Establishing a national Digital Public Infrastructure (DPI) in the United States could serve as the backbone for a modern societal-scale solution that encompasses disparate ID verification, digital payments, and data exchange systems, but there are risks in doing so that first necessarily must be addressed before a DPI would be feasible and widely accepted.
Erecting a DPI will hinge on ensuring that the risks are addressed, from privacy violations and human rights infringements to economic disruptions and non-transparent practices. An expansive and underregulated data market, declining public trust, stark political polarization, and outdated legal frameworks, if left unaddressed, would intensify these risks.
While these challenges are daunting, they are not insurmountable, according to a report from New America. With strategic foresight and action, the report says, the risks and potential harms of DPI can be effectively managed, ensuring it serves public interests without compromising individual rights, the report says.
Talk of creating a national DPI in the U.S. comes as the U.S. is increasingly being criticized for its inadequate privacy protections. Unlike regions such as the European Union where robust data protection laws like the General Data Protection Regulation (GDPR) govern digital ecosystems, the U.S. lacks a similar comprehensive national framework. Privacy concerns arise from the unrestricted trade of user data, the risk of surveillance, and potential discrimination enabled by unchecked algorithms and data collection practices. The GDPR regulates how personal data of individuals within the EU can be collected, processed, and stored.
“Experts cite inadequate privacy protections as the greatest issue of concern in the United States,” the New America report says, adding that “on the positive side, [experts] point out that we as a society know more about what remedies could be effective to prevent surveillance and discrimination and to provide mechanisms for redress. Addressing potential harm involves encouraging and incorporating open dialogue and responsive safeguards at all stages of DPI development to prevent misuse and ensure that DPI serves the public interest without compromising individual rights.”
The New America report says experts suggest that the most impactful step toward mitigating these concerns is the introduction of federal privacy legislation that would establish clear data rights for individuals, including control over how their information is collected, shared, and used. Moreover, this legislation could mandate independent audits of DPI systems, ensuring accountability and transparency in data handling.
“The most significant thing we could do is pass meaningful privacy legislation,” said Ethan Zuckerman, professor and director of the Digital Public Infrastructure Initiative at University of Massachusetts-Amherst.” Zuckerman explained that “there’s a vast, unregulated market for user data in the U.S., and we could follow the European lead in putting significant privacy legislation in place. That would not only benefit the public information areas but will also provide better safeguards for areas like Digital ID and payment.”
However, the emphasis must extend beyond technical safeguards to addressing public perceptions and misinformation about privacy risks. Trust in DPI hinges not only on protecting privacy, but also on convincing the public of the government and private sector’s commitment to those protections.
“Gaining the trust of individuals in these systems will be extremely challenging in the current environment, and without that trust, the entire endeavor will likely fail,” said Joseph Lorenzo Hall, Distinguished Technologist of Strong Internet at the Internet Society.
Hall is echoed by Center for Data Innovation Director Daniel Castro, who said “addressing privacy concerns will take more than just good technical design to minimize actual privacy risks. Additional work will be necessary to address perceived privacy risks, even when such claims are based on pure falsehoods and misinformation. For example, legislation that sets specific requirements for data rights of individuals on DPI could mitigate some of these concerns, as well as an overarching privacy commitment to all government-funded DPI, which could include regular independent third-party audits and assessments.”
Building independent oversight bodies dedicated to technology regulation is another essential strategy. These entities would conduct rigorous impact assessments to evaluate the potential social, economic, and ethical implications of DPI projects. By analyzing risks before implementation, these assessments could preempt harm, offering a proactive approach to governance. Experts also advocate for ongoing monitoring to ensure that DPI systems align with evolving societal values and technological standards.
Oversight bodies would help to ensure accountability by requiring transparency in decision-making processes and enabling public access to information about DPI systems. This openness can serve as a counterbalance to the opacity often associated with large-scale digital initiatives, fostering trust and reducing skepticism.
One persistent concern is that DPI systems often exacerbate existing inequalities, leaving marginalized communities further behind. Addressing this requires an inclusive, citizen-centric approach to design and implementation. DPI must cater to the diverse needs of all populations, including those with limited digital literacy, people with disabilities, and communities without reliable internet access.
Yolanda Martínez, practice manager for Digital Development in Latin America and the Caribbean at The World Bank, said that by “establishing a comprehensive citizen-centric service design approach that ensures transparency and accountability in data handling, investing in advanced cybersecurity measures, providing individuals control over their personal data, conducting public education campaigns, and creating independent oversight bodies … will build public trust and promote wider acceptance and adoption of DPI by safeguarding personal data and addressing potential misuse and security threats.”
