The United States faces an estimated $5 trillion loss due to fraud and improper government payments. This massive scale points to an infrastructure failure, not merely a compliance issue, with digital identity at its core. A fundamental re-architecture of our digital identity framework is necessary.
While a movement grows to place identity and control over personal data with the individual, current systems often require users to surrender this control to banks or tech platforms. This lack of transparency and control over data sharing limits innovation, reduces competition, and hinders economic growth. In the tech sector, personal data is routinely collected and monetized, leaving individuals unaware of who accesses their information and how it's used.
Existing policy debates in Washington often treat fraud prevention and consumer data control as separate issues, but they stem from the same structural gap. Incremental privacy improvements are pursued alongside expanded access to government data for fraud prevention. This perpetuates reliance on centralized data pools and limited individual control over Personally Identifiable Information (PII), increasing exposure to bad actors.
The challenge is enabling trusted verification and privacy while preserving individual control over personal data access. States, as primary issuers of foundational credentials like driver's licenses, are positioned to lead this evolution. They can become anchors of trust by shifting from centralized data silos to privacy-preserving, user-controlled credentials.
Utah's Digital Identity Bill of Rights, effective May 2026, exemplifies this shift. It places individuals at the center of identity usage and sharing, emphasizing user control, data minimization, and restricted surveillance. This approach modernizes trust, reducing fraud, improving transparency, and strengthening accountability by restoring individual control over identity and personal information.
