Why the U.S. Post Office is Key to Fighting AI Fraud

For years now, the United States Postal Service has been struggling to adjust to the digital world, as the decline of letter mail has left the agency’s budget in shambles. That’s a threat to the Postal Service’s role in connecting all Americans.

Fortunately, a bill under consideration in the U.S. Senate, the POST ID Act, would reinvigorate the venerable service for a new era, help improve USPS’s budget woes – and make it a powerful asset for digital security. The bill proposes using physical Post Office locations to offer real-world identity verification – verification that would, in turn, help fight fraud and disinformation online. 

That’s similar to the way DMV locations in states like California issue both traditional and digital driver’s licenses. But the Post Office could play a much broader role: the bill’s bipartisan sponsors, Bill Cassidy (R-LA) and Ron Wyden (D-OR), want to allow the Post Office to perform identity verifications for an array of private clients, in addition to public sector agencies it already serves. Combined with some product strategy, this new paid service could help to balance the agency’s budget as well.

This new USPS service would be an extension of the agency’s longtime work connecting people against all obstacles. Instead of refusing to stop for “snow nor rain nor heat nor gloom of night,” this new Postal Service would also be tasked with helping overcome hackers.

A Physical Network for the Digital Age

Senator Wyden was absolutely spot-on when he said that “AI deepfakes have added a whole new challenge for the most common [online identity] verification methods. The best way to confirm who someone is, is in-person verification.”

Wyden’s warning came in October of last year, and the threat of AI has only become more obvious since then. That includes a recent report that artificial intelligence was being used to create convincing fake ID cards at an unprecedented scale, and the equally concerning evolution of deepfake tools into the realm of video, allowing convincing live impersonation online.

But those tricks don’t work in the physical world. Only a real, natural human can walk up to the counter at a Post Office and seek identity verification by a fellow human. Not just physical appearance, but also biometrics like fingerprints are much harder to fake in person than online.

There are very few entities of any sort better positioned to conduct that affirmation than the U.S. Post Office. The USPS has a staggering 31,123 locations across practically every corner of America - even without including locations operated under contract. Post Offices can be found in far-flung U.S. territories like Guam, or at the far northern edge of Alaska, guaranteeing new verification services can be accessed by very nearly every American.

Once an identity is verified in person, it can be digitally recorded using new digital identity credential technology that is extremely trustworthy and secure—and even lets users verify their humanness without revealing their identity.

The Power of Cryptography

The Cassidy-Wyden bill would give the USPS new responsibilities for verifying natural humans, and the ability to serve an array of clients would create a new stream of revenue for the agency. Those verifications would then need to be represented as a trustworthy “digital credential” for users to present online. Luckily, such systems already exist, for instance, in the form of the digital driver’s license offered in California and a growing list of other states.

Trustworthy digital credentials rely on a mix of innovative encryption and widely available hardware – specifically, your mobile phone. In broad outline, a credential issuer like the DMV or Post Office would have a unique digital ‘signature’ tied to a secure computer on-site. After conducting identity verification, the USPS office would digitally sign a credential using the “secure element” chip in the recipient’s mobile phone. This credential could then be presented in a variety of contexts to help a user prove their identity.

The details of the “identity” that a user wants to prove can vary widely, and digital credentials of this sort are very flexible. A common feature of digital credentials is what’s known as “selective disclosure,” which lets a credential holder share only the minimum required information in a particular interaction. 

At its most minimal, a digital credential issued by the USPS could prove only that the holder is a real human being without disclosing any other identifying data. As laid out in a recent research paper by a coalition including researchers from SpruceID, this simple “personhood credential” could be a key element in the fight against costly identity fraud and toxic disinformation online.

Expanding the Network of Trust

The incredible omnipresence of USPS locations makes it an ideal candidate, alongside DMVs, to lead the charge for in-person identity verification and issuance. We can still think bigger, though.

Other trusted entities might be brought into the in-person verification network, expanding access and convenience even further. Candidates might include other shippers, such as UPS and FedEx, who have extensive physical networks and address and other data that can help confirm identities. In the most rural or remote parts of America, retailers might be recruited to the network, though they would require significant additional equipment and training. One benefit of allowing certified private sector participants to also provide in-person identity verification is to keep costs low for users and businesses, while incentivizing competition and innovation.

Over time, the identity verification process would also be streamlined for efficiency and convenience. One major potential efficiency would be collecting an applicant’s data online before an in-person verification session, reducing wait times and workloads. Streamlining of this sort would be particularly important since some digitally signed credentials need to be refreshed more often than conventional physical identity documents.

Offering identity verification via Post Office locations would be part of a yet more expansive system of verifications built on a shared standard for data formats, security practices, and privacy measures. The larger system that SpruceID is helping drive forward is flexible, offering various options for credential holders to choose what data they share.

But perhaps the most important yet challenging feature of this emerging system is creating broad access to in-person verification. For that, the good old Post Office will be hard to beat.

To learn more about SpruceID and our approach to fighting AI fraud, visit our website.

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.