimately, they they get to determine, you know, how their identity and where their identity is used, ultimately.
Speaker 0
18:03 – 18:19
Something I'm I'm hearing here at the end of the answer is you're, I think, kinda getting into some of that, like, privacy elements, like, kinda owning how your identity is is used, which, I guess, in a way, kinda goes to that, like, idea of, like, controlling data about you. Yeah. Could could you talk a bit more about that?
Speaker 1
18:20 – 20:28
Yeah. Absolutely. So, I mean, for for for me in particular, you know, when when we look at identity, where where I see trends or where I see kind of the environment going, right, at at least for The US. Right? Many other countries have done this differently. There's, you know, those who have the the EID or, cards or credentials that have been issued to many of their their, constituents. Estonia is the famous example, even though I think they're probably roughly the size of Rhode Island, in terms of, you know, user population. But, you know, many have approached this different ways. I think for The US, we're likely going to see kind of that premise of wrong choice and that I, you know, I'm able to originate my identity. There's probably a way, a process of some sort that I would go through, one that may be backed by the government, and one maybe that may be, you know, facilitated using private industry, where I can more or less do everything I need to do to claim, prove, claim who I am. And then I can take that take that identity, take the associated credential, or what would be the the way in which I authenticate, if you will, and use that across multiple, services in particular. So you have a definitive, this is absolutely Jordan or this is absolute absolutely Ryan. I think that, you know, if we look trend wise, there's definitely more of a desire towards, moving that just based on some of the public policy debate. But I'll also tell you that, for every for every group on one side of it, there's also those on the other where they actually where there's more of a, hey. Let's try to centralize everything. Let's just have someone be the steward, the the manager of the account. And that that debate, that had is a tale as old as time. It just it continues, to to rage on within, the The US, at least. And so I think it's, you know, just something that, will will continue to evolve. But, you know, the the makings of it are there when you look at things like digital ID wallets, when you look at, the ways in which from at least a payment standpoint, like, we're all able to use our smartphones in order to, tap, in order to, you know, purchase things in particular. Like, a lot of that infrastructure is starting to be put in place. It's really the question of whether or not we put it together in a way, that really allows a user choice and preference, ultimately for their IDs.
Speaker 0
20:29 – 20:56
I think your point about kind of centralized versus decentralized as a conversation that really I guess it sounds like it kinda goes through the this entirety of the topic, whether it's about setting policy and frameworks, whether it's about, like, the technology itself. It's a it's a keen one, especially your point about, like, oh, it's like an argument we've been having for a long time. Like, it I think that's a definite statement. Like, you know, we've been having this argument since, like, back in the days of the Federalist Papers. Right? You know, it's it's like it's almost like a key part of our identity to have this argument.
Speaker 1
20:57 – 22:35
Yeah. Abs yeah. Yeah. It's it's kind of foundational, I think, to what it is to be American. Right, we we keep the debating kinda, you know, how how we wanna approach this topic in particular. And, again, I think it's a it's one of those debates that are absolutely necessary, and it it it makes us better, ultimately. I mean, I can tell you that when, you know, Real ID, I know, was being rolled out, there was definitely debates about is the is the government going too far related to what was being done there? And this was all reaction to a rally or response, if you want a reaction or response to, you know, 09:11 and what we saw with basically folks have fake driver's license and we're able to board everyone. Right? Like, that's that's the reality of it. So you had to have more scrutiny to it, today. And so it you know, there's debates about, you know, whether or not some things are beneficial or they're not. And, yeah, I think, ultimately, the public policy debate or the public debate and discourse that takes place on this issue in particular, I think, is an important one because it really helps make the ultimate product or what what comes out of it better, ultimately. And for those who are serving in government or serving in adjacent roles, right, like, the the the role that they have to play in helping to better shape and implement, really, the the outcomes or the outputs of this debate, you know, it can be transformational. Right? And, you know, as I noted earlier, right, my a lot of the work that I'm doing today is not about necessarily fixing everything today. Right? It's about setting a stronger foundation such that in the future, you know, the families and individuals, have more of a seamless experience or have more of a seamless way in which they can, you know, manage their identity going forward.
Speaker 0
22:35 – 22:53
Another aspect of this that, you and your organization have some focus on is this notion of trying to detect fraud, which is a topic that comes up fairly often in conversations that involve something with the delivery of government services. How significant, from your perspective is the challenge of trying to to go about that?
