-- on the very different now than it was when i was a ranger. i'm a father, husband, a member of congress and i thought i took that uniform off years ago that i had left that like behind the period i have changed. i never thought it would converge again. i never thought i would be in a position of having to think like that and potentially act like that. certainly not as a member of congress in 2021 in the house chamber in the united states capital. >> this week you'll hear from oklahoma republican mark wayne mullen and new jersey democrat tom malinowski. january 6th, views from the house starts this sunday at 10 p.m. eastern on c-span, c-span.org or listen on the c-span radio app. >> the house financial services task force on artificial intelligence held a hearing on digital privacy.

testifying at hearing were expert in digital technology and security. they added questions about the future of digital identity, how best to protect data and digital privacy and the use of blockchain technologies. >> without objection the chair is authorized to declare a recess of the task force at any time. without objection members of the full committee not on the task force are authorized to participate in today's hearing. as reminder i ask all members to keep themselves needed when they're not being recognized. the staff have been instructed not to get members except when a member is not being recognized and there is inadvertent background noise. members also reminded they may participate in only one remote proceeding at a time so if you are just baiting waitine keep your camera on and if you choose to attend a different remote proceeding please turn the camera off. this hearing is entitled "i am who i say i am: verifying identity while preserving privacy in the digital age." i now recognize myself for four

minutes to give an opening statement. today we're here to explore how we can leverage the power of artificial intelligence to create a secure digital identity. and how we can leverage those capabilities with digital infrastructure such as mobile id to make internet access safer, more available and equitable for all of us. digital identification is a long overdue and necessary tool for the united states economy to transition into the digital age. while preventing fraud, ensuring privacy and approving equity. especially since covid we find yourself increasingly working, transacting and interacting online. hand-in-hand with that identity theft is at an all-time highit with over 1.3 million reports to the ftc in 2020. 2 a digital identity would provide americans with a way to prove who they are online anymore secure manner. people could use to sign for

government benefits, make a withdrawal from the bank or to do their medicalal records. all with the risk of identity theft or fraud approaching zero. reducing identity fraud would not only provide tremendous savings to individuals and consumers but would also create massive savings for our government as well. however, it's important to get this right. we must ensure that a digital identity framework is established with the utmost emphasis on privacy and security. that's why that it is the improving digital identity act of 2020, aov bipartisan measureo establish a government wide approach to improving digital identity. this bill would establish a task force in the executive office oe the president to develop secure methods for federal, state and local agencies to validate identity attributes to protect the privacy and security of individuals and support reliable interoperable digital identification in the public and

private sector's. this is f the first step for the chairman what our government needs in order to ultimate this crucial technology. using the power of ai we can detect suspicious activity, catch bad actors and greatly improve our outline for validation and authentication process. so i thank all of our members and witnesses for being here today. i look forward to this discussion to find out how we can best use artificial intelligence and digital identity to improve the lives of everyday americans. and the chair now recognizes the ranking member for fivee minutes for an opening statement. >> first off, thank you, chairman foster for your leadership on this task force and competing today's hearing and witnesses. i want to commend all of yourha hard work on this issue and being a thought leader in congress on how to better protect the personal identifiable information americans across the country. i've enjoyed our dialogue on that and look forward to continuing them. today's hearing provides an opportunity to be directly from industry experts and stakeholders on advancements in

approving the protection of america's personal identity. the task force held a similar hearing in 2019 and it is important we continue to consider gaps that persist and the proper role of the federal government going forward. ase a consumer it often feels like you need to share every important detail of your personal identity in order to even think about creating an account with a financial institution or other internet service provider. sharing your driver's license, social security number two sometimes your passport and other sensitive information online can be intimidating and can make consumers question whether the information is safe and secure, and it's not hard to see why financial service interest firms, savage could tax approximate 300 times more frequently than other businesses. these have occurred as bad actors have become more sophisticated and have amassed troves of data on american citizens. this along with a wealth of data american share daily via social media has empowered criminals to

take advantage of the current identity system which they been used to commit theft and fraud. to the credit of private industry we have seen tremendous advances in technology to help secure america's private information and identity. the use of ai machine learning of blockchain technology has allowed for new forms announces that can verify and individual identity in a secure way. now it is time for congress to work with federal but -- federal regulators to ensure the united states is equipped with the tools necessary to keep pace internationally. we should consider proposals such as improving digital identity act which will establish a task force with the federal government to engage with stakeholders but requires to build framework of standards to follow when providing services to support digital identityor verification. i commend him and my other colleagues for the work on this thoughtful legislation. beyond the obvious concern for regarding fraud identity theft t look for doing more to get out of other of identification verification can increase access to financial services and

inclusion. this committee should champion new technologies in their ability to break down barriers that prevent low-income americans from accessing critical banking services. digital identity technologies provide a lot of promise and opportunity to further inclusion in our financial services spaceo i look forward to the discussion today and i yield back. >> thank you. today we welcome the test many of our distinguished witnesses. first with mr. jeremy grant, court nadir of the better identity coalition. next we will have mr. david kelts, director of product development for get group north america. next we have dr. louise maynard-atem, research and lead, women in identity. next we have professor elizabeth renieris, founding director of the notre dame ibm technology lab at the university of notre dame. last we have mr. victor fredung,

the chief executive officer of shufti pro. witnesses are reminded their oral testimony will be limited to five minutes. you should be able to see a timer on your screen that will tell you how much on your plate and a timer will go off at the end of your time. i would ask you be mindful of the time of them quickly wrap up your testimony when you hear the timer so we can be respectful both of the witnesses time and the members time. without objection or written testimony will be made part of the record. and i would just want to also take a moment to really call thy major on a very high quality of your written testimony. it's worth reading more than once b because of the deep and important observations that it makes about where digital identityty is and should be goig in the country. mr. grant you are now recognized for five minutes to give an oral presentation of your testimony. >> thank you. chairman foster, ranking member gonzalez, members of the committee thank you for the

opportunity to testify today. i'm here on behalf of the better identity coalition anty organization focused on bringinh together leading firms from differenth sectors to work with policymakers to improve the way americans established, protect and verify their identities when they're online. our members would included leader some financial services, health, technology, syntax, payment and security. yesterday marked the three anniversary of the release of identity policy blueprint which outlined a a set of key initiatives that government should lunch to improve identity that about meaningful and, in fact, and practical to implement. our 24 u members are united by common recognition of the way to handle i didn't did it today in the u.s. broken and by common desire to see both the public and private sector's e.g. take steps to make it in the systems work better. on that note i'm grateful to the ai task force for calling this hearing today as well as to chairman foster was leadership on this topic. as legislation in others introduce two weeks ago improving digital identity act of 2021 is a single best way for

government to begin to address the inadequacies of america's identity infrastructure. infrastructure, at high level that should be one of the top takeaways for members of this task force today that identity is critical, infrastructure needs be treated as such. b dhs said as much in 2019 were declared identity as one of 55 national critical functions defined as those services so vital to the u.s. that the destruction corruption or dysfunction with have a debilitating effectthe on secur. but compared to other critical functions identity has gotten scant investmentt and attention and the improving identity act if approved will get a start. we are overdue to get started. the enormity of the problems, that of a magnified several times over the last 18 months in the pandemic that literally made it impossible to engage a most important transaction, the pandemic laid bare the inadequacies of our digital i didn't infrastructure enabling cyber kernels to steal billions of dollars and creating major barriers for americans trying to obtain critical benefits and

