Utah privacy officials pitch State‑Endorsed Digital Identity (SETI) bill as privacy-first alternative

A Utah privacy official and technical advisers on Thursday laid out a proposal for a state‑endorsed digital identity system they said would preserve individual control while reducing fraud and preventing pervasive tracking.

The privacy officer, speaking at a public briefing, said the framework behind Senate Bill 275 begins by defining rights and limits that any state‑endorsed credential must protect. "Every individual has [a] unique identity that is separate from the government," the privacy officer said, adding the state’s role is to endorse and help protect identity rather than to create or own it.

Proponents described SETI (State Endorsed Digital Identity) as a device‑based credential stored in a digital wallet and presented to websites or businesses ("verifiers") without routinely phoning home to a central server. "The state has no technical means of knowing which entity is doing the verifying and which person is being verified," technologist Timothy Ruff said, arguing that the system breaks the "phone home" design that enables pervasive tracking.

Steve McCown, a chief architect at Anonymy Labs who serves on Utah’s privacy commission, said the bill incorporates technical and operational safeguards intended to reduce identity theft and enable recovery when devices are lost. "There’s a whole series of processes… for re‑requesting and reissuing credentials," McCown said, describing device secure enclaves and cryptographic key management as foundational to the approach.

The bill, as described by officials, contains several notable policy elements: an explicit "digital identity bill of rights" that prioritizes individual control; a parental or guardian role for children and other dependents; prohibitions on tracking or surveillance absent lawful process; a duty of loyalty or fiduciary responsibility imposed on verifiers; and an enforcement pathway that allows individuals to bring complaints to a privacy ombudsman and, where appropriate, to the attorney general.

Supporters said the program would be optional, preserve paper alternatives and be funded initially by a one‑time fiscal note and user fees for those who choose to enroll. The privacy officer said the program is expected to require administrative rules, a 45‑day public comment period, and at least a year from enactment before public enrollment begins.

Proponents emphasized use cases they say are likely to scale initial adoption: age assurance for protecting children online and reducing fraud in government benefits and property transactions. McCown pointed to title‑fraud prevention as an example where cryptographic verification and transaction receipts could help prove ownership.

Both McCown and Ruff acknowledged limits. Ruff noted large platforms and other apps can independently track users, so SETI would not eliminate all forms of surveillance that arise from device or platform behaviors. Officials also said some retained proofing data would need to be housed in state‑controlled, SOC‑2‑type facilities and that access could occur under warrants in specific investigations.

The presenters asked the public to engage in the legislative process; officials said SB 275 was scheduled for a hearing at 2:00 p.m. in the Senate Government Operations and Political Subdivisions Committee and encouraged attendance or written comments.

What’s next: committee testimony and public comment will shape administrative rules and implementation details if the bill advances.