ID.me Archives | FedScoop https://fedscoop.com/tag/id-me/ FedScoop delivers up-to-the-minute breaking government tech news and is the government IT community's platform for education and collaboration through news, events, radio and TV. FedScoop engages top leaders from the White House, federal agencies, academia and the tech industry both online and in person to discuss ways technology can improve government, and to exchange best practices and identify how to achieve common goals. Wed, 12 Jun 2024 17:25:24 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.4 https://fedscoop.com/wp-content/uploads/sites/5/2023/01/cropped-fs_favicon-3.png?w=32 ID.me Archives | FedScoop https://fedscoop.com/tag/id-me/ 32 32 IRS defends use of biometric verification for online FOIA filers https://fedscoop.com/irs-defends-use-of-biometric-verification-for-online-foia-filers/ Mon, 10 Jun 2024 20:54:49 +0000 https://fedscoop.com/?p=78737 The tax agency directs users to file public records requests through ID.me, a tool that has sparked concerns in Congress and from privacy advocates.

The post IRS defends use of biometric verification for online FOIA filers appeared first on FedScoop.

]]>
A few years ago, the Internal Revenue Service announced that it had begun using the identity credential service ID.me for taxpayers to access various online tools. At some point between then and now, the IRS quietly began directing people filing public records requests through its online portal to register for the private biometric verification system.

Though Freedom of Information Act requests to the tax agency can still be filed through FOIA.gov, the mail, by fax, or even in person, the IRS’s decision to point online filers to ID.me — whose facial verification technology has, in the past, drawn scrutiny from Congress — has raised some advocates’ eyebrows

Alex Howard, who directs the Digital Democracy Project and also serves on the FOIA Advisory Committee hosted out of the National Archives, said in an email to FedScoop that language on the IRS website seems to encourage ID.me use for faster service. It also doesn’t make significant references to FOIA.gov, a separate governmentwide portal that agencies are supposed to work with by law, he said. 

“While modernizing authentication systems for online portals is not inherently problematic, adding such a layer to exercising the right to request records under the FOIA is overreach at best and a violation of our fundamental human right to access information at worst, given the potential challenges doing so poses,” Howard said. 

The IRS defended its use of the service in responses to FedScoop questions, noting the other ways people can file FOIA requests and that the tool is only required of those seeking to interact with their public records electronically. The agency also said that ID.me follows National Institute of Standards and Technology guidelines for credential authentication services.

“The sole purpose of ID.me is to act as a Credential Service Provider that authenticates a user interested in using the IRS FOIA Portal to submit a FOIA request and receive responsive documents,” a spokesperson for the agency said. “The data collected by ID.me has nothing to do with the processing of a FOIA request.”

The IRS website currently directs people trying to access the agency’s online FOIA portal to use ID.me, which describes itself as a “digital passport” that “simplifies how individuals prove and share their identity online.” According to one IRS page, the “IRS Freedom of Information Act (FOIA) Public Access Portal now uses a sign-on system that requires identity verification.” Those hoping to access online FOIA portal accounts created before June 2023 also must register for ID.me, the site states. 

The ID.me login page directs users to the FOIA portal, stating that those who can’t verify their identity can try visiting the ID.me help page or pursue alternative options. From there, another page tells users to try “another method” for submitting a FOIA. 

The system requires users to upload a picture of their ID: They can choose between taking a selfie and using biometric facial verification software that compares the image to their ID — or wait for a video appointment to confirm their identity. 

The system also appears to prompt users to share their Social Security number and includes terms of service that discuss the handling of biometric data. Two FedScoop reporters tried registering with the system: one had their expired identification rejected and had to attempt again with a passport, while the other’s driver’s license could not be “read” the first time but was accepted during a second attempt in combination with the video selfie. Both FedScoop reporters later received a letter, by mail, notifying them that their personal information was used to access an IRS service using ID.me.

What an ID.me scan looks like when signing into the IRS’s FOIA portal.

The IRS spokesperson said that the collection of a Social Security number is related to the digital authentication process, not the processing of the FOIA request itself, and biometric information is not retained by the IRS. 

“The IRS requires ID.me to delete the selfie and biometric information within 24 hours for taxpayers who verify using the self-service process,” the spokesperson said, adding that “ID.me is also required to delete any video chat recording within 30 days for taxpayers who choose to verify using the video chat pathway.” 

