Promising Practices for Digital Identity in Public Benefits
This piece highlights promising design patterns for account creation and identity proofing in public benefits applications. The publication also identifies areas where additional evidence, resources, and coordinated federal guidance may help support equitable implementations of authentication and identity proofing, enabling agencies to balance access and security.
Overview
The Digital Benefits Network’s (DBN) sees digital identity as part of the overall service design process for benefits delivery. We think it’s always important to ask whether authentication and identity proofing—particularly at the point of initial applications, and even if used optionally—are meeting programmatic needs and serving beneficiaries and agencies.
We also view digital identity in public benefits within the broader identity landscape in the U.S. and abroad. As we have previously written, we also think that the U.S. needs a national digital identity strategy, backed by standards that take into account equity, accessibility, privacy, data protection, potential harms and disparate impacts, evolving security threats, and future technologies. When identity proofing and authentication are used in benefits delivery, there should be a viable, secure, and equitable public identity proofing and authentication solution.
Going forward, we are eager to collaborate with partners and state agencies to evaluate programmatic needs and risks, and explore how clearer guidance and implementation materials can empower agencies to effectively assess their digital identity practices to prioritize access. For state, local, and federal agencies interested in talking more about this work, we encourage you to get in touch at digitalgovhub@georgetown.edu.
In this publication, we outline a series of promising design patterns for account creation and identity proofing in public benefits applications that we identified during previous research. We also call out additional evidence, resources, and actions we think are needed on this topic. We hope this publication will be useful to local, state, and federal agencies responsible for benefits administration, as well as partner organizations supporting agencies in their work.
Key Takeaways
- The DBN interest in digital identity has been driven by our concern about existing and new online application requirements and identity-proofing implementations that may create burdens for applicants and beneficiaries. As a project dedicated to promoting access and uptake of public benefits, we believe that there should be the fewest number of steps between an applicant and the “submit” button on an initial application, as is programmatically feasible.
- During our research to catalog authentication and identity proofing practices in initial benefits applications across the United States, it became clear that the ecosystem needs more evidence to evaluate what is and isn’t working, and appropriately implement digital identity solutions. Some important potential resources include:
- clearer implementation resources that center access, consider security, and recognize benefit programs’ unique contexts;
- more coordinated guidance from federal agencies; and
- client-centered metrics for evaluating the value and burden of authentication and identity proofing when they are used.
- During our research to document what is happening nationally, we also identified several digital identity design patterns that we believe may promote access and should be further explored and evaluated, including:
- application processes that do not require account creation or identity proofing to submit an initial application;
- account creation processes that are optional, with clear explanations about the benefits of account creation, and straightforward pathways to opt out;
- online application processes that allow users to opt out of online identity proofing, with clear instructions; and
- in-person identity verification pathways.
These patterns align with our broad point of view on increasing access, and are also not technology specific.
Changing Landscape of Digital Identity in Benefits During the COVID-19 Pandemic
When people across the United States apply for public benefits online, they may be asked to create an account with a username and password, and in some cases, prove who they are by remotely verifying their identity. Account creation processes can range from a quick signup with a username and password to more involved registration flows that require various pieces of information, including phone numbers, physical addresses, email addresses, and other details. Some systems also require further layers of security, including one-time passwords sent via SMS or email, security questions, or use of third-party authenticator applications. Many applications check an individual’s self-asserted personal information with outside databases.
Applicants may also be required to take active steps to verify their identities through processes like knowledge-based verification (KBV) that present users with a series of questions about their private information—including information from their credit history—or prompts to upload identity documentation and selfies to be verified using facial recognition technologies.
Digital identity became an increasingly important topic in benefits delivery during the COVID-19 pandemic. Though the push to move benefits applications and access online has been in progress for many years, the pandemic drove increased participation in public benefit programs—including the Supplemental Nutrition Assistance Program (SNAP) and unemployment insurance (UI)—and made digital, remote access to benefits applications and information more important than ever. However, as benefits-administering agencies worked hard to deliver essential benefits during a crisis, state workforce agencies were targeted by organized criminal groups as new programs like pandemic unemployment assistance (PUA) were created and existing safeguards, like employer verifications, were removed.
