By Craig Guthrie, deputy editorOriginally launched to verify the identities of US Army veterans so they could tap into a range of discounts uniquely available to them, digital identity startup ID.me is set to play a wider and more visible role from this year due to its participation in the US government's new flagship identity project.Starting in mid-2015, ID.me will provide a single login for citizens that will be accepted across government websites through connect.gov, a new identity portal that aims to create a secure, convenient connection between citizens and government services using digital credentials.The company's concept revolves around ID.me, a secure "digital wallet" that works with virtual ID cards so users can prove their identities online.As part of our increasing coverage of the intersection between government and digital identity, Security Document World caught up with CEO Blake Hall to discuss future trends and recent achievements.CG: Can you relate your vision of the future of digital identities?BH: Our fundamental thesis at ID.me is that digital identity will eventually function similarly to physical identity. In the real world, you have two or three credentials, controlled by you, the user, and not by the issuing organization, such as a drivers license, a passport, or a government identity card that you can take wherever you please and produce to whomever you like in order to rapidly establish your identity.The reason you are able to do that is because the issuers of those ID cards are widely trusted. Trust leads to portability. And that's important because the portability of an ID card fundamentally determines its value – your MasterCard based debit card wouldn't be that useful if it was only accepted at a couple of merchants.In the digital world, however, your most trusted credentials, like your financial institution login, aren't portable, and your most portable credentials, like Facebook Connect and Google, aren't trusted for risky transactions like moving money or accessing government benefits information specific to you. Additionally, most governments haven't created digital versions of the trusted credentials they issue offline. Not surprisingly, the result is a very broken digital identity ecosystem vulnerable to ongoing theft of PII, cyberattacks, and fraud schemes at scale.We envision ID.me as a standards based broker, similar to Visa, that allows for trusted credentials to be portable and for portable, untrusted credentials to be strengthened in a dynamic, re-usable way when the end user is attempting to complete a high risk transaction for the first time.It's crazy to us that the average user has to remember, and manage, twenty six different accounts online. If we accomplish our goal of building a global network, then users will be able to select the identity provider they trust the most as well as the authentication modality they prefer the most whether that be Google Authenticator, Apple Watch, biometrics, etc. so long as the combination of authentication modalities, strength of the underlying identity proofing, and attribute verification meets the confidence thresholds of the relying party.Our Identity and Access Management platform is perhaps the only platform in the world currently capable of performing those functions.CG: Do you think that governments will increasingly face identity challenges? How will it work in practice for accessing services?BH: In this case, I don't have to speculate with my own opinion because, objectively, governments are facing huge identity challenges that are only increasing in severity and the frequency of attack. Identity theft is the number one complaint of American citizens according to FTC data. In 2013, the FTC received about 60,000 identity theft related complaints. In 2014, that number rose to 160,000, a 167% increase YOY. With the recent massive data breaches at Anthem, Target, Home Depot, Experian, Lexis, OPM, and almost certainly more breaches that have yet to be detected, the current online identity ecosystem that depends on personally identifiable information to establish a new account is wide open to fraud because the bad guys can look up your information more rapidly and more accurately that most users recall it (Knowledge based authentication only has about a 70% success rate for legitimate users according to Gartner).Unless one believes that digital services will begin to form a relatively smaller share of citizen interactions with government, which I don't think will happen barring a nuclear war, then a new paradigm for account origination is required. To my mind, the only way to fix the problem is to kill KBA and identity proofing processes based on databases known to be breached by organized crime. Digital identity schemes must begin to leverage trusted credentials with strong, two-factor authentication that have a history of trust and legitimate behaviour over a substantial period of time with the claimed identity.CG: Can you briefly cover the importance of encryption in digital id schemes?BH: Encryption is a vitally important component of any digital identity scheme. It's not a panacea but it certainly helps mitigate risk. At the end of the day, resiliency and redundancy against attacks increases the cost curve to the bad guys. And any time you increase the bad guys cost curves, then fraud goes down.CG: The IRS has recently launched its own ID scheme, is this a blow to the future of government agencies sharing federated id functionality?BH: I don't believe that an ID scheme created in a silo is the answer, and it certainly moves the digital ecosystem farther away from where we think it should go. With that said, I think the IRS may simply be attempting to plug leaking holes in the ship as it were while contemplating new solutions like ID.me and Connect.Gov. If the IRS' plan is a short-term one, then it's not necessarily a blow to Connect.Gov although I could certainly understand the perception that it might be damaging.Ultimately, the fragmentation of digital identity – an organization dominated view of the world as opposed to a user centric view of the world like we have offline — is precisely what has led to the rise of attacks in the first place. A network, like PayPal for example, that issues user centric, portable credentials for payments is far more effective at detecting fraud across network nodes because it can develop a far more robust association of trust between the user, the claimed identity, and the credential across multiple transactions and multiple organizations. The challenge is to perform these security functions without impairing user privacy but that is a necessary problem to tackle because a network approach is the only way to get digital identity to look like identity in the physical world.CG: What are the downsides of identity proofing being managed in silos? What has hampered previous efforts to create a Single Sign-On environment within the federal government?BH: The downside of identity proofing in a silo is increased friction to the user, increased friction to the organization, increased cost to the organization, and increased vulnerability to attack. Envision walking into a physical bank branch to open an account and the teller tells you, "We're sorry. We don't accept drivers' licenses here. We're going to ask you a few questions to establish your identity." Then 30% of legitimate customers are turned away when they can't recall the answers to those questions, if they didn't already leave once they saw how painful the process would be from the get-go. It's crazy when you think of it that way but that's exactly what is happening online. We haven't digitized government IDs and, instead of partnering to fix that problem, most organizations have decided they are their own special snowflake when it comes to digital identity standards – even though they consume common, interoperable, standards based ID cards in the physical world.As far as government goes with respect to a Single Sign On, I think the problem has been a lack of legislation to force government agencies to accept credentials from third parties. Without that mandate, the entrenched bureaucracies and vendors, especially the vendors and their lobby money, create really powerful obstacles to change. It's a shame that little Estonia is running circles around the United States of America, the world's only superpower, when it comes to digital identity. The Estonian model is the ideal model of how government should function in a digital era – hats off to them.At ID.me, we're passionate about getting America back into a leading role on these issues. It's a national security issue and it's a quality of life issue for every American. Americans should be proud of their government, and they should be confident, secure, and safe when interacting with it online.
Recent Articles
- Digital ID wallets: How banks are leading the next frontier in secure, AI-driven financial services
- Security printing and identity community to tackle rising document fraud threats
- Identity and payments converge at the 2026 Identity & Payments Summit
- C-Suite leaders take the stage at Identity Week Europe 2026
- Europe’s new biometric border system to enhance entry controls from April 2026
Recent Video
- Will asylum seekers adopt government Digital ID? Netherlands demonstrate a real-world pilot
- Filippo Chiricozzi on Web3, digital ID and the future of finance
- Stephen Chapman praises UK passport system, calls for international standards to support national systems
- Michelle Wilson on building Blue Cavalry Solutions and advancing interoperable digital ID
- “We are looking at how to make biometrics quicker”: Hannes Lember discusses Estonia’s contactless biometric pilot and border innovation