An ID.me spokesperson said in an email to FedScoop that no state or local agency uses the system for identity verification or as authentication for FOIA portals.  

The FOIA portals for the Treasury Department and Social Security Administration do use ID.me, the company spokesperson noted, but both agencies seem to provide more information on alternative submission options to submit requests online. ID.me referred additional questions regarding the IRS’s use of the company’s FOIA portal to the tax agency. Treasury did not respond to a request for comment by the time of publication.

The Social Security Administration offers both ID.me and Login.gov — another government-run ID service — as options to log into its FOIA portal, FOIAXPress Public Access Link. Like the IRS, the SSA said in response to FedScoop questions that mail, fax, email and FOIA.gov are alternatives to filing FOIAs. A Social Security number is not required for accessing FOIAXpress, though it appears to be required for signing into ID.me, which some users might be using to file FOIA requests. 

“In the scenario where a customer uses their ID.me account to access FOIAXpress PAL, the customer selects this sign in option on the login page and is redirected to a webpage on ID.me’s website,” an agency spokesperson said. “If the customer creates an account in this session, ID.me retains info on the registration event in their records.

They continued: “Upon successful account creation, the user is routed back to SSA’s website and allowed access to FOIAXpress PAL. SSA and ID.me retain info on the transaction in our respective records.”

“Submitting a Social Security Number to ID.me is related to the digital identity authentication process; generally it is not required for the FOIA process,” the IRS spokesperson added. 

Albert Fox Cahn, a privacy-focused attorney who directs the Surveillance Technology Oversight Project, expressed concerns about the IRS’s use of ID.me. “This isn’t just creepy and discriminatory, it might break federal law,” he said in a statement to FedScoop. “Under FOIA, public records belong to the public, and no one should have to hand over their biometric data just to see the records they’re entitled to access.” 

The use of ID.me by the government has sparked concerns in the past. In 2022, some members of Congress accused the company of downplaying wait times and misleading people about the way its facial recognition technology worked. The company, meanwhile, has defended its practices, including its work on fighting fraud during the pandemic.

Matt Bracken contributed to this article.

This story was updated June 11, 2024, to update Alex Howard’s professional affiliation.

The post IRS defends use of biometric verification for online FOIA filers appeared first on FedScoop.

]]>
78737
IRS to adopt Login.gov as user authentication tool https://fedscoop.com/irs-to-adopt-login-gov-as-user-authentication-tool/ Tue, 22 Feb 2022 16:30:29 +0000 https://fedscoop.com/?p=47871 The Treasury agency has already made changes that mean taxpayers no longer have to disclose biometric data.

The post IRS to adopt Login.gov as user authentication tool appeared first on FedScoop.

]]>
The Internal Revenue Service has committed to Login.gov as a user authentication tool after earlier this month agreeing to abandon the use of a commercial tool that featured third-party facial recognition technology.

In a statement on Monday, the Treasury Department said it is working with the General Services Administration to achieve the “security standards and scale” required to adopt the platform.

It comes after IRS earlier this month announced a plan to move away from using a third-party service for facial recognition to authenticate taxpayers creating new online accounts. It was forced to reject the technology following revelations that contractor ID.me uses powerful one-to-many facial recognition technology.

“While this short-term solution is in place for this year’s filing season, the IRS will work closely with partners across government to roll out login.gov as an authentication tool,” IRS said.

While Login.gov is not expected to be ready in time for use by taxpayers during the current tax season, users are now able to sign up for IRS online accounts without the use of any biometric data. Any previously collected biometric data will also be deleted over the next few weeks, according to IRS.

Privacy advocates say that various types of facial recognition pose a threat to consumers. In addition to numerous studies demonstrating the technology is less accurate on non-White skin tones, amassing biometric data can prove a huge security risk.

“This is consistent with the IRS’s commitment earlier this month to transition away from the requirement for taxpayers creating an IRS online account to provide a selfie to a third-party service to help authenticate their identity,” IRS said in a statement. “Taxpayers will have the option of verifying their identity during a live, virtual interview with agents; no biometric data – including facial recognition – will be required if taxpayers choose to authenticate their identity through a virtual interview.”

Despite the move to Login.gov, taxpayers will still have the option to verify their identity automatically through ID.me’s tool if they choose. New requirements are in place to ensure images provided are deleted for the account being created.

The post IRS to adopt Login.gov as user authentication tool appeared first on FedScoop.