These threats indicated a clear need for adjustments, but new checkpoints like identity proofing created new issues for eligible claimants. As the DBN learned through conversations with experts and advocates—and from detailed media coverage—identity proofing implementations in UI, conducted primarily through contracts with private-identity vendors, created delays for claimants, introduced additional obstacles for individuals who lacked strong internet access, exacerbated language access issues, and raised due process questions and issues related to data security and privacy, particularly when biometrics were used. The spread of identity proofing practices in UI during the pandemic suggests the potential for rapid expansion in other programs if there is a real or perceived risk of new threats.
Service Touchpoint: Initial Applications and Claims
The DBN’s interest in digital identity is driven by our concern about existing and new online application requirements and identity proofing implementations that may create burdens for applicants and beneficiaries. As a project dedicated to promoting access and uptake of public benefits, we believe that there should be the fewest number of steps between an applicant and the “submit” button on an initial application, as is programmatically feasible. Agencies face real challenges ensuring program integrity and protecting beneficiaries’ information; however, requiring steps like creating an account, providing an email address, or passing identity proofing prior to starting and submitting initial claims and applications can create new eligibility requirements and may block potentially eligible individuals from applying.
When we started our research on digital identity in 2022, we quickly learned that there was not a single, publicly available source of information documenting online authentication and identity proofing practices across public benefit program applications. We felt it was imperative to understand what the digital identity experience might look like for applicants across states and territories. Between October 2022 and March 2023, we cataloged digital authentication and identity proofing practices in initial applications for six programs: SNAP, Temporary Assistance for Needy Families (TANF), the Special Supplemental Nutrition Program for Women, Infants, and Children (WIC), MAGI Medicaid, child care, and UI, across every state and territory, representing a total of 158 different applications. A data sharing partnership with Code for America facilitated the development of these datasets, and supported work on their Benefits Enrollment Field Guide. This data was collected to create a “point in time” understanding of digital identity practices in public benefits applications. Since we finished data collection in March 2023, we are aware that some agencies have shifted their practices. To read more about our findings, visit “Digital Authentication and Identity Proofing in Public Benefits Applications.”
This chart shows how often applications that include particular benefits programs prompt or require active identity-proofing actions to apply online. As the chart shows, identity proofing prompts are most common in applications that include MAGI Medicaid and UI. The information in this chart comes from the DBN’s point in time dataset on authentication and identity proofing in benefits applications, published and last updated in May 2023.
That research was focused on understanding what was happening across the benefits landscape, rather than evaluating specific digital identity practices. Currently, there is a wealth of information from advocates, media, and civil liberties groups outlining the burdens and potential risks that identity proofing can place on individuals accessing benefits. However, there is limited data to systematically evaluate the impact of authentication and identity proofing practices on applicant access at a field-wide level (e.g., comparisons of abandonment rates for applications that do or do not require account creation or identity proofing, etc.). We also lack shared data to evaluate whether or how certain authentication and proofing approaches impact security and privacy for both beneficiaries and agencies.
What’s Needed?
There is some consensus about what isn’t working. For example, knowledge-based verification can create obstacles for people with limited credit history, as well as immigrant parents applying for services on behalf of their children, and is not considered a secure approach to proofing identities (see information from the National Institute of Standards and Technology (NIST) and U.S. Government and Accountability Office (GAO)). Facial recognition technologies raise other challenges in terms of potential bias and misclassifications in the systems; although accuracy may be improving, such technology regardless raises fundamental data security and privacy concerns, particularly when use of biometrics becomes mandatory. Benefits programs also face different risks. As states explore identity management approaches like single sign-on services that enable users to have one account for their interactions with a government, new questions are raised about how to adopt those approaches without layering the same authentication and proofing requirements across programs which may have different vulnerabilities and needs.
