US National Institute of Standards and Technology (NIST) has released a new draft of its Digital Identity Guidelines, introducing updates for government contractors in cybersecurity, identity verification, and AI use. The guidelines propose expanded identity proofing methods, including remote and onsite verification options. These enhancements aim to improve the reliability of identity systems used by government contractors to access federally controlled facilities and information. By providing different assurance levels for identity verification, NIST ensures that contractors can implement secure and appropriate measures based on the context and location of the verification process.
A significant focus of the guidelines is on continuous evaluation and monitoring. Organisations are now required to implement ongoing programs that track the performance of identity management systems and evaluate their effectiveness against emerging threats. The guidelines also emphasise the importance of proactive fraud detection. Contractors and credential service providers (CSPs) must continuously assess and update their fraud detection methods to align with the evolving threat landscape.
One of the notable updates in the guidelines is the introduction of syncable authenticators and digital wallets. This allows contractors to manage their digital credentials more efficiently by storing them securely in digital wallets. These wallets provide flexibility in how contractors present their identity attributes when accessing different federal systems.
The guidelines also introduce a risk-based approach to authentication, where authentication levels are tailored to the sensitivity of the system or information being accessed. That gives government agencies the flexibility to assign different authentication methods depending on the security needs of the transaction. For example, accessing highly sensitive systems would require stronger multi-factor authentication (MFA) measures, including biometrics, while less critical systems may have less stringent requirements.
Why does this matter?
The use of AI and ML in identity systems is another key aspect of the Draft Guidelines. NIST emphasises transparency and accountability in integrating AI and ML into these systems. Organisations must document how AI is used, disclose the datasets for training models, and ensure that AI systems are evaluated for risks like bias and inequitable outcomes. The guidelines address the concern that AI technologies could exacerbate existing inequities or produce biassed results in identity verification processes. Organisations are encouraged to adopt NIST’s AI Risk Management Framework to mitigate these risks and consult its guidance on managing bias in AI.
Lastly, the guidelines highlight the importance of privacy, equity, and usability in digital identity systems. Ensuring broad participation and access to digital services, especially for individuals with disabilities, is a core requirement. NIST stresses that digital identity systems must be designed to be inclusive and accessible to all contractors, addressing any potential usability challenges while maintaining security.
An unusual pair of news anchors in Venezuela has emerged—El Pana and La Chama. These AI-generated figures, designed to look and sound realistic, are the creation of Connectas, a Colombia-based organisation. The ‘Operation Retweet’ initiative aims to disseminate news from several independent Venezuelan media outlets while protecting journalists from government repression. The project’s director, Carlos Huertas, explained that using AI allows them to bypass the escalating risks real reporters face in the country.
Why does it matter?
The Venezuelan government has been cracking down on journalists, protesters, and opposition figures amid a disputed election, with at least ten journalists arrested since mid-June, eight of whom remain imprisoned on severe charges. The crackdown is part of a broader effort to stifle dissent in response to the ongoing election dispute between President Nicolas Maduro and opposition candidate Edmundo Gonzalez. While Maduro, who has been in power since 2013, claims victory with the backing of the Supreme Court and electoral authority, the opposition argues that their candidate won by a large margin.
Protests over the election have resulted in 27 deaths and over 2,400 arrests. The situation has drawn international concern, with many questioning the election’s fairness and calling for the release of full vote tallies. Despite the government’s efforts to suppress dissent, the AI news anchors symbolise creative resistance, delivering news without putting human reporters at further risk.
Brazil is advancing its public digital infrastructure ahead of the G20 Summit scheduled for 18 and 19 November in Rio de Janeiro. The government aims to provide better access to digital services, economic growth, and greater social inclusion.
The Gov.br platform is central to this transformation, a unified digital identity system facilitating seamless access to various government services. This platform consolidates the identification systems of Brazil’s 27 states, ensuring greater interoperability and streamlining other identification processes.