services. $63 billion was dollars was stolen from state unemployment insurance programs i cybersecurity criminals according to labor department. on the flipside we sent hundreds of stories of americans who have been unable to get the benefit they desperately need because application for an appointment had been falsely flagged for fraud when they find themselves unable to successfully navigate the convoluted and complicated processes many states have put in place to verify identity. beyond and upon the inadequacy of identity infrastructure remains a a major challenge in financial services. fincen flasher reported banks are losing more than $1 billion each month due get identity rooted cybercrime. in london's americans can't get a bank account because they don't have the foundational identity documents needed to prove who they are. id theft losses soared by 42% last year. why are the summary problems? hackers have caught up with a lot of the first generation tools we've used to protect and verify and authenticate

identity. while bastion might've driven this point on the reality is these tools of invulnerable for quite some time. there's a lot of reasons for this but the most important question is, what should government and industry do about it now? if there's one message comitia take away from today's hearing is that industry said they can solve this alone. we are at a jumped with the government will need to step up and play a bigger role to help address critical bulletin was in our digital identity fabric. passing improving digital identity act is where we should start. why is government action needed? as one of our members noted the title of this hearing, i amboise a.m., a stack in great because when it comes the duty you are who the government says you are. at the end of the big government is the only authoritative issuer of identity in the u.s. identity system that the government administers are largely likely stuck in the paper world where as commerce as increasing moved online. this idea of identity gap a complete absence of credentials built to support digital

transactions has been actively exploited by adversaries to steal identities, money and sensitive data and to defraud consumers, governments and businesses like the one industry is come up with tools to get around this identity gap the adversaries have caught up with many of them. going forward the government will need to take a more active role in working with industry to deliver next-generation remote id and permit solutions. this is not about a national id. we don't recommend when be created. we have a number of nationally recognized authoritative government identity systems, driver's license and passport, ssn. but because of this identity kept the systems are stuck in a papal rome while is moving online. to fix this america's paper-based system should be modernized around privacy protecting consumer centric model that allows consumers to ask an agency that issued a credential to stand behind in the online world by validating information from the credential. exactly what the improving digital identity act would do in a way to set the high bar for

privacy security and inclusivity. thank you for the opportunity to get spy today and note i've submitted lengthier testimony for the record including some recommendations on ai and dignity. i look forward to answering your questions. >> thank you, mr. grant. mr. kelts, you are now recognized for five minutes to give an oral presentation of your testimony. >> thank you, chairman foster, ranking member gonzalez, members of the committee. appreciate the opportunity today. i am david kelts representing myself and support of forming aa global driver's licenses and forming governance for identity ecosystem that reinforces american values of privacy equity and freedom while spurring innovation. i'm the director of product development for get group north america which is -- driver's license -- [inaudible] and have been a member for over five years of the working group that wrote the 18013-5 standard. i leave the evangelism task force for that group and i was lead author on the privacy

assessment with the mini international collaborators. mto is a digitally assigned id docking place on a mobile phone the correct individual for example, to control. government issuers around the globe are the signers of the identity information and the signature allows for use in mdl when government issued id information is legally required including for in person transactions. you don't show your mdl to someone else. imagine if crucially red card numbers to merchants through our phone, screenshots and editing tools would result in fraud. instead you tap or scant and share a token with a fire or reader and that token can be used to reflect a subset of the mdl data. the mdl holder has full consent of what they share and with this data people can get -- around the country, , around the globe. this minimizing of data is nested for the transaction --

[inaudible] where full data is always printed on the front and found in the barcode on the back. [inaudible] data transfer in person usage, design to fit next to other identity standards like open id connect and things like user authentication. there are challenges to empowering americans with this document in order for us to meet the values and goals of all the people protect identity information, giving greater control and flexibility to the rightful -- supporting accuracy of these operations at least come with the goals of improved privacy and inclusivity and access for all. these goals for mdl in person are the same as the goals of identity in cyberspace. mdl itself naturally forms and ecosystem. the government issuers on the

signers of the data so they have a passive role in lending trust to the transaction. this is a form of a public key used to validate the accuracy integrity and province of the data. the technology works today in a functional -- issuers must take the first move. this sets the challenges in funding a digital transformation that benefits the residents and businesses within any state. it's not always enough rationale. consumer pays model seems to be taking hold similar to our id cards. so they can require legislative approval. support for this transformation at the state level -- american values at the forefront and kickstart -- [inaudible] market forces alone will not shape and identity ecosystem that meets our values and goals. price pressure has been driven by these privacy invasive data-gathering and advertising policies. the software is free, , then you

on the product. and kickstarting market forces if they don't have it is possible that entities with very deep pockets could swoop in and meet the market needs to own and identity system. so challenges exist on this site as well and the verifier side. that can lead people with no place to use the digital id. across the globe to our government led frameworks like australia, privately read frameworks and public-private partnerships -- [inaudible] i recommend initiating a public-private partnership to define a framework that meets our values and goals from the existing pieces and that can enforce those requirements. this can kickstart identity solutions of many types to meet our goals in the digital transmission.

federal agencies can continue to lead and lend their expertise to this, and can be incentivized to accept mobile driver's licenses for things like tsa agents. dhs innovation programs can be focused from architectural goals to deployment of contactless id technology. we welcome -- expand the participation of the federal government and federal agencies. thank you. >> you are now recognized for five minutes to give an oral presentation of your testimony. >> good afternoon and thank you, chairman foster, ranking member gonzalez and the other members of the task force. my name is louise maynard-atem, i'm the research late for the nonprofit organization women in identity an organization whose mission is to ensure that digital identity solutions are designed and built for the diverse communities that they

are intended to serve. we are a volunteer led organization and we all work in the digital identity sector. entirely independent and not in the interest of any one organization or individual but we are all united by the belief we need identity systems that work for everyone by ensuring they are free from bias and that's a specific topic i'd like to talk about. so need have been a present requirement for many years as more businesses have moved their operations apply online te pandemic accelerated that and the need has become more critical in the last 18 months. the shift -- unique opportunity for enable economic and societal value creation assistant to come the gatekeeper to services like online banking and e-commerce and interest. however we also need to recognize the use of technology in the systems has the potential to further entrench and exacerbate the exclusion of

advised practices that exists in society. since we're digitizing what were analog processes and utilizing more data would be a missed opportunity deliver systems and services that benefit all. eliminating identity -- women in identity believes it doesn't happen under some. requirement must explicitly mandated. there's countless examples of where exclusion and buys have been mandated against and in many of those instances systems have been built often based on characteristics like race, gender, culture, economic background or disability. according to a recent population poll, approximate 11% of adults don't have government issued id documents, approximate 80% of adults don't use -- and 5.4% of u.s. households are unbanked. government issued ids come smart phone, having a bank account can often be the building blocks use for creating

digital identity for individuals. it's essential in solution we develop has to be accessible to all the groups i've mentioned and doesn't cause them to be for further excluded from opportunities for such technology might present. if you think about the physical world we would never erect buildings that were not accessible to welcome features like wheelchair ramps are mandated. we need to make sure we are mandating equipment accessibility in the digital world. women and identity we see the move towards identity trust frameworks being developed at the need for inclusion and testing is being explicitly called out. the uk digital identity is a trust framework that women in a denny was consulted. this one looks at that recovers to help organizations understand what is good verification looks like. there are explicit coats the make products and services are inclusive and accessible and organizations require complete annual exclusion report to transparently explain it use groups are excluded and why.