The ecosystem as a whole needs significantly more evaluation and evidence about what is and is not working, and resources to help agencies evaluate when authentication or identity proofing are and are not useful. Multiple elements are needed to fill this gap and support better implementation in benefits contexts, including:
- Documentation of what people-centered, secure, and appropriately targeted service touchpoints for authentication and identity proofing in public benefits can look like.
- Clear implementation guidance tailored to particular benefits delivery contexts, that helps agencies assess the problems they are trying to solve and whether proofing and authentication actually meet those challenges
- More coordinated guidance from federal agencies about acceptable uses of authentication and identity proofing in benefits delivery, in ways that center access, address integrated applications, and emphasize the need for multiple pathways to successfully apply and verify.
- People-centered performance metrics, focused on digital identity alongside other aspects of service delivery.
- We support existing calls from the Center on Budget and Policy Priorities and Code for America to create more human-centered metrics for the social safety net.
- We also applaud the U.S. Department of Labor’s Unemployment Insurance Program Letter issued in July 2023 which included potential metrics to evaluate identity proofing when it is used, a potential step in the right direction.
- Evaluation/validation of strategies to promote access, including:
- More studies to evaluate administrative burden created by different approaches to log-in and proofing requirements;
- Pilots to evaluate impact of different digital identity approaches.
Over the coming months, the DBN will continue to work with partners to support new resources and ideas in this space. However, during our landscape research, we did observe some design patterns related to account creation and identity proofing which we think may be promising practices to promote access. We are interested in these particular practices because, in principle, they align with our broad goals around promoting equitable access and providing benefits seekers with choices as part of a dignified experience. Below, we outline three “promising practices”—design patterns which may help promote access, are not specific to any particular technology or solution, and which we would like to see further explored and evaluated in the benefits delivery context.
Promising Practices
Application processes that do not require account creation or identity proofing.
In our data collection, we encountered some application processes that did not prompt any account creation or identity proofing to submit an initial application. One example of this was MN Benefits, Minnesota’s combined application for SNAP, TANF, and Child Care assistance, which allows users to submit an online application for all three programs without creating an account or taking any active steps to prove their identity. Such an approach minimizes the steps between an applicant and a “submit” button, which may reduce barriers for applicants.
This image shows the landing page for Minnesota’s MNBenefits application portal, which allows individuals to apply without prompting account creation or identity proofing.
As the Center on Budget and Policy Priorities has previously explained, guidance from the Center for Medicare and Medicaid Services describes remote identity proofing as a needed security step when online systems give users access, in real time, to confidential personal information, like data held by federal agencies, such as the Social Security Administration, the Internal Revenue Service, and the Department of Homeland Security. In situations where there is a one-way flow of information, (meaning confidential personal information is not presented to an applicant and a user does not receive real-time feedback on the accuracy of the information they submit), identity proofing is likely less necessary. For other programs like SNAP and WIC, which require touchpoints like interviews or other appointments before a user can be certified for and receive benefits—there is a particularly strong rationale for accepting initial applications without requiring additional authentication and proofing. We’re interested to see agencies evaluate application pathways that do not require identity proofing for at least some types of initial online benefits applications.
Account creation processes that are optional, with clear explanations about the benefits of account creation, and straightforward pathways to opt out.
Some benefits portals allow or require users to create accounts in order to access an initial application. Creating an account can enable users to log back into a portal later; save their progress and complete an application over multiple sessions; check their application status; provide additional documentation; or, after they have been determined eligible for benefits, manage their case. In this way, account creation can benefit users.
However, account creation processes can also solicit significant information before a user even begins filling out an application, and require users to have access to a phone or email account to verify their accounts. As we observed during our data collection, a majority of account creation processes require an email address, which can be considered a barrier to access, or an additional condition of eligibility. For example, the U.S. Department of Agriculture Food and Nutrition Service has previously stated that applications for SNAP cannot require users to submit an email address.) Making account creation optional allows users to choose how they would like to use a system.