Developed to unify Brazil’s 27 state ID systems, it has achieved impressive registration rates—over 90% for adults and 98% for children under five. The platform also supports financial inclusion through initiatives like Caixa Tem, a digital wallet linked to the Cadastro de Pessoas Físicas (CPF), Brazil’s national ID. The CPF and Caixa Tem have already improved social benefits distribution and banking services for the unbanked, exemplifying Brazil’s efforts to promote financial inclusion.
Why does it matter?
Brazil’s digital advancements are also positioned to influence the Global South, setting an example for other developing nations. As Brazil prepares to host the G20 summit in 2024, it has prioritised digital public infrastructure, advocating for a global approach to digital governance and data management.
California’s efforts to regulate the use of digital replicas of performers took a significant step forward with the passage of AB 1836 in the state Senate. The new bill mandates that studios obtain explicit consent from the estates of deceased performers before creating digital replicas for use in films, TV shows, video games, and other media. The move comes just days after the California legislature passed AB 2602, which enforces similar consent requirements for living actors.
SAG-AFTRA Statement on Today's Passing of CA Assembly Bill 1836: "For those who would use the digital replicas of deceased performers in films, TV shows, videogames, audiobooks, sound recordings and more, without first getting the consent of those performers’ estates, … 1/3
SAG-AFTRA, the union representing film and television performers, has strongly advocated for these measures, emphasising the importance of protecting performers’ rights in the digital age. In a statement released after the Senate’s approval of AB 1836, the union described the bill as a ‘legislative priority’ and urged Governor Gavin Newsom to sign it into law. The union’s stance highlights the growing concern over the unauthorised use of digital replicas, particularly as technology makes it increasingly easy to recreate performers’ likenesses long after they have passed away, keeping the audience concerned and aware of the issue.
If signed into law, AB 1836 would ensure that the estates of deceased performers have control over how their likenesses are used, potentially setting a precedent for other states to follow. However, the bill also raises practical challenges, such as determining who has the authority to grant consent on behalf of the deceased, which could complicate its implementation. The bill reflects a broader push within the entertainment industry to establish clear legal protections against exploiting living and deceased performers in the rapidly evolving digital landscape.
Alongside the AI bill, the passing of bill AB 1836 underscores California’s role as a leader in entertainment industry legislation, particularly in areas where technology intersects with performers’ rights. As the debate over digital replicas continues, the potential impact of AB 1836 on the industry could have far-reaching implications, keeping the audience engaged and interested in the future of entertainment law.
Google Wallet now supports digital driver’s licenses for Android users in California, marking a significant expansion of the state’s ‘mobile driver’s license’ program. The pilot, which includes 1.5 million Californians, previously limited digital IDs to the state’s ‘CA DMV Wallet’ app.
Governor Gavin Newsom highlighted the program’s convenience, emphasising how easy it has become to keep a digital driver’s license in California. Adding Google Wallet provides residents with another option for storing their digital identification.
Soon, Apple Wallet will also allow digital IDs in California, further broadening access. Despite these advancements, residents participating in the pilot must still carry their physical IDs, as digital versions are only accepted at select retail locations and TSA airports.
The US Department of Commerce’s National Institute of Standards and Technology (NIST) has updated its draft guidelines on digital identity, aiming to enhance security and accessibility when accessing government services. The revisions, reflecting feedback received throughout 2023, emphasise the importance of modern digital methods, such as digital credentials on smartphones and traditional identity verification.
Jason Miller, deputy director for management at the Office of Management and Budget, highlighted that the updated guidelines are part of the Biden-Harris administration’s efforts to strengthen anti-fraud measures while ensuring equitable access to services. NIST Director Laurie E. Locascio added that the guidelines aim to manage risks and prevent fraud, making digital services accessible.
One key update area involves expanding guidance on emerging technologies like passkeys and digital wallets, which allow for more secure online transactions and identity verification. NIST also included provisions for those who prefer or need to use traditional identification methods, ensuring that services remain accessible to everyone.
NIST is seeking public comments on these updated guidelines until 7 October 2024, with a webinar scheduled for 28 August to discuss the changes further. These guidelines, once finalised, are expected to equip federal agencies better to counter evolving threats while providing critical services to the public.