information commission in uk has funded the framework but lays caution digital identity in the system i rely on automated processing due to use of algorithms artificial intelligence within the systems. also making action major decision-making may have effects did a bias in the system does i come out of it and use for the data sets use integration of the products or service. at women admitting there currently is a research this seeks to understand the societal and economic impact of exclusion in the context of digital identity is specifically within financial services. we hope this research will inform a creation of a code of conduct to up providers identify and mitigate potential areas of buys, exclusion and product design. to ensure the industry is moving products for everybody, not just select few. to conclude we believe in order to achieve the full system, closure requirements must be

specifically and explicit mandated for with any regulation or legislation and also they must be vetted on ongoing basis. there are a number of examples in my written testimony why described how this is being done and i strongly believe the benefit in the benefit of sharing best practices and lessons learned with other industries and advocacy groups to ensure that we're delivering system that enable all citizens equally. thank you very much for your time and i look forward to your questions. >> thank you, dr. maynard adam. professor renieris, you are now recognize for five minutes to give an oral presentation of your testimony. >> thank you, chairman foster, ranking member gonzalez and members of this task force for the opportunity to testify before you. my name is elizabeth ringers, i'm founding director of the notre dame ivy and technology ethics at the university of notre dame, technology and human rights fellow at harvard kennedy school and at the at stanford civil society lap. my research is focused on cross

data from an ethical and human rights implications of did like in the systems, blockchain technologies. i'm testify in my personal capacity and my views do not necessarily reflect those of any organizations with which i'm fla. i begin my legal career as an attorney work insiders get a policy of the department of homeland security and what i do practice for the data protection privacy lawyer in three conus. i'm a console of that opportunity advise the world bank, yuki parnevik, others on data protection, blockchain, ai and digital identity and i'm grateful for the opportunity for this important topic today. as labor the back the pandemic we depend on digital global services for work, school, healthcare, banking, and did all aspects of life. we have limited visibility into our what is on the other end of the digital interaction or transaction. even before the pandemic vulnerabilities of digital

systems attacked her inch display, hospitals, financial institutions and of the critical infrastructure. as these sectors are digitized automated and manipulated, increasingly depend on secure digital identity. as we evolve into world with internet and everything with all manner of ip devices network technologies and other connected systems the digital is becoming the built environment. without secure reliable and trustworthy digital identity people entities and things this new cyber physical reality is increasingly vulnerable to a task threatening individual safety and national security. digital identity is becoming critical infrastructure. presently -- profit maximizing biz upon the threat of privacy security and other fundamental rights of individuals and committees. often they incorporate new and advanced technologies such as ai, machine learning, blockchain

and advanced by metrics that are not well understood and not subject to government frameworks. in order to engender trust and safety and security in the digital ecosystem we need trustworthy statement security identity. in order to engender trust safety and security in our society when he did a point it ethically and responsibly. recognizing the growing importance of digital identity in seeking to rein in the private control over it makes are prioritizing efforts to design and build the infrastructure needed to support robust virtual identity. for example, the european commission has worked on a public electronic identity or eid to access digital fashions of including as altered to privacy and basic solutions such as log in with facebook or google. even as with hundreds of framework for ethical ai, we like any specific it identity. to remain competitive avoiding closure of the public sphere to

privatize identity scenes and protect the salah human rights of americans the federal government must take the lead in shaping the technical commercial legal and ethical standards for the design development deployment of the systems and critical for such a great approving this this is a gt step in the direction. such as dams must not only include best practices which picked up right here security of data but also measures for fans, conspiracy and accountability on the part of entities designing and deploying the technology. strong enforcement oversight and adequate remedies and redress for the people impacted. they must also address the risk of exclusion and discrimination in the specific challenges assays with use blockchain ai and other emerging technologies to we must avoid building digital id system in a way that would further -- [inaudible] when we move through the physical world today we are really rarely asked to identify ourselves. by exhibiting grayson has a digital component and as a market for digital id grows where at risk of slipping that

paradigm. to avoid erosion of privacy we will also need guardrails around the use of the systems going when and why identity can be required. if we're not careful we might go from identity as exception identity as the rule. to summarize my recommendations to congress we must recognize that digital identity is critical infrastructure the federal government must lead to great standards for safe secure and trustworthy id. those standards must address specific challenges associated new and emerging technologies and assure public option and finally we need guardrails around the use of id to avoid id become an enabler. thank you again for the opportunity. i look forward to your question questions. >> thank thank you, profess. and your timing was accurate to the second, so my compliments on that as well. mr. fredung, you are now recognize for five minutes to give an oral presentation of your testimony. >> thank you, chairman foster, ranking member gonzalez and

distinguished members of the committee. i'm excited to beer and thank you for inviting to testify before you today on this very important topic. my name is victor fredung, cofounder and ceo of shufti pro. shufti pro is an identification and compliance platform that provides service to government agencies and companies throughout the world. our services primarily focused on identification are with more commonly heard as know your customers relax and use of tech doge such as artificial intelligence and machine learning and has been used by companies from all points of the world. also verify documents. when it comes to identification most lines utilizer services that combine face recognition and -- [inaudible] we're taking appropriate steps. in addition we also refer to the

approach of verification -- [inaudible] we allow clients -- how it should be performed. this is crucial for businesses to comply with requirements. i think we can all agree the timing of this particular subject is entirely in line. during the epidemic -- relied more and more on the use internet for everyday tasks. [inaudible] i would like to discuss a couple topics with you today come first and only have can help customers. to give you the background story of ourselves we start our journey back in 2017 windows this is a relied on either use hybrid or -- to find customers. the hybrid approach -- [inaudible] the problem is for so it's not scalable. secondly is also very

time-consuming. so we did use artificial intelligence and machine learning tool accident features. for example, -- [inaudible] we saw some coaches might try to tampa with some force of the documents so we develop our anti-spoofing technology combines verification to verify customers are who they say they are and organizations verified identity. by experimenting with the usage of automated technology we not only saw verification could be processed at a much faster pace we saw identity theft increase significantly since sophisticated forces with security changes on secretary of labor the second topic is regards to data privacy and out in users can be secured providing their identity. as we all know --

[inaudible] it's the end-users that gets compromised. there is different ways to try to solve this and that's an example by utilizing one device were normally data is transmitted elsewhere. another software any as provided is -- [inaudible] they simply ask for confirmation the cast was successfully verified by the proper standards. here is unfortunate problems since most require data -- [inaudible] i would like to mention our research into the many different types of frameworks and documents combined.

used in the united states we see different requirements and obligations from different sectors. in addition to each date own of unique set of documents. this provides a problem for a lot of companies that only in the united states but across all over the world where requirements, documents get -- no universal framework. we suggest continued pursuit of universal framework for each state needs to follow when it comes to selection of id documents and the unified requirement when it comes to what information needs to verify i have verification should be performed. i support the digital identity act. thank you for inviting me to testify today and and i lood to your questions. >> thank you, and i will now recognize myself for five

minutes for questions. just to get an initial idea of what the scope of improvement that we might be able to see if we're widespread use of high-quality and mobile id. if you look at the large hacks that it hit the headlines, the colonial pipeline, the dccc hack a few years back. what fraction of these would be largely unlimited if we're widespread use of mobile id second verification instead of just passwords? >> i'm happy to jump in if i can. i think most of them, i think it's a monopoly these days when a major incident happens and identity is not the attack vector. though i want to differentiate, we talk about identity, to me we're talking two things. there is identity spoofing, which are due when you open an account and then i authentication, tiger login.