Speaker 1
22:53 – 26:00
Yeah. Absolutely. So, I mean, fraud in particular, it's, you know, it it's it's like running water almost. Right? It's gonna find the path of least resistance. And if you if you look at it from a cybersecurity standpoint previously or if you look at it from that's really what it is today. Right? You you have organized, criminal rings. You have nation states that are all attempting to, you know, pull the wool over, individual lives. Right? Trying to pretend that they are someone that they are not, and that's either to do things in terms of espionage or to do things in terms of, you know, intercepting funds and resources and money in order to basically, you know, facilitate their their enterprise activities. I can tell you that fraud today is is networked. Right? It is they are all collaborating, communicating using the best tools, in order to continue to, you know, devise, if you will, plans of attack or or different, you know, evolve their threat vectors that they're using. And and so when it comes to to government services, there there hasn't historically been a deep recognition, especially because we've been more, focused on the in person interaction and transaction that fraud was potentially an issue. There's been a number of things that the government has done, and I I don't make that abundantly clear. There's efforts on program integrity. There's over, efforts on payment integrity, whereby we're managing how many payments are made improperly, to individuals, and those could be for a litany of reasons. It could be that there was a fat finger on someone's form accidentally. It could be that someone was maliciously doing it in terms of, you know, what you would see from a fraud activity or, you know, someone was just straight up lying, which is a different type of fraud that we, you know, would just tell first, first party, fraud. But, you know, when we look at things like, third party in particular, you know, that there's there's a lot that has to evolve in government services if we want to be able to have some type of assurance that someone is who they are claiming to be when they're, behind a computer terminal or computer screen, in particular. Right? Like, there's, it is it is so easy, nowadays to pretend to be someone that you're not, especially if you don't have robust, fraud controls. And I think that, you know, it's definitely something where, you know, for me now, I I view identity and fraud as kinda interlinked in in particular and how they should be approached and how they should be solved. Ultimately, they're, you know, two sides of the same coin. And so it's important that, you know, as agencies continue to evaluate their strategies, those who are implementing technologies, you know, take a lens towards what digital services could be, that there's also a lens towards, okay, how does this necessarily go wrong? Because, you know, if you don't get this right, you're you're you're hurting more people than you're helping, ultimately. Right? And that and that, to me, is, you know, something, you know, any of us who work in public service or in in a public service adjacent role, should be striving to, you know, help prevent. Right? We wanna help the most people, that we can. And so, you know, it's important to ultimately get it right.
Speaker 0
26:01 – 26:33
I think folks don't often have a full appreciation for that. You mentioned, like, the kind of, like, the network threat, the kind of the more organized effort to find those those paths of least resistance you talked about to kinda basically take advantage of them of them in that way, even to the point of I think you mentioned, like, state threat actors even potentially being a thing. Like, someone just trying to deliver a government service has to think about. Is that something that's, like, a, like, increasingly, like, more recent spike of a threat, or is this something that's kind of always been there, just not necessarily top of mind for everybody?
Speaker 1
26:33 – 28:44
Yeah. I mean, it's so it it's always been there. It's it's always been there. It's been you know, traditionally, you've you've seen it play out a lot within financial services. You've you've seen it a lot when it comes to banks, when it comes to things like loans, fintechs in particular. Right? A lot of those things have taken place. It's been there within government benefits as well. The difference in kinda what we see today with the what what's happening with government is that, as we talked about earlier, we there was a rapid transformation that took place seemingly overnight, and there wasn't necessarily that benefit of having all those lessons learned implemented right out of the gate that many financial institutions have, you know, have learned over the years. Right? They like they financial institutions in particular have dedicated fraud teams that just evaluate this issue and work across the organization, you know, to to to try to refine their practices, their processes, and the tools that they're using. You know, government, while there were there's definitely pockets, where there are hardworking, civil servants that are doing what they can, on this on this issue, it hasn't been thought, I would say, as a macro or broad scale. And that's, you know, just it's just been the challenge of being, you know, primarily in person interaction, paper based, for for the longest period of time. And now that there is this this this drive towards transforming the way in which experience is delivered, whether, you know, using more digital channels, there's unintended consequences associated with that. Right? Like, there's the reality that fraud now is a thing that must be absolutely considered, wholeheartedly, especially when you're talking about fraud as it relates to digital channels and what happens when you transact online. And, you know, when it when it, when there aren't the right controls or mechanisms in place in order to evaluate that, you get what, you know, the headlines were, over the course of the pandemic. Right? Billions in fraud, millions in fraud go out to who knows, at the end of the day. Right? They're, you know, like, Nigerian fraud rings or other nations, to include China and Russia in particular. Right? Like, it it it all becomes more real and center stage for everyone. Right? Because it's not something they necessarily had to think about, whereas, you know, I know financial institutions at least have been, you know, struggling and working through this, for for a number of years.