On some portals we accessed during our research, creating an account was technically optional, but site instructions made it difficult or unclear how to access the application without an account. If account creation is optional, it should be immediately apparent how to skip it.
During our research, we identified several application sites that make it easy to see that account creation is optional, including California’s Benefits Cal, the state’s new combined application for SNAP, TANF, and Medicaid; PEAK, Colorado’s combined application for SNAP, TANF, Medicaid, WIC and Child Care; and Indiana’s FSSA portal, which has separate applications for SNAP+TANF and Medicaid.
This image shows California’s BenefitsCal application start page, which explains to users how to apply and describes potential benefits of the portal’s optional application feature.
Some applications also clearly explained the potential benefits of account creation to users.
This image shows Colorado’s PEAK benefits application start page, which allows users to apply without creating an account and explains the benefits of account creation.
This image shows Indiana’s FSSA benefits portal, which allows users to apply without creating an account and explains the benefits of account creation.
Online application processes that allow users to opt out of online identity proofing, with clear instructions.
During our research, we identified several portals that incorporate online identity proofing, but make it possible to submit an initial online application without completing identity proofing. In some cases, if remote identity proofing fails, a user is still allowed to continue the online application process (which we think about as “fallback optionality”). In other cases, identity proofing is immediately presented as something users can skip (what we call “true optionality”).
We were particularly interested in “true optionality” in identity proofing. Such an approach allows a user to submit an initial online application, even if they are unable or unwilling to have their identity verified remotely (for example because of concerns about privacy, data security, or lack of access to required documentation). So long as individuals who are unable or unwilling to complete online identity proofing as part of an application process are not receiving unequal treatment, or significantly delayed service, optional identity proofing could be offered without creating roadblocks. However, it would still be imperative to assess whether it actually meets agency goals.
We observed a few examples, including:
- MI Bridges, Michigan’s combined application for SNAP, TANF, Medicaid, WIC, and Child Care, which, at the point of an initial application, makes identity proofing optional.
- NC ePASS, North Carolina’s combined application for SNAP, TANF, and Medicaid, which presents identity proofing as a pathway for getting enhanced account features.
This image shows a screen from Michigan’s MI Bridges online benefits application, which allows users to skip remote identity proofing during the online application process.
This image shows a screen from North Carolina’s ePASS portal, which explains how users can go through remote identity proofing to gain access to additional features on the portal.
This image shows a screen from Virginia’s CommonHelp online benefits portal, which allows users to skip remote identity proofing during the online application process.
In-Person identity proofing processes
In specific use cases where agencies determine identity proofing is needed, it is crucial that there are multiple ways to successfully verify one’s identity. Digital tools will not work for everyone and in-person verification should be accessible, well-explained, and timely. For example, we applaud the Biden Administration’s efforts to offer in-person identity verification at United States Postal Service (USPS) locations.
Service Touchpoint: Recertification and Renewal
While our research focused on authentication and identity proofing in initial online applications, there are other moments when applicants and beneficiaries may need to interact with agencies online, including submitting information for recertification and renewal, as well as uploading additional documentation, or reporting changes. Many portals which allow applicants to submit an initial application without creating an account do require beneficiaries to have an account to manage their cases online, making account re-access particularly important. When beneficiaries return to online systems to report changes, submit documentation, or provide information needed for a renewal, it’s important that the process be as frictionless as possible.