a lot of the fraud we've seen in unappointed systems has been taking advantage of the identity proofing. you prove you're bill foster for first-time and which bill foster gillett there are probably several thousand of you. we basically saw stolen data used to cut to whatever protections a lot of states had in place or in some cases they had not at all to steal billions of dollars with regard to the other breaches we've seen, colonial pipeline, somethings with ransomware, much more focus on authentication, copper was a password or compromise somma first-generation forms of multi factor authentication like ones based on the code that is texted to that is now fishable as well. overall, both identity proofing and it is occasionally big problem. if we could close both of those gaps unity to start to raise the cost of attacks for a lot of criminals and make it much harder for them to do the things they have been doing.

>> okay. one of the things i think many of you mentioned in your testimony was how covid has sort of changed the profile of identity and the need, the fact were moving more and more online, is becoming more important. the other thing that's happened is that real operation agreement that we have to get a broadband connection to essential all-americans and that there's a real federal role in subsidizing that. i think that republican talking number was $65 billion that should be dedicated, democratic counter offer was 100, as long as, if we end up anywhere between those numbers will have a real step forward for closing the digital divide and getting at least a low-end digital device in the hands of all-americans and broadband accounts. so given that, how would you

then piggyback products, for example, digital driver's license or other ways, how do we get this so that's the second part of provisioning a broadband and digital identity people? >> anyone who wishes to grab it. >> so yes, i think that access to broadband, access to connectivity can increase accessible to everyone and i would say that fits into the same level of accessibility as getting an id card that you currently have. and being able to use that. the technology in mdl, i speak about that come is geared to use on really any fun because there are multiple ways you can interact with that for in person, and we expect we can cover vast majority of phones that are out there provide them something that allows for the transmission. i think that would be a huge step towards accessibility for

everyone for mobile identity. >> when we do this how do we make sure the equity issues are addressed properly? let's go to the phd material scientists to weigh in on this who seemed very interested and involved in this set of issues. >> as soon as you start to drive access for everybody then there are lots of different solutions you can put in place. we're establishing a a baselif a point have access to some kind of device, then i think that really levels the playing field. undressing avenues have a smart phone. everyone needs to have access to something and that's a big hurdle serling uk going about on that .6 don't have access you could say someone says you are you and we can take that a steady but if there's -- to provide a a duty with some kif technology so they can use services then that really knows the policy debate far forward. >> you mentioned in your

testimony the eid effort in the eu, is that correct? i'm out of time. okay. for members who are interested, if there's time we will probably people have time for a second round, and if that fails will continue our tradition at the end of the formal part of the hearing i will gavel it closed and we can just sit around and talk, sort of the zoom equivalent of just hanging around in the room and talking with the witnesses, which is often the most valuable part of the hearing. i will now recognize a ranking member for five minutes. >> thank you, mr. chairman for holding this hearing and for our witnesses here today. before i get stored i ask unanimous consent to add to the record a letter from the national association of convenience stores. >> without objection, so ordered. >> thank you. mr. grant, i want to start with

you and look forward to reconnecting down the road. as we were talking yesterday off-line, i told you i'm excited to support mr. foster's improving digital identity act. it's a step in the right direction for sure. my question is, beyond the improving digital identity act, what additional areas should this committee be focus on from a legislative standpoint with respect to digital id? >> data for the question, congressman. good to see you again. i say starting with the foster bill, look, it's a great place to store in that it finally starts to pull together what i would call a whole of government approach to looking at this issue. one of the challenges we have in the u.s. is we have nationally recognized authoritative identity systems but there's --, per certificate from the county i was more income state dmv

gives my driver license and other passport from state farm. what's great about that bill is it looks at how to take a consistent standards-based approach so any american could ask any of those entities to bat for them when they're trying to prove that the our online at the peak was mentioned also has ass a high bar for student privacy. the questionable come -- has missed makem particularly in the states where i know david talked about the work you do with mobile driver's licenses. i think there's a concern that while there's a handful of states doing things now, if you're not going to actually invest dollars in trying to jumpstart productivity in the states, that it might be say 15 years before we start to get to critical mass of people having some digital corollary to the paper documents, and that's going to be a real issue. the infrastructure bill is being negotiated as chairman foster

border pointed out would be a great place to put someone in to help accelerate that. beyond that the more a i is going use the republic be more questions to be asked, and this task force is currently a a gt place to evaluate some of those considerations. >> great. ms. renieris, eric goosby on the legislation we should be considering at the committee level to foster greater digital identity act. >> thanks for the question. i would say firstly on the legislation in particular i would like to point out flags unconcerned about which is a reliance of consumer consent. as we've been having conversations around state and federal privacy legislation, i think there's growing awareness around limitations on consent-based framework in this context. going forward it might be worth reconsidering the basis for some of the personal data processing involved in these identity systems. separate and apart from that really a lot of this is quite of

the idling infrastructure and other sectors. for example, even if you had a robust whole of government approach and created the technical standards for nist or otherwise used on the problem for example, if her healthcare infrastructure can't adjust the stands or those technologies. you have to think about other upgrades across critical infrastructure and other sectors in order for this to be woven in and layered on top. i think the third thing is really something that's already been pointed out around mandating inclusion in the conversation. as we've expressed in our testimonies and as we've seen in the field there can be lack of diversity of conversation. in addition to the interagency diversity i think the divergent expertise at the table is really critical. >> thank you. and mr. kelts, in utah, what are the biggest learnings, and i'm looking for sort of areas,

things have been difficult that this committee should have on our minds as a program moves forward. >> so i think what we've seen from consumer is larger than expected in which is been great. we are very early in the pilot program and position people, that's the key thing. as will the demand from businesses. the bill before the state government to engage businesses along the whole process right from the beginning to engage stakeholders has been a huge advantage for making this work in utah. >> great. i see i out the tiger i yield back, mr. chair. >> thank you. the chair will now recognize the chairwoman of the full committee, representative waters, for five minutes of questions. >> thank you very much. i'm on now. first of all, monster hunter mr.