Speaker 0
28:45 – 29:26
As you might be aware, there's something to the notion that adding friction in between, say, like, an individual person and a service they're trying to get to, makes it less likely that they'll successfully gain access to it. You kinda think at each gate, there's, like, a nonzero probability that I either, like, give up or just simply can't satisfy the conditions even if I should ultimately be entitled to that service, which can kinda lead to policymakers maybe, you know, unintentionally creating incentive systems that kinda create this, like, trap of actually making, like, say, a service worse, by accident or maybe on purpose. I guess it depends on, like, what they're trying to do with the policy. Are there effective ways in your view to address this sort of concern?
Speaker 1
29:27 – 37:33
Yeah. And and so, I mean, to to start off with, you know, is that whenever friction starts to get introduced into the conversation, and a lot of it sometimes gets talked about in terms of fraud, and there's kind of this belief in some cases that, you need friction in order to combat fraud. And, you know, one thing that, you know, Secure believes in, many of the the individuals I work with on a regular basis, we know it is that access to services does not have to come at the cost of fraud. Like, there's ways, to manage around this. There's made ways to manage around it that doesn't introduce undue friction, for participants in particular. A lot of this goes back to some systemic ways in which identity verification is managed. So, you know, to try to take more of a history lesson, I I would say there's, historically, you know, identity verification has evolved over time. You know? I I talked about how there was that in person kind of memory based, you know, who you are. You know? And older societies, it they used to use jewelry or tattoos or, you know, documents in order to help confirm who individuals were. When we look towards more of the modern era, we had kind of the introduction and the advent, if you will, of credit bureaus, and what was known as credit header data, which basically helped It was you know, they were put in place for the purpose of determining whether or not a consumer was good or whether or not they were likely to be a credit risk when you're providing loans or, you know, or or, you know, engaging them from a financial structure. But that soon became kind of the de facto way in which we we hinged, identity, for individuals when you when you couple that with things like trying to get identity documents in particular. And so today, what we see, when it relates to friction or those from the process that are rolled out, there's really, you know, a few a few different ways that are commonly used. Right? One is that credit data, that credit reliance, or header credit header reliance based approach, and where today, the Consumer Financial Protection Bureau put out a report a few years ago where, you know, they highlighted that it it it basically introduces bias into the the whole process of verifying who someone is. Why? Because over 45,000,000 individuals within The US. Right? And you look at 20% And up to 20% in particular are, credit invisible or what they call credit thin fall. And this basically means that they just don't have a lot of data associated with them and their transactions. It could be for a number of reasons. Right? One, they may not have engaged in the financial institution in construct the way that, it was aligned to originally. Another could be that they may be newer to country. One could be that they are just young and getting started. And, you know, when I when I was starting out my my life, my career, I don't think I got approved for any single loan or credit card, that that was out there. And a lot of that was due because, you know, I need a cosigner because they just didn't know who I am. But when you base your identity systems on that and your processes on that, you you're you're gonna have people that effectively get left out. Another approach that is used is what I would say is more of a document centric approach. And this is where you kinda take that over reliance on things like your driver's license or your passport or and you say that you must have one of these things, in order to engage, in society. Well, problem with that is that they're, I think, you know, again, upwards to 10 to 20% of, the population does not actually have a driver's license. Now they have some sort of identification documents, that that that may exist. But, you know, if it doesn't hit a certain standard, depending on the way an organization may set up something, they're effectively, you know, locking those people out. And then it makes it harder when you're even considered doing that online. And how do I show you my driver's license, which hasn't necessarily moved into a mobile realm or digital realm yet? I'd hold it up in front of a computer screen and try to tell you that I am who I claim to be. You can't tell if that's really a fake because a lot of our, security features implemented as part of it were meant to be, physical inspection based. Right? And and so it's it's harder really to tell the the rules from the the the fake in particular that way. You know, and another piece on documents is that there are a number of individuals who, because of life circumstances, lose their documents. Right? I'm fortunate, for me personally that I have, you know, like, my Social Security card or my birth certificate and things like that. People lose those things all the time. And that makes a challenge because not only are you unable to go get what would be your driver's license or passport based on the way that we've constructed some of the rules, for getting those