Identity, Bureaucracy, & Choice

Who are you to your Government?

Sergey Brin was recently asked what the web would look like in ten years. He answered that he didn’t know what the world would look like in ten years. I have a similar question – what does public digital identity look like in ten years? I wouldn’t trust any prediction.

Who are you to your government? The answer is that there is not one ‘you.’ You are a marriage record, business license, and property tax record to your city. You are a birth certificate, drivers license, and court case to your State, and you are a social security number, tax record, and passport ID to the United States Federal Government. If you are lucky, you are also represented by a couple Senators and a House member, as well as a number making up the membership rolls at AARP, ASPCA, Avocados from Mexico, or some other advocacy organization. Otherwise you as an individual aren’t really “seen” by any bureaucratic body in existence. While constituents certainly play a part in bureaucratic organizations, that part is so well-defined and fragmented that the individual 'you' rarely truly registers or influences the bureaucracy's internal trajectory in any meaningful way.

In the last decade or so the Federal agencies have been pushed more & more to use Login.gov, which has a single-sign-on (SSO) capability that all agencies can then use for their own validation. This also can extend further from that central point, as Indiana's ‘Access Indiana’, which combines SSO capability with simple extensions to submit paperwork like applications for social services programs. In turn it allows for easy integration into feedback systems from agencies themselves without overlapping issues. When I worked in a similar process in a midwest state at my time at Google Cloud, a common issue was a constituent working across two lines of social service agencies (e.g. unemployment and food assistance programs) where different scheduling systems and contact points created demands for people to literally be in two places at once.

These conflicts could easily be resolved by taking a constituent first view of the issue, which these centralized identity systems can solve. Building robust profiles of individuals, with records of touchpoints all across public facing systems, can be managed centrally but used across agencies of all kinds. It would be relatively easy to manage and maintain, as this is well trodden industry ground. It would also improve cybersecurity efforts which have repeatedly leaked when left to frontline agencies to manage on their own.

You can also federate that login with other identity providers (IdP), like how you use Gmail or Outlook for logins to news websites. The news site never sees your credentials directly, they just are matching IDs and credential keys to Google or Microsoft, who themselves don’t see your activity on NYTimes.com. This two-step process between the SSO and the IdP helps preserve what each wants – data for the IdP to link to your account and access it at all by way of your email service’s SSO.

The downside to central points of robust focus, especially if you do not have a federated model backing it up, is that they are also central points of failure. The risk of building high walls around your important data is that if someone still finds a way through, the treasure is all just sitting there nicely in one place. And any time the system went down it would quite literally stop operations at potentially thousands of downstream agency users.

Working with government agencies on constituent-facing programs of all kinds, typically each agency is working off of a strict set of requirements for participation. You need to submit income data to qualify for medicaid or food assistance, but not for unemployment assistance. You need to submit proof of termination for that, but you wouldn’t need to bring that to a State Work Agency to apply for a new job. You may also need to prove you are seeking that new job in order to qualify for unemployment assistance, but you wouldn’t need that to qualify for a low income transit assistance program. And so on.

By coordinating data centrally, even if maximally federated to increase security, programs can come in to access just the requested data for each program without having to overburden systems and approval processes to get more information about the constituent than is expressly required. Research at Mississippi State University points to how this decentralized model could work, where the increased use of digital driver's licenses serve as the basis for digital identity which services like getting a fishing license could use to verify what they need without having to recreate digital identities of their own to manage.

Today, cloud systems can create ‘publish<>subscribe’ datasets that control sharing and use across data partners down to the column and row level, which would power systems like these. I’ve used Google Cloud’s Analytics Hub within their BigQuery data warehouse for this process in government processes before, where one dataset was shared across half a dozen stakeholders with their own individual views of the coordinated dataset based on the intersection of seniority and sensitivity of the data. It’s easier than ever to conduct high-compute operations like federating dataset use across thousands of subscribers, while leaving the data in-place. In the pre-cloud era this process was essentially impossible without dedicated hardware and software, so it simply didn’t happen.

We shouldn’t take the status quo of each agency reinventing the wheel of constituent identity as gospel, it was merely the right thing to do with the pencil & paper technology available at the time. In the new era, these simple operational changes for the sake of efficiency can radically reshape how your bureaucratic bodies see you as a person, rather than a number as part of a group. As we reshape the way we are seen by our public programs, it would be beneficial for us all to not make the same mistake again, and take real steps to understand the practical tradeoffs in building either highly centralized or highly distributed digital identity systems. Whatever we decide will likely end up being the basis for public program implementation for the next century.