As the sun was setting on the thirtieth modern Olympiad in London, NIST was preparing to announce our very first set of NSTIC pilot projects. As the flame goes out in Rio, we’re setting new records. In our largest pilot announcement to date, today NIST is proud to add six new projects to our ranks and bring the total number of projects to 24.
It’s a tricky needle to thread for government to successfully catalyze a marketplace of solutions without government creating the solutions itself. At NIST, we try to keep the model simple. We believe the government’s role in seeding this market is to help overcome the initial barriers to a successful market and, as the landscape evolves, break through barriers that hold specific parts of the market back.
In 2012, adoption of trusted identities that aligned with the NSTIC vision weren’t even a blip on the familiar ‘s-shaped’ technology adoption curve. We truly took an ecosystem approach: it’s not about a single killer app or any given shiny solution, it’s about creating the network effects by which all natural ecosystems support each other and by which we believe we can change the race-to-the-bottom history of identity, authentication, and the protection of personal information that, despite tremendous efforts by many, was all too common pre-NSTIC.
Today, that ecosystem is alive, well, and rapidly expanding. Our pilots family includes 24 projects and more than 150 total partners across 26 states and D.C. These projects have impacted more than 5.9 million individuals, and that impact is growing faster than ever before—a critical indication that the market is making a critical climb up that s-shaped curve. But the numbers run deeper than that. These solutions have impacted a dozen sectors, creating technology, business, and policy linkages that are mutually supportive and global in nature. It’s not just about the number of nodes but the strength of their bonds.
And, like any healthy ecosystem, it’s growing on its own. The variety of initiatives and solutions filling the marketplace outside the NSTIC program demonstrates just as strongly that the economic model is catching on.
As the fundamental economic proposition has changed, so too has the narrative. As just one example, adoption of multi-factor solutions is well out of the innovators and early adopters—and by some measures quite a way through the early majority as well. In 2015, 39% of consumers used two-factor authentication. Most individuals know that digital identity matters, even if fewer yet understand what to do about it. We know that 54% of consumers were not confident that the security of their personal data was protected on the internet in 2015, and 77% would be interested in an alternative to usernames and passwords to protect their security.
The success of a fundamental shift in the availability of multi-factor solutions in the marketplace has allowed us to turn to investing in solutions for other specific challenges in targeted areas where we believe (1) we can get the best marginal benefit for each taxpayer dollar and (2) we believe the model of these projects can serve as a positive feedback loop to advance two critical sectors that individuals rely on daily.
In this year’s targeted approach to driving innovation in digital identity, we’re pleased to announce six new projects ready to rise to the challenge of making more secure, privacy-enhancing, interoperable, and usable solutions for everyday identity hurdles. We’ve awarded five projects to streamline and secure online access to state and local government services while we’re awarding a sixth through a partnership with HHS’s Office of the National Coordinator for Health IT to deliver trusted identities in healthcare. In these two important domains, we see the potential for innovation to make critical services more convenient and trustworthy for the consumer while strengthening online service providers’ security.
With that lengthy preamble out of the way, I’d like to introduce you to the six newest members of our family:
Florida Department of Revenue, Child Support Program (Tallahassee, Fla.: $3,550,978)
The Florida Department of Revenue aims to improve identity processes for online access to several Child Support Program applications. The new registration and authentication process will: increase the number of online services available to customers, provide convenience through a single login identity, and improve security by offering customers device registration options. The solution will allow the Child Support Program to increase the efficiency and effectiveness of our services while meeting customer expectations and the growing desire to conduct business more efficiently and effectively through online interactions with government agencies.
Yubico, Inc. (Palo Alto, Calif.: $2,273,125)
Yubico will focus on enabling secure online access to educational resources for students in Wisconsin and to state services for residents of Colorado. In both states, Yubico will deploy FIDO Alliance Universal 2nd Factor-based YubiKeys and use OpenID Connect to develop an ‘identity toolkit’ – with the goal of making the solution as simple to use and deploy as possible.
State of Ohio, Department of Administrative Services (Columbus, Ohio: $2,967,993)
The State of Ohio Department of Administrative Services will implement a range of identity-related capabilities including multi-factor authentication to stronger identity proofing, for three state services. These services include enterprise e-licensing, online filing and payments for businesses in the state, and tax-related transactions with the Ohio Department of Taxation.
Gemalto, Inc. (Austin, Tex.: $2,022,102)
Gemalto will work with departments of motor vehicles to issue digital driver licenses to residents of Idaho, Maryland, Washington, D.C., and Colorado. Gemalto aims to improve the way people conveniently and securely present and prove their identities to business and government entities by offering a digital driver’s license, accessible via a mobile application. The benefits for citizens and relying parties is to be able to present and authenticate a trusted government-issued digital identity via mobile platforms that will facilitate and automate many applications that rely on the physical presentation of identity documents today.
ID.me, Inc. (McLean, Va.: $3,750,000)
ID.me will work with the City of Austin, Texas, to develop a city level blueprint for increased trust between participants in the sharing economy. The goal of the pilot is to demonstrate a viable model for strong authentication that is acceptable to key stakeholders in the sharing economy and replicable in other municipalities. With the State of Maine, ID.me will implement a federated identity model for applications to increase citizen access to benefits and to demonstrate interoperable credentials at the federal and state level.
Cedars-Sinai Medical Center (Los Angeles, Calif.: $999,836)
Cedars-Sinai Medical Center will implement a federated identity, single sign on, multi-factor authentication solution across distinct healthcare systems for patients and providers. The solution aims to simplify patient transition from Cedars-Sinai Medical Center, an acute-care setting, to post-acute care settings, such as California Rehabilitation Institute. Patients and providers will have a single credential on a portal with the purpose of giving them easier access to information to improve quality of care.
We expect each of these projects will make tangible differences in the everyday lives of millions more individuals by providing solutions that simultaneously improve the privacy, security, and convenience of those who use them through more convenient, interoperable, and user-centric approaches. And that they will provide a model for others to continue the remarkable gains of the last five years in pursuit of the NSTIC vision. We can’t wait for the great work that lies ahead.
While we warmly welcome aboard these organizations and their partners to the NSTIC pilots family, we acknowledge the journey ahead. It takes a steady eye down a long road to see through to the goal. We will continue analyzing ongoing challenges and market impediments, and will shift investments toward the prickliest of problems in identity. As we set our sights on the future, here’s to more innovation in the Identity Ecosystem—Citius, Altius, Fortius, and on to the next Olympiad!