fosdick and i want to thank you for the attention your paid to this i can vacation issue and the work that you are doing that is so important. i would like to ask doctor maynard added a question f this been answered already been i won't proceed with this and i can talk about it with you later on. it's about the use of artificial intelligence of course the individual identification that is raise concerns about algorithms bias. as you know smart phone authentication can employ voice facial recognition technologies but these technologies have been shown to exhibit bias against women and minorities work in fact, researchers have found that facial recognition technologies false identified black and asian faces ten to 100 times more than white wines, and false identified women more than they did men. do you have any concerns that a digital identity system could

also have this kind of bias? if so what steps need to be taken to eliminate this bias? >> thank you for that question. i think there is always a risk, but if you're starting to produce emerging technologies like artificial intelligence, you run the risk of bias creeping into penny on the way that the systems have been built and the data the systems have been tested upon. a lot of the issues from homogeneous test data being used to test the system. when they are learning how to recognize faces they are tested and trained on a very homogeneous data set so that might be all-male. that might be majority male or majority of people at one particular race. i think the way we over correct for that is by ensuring that the data we're using could build algorithms to build these things up, to test facial cookers amend

and women to make sure that test data is as diverse as the population that the system is then going out to serve. we need to make sure we are equally representing both genders, all races and all that test data so the algorithms learn to recognize that even equally while the situations we had previously where they lead specifically to recognize one person or one type of person at the detriment potentially of others. >> but what you are describing is precisely what was discovered a long time ago, and the lack of diversity in the testing that has not led to the ability to deal with some of the problems that we have found and minority commuters, black communities in particular. and so you do think that this is part and apart of moving forward with any identification, is absolutely having the kind of diversity in the testing that

will bring us to the results that we need. how far -- i don't know if thiss is a good question or not, but i think we have improved, you know, the testing in medicine and particularly with certain diseases where they had to work hard to get minorities in the testing programs here but do you know whether or not it is proven that this is really taken place with medicine and that the corrections have been made and they been able to advance the pharmaceutical products based on the testing that was done? because they know what's needed any particular minority group. do you know anything about that? >> i don't know specifically whether it's been proven but i think a key point is like a sit in my testimony, these things, inclusion, calling out bias don't just happen under own. i think they need to be mandated. i think we need to call that

specifically in legislation you have to do task for these things come jeff to test for bias and make sure people are included and you to test on an ongoing basis. this isn't just something you do want and put on the shelf and never addressed again. you have to test. in the uk its proposed it is done on an annual basis. we need to be testing and retesting to ensure any device that does exist in the system is called out, as explained and that action plan to put in place to make sure that exclusionary technique or system doesn't then been thick report. >> thank thank you very muc. i appreciate that information. i will follow up with my colleague mr. foster and you as we move forward with his whole issue to thank you and i yield back the balance of my time. >> thank you, and the chair when i reckon it's colleague from north carolina, mr. budd, for five minutes or i think the chair and also what you think the witnesses for being here today. very insightful.

mr. fredung, i want to address the questions you in the brief time with. with continued growth and expanding use of cryptic urges we see an increase rollout by exchanges becoming compliant with anti-money-laundering. so how are these know your customer programs performing compared to traditional finance counterparts? >> first of all thank you for the question. as we all of cryptic urges getting more and more used in the world for investment for everyday tasks. when it comes to legislation and catching criminals as well we do see happening a few different -- unfortunate probably seen -- not too many legislation. in europe we have -- u.s. has started issuing different licenses. for a few selected clients.

this is a problem we see in the space where there needs to be an easy way for businesses that operate to become license. i would like to bring up as well -- [inaudible] they also discussed the bad actors using cryptic currency. they also mention it was a number around 0.4% which was a which was a decrease in previous years as well. [inaudible] i wouldn't say most businesses have pretty much -- [inaudible] >> very good, thanks for that. so as technology continues to advance and will look for new ways to identify consumers,

without jeopardizing their data, so that's key, i can utilize blockchain as a tool for digital identity verification? that will also be for you. >> sorry. i accidentally hit minute button. it's very interesting. as mentioned that something we operate in the future. by enabling blockchain, unauthorized access to customer data, circa way of transferring user data, better user experience as well, i guess we can all understand for customer -- over and over again it's not really a good use x-rays. in addition, there are other collections of elections will so they could be -- one device reputation where data is transferred elsewhere as well. >> so financial institutions are subject to a patchwork of

identification breach laws in the u.s. state-by-state. so in addition to federal regulations that we saw in the claim leach -- gramlich bliley act years go there's no federal standard for data security for nonfinancial institutions that handle consumer data. what regulatory improvements would you what regulatory improvements would you suggest? that's also for -- >> sorry. when he comes to improvements in the regular framework that are differences. the first one being universal framework requirements and security standards aligned. the second one would be -- issued by the states. maybe in addition also requiring alignment ship were something you see it's not a requirement in all different frameworks. this is essentially ara great

tool. apart from that we do conduct heavily research and universities in medicine as well. >> really appreciate that. it's all the questions i have. i appreciate your generosity and time to the whole panel. yield back to the chair. >> thank you. the chair was now recognized by calling from illinois mr. casten for five minutes. >> thank you so much really wanv to thank you for doing this hearing. you been tweeting on thisg for a long time mr. potter and we wouldn't be doing this but for your leadership so thank you. what to direct my questions to ms. renieris. the first is over the last couple years there's been talk about google and facebook and talked about introducing a digital driver's license digitization of your driver's license on mobile apps. do you have any ethical concerns with essentially a private digital id supplanting a

government managed digital id? >> thank you very much for the question, congressman. so this is an issue i looked in my testament and i go into more depth in my written testimony. what apple and google are basically done is created digital infrastructures to post a digitized version of your government issued driver's d license for your analog, you know, physical id.'s it's quite telling that what they said is not a native id but rather a digital version of those artifacts that we are all used to. that's an important distinction. it is true that very sophisticated capabilities now embedded into smartphones, including improved to six are enclaves and other technologies, localized machine learning andgi data processing that improve some of the data security and privacy aspects of the mobile digital law but there are a

series of ethical and also privacy concerns that have gone beyond the data itself, specifically i have concerns around business models. what we've seen over and over again is that a lot of the business models and for commercial incentives around the products and services provide by some of the companies you major including apple and google are not necessarily business models in support business interests and the values that we really concerned about and they actually very often cut against those. for example, with the apple id we don't yet know exactly the business model is. however, it's it's basically the same technology as apple pay which we know his transaction fees associate with it for different players in the ecosystem. ncentives this could create perverse incentive for the use of id reps in contexts where it's necessary or there's also concerns about the ease of use.

the easier sleeker these credentials are, it feels like not a big deal. we normally sings like my metrics, preventing her id and context where perhaps it shouldn't be appropriate or required. i think there are concerns go beyond the data and images think about the security privacy data with the sight of security privacy of people. those are different things and the technology designing and building the system have a very narrow definition of privacy. this is a tactical mathematical view of it. we have to put in the context of the system that it is in the context of law and economics and all these other things to think about what the true impact of the of people rather look at specific floor or specific technology. >> so thank you for that. this is a question that gets pian digital id and, of course, spent to be committed and congress because when the financial services committee, we spend a lot of time and we have crafted love legislation about

what happens if i give my money to someone who is a custodian of that money and we have developed fiduciary rules of looking after the best interest of that money. arguably our data is linked to earn money and a lot more as you point out. there vincente will talk about you should we create a fiduciary role to apply to people who hold our data. i'm curious if you've heard any of that, if you forget those proposals, thinly with them and have any thoughts on that as a possible way through some of this morass should the private sector get ahead of this? once people turn the data over you can't put the ginnie back in the bottle. so your thoughts on fiduciary role for data. >> certain fiduciary duties, confidentiality and other associated with entities for processing and storing data can make sense. i don't think i think it sort of a small approach. an approach at the moment is

very -- across state and federal proposals come side you think we need to i do think that we need to think about what's the underlying legal infrastructure we have in terms of privacy and data security and data protection but again those are sort of one piece of a more comprehensive framework that we need. we may also need to think about identity specific dataa related government sector, for example, the culmination of data privacy and infrastructure and point out areas where those friends overlap and with a diverse and reconcile that. >> thank you so much. i yield back. >> thank you and we will now recognized our colleague from texas mr. taylor for five minutes. >> thank you, mr. chairman. i appreciate this hearing. i think this is an important topic, and mr. grant, talking to you, , you mentioned in your

written testimony that from the unemployment programs. i talked to some of my colleagues who were mortified by the billions and billions stolen because of the unfortunate loopholes in the administration of those programs, and i realize digital id is a component of guarding against that front. how do you see a working -- a i worked with existing frameworks being a way to combat fraud in unemployment insurance? >> i think what the way i look at it there's both a what would i say, when i look at identity, identity is one part of a broad reduction and can we risk there and i think solving this issue presents an issue, it presents a couple different dimensions where even outside of the thing you might be doing on identity for verification you might have ai running broader prevention systems to look at different signals.