Following the end of the COVID-19 public health emergency, Medicaid renewals, which typically take place annually, have restarted. As other organizations have been closely tracking, many of the terminations during this process, referred to as unwinding, have been procedural terminations. As KFF explains, procedural terminations describe situations where beneficiaries are disenrolled because they do not complete the renewal process; such terminations may happen because a state has outdated contact information for a person, or because a beneficiary does not understand what is required, or does not return information within a specified time period. As unwinding has proceeded, we have heard from colleagues that online account re-access issues in some states are making it harder for individuals to renew their benefits. We have learned that some states are requiring identity proofing—through knowledge-based verification—when an active participant needs to access account management features, including to report a change or renew their benefits. This not only creates a new barrier for beneficiaries who may be unable to complete the requirement, but also creates additional work for agencies when beneficiaries are then forced to contact call centers to resolve account access issues. While we recognize that protecting a beneficiary’s personal information may be part of the motivation for adding security steps to account access, this kind of friction impedes access and makes it more likely that still-eligible beneficiaries may be disenrolled for procedural reasons. If they are able to reapply after procedural denial, that churn also creates additional work for agencies.
We’re also interested to see states explore how alternate or additional online pathways can make the process of managing benefits (renewing, reporting changes, etc.) more seamless. For example, states like Missouri make it possible for beneficiaries to submit SNAP, Medicaid, or TANF change reports via an online form without having to log in or create an account. Because the form sets up a one-way exchange of information, it appears to limit the risk of revealing a beneficiary’s sensitive personal information back to the user, while still allowing a beneficiary to easily share information with the agency. While neither of these solutions are perfect or will address all needs, there are opportunities to think creatively and ensure that there are multiple viable pathways for individuals to transact business with state agencies and manage their benefits.
This image shows the Missouri Department of Social Services’ Change Report Form, which allows SNAP, TANF, and MO HealthNet recipients to report changes for their household, without logging into a portal.
Additional Opportunities to Promote More Equitable Access
In addition to the promising practices we observed during our research, there are several other opportunities for continued improvement.
Use of cybersecurity measures to address security concerns without creating burdens for applicants and beneficiaries
The Center for Democracy and Technology has also previously suggested that, if used in context, cybersecurity approaches and use of technical indicators may be more appropriate to address some of the security threats that state agencies face. We’re interested in exploring how such approaches can both meet states’ needs while shifting burdens away from applicants and beneficiaries. From a perspective of prioritizing access while considering security, we believe state agencies should exhaust other reasonable security and fraud prevention approaches before turning to identity proofing.
Use of best in practice standards when incorporating authentication and identity proofing
We believe state agencies should use national resources like the NIST risk assessment framework and process to determine whether authentication and verification solutions are necessary for a given program use case, and—if relevant—to determine what level of assurance for authentication, identity, and federation should be used and tailored to the specific populations and requirements for a given program. The DBN team is closely engaging with NIST’s process to update their digital identity guidelines. States are not required to follow these guidelines, however, they do represent the industry and government standard in secure and effective authentication and identity proofing. We encourage state agencies to engage with NIST in upcoming comment periods on the next draft version of the guidelines, to ensure that the final document is most useful for state agencies.
Get in Touch
As we noted above, we are eager to collaborate with partners and state agencies to evaluate programmatic needs and risks, and explore how clearer guidance and implementation materials can empower agencies to effectively assess their digital identity practices to prioritize access. For state, local, and federal agencies interested in talking more about this topic, we encourage you to get in touch with our team at digitalgovhub@georgetown.edu.
Acknowledgments
- A special thanks to the Beeck Center colleagues who supported this publication, including Ariel Kennan who provided feedback and guidance, as well as Ashleigh Fryer for editorial support.
- We’d also like to thank Code for America for the data sharing partnership that facilitated the development of our original datasets on digital identity in public benefits applications, and for inviting us to support work on their Benefits Enrollment Field Guide.
- We’d also like to thank our colleagues Sara Soka and Danny Mintz at Code for America and Symonne Singleton at the Center on Budget and Policy Priorities for their review and feedback on this publication.
Citation
Cite as:
Elizabeth Bynum Sorrell, “Promising Practices for Digital Identity in Public Benefits”, November 10, 2023
Promising Practices for Digital Identity in Public Benefits
Join the Digital Identity Community of Practice
Duis orci justo, dapibus ut varius posuere, pharetra eu mi. Maecenas eget consectetur ex. Nullam non auctor urna. Integer accumsan congue porttitor.