Episode 152 - GluuFederation/identerati-office-hours GitHub Wiki

Title: Citizen Identity: Lessons from Social Security

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Leland Dudek

Channels

• Linkedin Event
• Youtube Video

Description

Leland Dudek, former acting head of the Social Security Administration from February to May 2025, shares his perspective on one of the government’s most pressing challenges: citizen identity management. For decades, the SSA has been at the heart of America’s identity infrastructure, yet the systems the US relies on was built for another era. Where does the US government fall short? Outdated technology, fragmented processes, overreliance on the Social Security Number—-these gaps leave Americans vulnerable to fraud, inefficiency, and eroded trust. Most importantly, where does the SSA need to go next? How can the US build secure, interoperable digital credentials, harness innovation to improve payment integrity, and create an identity ecosystem that balances security, privacy, and access for every American.

Homework

• https://www.gao.gov/products/gao-24-106770

Takeaways

• ⚡ A small amount of fraud at the SSA is still a lot of dollars, even if it's within the expected tolerance in the financial industry. But the fraud problem is going to get worse with gen AI. And the IT systems of the SSA seem ill prepared to address the challenge.
• ⚡ Because registration of birth and death is handled at the state or local level, the US will continue to struggle to define a strong citizen identity core. Platforms like Modular Open Source Identity Platform (MOSIP) register biometrics at the national level to limit duplicate enrollments, to provide authentication services and credential issuance. But the U.S. does not seem close to attaining these services.
• ⚡ Sharing data -- not authentication -- is the main challenge at the SSA. Thousands of policies are in place to protect the data from misuse. But despite this, citizens have no information about with whom the SSA has shared information. Citizens don't have a mechanism to consent to data sharing or revoke access. The SSA seems ill prepared with its architecture of Cobol code running on mainframes to introduce new services to enable more competent data federation or citizen control.
• ⚡ The SSA's data is valuable, but its failure to build systems to share data has limited the number of institutions that can consume the data--primarily its available to financial institutions. Without scale, the data federation infrastructure loses money to the detriment of both citizens and the private sector.

Livestream Audio Archive

here