]]>
47871
GSA won’t use facial recognition with Login.gov for now https://fedscoop.com/gsa-forgoes-facial-recognition-for-now/ Wed, 09 Feb 2022 18:18:20 +0000 https://fedscoop.com/?p=47507 The agency's secure sign-in team continues to research the technology and to conduct equity and accessibility studies.

The post GSA won’t use facial recognition with Login.gov for now appeared first on FedScoop.

]]>
The General Services Administration won’t use facial recognition to grant users access to government benefits and services for now, but its secure sign-in team continues to research the technology.

“Although the Login.gov team is researching facial recognition technology and conducting equity and accessibility studies, GSA has made the decision for now not to use facial recognition, liveness detection, or any other emerging technology in connection with government benefits and services until rigorous review has given us confidence that we can do so equitably and without causing harm to vulnerable populations,” said Dave Zvenyach, director of TTS, in a statement provided to FedScoop.

“There are a number of ways to authenticate identity using other proofing approaches that protect privacy and ensure accessibility and equity.”

Login.gov ensures users are properly authenticated for agencies’ services and verifies identities, and the Technology Transformation Services team that manages it is also studying facial recognition equity and accessibility.

GSA‘s methodical evaluation of the technology contrasts with that of the IRS, which announced Monday that it would transition away from using ID.me‘s service for verifying new online accounts after the company disclosed it lied about relying on 1:many facial recognition — a system proven to pose greater risks of inaccuracy and racial bias.

Login.gov currently collects a photo of a state-issued ID and other personally identifiable information, which are validated against authoritative data sources. The last step involves either sending a text message to the user’s phone number or a letter to their address containing a code that must be provided to Login.gov to complete identity verification.

More than 60 applications across 17 agencies — including USAJOBS at the Office of Personnel Management and the Paycheck Protection and Disaster Loan Application programs at the Small Business Administration — use Login.gov, encompassing more than 17 million users.

GSA’s rejection of facial recognition for Login.gov was first reported by The Washington Post, but the technology is most certainly in the agency’s, and the government’s, future.

The White House Office of Science and Technology Policy is crafting an Artificial Intelligence Bill of Rights to protect people from technology infringements and focused its initial request for information on biometrics like facial recognition.

While OSTP’s definition of biometrics needs refining, not all facial recognition algorithms are prejudicially biased. Technical and operational bias also exist and don’t necessarily lead to inequitable outcomes.

“There are not direct correlations between technical and operational biases and prejudicial bias,” Duane Blackburn, science and technology lead at MITRE‘s Center for Data-Driven Policy, told FedScoop in January. “Even though in a lot of policy analyses they’re treated as equivalent.”

The post GSA won’t use facial recognition with Login.gov for now appeared first on FedScoop.

]]>
47507
How Arizona saved $40 billion in payouts on fraudulent unemployment claims https://fedscoop.com/how-arizona-saved-40-billion-in-payouts-on-fraudulent-unemployment-claims/ https://fedscoop.com/how-arizona-saved-40-billion-in-payouts-on-fraudulent-unemployment-claims/#respond Mon, 16 Aug 2021 20:24:57 +0000 https://fedscoop.com/?p=43198 A new report looks at how states like Arizona are adopting modern identity verification tools to save billions in fraud and provide benefits to eligible claimants.

The post How Arizona saved $40 billion in payouts on fraudulent unemployment claims appeared first on FedScoop.

]]>
The COVID-19 pandemic caused an enormous spike in unemployment insurance claims across the country. But the complexity and financial enticement of these programs attracted a high volume of fraud attempts on state coffers. 

A new report, produced by ID.me, details how states partnered with private sector organizations to analyze millions of claims received and implement modern identity authentication tools to reduce fraud payouts. 

cybersecurity

Read the full report.

“As early as May 2020, a Nigerian fraud ring dubbed ‘Scattered Canary’ reportedly siphoned hundreds of millions of dollars from the state of Washington before the coordinated attack was identified,” said the report.

“As fraudsters began to target new states, the Arizona Department of Economic Security (DES) saw a massive rise in claimants. There were 77,063 initial [pandemic unemployment assistance (PUA)] applications filed during the week ending May 16, 2020. That weekly number had risen to 266,674 by July 25. Initial applications for PUA peaked at 570,409 for the week ending October 10.”