i'll say i think it's two thirds of the reporters of those are going to be identity related in terms of are you able to see how somebody's potentially using stolen data or see something about the device they're walking in on that is exhibiting signs that might be our box entering the data rather than an individual. i think a lot of it will come to identity at the end of the day but there's broader places that were seeing these same companiesin this space look at things that touch other elements beyond individual identity >> to my colleagues , i'll be trying to work on getting ai language into some of their appropriations try to prevent fraud. that is something we should begin to look at and start to think about being in the ai task force it's germane to what we do. shipping, just to ask you a question about identity

technology gone wrong. and i mean obviously it's really important. i think the idea is we want to have it in any system which is consistent with our values as americans of protecting identity and protecting information and i kind of think about china and how they were, the chinese communist party their control of digital payments was able to control people's goodness and help stop people who are not in favor of what the chinese communist party for being able to buy plane tickets and they're not even favored by the trade ticket or even ride a bus so the thing about the technology being in my mind abuse to really suppress people in a way that is orwellian. can you give us examples of other ways that identity technology has gone wrong not necessarily inthis country but other countries ? >> thank you for the question

congressman. there are many examples. i think one of them, the most important thing to pointout is in a lot of other countries , the digital identity systems are basically mandated national id scams that are with vital statistics so if you can't obtain a digital identity in this country are essentially blocked. there is basically nothing you can do and you don't exist so i think that's a broad level. the second layer of that is that in a lot of countries what we've seen digital id schemes gone wrong is it tries to integrate, they basically use a single identifier . that single identifier is able to track your activity across all facets of your life and employment healthcare, school, everything you do . another area where you can't retain autonomy over a specific domain of your life.

for example you can't separate your personal professional, you can't have this kind of contextualized identity so i guess that's also really problematic. it's also problematic from the standpoint of data security so i think going back to the point around intrusion, a lot of us are buying outside of this technology so there are companies where women are disproportionately less connected and don't have access to things like mobile devices so in those countries where digital identity is not for a mobile device they are at the mercy of a partner or someone else to exist and to operate in that country. reasons to look beyond the privately secure privacy security data to think about operating a national platform . i can go into more detail in my testimony. >> thank you for that answer, i yields that. >> we will now recognize our colleagues from north

carolina for five minutes. >> thank you chair, ranking member gonzalez and also to our chairwoman for holding this hearing and to the witnesses, thank you for your testimony aswell . ai algorithms is a prominent and widespread concern as the technology has become more entrenched in our daily lives . i recall a few years back when they show recognition software identified my congressional caucus colleague john lewis as a criminal. this real problem that biased ai is having real-world impact is the reason we are having these discussions and that's why i want to successfully include language in our annual packages that asks the national science foundation to partner with ceos and academic institutions to study algorithmic data.

professor, in your testimony you noted that ai and id verification can have significant consequences so how can we stop the ident digital identity process being overreliance on potentially flawed ai algorithms and what role should the federal government and state government play in the distribution of digital identity ? >> thank you for the question congresswoman. i think this is one of the most important conversations we've had around digital identity so going back to the comment around the quality of data that an important consideration and i do think we are makingprogress there . these systems are more cognizant of the need for the data sets to reflect the population that these systems will operate in but i think we're not looking at it

closely as who's designing and building these technologies in the first place. regardless of how good the underlying data is risks are not going to be identified by people if we only have so much in this people buildings these things because they only see the risks they understand so the reason you need a diverse set of people building these is to be able to supply and mitigate and build them into design of the technology so there's concerns around bias in algorithms but there are concerns and all thedifferent components that flow throw out . earlier we talked about different kind of biometrics like face and voice which are subject to racial and gender bias but increasingly in the future it's looking into things like behavioral biometrics work which are essentially profiling technologies . those are going to raise concerns about equity so again, to make this sustainable and forward-looking , bad actors are always going to be able to outsmart the of the art

technology so the only way to get ahead of this is to think about how these operate broadly in these technical systems. but you're right that that is a primary concern. >> despite some of the problems nato benefits from employing ai to protect consumers so with the increase in data breaches particularly on the reporting agencies where large amounts of personally identifiable information has been exposed, how can ai help with distinguishing between legitimate and illegitimate activities to detect or prevent digital identity fraud? >> thank you for the question congresswoman. before i answer i would love to piggyback on what elizabeth has said in that i think as we are concerned about bias and i think this plays into yourquestion as well here , so much of what we're dealing with with ai are predicted systems that are trying to use ai and

machine learning to guess at the end of the day only the government really knows and i talked in my written testimony, one of the best things the government can do would be to advance the bill foster introduced which brings out a deterministic layer which is an authoritative government identity systems to complement the probabilistic layer is going to be one way to address concerns about bias. in terms of how it's being used more constructively when we got terabytes of stolen identity data is being used to commit identity fraud, one thing we're seeing is a lot of vendors out there when they can identify what organized crime rate is doing ai can study how they enter data and then be able to analyze that and learn whether it's, what it looks like somebody's doing when they'reinteracting with a device , how they are holding it. some of these things are behavioral but if you can learn what it looks like it might be malicious behavior and then you can start

generate allure that might kick some of those applications in a way that if they blocked it at least takes it off to a secondary layer for examination where you can make a more informed decision . >> mister chairman, i yelled back. >> we will recognize our colleague massachusetts for five minutes. >> thank you for putting this together and i want to echo what the congress set at the beginning of the session complementing, i thought it was superb. i appreciate that. mister grant, in your written testimony and your oral testimony you talk about the identity at and what elements of that would be asking the national institute of standards and technology to really take the lead on setting the protocols and the standards for what identity cruising which as you said is at the heart increasingly

would look like. i want to dig into that a little bit. could you tell us maybe the 3w's of that. who shouldbe involved , what this product might look like and when we would be looking for that to be accomplished, what kind of time frames are we seeing? >> i think in terms of background, congressman fosters bill focuses a lot on this as a way to try to address the concerns we've heard about today. in terms of whether it's the public sector or private sector developing the systems you come up with standards and best practices that can set a high bar for privacy and inclusion? a lot of concerns that people might have about different industry solutions or even a government solution running amok and losing sight of the >> can be accomplished with standards and so, i think, look, one of the great things nick does and background and used to lead a trust group several years ago, it's a great

way to engage with stakeholders not only nationally, but globally across the private sector and the benefit of having lead this, frankly they can bring in whether it's technical experts like david or louise or academics like elizabeth or entrepreneurs like victor, to come in and provide input and weigh them and synthesize things that might address all the issues. i think it's not just technical standards, but business practices, how do you collect data, what recourse do you have? what do i need to know beyond following a technical standard? and nissa has tackled this for the private framework for months escalated time frame.

