Biometric Tech Company ID.Me Continues To Swallow Gov't Agencies, Cause Problems For People Trying To Access Their Gov't Benefits
from the questionable-claims,-extremely-limited-accountability dept
A private company, that leveraged a bold (unproven) claim about $400 billion in pandemic unemployment fraud into government contracts allowing it to (mistakenly) lock people out of their unemployment benefits, is hoping to use both of these dubious achievements to secure even more government contracts.
Here’s the claim:
Blake Hall, CEO of ID.me, a service that tries to prevent this kind of fraud, tells Axios that America has lost more than $400 billion to fraudulent claims. As much as 50% of all unemployment monies might have been stolen, he says.
“The greatest theft of American tax dollars in history has risen unabated to $400 billion, with nearly half of all pandemic unemployment spending lost to fraud by criminals,” declared Kevin Brady, the top Republican on the House Ways and Means Committee.
And here’s the reality:
In December, California, by far the largest state payee of benefits, said it had identified $20 billion in fraudulent unemployment payments during the pandemic, 11% of what it paid out overall. California was responsible for a quarter of all pandemic unemployment payouts in the U.S.; if its fraud experience held nationally over the past two years it would translate into roughly $95 billion. That’s a big sum, but still only a quarter of what Hall was estimating. And other states like Ohio and Texas have reported lower levels of fraudulent payments than California.
But it made for a hell of a sales pitch. ID.me is currently used to verify the identity of unemployment benefit recipients in 27 states. It also secured a $1 billion contract from the Department of Labor to modernize state systems used to handle dispersal of these benefits.
All of this snowballed into ID.me’s biggest get: the Internal Revenue Service.
If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device.
That’s from Brian Krebs of Krebs On Security. His experience with the verification process was far from painless. The process requires users to take a live, video selfie from the same device being used to apply for the account. This means users can’t use a laptop/desktop computer and take the selfie on their phone, even though that would be the most convenient way to accomplish both tasks (apply and verify).
In Krebs’ case, the application process got stuck when ID.me came to a halt during the phone verification process, prompting a request for Krebs to reupload three identification documents. Then it told him to wait:
After re-uploading all of this information, ID.me’s system prompted me to “Please stay on this screen to join video call.” However, the estimated wait time when that message first popped up said “3 hours and 27 minutes.”
The system has glitches, as is to be expected from any system engaging in identification verification over the internet. But the problems experienced here are far from abnormal, and that’s going to cause lots of people lots of problems with tax filing season now underway. This only adds the IRS to the list of government entities that have discovered it’s not performing as well as advertised.
A log of complaints for California’s Employment Development Department (EDD), which signed up with ID.me in September 2020, details issues ranging from a transgender person being blocked from accessing benefits because the gender on their driver’s license didn’t match their passport to an applicant who went through ID.me’s verification process only to find their claim still on hold six weeks later. In a January 2021 letter to the EDD, California state Senator Anthony Portantino complained that his staff had been “inundated with urgent pleas” from constituents whose benefits were on hold as a result of problems with ID.me. “This recent purge has put thousands of legitimate claims in limbo, with no instructions for how to get out of ‘ID verification jail,’?” Portantino wrote.
Some of these problems can be traced back to ID.me’s facial recognition AI, which has yet to be independently tested, despite being the only option for many people seeking access to their unemployment benefits or tax information. There has been some sort of testing, but not with any results ID.me is willing to share with the public.
Hall says the company isn’t running images through a preexisting database, the way law enforcement does, and that it selects facial-recognition vendors that comply with federal standards, though he wouldn’t name them. The company also says ID.me put its facial-recognition software through two separate tests for racial bias in 2021 and found no evidence of discrimination.
And CEO Blake Hall continues to insist ID.me is stopping billions of dollars of unemployment and tax fraud, even though it would appear that a lot of what Hall considers to be thwarted fraud may just be the inadvertent thwarting of legit benefits claimants.
For example, between Jan. 28 and March 8, 2021, ID.me had 654,292 users start its verification process in California, according to data Hall provided. Just half of those users completed ID.me’s checks. Hall argues that any users who didn’t complete the process were clearly scammers.
On Nov. 17, 2020, for example, ID.me reported that the prior week, 101,050 people in California attempted to verify their identities with ID.me. Of those, just 40% succeeded. But you could see the frustrations unemployed workers and their advocates complain about playing out in the data: Almost a quarter of the people ID.me dealt with in California that week tried to get on a video call with a company rep, but only 10% of that group succeeded. More than 7,000 people also abandoned the ID.me process by either closing their browser midway through or having their session time out. Both situations are as easily attributable to tech glitches as fraud.
This isn’t very comforting. ID.me’s CEO seems willing to declare failures of the company’s system as victories against fraudsters. This unwillingness to even consider the possibility the system has flaws that might separate users from benefits or tax information isn’t something you want to see in someone running a company that has already nailed down more than half the country’s unemployment payments business. Becoming the point of entry for IRS accounts will just make local issues national issues.
It’s also not exactly comforting that one company holds so much biometric and personal data. That makes it a tempting target for malicious hackers, especially now that it’s also home to Internal Revenue Service data. It’s going to make people start asking for some sort of biometric data federalism — one that keeps the federal government from intermingling its sensitive info with state data stashes by using the same vendor to collect ID verification info.
Presumably, ID.me will get better at what it does. And it does appear to be doing everything it can to secure the information it’s collecting on behalf of several government agencies. But it’s being led by a CEO who is unwilling to allow independent inspection of its AI, who built his company’s business on a questionable assertion about pandemic-related benefits fraud, and who has an alarming tendency to blame system issues on end users or to portray ID.me’s failures as successful direct hits on benefits fraud.
That’s a lot of buck-passing for someone who is being entrusted with the financial, personal, and biometric information of millions of Americans. And it suggests if the shit ever really hits the fan, the CEO is going to ghost a bunch of taxpayers who were never given any input or options when it comes to accessing benefits that are rightfully theirs.