Difference between revisions of "Federal Agencies and ID.me"
(Citebot) |
(Citebot) |
||
| Line 24: | Line 24: | ||
This page uses the following references: | This page uses the following references: | ||
| − | + | * [[Cited references::Security_Vision_Wiki_References#_SCITEd96cf6cc20c171a5cdcabddb02421baf]] | |
--- end citebot --- | --- end citebot --- | ||
Revision as of 16:23, 26 January 2023
Information Certainty: Documented
Deployment Purpose: Fraud Prevention
| Summary |
|---|
| During the pandemic, ID.me was utilized by federal agencies like the IRS and Social Security Administration for identity verification to curb fraud. This was crucial as these services, including social security and tax filings, are essential. ID.me rapidly expanded its workforce to handle the demand, but faced criticism for compromising verification practices and user privacy. Confidential data, such as social security numbers, were inadequately protected, raising concerns about potential data misuse. Despite assurances of not selling user data, ID.me retains biometric information long-term. Following public and legislative backlash, the IRS announced plans to phase out ID.me's facial recognition technology, highlighting privacy concerns. |
Products and Institutions:
| Product Deployed | ID.me (Authentication) |
|---|---|
| Institutions ⠉ | ID.me |
| Datasets | ID.me (Dataset) |
| Search software |
Status and Events:
| Status | Stopped |
|---|---|
| Events | |
| Start Date | |
| End Date |
Users:
| Involved Entities | |
|---|---|
| Managed by | ID.me |
| Used by | IRS SSA |
Location:
| City | Washington (DC) |
|---|---|
| Country ⠉ | USA |
Description[ ]
A range of federal bodies such as the IRS required authentication using ID.me during the pandemic. As these bodies include social security payments and public revenue services they are not optional services.
In the first two years of the pandemic, identity verification company ID.me secured dozens of contracts with the IRS, Social Security Administration, and state unemployment agencies, ostensibly to reduce fraudulent access to government benefits 1
ID.me's rush to hire and train nearly 1,500 new workers at this time also led to lax verification practices and poor user privacy protections, these people said. Information like passports and social security numbers were often posted in internal Slack channels, and some employees were hired and given access to confidential data without completed background checks. Some chattered about how easy it would be to steal users' information 1
With a company laptop, email representatives and video chat agents can see any piece of information about any ID.me user — even people they never talk to. They could look up a user's email, and then find the information, documents, and selfie they submitted to ID.me, these people said. Customer service workers also described a tab on ID.me's internal dashboard that showed all potential facial recognition matches when a user submitted a selfie for verification. This was to catch possible fraudulent accounts, but these people said the system would often show profiles of clearly different people 1
ID.me also said that, starting March 1, it will allow ID.me users to delete the selfie tied to their account online at account.ID.me. In the past, ID.me has said it does not sell its user data — which includes biometric and related information, such as selfies people upload, data related to facial analyses, and recordings of user video chats — but it does keep such information. Biometric data, like the facial geometry produced from a user's selfie, may be kept for years after a user closes their account. The changes come shortly after the IRS, following backlash from lawmakers and privacy groups, said on Monday that it would "transition away" from using facial recognition software via ID.me to verify people for online accounts. Once a user had been authenticated via ID.me, they would be able to sign on to the IRS's website to request an online tax transcript or see information regarding tax payments or economic impact payments. The process had been optional for those who already had an IRS username and password, but those were set to stop working this summer 2
--- By citebot ---
This page uses the following references:
- Security_Vision_Wiki_References#_SCITEd96cf6cc20c171a5cdcabddb02421baf
--- end citebot ---
References
- a b c d "Inside ID.me's torrid pandemic growth spurt, which led to frantic hiring, ill-equipped staff, and data-security lapses as the company closed lucrative deals with unemployment agencies and the IRS". (2022) <https://www.businessinsider.com/id-me-customer-service-workers-hiring-secuirty-privacy-stress-data-2022-6> Accessed: 2022-07-10
- a b "After face-recognition backlash, ID.me says government agencies will get more verification options". (2022) <https://www.cnn.com/2022/02/08/tech/idme-facial-recognition-bypass/index.html> Accessed: 2022-07-10