Last year, the devaluation of the Naira resulted in a foreign exchange gain of 8.6 billion Naira (about USD 5.4 million), according to a World Bank audit of Nigeria’s Digital Identification for Development (ID4D) project.
This financial boost is expected to help the digital identity authority fund upgrades to the national ID system. The ID4D project, which primarily deals in US dollars and euros, benefited from the higher exchange rates when converting foreign funds back into Naira. In 2023, the Central Bank of Nigeria, through accounts managed by the National Identity Management Commission (NIMC), received $2.538 million and €3.03 million for the project. As the Naira continues to decline against major currencies, the ID4D project will likely gain further, allowing it to advance planned initiatives. These include investments in backup power systems, the establishment of a Computer Emergency Response Team (CERT) and Security Operations Center (SOC), data recovery center upgrades, and new software for a contact center and customer relationship management (CRM).
The ID4D project, funded by the World Bank, the French Development Agency, and the European Investment Bank, aims to issue 148 million digital IDs by June 2024. With over 109 million IDs already issued and additional funds available, the project is progressing well, with a potential to enhance birth registration rates, currently at 30 percent.
India’s central bank proposed new guidelines on Wednesday to allow a broader range of authentication methods for digital transactions. The Reserve Bank of India (RBI) aims to enhance security by incorporating alternatives like fingerprints, passwords, and personal identification numbers (PINs) as additional factors of authentication.
Currently, text-based one-time passwords are the primary method used for authorising digital payments in India. The RBI’s draft circular suggests introducing other options such as passphrases, card hardware, or software tokens to verify users’ identities. This move is part of a broader effort to reduce fraud and cybercrime.
The proposal aligns with India’s broader technological initiatives, including the allocation of $1.24 billion for AI infrastructure and the introduction of biometric passports. Additionally, India has mandated USB-C ports for smartphones and tablets to curb e-waste, reflecting the country’s commitment to digital and tech security, as well as environmental sustainability.
California’s Department of Motor Vehicles (DMV) has digitized 42 million car titles using blockchain technology to prevent fraud and streamline the title transfer process. In collaboration with tech company Oxhead Alpha on Ava Labs’ Avalanche blockchain, the DMV will enable California’s 39 million residents to claim their vehicle titles through a mobile app, the first initiative of its kind in the US.
John Wu, president of Ava Labs, explained that the blockchain will create a transparent and unalterable record of property ownership, reducing the need for in-person DMV visits and acting as a deterrent against lien fraud. California residents can expect to access their digital car titles early next year as the DMV develops the necessary app and infrastructure.
In addition to this project, Deloitte has partnered with Ava Labs to create a disaster recovery platform for the US government, streamlining disaster reimbursement applications to the Federal Emergency Management Agency. The shift towards digitization, as seen with Michigan’s pension fund investing $6.6 million in a Bitcoin ETF, and Trump promoting US crypto leadership, indicates a growing interest in the benefits of blockchain technology across various sectors.
The integration of blockchain extends to autonomous vehicles as well, which have been making payments through this technology since 2019. With these advancements, more government sectors are likely to explore blockchain’s potential, reflecting a broader trend towards digital transformation.
Meta Platforms has agreed to a $1.4 billion settlement with Texas over allegations of illegally using facial-recognition technology to collect biometric data without consent. The case marks the largest settlement of its kind by any state. The lawsuit, initiated in 2022, accused Facebook of capturing biometric data from photos and videos uploaded by users through a ‘Tag Suggestions’ feature, which has since been discontinued.
Meta expressed satisfaction with the resolution and hinted at future business investments in Texas, including developing data centres. Despite the settlement, the company continues to deny any wrongdoing. Texas Attorney General Ken Paxton emphasised the state’s dedication to holding the big tech companies accountable for privacy violations.
Why does it matter?
The settlement was reached in May, just before a state court trial began. Previously, Meta paid $650 million to settle a similar biometric privacy class action under Illinois law. Meanwhile, Google also faces a lawsuit in Texas for allegedly violating the state’s biometric privacy law.
