Face Off: DHS Takes on the Deepfake Identity Crisis

March 27, 2025

Subscribe and listen anytime on Apple Podcasts, Spotify, or at FedGovToday.com.

Face Off: DHS Takes on the Deepfake Identity Crisis

In an increasingly digital world, proving who we are online has become both a necessity and a challenge. Arun Vemury, Senior Advisor for Biometric and Identity Technologies at the Department of Homeland Security’s Science and Technology Directorate (DHS S&T), is leading efforts to ensure remote identity verification tools are secure, effective, and ready for real-world use.

Traditionally, DHS focuses on biometric and digital identity technologies used in controlled, fixed facilities like airports and border checkpoints. But now, Vemury explains, the game is changing. With the rise of smartphones and remote services, identity verification is happening far from those controlled environments. The shift brings new opportunities—and new risks.

Vemury notes that many of the technologies used to open bank accounts or access government services remotely rely on photos: selfies, ID cards, and documents. But smartphone cameras aren’t built to detect hidden security features in official IDs, like microprinting or ultraviolet markings. This makes it easier for fraudsters to create fake documents that look real in photos.

Adding to the concern is the growing use of deepfakes and generative AI. “It’s really easy to substitute people’s faces to create virtual documents that look like real documents,” Vemury says. Worse still, attackers can launch hundreds or thousands of remote identity attacks in a single day—something that would be impossible in person.

To tackle these challenges, DHS S&T launches the Remote Identity Validation Rally, a collaborative effort with TSA, Homeland Security Investigations’ forensic lab, and NIST. The goal is to objectively measure how well these technologies perform, especially when faced with sophisticated attacks. The initiative also aims to support industry innovation, answer critical questions about technology effectiveness, and inform future standards and certifications.

Vemury emphasizes the importance of testing each piece of technology separately. Just like kicking the tires before a test drive, he wants to evaluate the components—document validation, face matching, liveness detection—individually to identify exactly where improvements are needed.

He describes a recent demonstration where DHS evaluates remote identity technologies without using the public cloud. This setup preserves privacy, allows for secure attack testing, and ensures a level playing field. It’s a major feat, involving partnerships across industry and government, and even includes testing with over 1,000 fraudulent IDs curated by forensic experts.

Now, the Maryland Test Facility (MDTF) will host the rally, where participating companies can submit their technologies in Docker containers for controlled testing. The first phase focuses on matching selfies to ID photos. DHS evaluates submissions quickly, looking for technologies that are mature, commercially viable, and adaptable to real-world use cases.

For Vemury and DHS, the mission is clear: ensure remote identity verification tools are robust, scalable, and ready for the threats of today and tomorrow. “We want them all to work well,” Vemury says. “It provides potential huge benefits—we just need to make sure we’re using it responsibly and managing the risks.”