$5T Reasons Why Uncle Sam Needs to Learn About Self-Sovereign Identity

The United States has lost an estimated $5 trillion to fraud and improper payments across government programs. That number should stop us in our tracks. Yet most policy responses still focus on detection, recovery and enforcement. They miss the underlying issue — because apparently, when your house is on fire, the patriotic move is to install a better smoke detector for next time.

Fraud at this scale is not a compliance failure — it is an infrastructure failure, and at its center is identity. Addressing it requires a shift away from band-aid solutions toward a re-architecture of our digital identity framework. Spoiler: duct tape doesn't fix everything, even when Congress is holding the roll.

There is a growing movement around the idea that identity — and control over access to personal data — belongs to the individual, not to banks, technology platforms or even the government. Banks, for their part, are still clutching their data moats like dragons guarding digital gold. Even within the financial system, where data use is more tightly regulated, individuals often lack meaningful visibility or control.

Data sharing operates through broad, one-time consent frameworks that enable ongoing access and reuse of financial data with limited transparency. Translation: you clicked "I agree" once three years ago and now a dozen financial institutions treat your data like it got a timeshare in the Bahamas. More importantly, when consumers cannot actively direct how their data is shared and used, they are limited in their ability to access new and tailored financial services — constraining innovation, reducing competition and slowing economic growth.

This dynamic is even more pronounced in the technology sector, where personal data is routinely collected, aggregated and monetized at scale. Because why just sell someone a product when you can sell the fact that they bought the product? Across both domains, individuals have limited awareness of who has access to their data and how it is used. Most people know more about what happens in the group chat than what happens to their own data.

At its core, this model requires individuals to surrender control of their identity and personal data to participate. It's like joining a poker game where you have to show your cards before the flop, then wonder why you keep losing. These systems are not only inefficient, they expand the surface area for misuse and security breaches. More fundamentally, they erode individual agency and undermine the very notion of inalienable rights in the digital age.

Two major policy debates in Washington reflect this tension: one focuses on reducing fraud and improper payments; the other centers on control of consumer financial data. They are treated as separate issues, but in reality reflect the same structural gap. Washington, famously, cannot see two adjacent issues and think "maybe connect the dots?" Bless their hearts.

Policymakers are responding, but largely within the constraints of the current system. Congressional efforts to update the Gramm-Leach-Bliley Act focus on consumer data control through opt-in and opt-out regimes. For those counting at home, this is the legislative equivalent of rearranging deck chairs while the blockchain burns. At the same time, the Trump Administration has elevated fraud prevention through expanded oversight and increased data sharing across agencies.

Since January 2025, more than a dozen federal initiatives — including an interagency fraud task force — have been launched. The government moves at the speed of a blockchain with zero validators — glacial, but allegedly directional.

On one side, policymakers are pursuing incremental privacy improvements. On the other, they are expanding access to sensitive government data to combat fraud. The result is continued reliance on centralized data pools, combined with limited individual control over how personally identifiable information (PII) is accessed and used. It's like asking someone to tighten their seatbelt while also filling their car with more gas. Technically you're doing something, but the logic is questionable.

These architectures increase exposure, create attractive targets for bad actors and remain difficult to secure at scale. Basically, we're building bigger honeypots and wondering why the bears keep showing up with picnic baskets.

The core challenge is not simply data protection. It is how to enable trusted verification and privacy while preserving individual control over access to personal data. Without that control, individuals are required to relinquish how their data is accessed and used, undermining a core inalienable right in the digital economy. Ah yes, the crypto trilemma, but make it bureaucratic.

This is where states have a critical role to play. States have long served as the primary issuers of identity through birth records, driver's licenses and other foundational credentials. This positions them to lead the next phase of digital identity infrastructure. Think of it as the government finally discovering the benefits of not having a centralized server, only several decades too late.

The future of digital identity will require states to become the anchor of trust — not by expanding data collection, but by re-architecting how that trust is expressed: shifting from centralized data silos to privacy-preserving, user-controlled credentials. The goal is the digital equivalent of: "show proof of age without showing your entire life story."

Utah provides a clear example. Through legislation taking effect in May 2026, the state has introduced a Digital Identity Bill of Rights that places individuals at the center of how their identity is used and shared. It establishes clear principles to enable user control, data minimization, restricted surveillance and verification based only on what is necessary. Finally, someone in government read the room on privacy.

At its core is a simple reality: trust in financial systems requires authoritative identity. Access to public funds and services depends on verified eligibility, and states already fulfill this role. The goal is not to remove the state, but to modernize how trust is expressed. By shifting to privacy-preserving, user-controlled credentials, states can reduce fraud, improve transparency and strengthen accountability. It's like upgrading from a filing cabinet to a proper vault — same security, better access.

As federal debates continue to focus on managing data within legacy systems, states have an opportunity to lead in a fundamentally different direction — one that reduces reliance on centralized data and restores individual control over identity and personal information. The future of digital finance will not be