documents, but you have a hard time going back and even getting those replacements issued. Right? It becomes a long, arduous process. And so, you know, introducing, you know, those types of approaches create friction also in the process. And then the third piece, would be taking more of what I, consider a knowledge based authentication or knowledge based verification, depending on how you wanna use it, approach. And that's really where they you you log in and they ask you to submit, three out of wallet questions or three questions, about your personal history, where you lived previously, whether or not you've had this type of car, or or something to that effect. Right? Again, a lot of it gets based on the information that's submitted, in your consumer report. But then in some cases, like, folks just don't remember everything. I think, you know, it was even back as back as far as 2012, I know Gartner put out a report that said, you know, 10, 10 to 15% of the time, folks fail KBB or KBA related questions because they just don't know what was going on. I know today, we've seen with Insecure upwards of 30%. We even had a conversation with an agency that said they've seen upwards of 80%. And and so, you know, that additional friction doesn't necessarily translate to a better outcome because in some cases, the data is out there. Right? If you Google enough of an individual or you search on things like the dark web, you can find a lot of things about a lot of people. You can construct fake IDs. You can do a lot of things, and that makes it easier for fraudsters who are highly networked, motivated towards doing these types of attacks at scale, and harder for the constituents or consumers at the end of the day to be able to to prove who they are. And so, you know, one way in which we've tried to approach this issue, at Secure is taking what really is a data science driven approach where we are not necessarily taking and evaluating on just one piece of information that might be coming. We're taking a broad, holistic view of an individual as they present themselves online and and try to triangulate whether or not they are who they claim to be and use that through advanced analytics, through machine learning, and, you know, a lot of work that's been put in in order to, you know, just take information that individuals submit, how it's constructed, where it's coming from, where they're where they may be sitting, just, you know, passively be able to help determine, if they are who they claim to to be. And that becomes a powerful tool because then what happens is you're not relying necessarily on one piece of information being right. You're not relying necessarily on having even in some cases all all the documents related. You're able to make what is more of a risk based decision about an individual and an entity ultimately, which, better positions you, if you will, for, being able to approve them and and reduce what they see, on their end. Right? And then the last thing I'll I'll say on this one is that, you know, at the end of the day, when it comes down to it is that when you introduce a ton of friction for individuals, you get up to was it 50% abandonment rates on the services, and you try to take the lens of that and how it relates to government. Right? But these folks are coming to the government in their times of need, when they need support, whether that's in trying to help sustain their business, whether it's trying to feed their fan for the night. Right? When they when they can't get through the process quickly and they gotta wait weeks to do it, they they go look elsewhere or they, you know, they would they they lose faith in government. Right? They they say that, you know, public trust or or experience with government is at an all time low. Well, in some cases, it's you know, we have to make our digital services more accessible and easier for people to use. So that way, they're not abandoned. They're not feeling frustrated, and they're really able to get what they need ultimately, the things that they're entitled to, that being, American taxpayers and US citizen.
Speaker 0
37:34 – 37:57
I I think it's a keen observation you made there about kinda how this relates into, like, that trusting government, which something we read about all the time. It's, you know, it's going down. It's people who have less faith in institutions. And, yeah, it's a key point because, like, maybe, like, for a lot of people, that one interaction they have with the government is that one time they needed something from it, and they're supposed to get it, but, you know, that support wasn't there.
Speaker 1
37:58 – 39:01
Yeah. No. And, you know, I I have a I have a litany of stories within my family, but I can tell you that even very recently, right, my, my sister-in-law had to, fly back to The US in order to file taxes. She lives overseas. But because she couldn't access the the system online, she had to to fly back to The US, book a plane ticket, come back, in person in order to file a paper form, in order to access services. Now, she was able to do that, and that that's like that's kind of like an extreme worst case of, like, what happens when we get this wrong. Right? And and and it's this is why I said it becomes more paramount that, like, we we really have to think about these things because otherwise, she could have opted not to pay her taxes. But that would have impacted, you know, her family and her son who is, you know, going to college here in The US. Right? Like, there there's there there's a number of things that that would have taken place there. So, again, it becomes very important that we kinda take that broader perspective of, like, what happens, right, when we're we're not, getting this right.