By September 2020, a number of states partnered with ID.me — including Florida, Georgia and Nevada — to successfully verified tens of thousands of legitimate claimants and diminish fraud instances. About this time is when Arizona’s DES reached out to ID.me to initiate a pilot program that they hoped would help them determine fraud instances for the state.

“By October, the results of the pilot program in Arizona showed great success. ID.me contributed to a dramatic reduction in the number of claims, from a record high of nearly 570,400 claims filed in the week ending October 10, to just 6,700 the week ending November 14 — representing a 98.8% decrease in new claims filed,” shared the report.

By implementing ID.me’s identity verification tool, DES estimates savings from payouts on fraudulent PUA claims for the State of Arizona upwards of $40 billion.

Read more about how states are improving citizen benefits programs and reducing fraud through modern identity verification tools. 

This article was produced by Scoop News Group for, and sponsored by, ID.me.

The post How Arizona saved $40 billion in payouts on fraudulent unemployment claims appeared first on FedScoop.

]]>
https://fedscoop.com/how-arizona-saved-40-billion-in-payouts-on-fraudulent-unemployment-claims/feed/ 0 43198
ID.me brings virtual identity proofing to the VA https://fedscoop.com/id-brings-virtual-identity-proofing-va/ https://fedscoop.com/id-brings-virtual-identity-proofing-va/#respond Tue, 12 Feb 2019 22:00:38 +0000 https://fedscoop.com/?p=31311 The digital offering allows veterans to verify their identities via video chat, saving a visit to the nearest VA field office.

The post ID.me brings virtual identity proofing to the VA appeared first on FedScoop.

]]>
There’s an 81-year-old veteran living in Japan who’s been trying, and failing, to sign up for a Veteran ID card online — he can’t seem to verify his international phone number. There’s a 19-year-old service member trying to get access to his GI Bill Benefits through VA.gov, but the agency can’t confirm his identity because he doesn’t have any credit history.

There are many more veterans just like these.

Traditionally, veterans who have been locked out of the convenient online registration process that the Department of Veterans Affairs offers, which requires things like a stable address and a credit history, are unable to sufficiently prove their identities online. So, they’re forced to go to a VA field office in person, an extra hurdle that can prove to be a complete roadblock, depending on the veteran’s circumstances.

Now there’s another option — Virtual In-Person Identity Proofing enabled by digital identity provider ID.me. After a four-month pilot, ID.me and the VA announced the official launch of this digital service Tuesday.

The interface for Veterans setting up a virtual identity proofing session. (Courtesy photo)

The technology is essentially what it sounds like — veterans who need help verifying their identities online can set up a virtual meeting (via video chat) with a “trusted referee” who will examine various identity documents in much the same way as an employee at a VA field office would.

“As part of the digital modernization of the VA, it is important that all Veterans can securely access their benefits and services online,” Charles Worthington, CTO at the VA, said in a statement. “Adding Virtual In-Person Identity Proofing is a critical step towards making sure that no Veteran is left behind.”

As is often the case in IT modernization, it was a policy development, not a technological one, that got us here. The National Institute of Standards and Technology is in charge of developing digital identity guidelines for the federal government — in June 2017 the agency released special publication 800-63-3, which outlines the requirements for verifying identity virtually. ID.me, a recipient of NIST grant funding, developed its tech offering around these guidelines.

To ID.me founder Blake Hall, a former soldier himself, helping veterans is especially meaningful. But he sees a future for this product at agencies beyond the VA. “Everyone runs into this problem where thin-file customers, international customers, aren’t able to prove their identity,” he told FedScoop. “We can also expand this to other agencies.”

The post ID.me brings virtual identity proofing to the VA appeared first on FedScoop.

]]>
https://fedscoop.com/id-brings-virtual-identity-proofing-va/feed/ 0 31311
Connect.gov credential providers hope for widespread agency use https://fedscoop.com/connect-gov-credential-providers-hope-widespread-agency-use/ https://fedscoop.com/connect-gov-credential-providers-hope-widespread-agency-use/#respond Mon, 22 Dec 2014 16:45:18 +0000 http://ec2-23-22-244-224.compute-1.amazonaws.com/tech/connect-gov-credential-providers-hope-for-widespread-agency-use/ ​Connect.gov is live in its first phase, but only a few agencies so far have agreed to use the uniform digital credential platform. However, as the service matures and its benefits are realized, ID.me, one of the credential-providing partners on the project, believes that will change.

The post Connect.gov credential providers hope for widespread agency use appeared first on FedScoop.

