With the modern day barrage of misinformation, disinformation and child exploitation that occurs on social media websites, it is often believed that this problem is hopeless and intractable. However, there may be a solution to this problem. This could be through a federal or state identification verification system to signup for certain websites. This general solution is not novel and there have seen many technology activists and politicians which have proposed it. This system has been met with some sharp considerations around privacy and trust in technology company’s possession of this sensitive information. I am proposing a new system which could still achieve identity verification in a secure and private way.
Government-Side Identity Verification
- A user visits a website or application. They request to sign up. They simply click on a sign-in with government verification button.
- The service forwards the user to a government portal. This portal is secured and encrypted with high-level security.
- The Government Portal prompts the user for their identifying documents (license, ssn, etc.)
- The user enters their information and send it through a secure channel to the portal.
- The Government Portal processes the information. This could either be an instant process, or something that requires human verification to read. Ideally, the information could be immediately read and verified from a government database. Once complete, the portal sends a response to the service with either a confirmation or failure. If confirmed, a specialized token is granted to the service. This token allows for account verification in the future and is unique and only effective on the service.
- Upon receiving the token, the service continues as usual with account signup.
Questions and Answers:
Q: Why is this system better then other verification services?
A: Sending sensitive documents to a corporation does have all sorts of ethical concerns in the handling and storing of such information. A government requirement for ID verification could cause people to only trust a larger tech company with this documentation because they have the money to afford safe credential storage. This would inadvertently harm smaller companies. The solution to this would be to have a government agency that offered an ID verification service API.
Q: Does this remove anonymity from websites? Could this be problematic for journalists and other users who require utmost privacy?
A: The level of anonymity could be augmented depending on any requirements from law. A success on ID verification from the government portal does not need to return any personal information to the service. It could merely return a verified or unverified tag. Indicating to the service whether to go ahead or prevent account creation with no fingerprint of the interaction. However, to maintain certain levels of security it may be necessary to at least return some encrypted token in order to have the ability to cancel a comprised account. The token supplied to the website would be completely randomized and would have no way of retrieving any of the government information from the token. If there were a desire to have higher levels of security, for example a user violates the law on a platform, there could be the option to prompt a government on the true identity of a user in the presence of a warrant.
Q: Would this dampen the growth and creation of smaller tech companies with tightened identity restrictions?
A: If the API was thoughtfully developed with proper documentation it could be very simple to set up with limited programming requirements. It would be no more complicated then many other APIs that nearly all social media companies use today in their apps.
Q: Would this cost money for the company?
A: Ideally, this could be a government funded service. The service would only be needed upon first signup and for any required re-verification. This makes the computational and server requirements fairly small on a per-user basis. It could be a very affordable government program to implement.
Q: What documentation would be required?
A: This decision could be decided by congress. It would be ideal for the required document to be something every citizen has. This makes social security number ideal, however a driver’s license could also be used.
Q: What about verification delays?
A: This is a very real problem. If we desire the utmost security it may require a real person to process and approve the verification. The sign-up process is only a one time experience. An additional wait time to create an account might not be an issue for the creation of a life-long social media account.
Q: Could there be a security breach?
A: It is correct to be concerned about security when considering the sensitive documentation which is being sent. The system would need to be an encrypted communication using top-of-the-line technologies. Millions of people preform secure transactions on the internet everyday, so confidence in this system should be no different. To the benefit of the system only the government end would need to be secure with its information. Since it would be a government agency this could be something which is regulated and regularly audited. The verification token on the service side would not contain any personal information. This token would be encoded to only function for that specific service. Tokens could be terminated if an account was hacked.