Speaker 0
39:02 – 39:11
And having to hop on a plane, show up with a paper form. I mean, talk about, like, an expensive and arduous filing. That that might be the worst one I've heard so far.
Speaker 1
39:13 – 39:57
Unfortunately, I have tons of those anecdotes, and my family may get me later, but it it's one of those where, like, you know, the the more I hear about it, the more I see, the more I work in this space. You know, my you know, one thing that we desire to do here, at Secur is really partner and serve as a partner. The the agencies really transform the way the ways in which they're approaching it. And, a number of us are public servants or former public servants, right, in in the way in which we approach it. And it's really taking that, how do we best make use of the tools that are available today to better serve the mission of those agencies. Right? They gotta get benefits out. They gotta do what they gotta do for, the constituents in which they serve, and that just becomes paramount so that you don't have those negative experiences, those those edge use cases where, you know, folks are just completely impacted and they're they're available.
Speaker 0
39:58 – 40:48
In your original answer, you you talked a bit about, you know, using, data science methodologies to kinda look at to try to establish, like, the holistic picture of a person based on, like, what's available. Often, in I guess in recent times, we've heard a lot about, like, those techniques being used to try to, like, automate some decision making processes, which I think there is often a tendency to go, oh, well, a computer made this choice. Therefore, it's completely free of bias. When it's like, well, you know, there's a human being that has to, like, come up with this model, that has to, like, ultimately write the code and, like, whatever, you know, internal biases they have can be ex just expressed and made faster, through that process. I I I could could you talk a bit about, like, how one might maybe go about, like, trying to reduce that risk while still trying to be able to kinda get that benefit, the benefits you're talking about.
Speaker 1
40:48 – 46:02
Yeah. Absolutely. So, you know, I to to your point, right, technology, depending on how it is implemented, absolutely can can be biased. I think that, you know, ultimately, when it comes to understanding when you when you're looking at, data science practices or artificial intelligence machine learning that, you know generally, what you would expect to see or want to see is that you have an organization that is abiding by what I'm going to say or model development or model governance practices where they are evaluating really the inputs, that they use when building models or helping to train, the the algorithms that they're using. They're they're evaluating the how it's being processed, and they're evaluating the outcomes and outputs associated with it. Right? To help make a determination about whether or not it is making the impact that they desire to see or whether or not there's something that isn't, that isn't working well, for them. I I can tell you that when it comes to, you know, human decisioning in particular, there's certain things that, just in the way we've designed systems today that we've we've we've made, or we've constructed in flawed manner that makes the area of identity so much harder. So for an example, you know, I talked about how data is used in order to verify who someone is and, you know, all the breadcrumbs associated with who they are online. Well, that may be stored in a number of different ways within a number of different data sources. And so there is no one size fits all. There is no one standard. And what could happen is that as you try to connect things, as you try to do broader data sharing, particularly, you you have what is conflict. You have inaccuracies. You have things that are missing. You have some difficulty for computers being able to to search just because of the way we've constructed it, ultimately. Right? And so in some cases, you know, algorithms can be employed to help with improved accuracy to help improve accuracy as it relates to, you know, creating matches. Right? Searching through data and doing data querying. How do you, what do you do if someone accidentally you know, sometimes you get those forms where they ask you to put your, your last name first and your first name last. And me, personally, I mess that up all the time, and I go back with the, you know, white out or something like that if I'm doing it on paper and try to correct that. But sometimes people get through the process and they just submit that. Well, that's inputted in a database, and then they can come back in the future and they would think that my name is Burris Jordan and not Jordan Burris. And so, you know, there's a lot of issues with that. I think, you know, ultimately, when it comes down to it is that when when you're looking at kind of the bias that may be introduced within the systems, there there's absolutely always some bias that is going to exist. It's really about how you are managing the risk associated with that, how strong are your governance practices, around that, and then making sure that you become slightly obsessive in removing and mitigating that bias as it is presented or as you identify it in particular. I know one thing that we try to do, here is, you know, we we one of our values as a company are used to be, like, customer obsessed or be, like, obsessed on the the issue overall. And, like, we obsess on things just as simple as, like, a name. Right? How names are constructed. Depending on how you deploy algorithms in particular for searching against