]]>

Connect.gov is live in its first phase, but only a few agencies so far have agreed to use the uniform digital credential platform. However, as the service matures and its benefits are realized, ID.me, one of the credential-providing partners on the project, believes that will change.

Founded by two Army Rangers who met at Harvard Business School, ID.me is a digital credential startup based in McLean, Virginia, that began as a company helping veterans, service members and other organizations access benefits tied to their identities online. The business has since matured as part of the National Institute of Standards and Technology’s National Strategy for Trusted Identities in Cyberspace pilot program.

“The NSTIC award effectively helped us to mature our platform and enhance our service to include identity proofing in addition to the attribute verification we’re doing and really kind of filled out the network of relying parties we had consuming our technology,” said Matt Thompson, COO and co-founder of ID.me. The company in August also became one of three — Verizon Communications Inc. and Symantec Corp. are the others — to receive Federal Identity Credential Access Management assurance levels 1-3.

With that foothold in the digital identity space solving credential issues for the veteran and military communities, as well as the NSTIC and FICAM recognitions, the General Services Administration awarded ID.me an 18-month contract to issue digital identity credentials to citizens accessing government resources and benefits through Connect.gov.

“Those same people who have ID.me credentials that they may have used to prove they were eligible for a 10 percent off at [a partnering organization] can access the [Department of Veterans Affairs] and now other agencies that are plugged in to Connect.gov, effectively giving individuals a single credential they could use across multiple use cases across multiple levels of assurance,” Thompson said. “Before Connect.gov, all these agencies were doing siloed identity proofing and issuing you a username and password that only had utility at their websites. And it was a pretty closed ecosystem.”

But in this initial stage, very few agencies have taken to the Connect.gov effort. The Connect.gov website lists only the VA, NIST and the Agriculture Department as relying parties. GSA is acting as the program management office for the project, the Postal Service is providing the technology for the network and NIST is leading the NSTIC framework for credential validity in the ecosystem.

“There’s a limited set of organizations participating in Connect.gov inside the government,” Thompson said. “Our hope is they all see the value of this and get out of the business of identity access management to the extent that they could use a much more efficient process and technology, which is Connect.gov, and at the end of the day, it has a lot more value for the citizens that want access to those applications as well.”

While ID.me is excited that the federal government is taking the lead on pushing this concept to market, ID.me Chief Product Officer Ryan Fox thinks more agencies are perfectly tailored for Connect.gov and need to jump onboard — three in particular: the Social Security Administration, IRS, and the Department of Health and Human Services.

“SSA, IRS and HHS are three large agencies that have large-scale interactions with U.S. residents, and an individual who is interacting with those three agencies today has to identity proof and establish credentials in three different locations,” Fox said. “Should those agencies choose to participate in Connect.gov, they’ll see a reduction in cost and ease of use for their consumers, as well as an offset of liability,” something he said is a wise decision for agencies given the track record for cybersecurity and breeches in government.

In addition to those obvious benefits that come with this type of shared service, Thompson stressed the importance of Connect.gov’s privacy, saying it should be a benefit for citizens using it and agencies hesitant to join.

“There’s a privacy layer in Connect.gov to protect the privacy of the citizen,” he said. “So what that privacy layer does at a high level is it keeps any of the identity providers or credential service providers from seeing what agency the citizen is trying to access. So we don’t know, nor do we really care, that [someone] is trying to access Veterans Affairs. So there’s a blinding mechanism that keeps us from seeing that, and there’s a blinding mechanism that keeps Veterans Affairs from seeing that you’re coming in using ID.me versus any other credential, which they don’t need to see. At the end of the day, they just need to know that it’s you and that you’re identity proofed to the proper level of assurance.”

And for Connect.gov, it “doesn’t see that you’re using a certain credential, that you’re accessing a certain site and they don’t see see your information passing through via encrypted form through the exchange,” Thompson said.

“There’s a lot of distrust of our government around the amount of data and whats being tracked on individuals, and this is actually something that’s being stood up to protect identities and promote privacy,” he said. “The whole digital identity ecosystem is about trust. This whole Connect.gov initiative, which is born out of NSTIC as well, is all about increasing privacy as well as that utility for the credentials.”

The post Connect.gov credential providers hope for widespread agency use appeared first on FedScoop.

]]>
https://fedscoop.com/connect-gov-credential-providers-hope-widespread-agency-use/feed/ 0 8983