Cyber threats grow more sophisticated by the day and government agencies at the state and local levels face a complex challenge: modernize their identity systems to deliver efficient digital services, while safeguarding citizens’ privacy.

For many, the solution to this challenge lies in a technology that’s often misunderstood but more relevant than ever: biometrics.

The Identity Crisis in Government

Government agencies are tasked with verifying the identities of two distinct groups: their residents and their workforce. Both come with significant challenges.

On the resident side, agencies must confirm identities for access to services like healthcare, benefits, and tax filing. On the workforce side, agencies must ensure that distributed, mobile, and often remote employees are who they say they are, particularly in a landscape where sophisticated impersonation scams and credential theft are on the rise.

Yet many state systems rely on antiquated tools, like passwords, physical tokens, and paper-based documentation, while citizens are already accustomed to unlocking phones and accessing financial services with a face or a fingerprint.

Privacy Misconceptions Are Holding Us Back

Despite the clear benefits, many agencies remain hesitant to deploy biometric tools. Why? The answer often comes down to fear: fear of surveillance, fear of misuse, and fear of backlash.

In my experience working across both public and private sectors, I’ve found that these concerns (while understandable) are often based on outdated assumptions. There’s nothing secret about my face. I wear it everywhere I go.

In fact, biometric verification can reduce the amount of personal information that needs to be shared. Rather than requiring multiple forms of documentation, which can be forged or stolen, a biometric system can verify identity using a unique, immutable trait: your face. When paired with liveness detection technology, which confirms that a real human is present, the result is a powerful safeguard against impersonation and fraud.

Fraud Is Evolving. Identity Systems Must, Too.

State agencies are increasingly being targeted by well-funded, international bad actors who exploit the weakest links in our security systems. These attackers are leveraging deepfakes, forged documents, and even setting up domestic device farms to mask overseas operations.

Traditional forms of identity verification simply can’t keep up with the pace of these threats. Worse, even physical office locations (once thought to be more secure) are proving vulnerable due to untrained staff, insider threats, and outdated workflows.

Biometrics, when properly implemented, close these gaps. This technology provide a way to confidently verify both residents and employees remotely, ensuring that services are delivered to the right people while protecting sensitive data.

Biometric Systems Can Be Privacy-Enhancing

Far from being invasive, biometric identity systems can actually act as a privacy enhancing tool with:

• Minimal Data Exposure: Instead of submitting a stack of documents, a user simply provides a biometric check.
• No Need for Static Credentials: Unlike passwords or social security numbers, a biometric trait can’t be phished or reused elsewhere.
• Added Security with Liveness Detection: Ensures that the biometric input comes from a real person in real time, not a photo or video.

Additionally, well-designed systems include guardrails that prevent biometric data from being used for surveillance or law enforcement unless a crime has occurred, preserving the trust and autonomy of users.

The Way Forward: Responsible Adoption

To modernize identity systems without compromising privacy, government leaders must:

• Invest in public education to demystify biometrics and address fears.
• Prioritize liveness detection to ensure biometric inputs are real and unspoofed.
• Establish clear privacy policies to govern how biometric data is collected, stored, and used.
• Encourage procurement innovation, allowing agencies to test and refine biometric solutions before full-scale deployment.

In my view, biometrics work really well when designed with the right privacy protections. They enable secure, low-friction access to services while keeping bad actors out.

In the race to deliver secure and efficient digital services, biometrics aren’t a threat to privacy, they’re a path to protecting it. It’s time to embrace them as a foundational tool in the future of government identity.