a name, you could have a positive bias towards Anglo Saxon names and a negative bias towards, Asian names with their, you know, three characters or less. And so, like, we we take that broad view and we say, okay. Based on what we're seeing, based on the outcomes, the outputs associated with it, what could we do to basically better design our model, better design our algorithm so we're able to increase coverage, our ability to search across these broad demographics. And then how do we normalize that so that everyone is getting kind of that common experience and they're not having folks that are in the room left out? But it takes a focus in being able to really hard charge towards that that problem, understand what it is, call it out, and then, you know, what you can to improve your models ultimately. Right? So, you know, I think that, you know, as these things get introduced, what what what happens far too often is that there's kind of this belief that there can be no bias or that it should be no bias. I think if anything, to more approach this as a, learning opportunity. And that there's there has to be intent, focus, and dedication to fixing it and resolving whatever you identify. Right? That's the only way in which these things get better and systems improve over time. If I look at the way in which some early algorithms were deployed and, the way in which they've evolved now, it became it was because of this constant evaluation in particular. And I can tell you that there was even an executive order that was put out, towards, the earlier part of, 2021, that talked about kind of the principles for the usage of AI within government. A lot of it was around how are you approaching, you know, transparent practices? How are you managing towards outcomes? How are you evaluating it? Right? Because and, ultimately, you know, these are all tools that we use to help us with our decision making. And, you know, to my point about how those who would do us harm, malicious users, fraudsters, their network, they're using the latest and greatest tools. They're using these things to cause problems. Right? We need to be using these types of things in order, to to fight back against them. But it's it's more about, again, like, how do you structure, your models in a way or your process in a way that you learn from, you know, what isn't working and make sure that you get it right.
Speaker 0
46:03 – 46:37
Something I'm I'm hearing in there, and I I imagine that's something you play a role with as a leader in an organization is, like, you mentioned that, like, idea of, like, being, like, customer obsessed, those sorts of terms. And what I usually hear when folks, like, talk about that sort of thing is that, hey. Like, we wanna have some sort of, like, organizational effort to either you could say it's like, oh, set up incentive systems so that it's, like, easy to do the right thing. Or maybe, like, the bit more business type folks as opposed to the public policy that folks might call, like, culture. Right? I guess, can you talk a bit about, like, how do you go about making it easy as, like, for folks in the organization to, like, push for the improvements that you're talking about?
Speaker 1
46:37 – 48:09
Yeah. I mean, fortunately, for the for the culture that's been set up here, right, we all rally around our our mission. Right? That is verifying a 100% of identities in real time and completely eliminate identity fraud. So our incentive is to do that. And we know that if we do that, we it'll be transformational for everyone. Right? So as a company, like, that that is core and central to everything that we do. So from our incentive structure, it's like almost, in some cases, a challenge of, like, hey. We've come across this issue. We've come across this group that isn't basically getting what we think is the best. We have this group that isn't able to approve a number of folks for applications, and they're sending them to long, arduous manual reviews and these terrible processes. Right? It becomes this thing of, like, kind of a battle cry for us all. Like, we we kinda wanna lead the way. We wanna show, what could be done, what is in the are are possible. And it and the for us, it's exciting. Right? It's exciting. It's it's it's the ability to to really set a a better foundation ultimately for the way in which these things are, practiced. And, you know, today, we're used widely across, you know, financial services over, thousand customers today. We even, are supporting a number of state governments, in particular today with, you know, conversations ongoing from a federal standpoint. But it but we'd say that but to that point, like, a lot of it comes with the opportunity for us to say that, you know, we we recognize where you are. We recognize, the journey that that you've been on, the the arc that you've been on. There's ways in which we can, you know, continue to improve and do better, and and we're really here to help part part with you, as you go through that journey.
Speaker 0
48:09 – 48:26
Well, Jordan, thank you so much for coming on Civic Tech Chat to, have this conversation about digital identity, services delivery, and those spaces where these things interact with each other. I have no doubt that, folks in the audience will have learned some interesting nuggets to kinda take into their thoughts as they go through the rest of their day.
Speaker 1
48:27 – 48:30
Ryan, thank you so much for having me today. It's been a pleasure.
Speaker 0
48:31 – 48:43
You can follow us on Twitter using the handle at civic tech chat. Visit us on the web at civictech.chat, or subscribe to us for content updates wherever ever it is you download your podcasts.