Investing in solutions that prioritize inclusivity, such as simplified interfaces, multilingual support, and hybrid models combining digital and offline services, is essential. For example, operationalizing the principle of “digital-first, not digital-only” would ensure that critical services remain accessible to those who may struggle with digital platforms. Public consultation with affected groups should inform every stage of DPI development, reinforcing the optional nature of participation in these systems.
Despite best efforts, though, digital systems are not immune to failure or misuse. When harm occurs, robust mechanisms for redress are indispensable. Unfortunately, the current U.S. digital landscape provides limited avenues for individuals to seek justice for digital wrongs. Strengthening law enforcement’s capacity to respond to digital crimes must be a priority and would need to include training local police departments in cybersecurity and digital forensics and embedding digital officers in communities to address specific grievances.
Akash Kapur, senior fellow at New America and The GovLab, and Visiting Research Scholar at Princeton University, said having “better law enforcement responses to digital crimes, of all varieties … is important and receives less attention than it should. There really is very little redress for digital harm right now other than vague messages to ‘inform the FBI. A more locally based strategy that helps educate, staff, and train police departments is sorely needed. One analogy for this approach is the U.S.’ recent announcement that all embassies and some consulates will be staffed with digital officers; this should be true of police departments too.”
Redress mechanisms also should include both administrative and judicial processes, ensuring that individuals have recourse if their rights are violated. Addressing such concerns at the design stage of DPI systems can prevent harm and build confidence in their fairness and reliability.
The dominance of a few private sector players in the technology space poses challenges for DPI implementation. Concentrated market power can lead to monopolistic practices, stifling innovation and reducing the affordability of solutions. Ensuring that DPI systems are interoperable and are built on open standards can help mitigate these risks and go a long way toward fostering a competitive environment that encourages diverse contributions.
Public-private partnerships should prioritize collaboration over competition, with clear guidelines for data sharing and the ethical use of technology. Encouraging privacy-preserving techniques, such as differential privacy and advanced encryption, can reduce reliance on raw data, limiting the potential for exploitation by commercial interests.
One of the most effective tools for mitigating risks is an informed and engaged public. Education campaigns can raise awareness about data safety, the potential harms of DPI, and strategies for mitigating personal risks. These initiatives should target not only the public, but also policymakers, educators, and other stakeholders who influence societal attitudes toward technology.
Promoting tech literacy ensures that individuals can navigate digital systems confidently, reducing their vulnerability to exploitation. By demystifying DPI and addressing misconceptions, education campaigns can enhance public trust and acceptance of these systems.
The U.S. government, as one of the largest procurers of technology solutions, has a unique opportunity to lead by example. By modeling responsible and ethical tech practices, it can set a standard for the private sector. Initiatives like President Joe Biden’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence demonstrate the potential for inclusive policymaking grounded in the public interest.
Investing in the “tech-for-good” space can also attract top talent to civil service, enhancing the government’s capacity to design, deploy, and maintain DPI systems. Realigning burdensome compliance practices in public procurement can also improve efficiency and transparency, making it easier for innovative solutions to thrive.
Ensuring sustainable funding for DPI projects will be critical to their long-term success. Experts suggest that public funding models, such as establishing DPI as part of a nonprofit corporation, could provide a stable financial foundation. This approach would insulate DPI systems from commercial pressures, prioritizing public benefits over profit motives.
Collaboration with nonprofit organizations and academic institutions can also support research and development in areas like digital ID verification, privacy-preserving techniques, and secure data exchange. These partnerships can drive innovation while maintaining a focus on ethical and equitable outcomes.
Adopting a digital commons approach could transform the way DPI systems are conceived and managed. This mindset emphasizes shared ownership, community participation, and equitable access to technology. While the federal government is not yet fully aligned with this perspective, its participation in initiatives like the United Nations’ Universal DPI Safeguards Framework signals a willingness to explore collaborative solutions.
This framework, which was announced in September, provides actionable guidelines for mitigating risks and implementing safeguards. It could serve as a roadmap for navigating the complexities of DPI, the New America report says, noting that by integrating these principles into national strategies, the U.S. can move toward a more inclusive and resilient digital future.
Effectively managing the risks and potential harms of DPI in the U.S. requires a multifaceted approach, from enacting robust privacy legislation and establishing independent oversight bodies to fostering inclusivity and strengthening redress mechanisms. Collaboration across sectors, sustainable funding models, and public education are equally critical to ensuring that a national DPI infrastructure serves the public interest without compromising individual rights.
By addressing these challenges head-on, the U.S. not only would safeguard its digital infrastructure, but it would also set a global standard for responsible and ethical technology governance.
Article Topics
cybersecurity | data privacy | digital economy | digital ID | digital identity | digital inclusion | digital public infrastructure | identity verification | U.S. Government
