Advertisement

Federal response needed to fight AI-fueled digital identity fraud, panel says

Fraud and cybersecurity experts told House lawmakers that AI is exacerbating the problem. Improvements are needed to protect Login-dot-gov.
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
(JOSEP LAGO/AFP via Getty Images)

Outdated privacy laws, the rise of artificial intelligence and a lack of communication between federal agencies is putting Americans’ online identity at risk, lawmakers and witnesses said during a congressional hearing Wednesday.

A panel of fraud and cybersecurity experts appearing before the House Oversight and Government Reform Subcommittee on Government Operations testified that the government must come together to combat online identity fraud, including to improve Login.gov.

“The way the federal government verifies identity was designed for a threat that no longer exists,” said Jordan Burris, head of public sector at Socure and former chief of staff to the U.S. chief information officer. “We are no longer confronting isolated fraudsters — we are facing organized, increasingly sophisticated transnational fraud rings using AI at an industrial scale.”

Burris said the country is essentially in “a national crisis” because AI is accelerating fraud attacks due to its speed and cost-effectiveness. 

Advertisement

David Maimon, head of fraud insights at SentiLink and director of Georgia State University’s Evidence-Based Cybersecurity Research Group, said the government has some of the tools it needs to fight digital identity fraud. What it is missing, however, is the “authority, the coordination and the sustained investment” in those tools before fraud happens from a moving, “durable, specialized criminal infrastructure.”

“Criminals exploit the seams between agencies precisely because our defenses are built program by program, while their infrastructure is built to move across all of them,” he said. 

Marisol Cruz Cain, the Government Accountability Office’s director of IT and cybersecurity,  said the General Services Administration has not taken all the recommended steps to collaborate with agencies to address Login.gov’s technical challenges. Agencies reported that they lacked visibility into authentications, the system had a high failure rate and lacked fraud controls, she said. 

“To their credit, they have been taking the issue very seriously and partnering with new technologies and new companies to enhance their fraud controls, but they need to partner with the users,” she said. “If the users can’t use it, the technologies can be great, but if your users are still having issues using the system, you’re going to lose that user base.”

Rep. Emily Randall, D-Wash., raised concerns that Login.gov is now led by Greg Hogan, who was associated with the Department of Government Efficiency’s efforts.

Advertisement

“President Trump took one of the DOGE bros who oversaw the looting of the federal government’s data and endangered the privacy of every American and put him in charge of identity verification and login systems for every American,” she said. “And based on our previous line of questioning, that doesn’t sound like a way to safeguard the American people’s information.”

Panelists hearkened back to fraud that occurred during the COVID-19 pandemic, with Maimon saying the pandemic “did not create this infrastructure, but it supercharged it.”

“Criminals learned how to acquire stolen and synthetic identities, stand up shell companies, open bank accounts, and recruit money mules at scale,” he said. “When pandemic relief programs ended, none of that capacity disappeared — it simply migrated. Today, my team is tracking that same infrastructure inside SNAP, Medicare, Medicaid, federal student aid, tax refunds and SBA-backed clones.”

But digital IDs may not be the answer either. Jay Stanley, senior policy analyst at the American Civil Liberties Union, said they are a “disaster for individual liberties” and have an infrastructure that could be exploited “if it’s not done right.”

“We have to ensure America does not become a checkpoint society, and that digital IDs don’t become virtual ankle monitors — something that tracks us but we can’t turn off or escape,” he said. “Some of the fraud prevention techniques are based on gathering an enormous amount of intrusive data about individuals.”

Advertisement

Stanley said digital IDs must be an “empowering option” and not an “imprisoning requirement” for those without smartphones or who are not technologically literate, as “we should never make policy based on an assumption of 100% adoption of technology.” He was also concerned about threats from “abusive” political figures to revoke digital identification.

Each panelist laid out their recommendations to combat digital identity fraud, but agreed that the federal Privacy Act of 1974 is outdated and needs to be updated to reflect the current state of digital privacy. 

Ranking member Kweisi Mfume, D-Md., committed to working on updating it, saying that “the world has changed, and the least we can do, I think, is to try to find a way to protect the privacy of Americans by updating the federal policy that we have.”

Latest Podcasts