and my colleagues would be frowning this is a national crisis and we can get it done. >> professor, you mentioned identity as a socialal technical construction, i think it's a great way to frame it. from your perspective, what would you want to be seeing from the product that would give you confidence that we are architecting government in a way that is not going to lend itself to abuse and also to my colleague, mr. taylor's point, not going to lend itself to concentrated government power? >> thank you for the question, congressman. it's an an interesting question, focused on technical standards, i would say the advantage of having lead on this front is it that they're not subject to some of the incentives i was talking about earlier. thech a long and comprehensive

track record with the right considerations in mind. that said, i think that it is important within this that others are consulted and other expertise beyond the narrow mathematical, technical and engineering conception of these things what they've done before in guidant have been mindful of some of those considerations. now, proofing is considered relatively technical exercise, but i think to mr. grant's point, i think the reason it's so important because it is really the gateway for critical first steps and what's really nice about that, if we rely on government agencies, those are accounting for some things i was talking about and not based upon guidance and science exclusively. so they're rooted to real world social technical content as it

is, so there's a good foundation there. and this goes into a bit more detail. >> i'm going to jump in 15 seconds, for mr. grant. two factor identification, and two means of identifying yourself with a password and a text message or google app, is that still the best authentication. >> yeah, there's no such thing as a secure password these days and the upper case and lower case, and 64 character password can be phished and even two factor they can phish, they can trick you into handing over a password. i use a hardware key and based about cryptography. >> i'm out of time, mr. chairman, i'll yield back.

>> and i guess we have member interest in another another round of questions, and i'll recognize myself for another five minutes. if we do as part of the infrastructure package, in the different states, it gives us an opportunity to set the standards for privacy and the other important aspects. so what are the red lines for privacy that we should really keep our eye on and insist have to be present? ones that get mentioned frequently are interrogation of your app, that the user should be aware every time the idea is presented. and another one that gets, that's been encountered at a traffic stop when you're asked to present your digital i.d. you do not have to turn over your physical cell phone that you have some form of electronic communication so the law enforcement officer doesn't get to paw around your cell

phone and see what else might be there. is there a good list, what should be from the privacy point of view? >> so, i think there are very good lists and in my written testimony i've put together a number of them that i think can be used and a diverse cross section of what's been looked at so far. i've been asked to look at thes list you included, as one of the most physical things to try to protect against is surveillance tracking or aggregating data and then that data to find usage patterns. i think the ability to use individual identifiers for each transaction instead of uniform identifiers, and being able to-- enforcing not having central--

the key to enforcing privacy for people using their digital identity and their trust in them. >> and do the other witnesses have something to add to that? >> i'd flag what's important, really, a privacy that looks at it holistically. and one of the things, that we launch out of the nsa program at the time is the privacy initiative and how do you look at a soup to nuts approach to different contacts and identify risks in any system and then come up with technical and policy mitigation and architects around them and that was something that the previous administration had asked them to do. one reason i'm excited to do is one thing they'd focus on, one place frankly in government or industry that has a comprehensive framework geared

toward identity framework. and the idea to granularly release-- when i look at how many copies of my driver's licenses might be on-line, especially after the last year, they might need to know i'm 21 if i was ordering whiskey during the pandemic which i might have done once or twice, or eligible for something else. being able to focus on sharing specific things about myself without all of my data, that's going to be quite important. >> if i could also jump in, congressman, one of the first things we need to realize we need to go upstream, it's too late to have privacy protections in place. we need to think about data minimization and privacy plays an important role here, but a concern here is that they often are very complex which could result in user errors and we have to think about things like design. we're moving away from the

interfaces. we've got other interfaces in the future and we're not able to present privacy noticing and expect people to understand what's happening. and the design is growing in importance and particularly the faster these, you know, the quicker the interaction is, the more important the designs and the engineering is front and center before we talk about what we do with the data. >> thank you. and you know, one of the killer apps for this, as it were, central bank digital currencies and financial services committee is involved in and gets into international usage because digital dollars should be useful for people around the world because we're going to have to authenticate participants. what is the status of international inner

operatorability for the i.d. initiatives? >> well, i say at least from a regulatory perspective in the banking world, about a year and a half ago, the status, which is the body of global financial regulators that put together put out digital identity guidelines, but it's much more of a cookbook in how each should look to design digital identity systems for some of the applications, including cbdc's. in terms of true inner operability different countries including u.s. developing digital infrastructure and finding ways to treat negotiations and others to mutually recognize them. i don't think we're there yet. >> thank you. we'll recognize ranking member gonzalez for five minutes. >> thank you, mr. chairman. i'm probably just going to stay on one track and this is for mr. grant. so it's widely reported that the basics of traditional

identity information that the government requires to use or social security, et cetera, are widely for sale on the dark web. i, too, may have purchased things on-line to get me through the pandemic and you just never quite know where that information comes up. it doesn't give you the best feeling when you turn on the news and every day there's a different cyber attack. and they're using the tools to verify information in multiple massive data sets instead of government requiring. so, can you speak just from a cyber crime standpoint what the move to digital i.d. in the united states could get us? >> well, i think it makes it a lot harder for the attackers who are exploiting what in some cases is nonexistent infrastructure or legacy tools that the attackers caught up with. so much of what i think about not just with identity, but

with anything when it comes to cyber crime and cyber security. how do you prevent scaleable attacks. and how do you raise the cost of an ii-- attack so that they don't do in banking or over the years. the weather it's looking at whether some of the determinate factors we can bring in with what congressman foster's bill would do, asking an agency to vouch for you, just like you can use your card in the paper world and how do you do that digitally and with ai as well, i think i he thinks med before congresswoman adams asked how ai used? they can look for tell tale signs. we're in an arms race against increasingly organized, you know, criminal gangs. they're starting to u.s.a. i as well. so i think, you know, we're going to need, unfortunately, every weapon at our disposal to

guard against these increasingly sophisticated attacks. >> thank you. mr. freeman, same question for you, from a cyber security and a protection standpoint, what does moving to digital i.d. do for your average american? >> thank you, congressman, and some of the more sophisticated -- what we've seen in space like sharing information -- this is pretty much easy for them once again, and the aid fix for examination, i think you mentioned the social security number and -- against the data base, that's quite

because anybody can steal anybody else's information and data bases don't give you a particularly accurate result. so by moving towards more of the identification that is the alongside by the identification-- >> thank you, mr. chairman, i yield back, i have no more questions. >> thank you, we'll now recognize mr. for the second round. >> and thank you for the second round because i want to pick up on some stuff, ng you alluded to this with your conversation. the block chain and technology more broadly, obviously creating a digital i.d. where it is and the integrity of the

data that stores it and we've seen in the crypto space, anonymity that can be abused. i think i have a two-part question. number one, are you satisfied that block chain is the right technology to store the data around the digital i.d.? let me just hear your answer where i go to the second question. >> thank you for the question, congressman. so i had this in my written testimony and quite explicitly think that block chain is the wrong technology for this. i worked in house with block chain start-up and worked with many, various government. block chain is apparently an accounting technology, it features transparency and there are some things that you might want to use, for example, for

