New bill strengthens role of US postal service in combating digital identity fraud

The United States has introduced a law that relies on postal services to provide identity verification benefits.

T

his past September, Senators Bill Cassidy of Louisiana and Ron Wyden of Oregon introduced the Post Office Services for Trustworthy Identity Act, also known as the POST ID Act. This legislative proposal aims to authorize the United States Postal Service (USPS) to soon offer in-person identity verification services to the private sector. This tangible registration project in postal offices would be a highly relevant addition to their service portfolio and would be part of the development of a national digital identity program. 

Currently, USPS already collaborates with government entities in this regard. For instance, it is authorized to conduct identity checks for passport issuance. 

The long history of USPS and its deep-rooted presence in the American culture make it a valuable asset for society, not only as a means of mail distribution but also as a symbol of unity and accessibility for all citizens. 

Protecting individuals and businesses from digital identity fraud

One of the key aspects of this proposal is the definition of “identity verification and related identity services.” Essentially, it refers to any service in which a person provides sufficient information, such as records, credentials, or other identifying data, to support the establishment of their identity. Basically, it is a process to ensure that a person is who they claim to be. 

The POST ID Act would not push the USPS to provide identity verification services to private entities that need it, but it would grant the authority to do so if it chooses, as long as it meets the established requirements. 

Among these requirements, the bill contemplates the use of government-issued documentation to support identity verification, as well as the issuance of authenticators to verified individuals. These authenticators may be actual devices, or they could be issued in digital format for use in accounts or electronic systems, or to complete subsequent procedures. 

Advantages for robust user verification 

The POST ID Act proposal presents several advantages that seek to empower the organization, enhancing security and trust in digital identification. 

• Fighting identity fraud: Artificial Intelligence and deepfakes enable the creation of highly convincing fake content, making it quite difficult to verify the authenticity of information and individuals. In this context, it is crucial for authorities to take proactive measures to strengthen identity verification methods and prevent the malicious use of these technologies. The POST ID Act emerges as a timely and effective response to mitigate the risks associated with these threats, advocating for in-person methods. 
• National-level accessibility: USPS boasts a nationwide network with over 31,000 locations. This would facilitate access to identity verification services in remote areas and in communities where options may be limited. 
• Authorization of biometric analysis: The law would allow USPS to apply biometrics to record the user’s identity, adding an additional layer of security to the process 
• Experience: The USPS already has experience in providing identity verification services for government agencies and among others, also collaborates with the U.S. Department of Labor and the General Services Administration. 
• Fee collection: Authorization to charge fees would allow USPS to cover the costs associated with providing these services, ensuring their sustainability and quality. 

A massive data breach as precedent 

Wyden and Cassidy began drafting this bill in the wake of a cyberattack that affected various companies in June of this year, from U.S. federal agencies to companies like British Airways and the BBC. The breach compromised the personal data of all Louisiana driver’s license holders. It was estimated that over 4.6 million state residents may have had their names, addresses, and social security numbers exposed. 

In an official statement, it was explained that the attackers also accessed data such as driver’s license numbers, disabled parking license plate data, birthdates, and even biometric information. 

It is estimated that around 6 million records were compromised in this incident, as reported by Casey Tingle, Louisiana’s director of national security. 

The extortion group CLOP, linked to Russia, claimed responsibility for the cyberattack but stated that they had deleted the information. In this regard, authorities clarified that there was no evidence that the hackers had sold, used, shared, or disclosed any of the personal details. Nevertheless, the governor urged Louisiana residents to take measures in protecting their identity: freezing their credit to prevent the opening of new accounts in their name, changing all their digital passwords, or reporting any suspicion of theft or identity impersonation. 

This cyberattack also highlighted the vulnerability of various organizations, including the Louisiana motor vehicle office, which used software called MOVEit for digital file transfers. CLOP exploited a flaw in this tool as part of their ransomware strategy. 

Furthermore, other organizations such as the U.S. Department of Energy and a facility related to defense nuclear waste disposal were affected. 

Strategic alliance for in-person authentication and fighting digital identity fraud

Inspired by these events and aiming to establish programs resilient to deepfakes, Wyden and Cassidy considered USPS as a support for their bill. 

However, it is important to note that users should exercise caution when participating in digital identity programs at these levels, as well as in in-person verification procedures, and demand rigorous standards of security and information protection. For postal services, which operate on a large scale and deal with a vast amount of sensitive data, having strong legal backing becomes imperative to ensure the integrity of the processes. 

This partnership between postal services and the private sector establishes a solid foundation for combating fraud and providing users with a reliable option for in-person identity confirmation and access to digital services. This legislative proposal aligns with the need to adapt our verification methods to a digital environment where changes are constant.