supply chain management, but they're really not things that you want to use for personal identity management if you're concerned about the privacy and security of individuals. over the last four to five years, as i've been part of these conversations with governments and industries, there has been many, many technical solutions proposed to get around some of the concerns, so a lot of different based on techniques and encryption, but conceptually as a part of what block chain does and is designed to do with the principles around things like data minimization. if i want to prove who i am. i don't want that to be around the world. if i do that, i don't want the data indefinitely. really to me it's a complete misfit between the purpose you're trying to achieve, but i know you have more questions. >> that's helpful. the reason why i tied this earlier to my question, in my

head at least, this is tied to, is there going to be a privately owned for-profit digital i.d. that's going to get out ahead of this? because the value of that data, the narrow part of my biometrics, this is me and this is you, and then there's all the metadaa around it and what did you use your i.d. for, et cetera, et cetera. however we store this, and i'll stipulate that you've got an idea in your head where we should store the digital i.d. should we also be using that same place as a repository for the metadata? where should that live because someone's going to use it and what are your thoughts on that? >> yeah, so it's a really important point to make. and there are teams working on this have recognized that it's really a bad idea to actually store the identity credentials

on the ledger ap they've worked around that and that's the metadata you're describing, and i think an important thing that's very overlooked in the conversation is that the commercial incentives that we have been talking about in the business models and revenue models here can undo a lot of the features intended to provide privacy and anonymity. >> for example, a lot of the identity schemes lack the business model and a come mop one proposed is a scheme where the verifying parties with the credentials when it's used for the cost. and when you have a scheme where you pay for verification, ultimately you have to be able to separate the accounting and transactions and that's a problem than what a lot of the states have thought about if they've thought about the questions. even if it's the encryption

technology or technique in place you might have a business model thatten does the business technology. >> i realize we're out of time and maybe there's a longer conversation, if i take my government issued passport, they've got the date of issue and traveled. and important data. but if we do a government i.d. should we get metadata and privacy issues and get into the rest of that. somehow we have to solve this and i realize we're out of time. >> he think the question is to what end and for what purposes and i think those have to be explicitly stated upfront and i think this is certainly something in the testimony and to provide feedback on the record. >> thank you. yield back. >> possibly implement a witness protection program using a

block chain and i.d. which is essentially government sponsored identity. we'll recognize for five minutes. >> and i think if you go back last year the professor resigned for the i.d. 2020 project objecting to block chain so you asked the exact right person, you know, about block chain and identity and it was a fascinating conversation. would you like 60 seconds to go down and take it down this rabbit hole? >> you're kind, i'll defer to your time and maybe set up a time for the three of us if you'd like to get together, when we're not watching the clock, i appreciate it. >> sure, anyway, i appreciate your passion for this particular topic and not using block chain technology for identification. just going back down the horror story and it's really

constructive to me to know what not to do. and dr. maynard adams, you talked about the health system in kenya and when you go to access that because of the identification system they put in place. if you want to expand with what you've seen in terms of how not to do it, how we shouldn't do it, digital identification system? >> thank you for the question. i think in my written testimony i do show the horror stories, the ways that it has gone wrong and a lot of that has gone, and i think the professor mentioned it previously, not taking into account who your actual users are and what it is they're trying to achieve with any solutions put in place. so, in the instance in kenya as a reference, a lot of people in that tech market, women don't

tend to have access to the required documents or mobile phones, et cetera, to allow them to make their way through the process of obtaining an identity. as i think of examples here in the u.k., a lot of this was previously and have been tried and having relied on certain documents or access to the internet, for example and i think it's 20%, don't quote me on that, of the u.k. that don't have the government issued documents. so, if your predication of physical identity is based on access to particular things, whether that's documents or whether that's a mobile phone, et cetera, then automatically there are looking at what you're-- you need to take into account the different situations people are in and you need to account for all the different situations. all of us have access to

technology and government issued i.d.'s and we have to think of the people not able to access those things that can't necessarily get to the ser vizs that they need. so, i think it all starts at the very beginning of the process and being able to identify all of the different use cases that you're trying to serve, rather than the most common use cases that you can satisfy the majority of people and look at those differences and look at the accounting that we should do. >> professor, going back to you, you've talked briefly on india and how in your mind india went wrong? i think that's one of the words if i recall that phrase. >> i think in india, a couple of places they went wrong, they tried the single unique identifier and applied to every

aspect of life. literally nothing you can access without using it and it's entirely traceable across facets of life. and the court said it was an overreach and concerns about dialing some of that back, but in terms of the questions surrounding -- that would be confirmed there where because of the complexity of india and because of the complexity of the population, you know, everything from different languages to different cultures to very different infrastructure and reasons in the country. there wasn't enough consideration around how groups might be with respect, and i think we have a similar problem here and we talked about broadband earlier in the year and we don't have the population. we don't have universal access to things and if we only saw

for the majority, and there, and to design the system that's inclusive and will work for most people. >> thank you. >> mr. chairman, i yield back. >> thank you. and we will finally, we'll recognize representative adams for five minutes. >> thank you. cyber attacks are the fastest growing climate in the u.s. and one of the threats to the electronic infrastructure today and this recent studies have predicted a business will fall victim to ransomware every 11 seconds this year. and a huge target. can you describe the cryptography and the smartphone techniques available so there would be no need for centralized digitalized i.d. base? >> yes, i think that there's

multiple different architectures that can support what you're referring to and not having a centralized data base. there is in the driver's license there's opportunities to take the data and put it onto the smartphone along with the crypt graphic signature when it's collectively shared this could be shared with it and the verifier can take the signatures and check on that data. there are others as well and i think that something like the block chain, as that capability about half the data. and i present it to you as a business or a verifier of the data. you can then go and check the veracity of that data. in addition, i think, in addition to not centralized data bases, having access to verifiable data, cryptographically verified data

can reduce for businesses to store the end result. they know the next time that person comes along that they will get fewer validated data and don't have to keep large records and reduce not just centralized data bases, but peripheral that are a target of that. >> thank you very much. mr. chairman, i have no further questions, i'll yield back. >> thank you. i'd like to thank our witnesses for their testimony today and without objection, all members will have five legislative days with which in submit additional questions for the witnesses, to the chair, which will be forwarded to the witnesses for their response. so i ask our witnesses to respond as promptly as are' able to to those. without objection, all members will have to five legislative days to submit extraneous material for inclusion into the record and materials for the record should be submitted to e-mail addresses provided to

your office. and with that, this hearing is adjourned. >> weekends on c-span2 bring you the best in american history and nonfiction books. saturday on american history tv2 p.m. on the presidency, 650 hours of president lyndon johnson's presented by the presidential library and university of virginia. find out what tapes reveal about l bj's presidency with the university of virginia scholar and msnbc anchor brian williams. and the university of north carolina at chapel hill professor looks at civil military relations during the korean war, including general douglas macarthur's removal from command by president harry truman. >> and leading authors

discussing nonfiction books on sunday and look at the trump administration's handling of the covid-19 pandemic and nightmare scenario. retired lt. colonel phelps writes how the increasing reliance on drones affects come bats on the military units, in the book "killing remotely", watch american history tv and book tv every weekend on c-span2 to find a full schedule on your program guide or visit c-span.org. >> next, donald trump, jr.'s remarks at the conservative political action conference,'s introduced by former trump campaign advisor kimberly guilfoyle. ♪♪