Yours, I expect?
Democrat senators want the FTC to investigate "evidence of deceptive statements" made by ID.me regarding the facial-recognition technology it controversially built for Uncle Sam. ID.me made headlines this year when the IRS said US taxpayers would have to enroll in the startup's facial-recognition system to access their tax …
They say one-to-one, as in one hash derived from your image is matched against the stored hash derived from your picture, for authentication. Okay, that's a valid use.
Then they say one-to-many upon initial signup, to catch nefarious ne'erdowells reusing pictures for multiple accounts, just like on Facebook. Hey, how else are you going to try to catch them? Of course, with so many facial images available, bad guys reusing pictures is just laziness.
But... what about many-to-one, much later? You have a hash stored for me. You have a hash stored for thee, and thou, and they, and xi, and so forth. All with the same unchanging algorithm? Then sometime someone does a database lookup on that column for equality.
How are you going to keep the hash, the algorithm and the database all secure forever? That's the flaw here. And that's why no from me.
As a US taxpayer with an online IRS account, I was shocked to learn that they would require ID.me in the future.
I was not at all surprised to find that ID.me lied about how they used their information (which is captured from much more than the IRS). I would not be at all surprised to learn that they were planning to 'anonomize' the IRS data and store it in their massive databases where it could be sold.
The Senators' call for an FTC investigation is good but I would also like to see the IRS's Contract Office declare the entire contract null and void due too fraud, and insist on the repayment of the full $86m.
I was "forced" to get a face scan as well as having to submit three forms of ID, just so that I could have the privelage of perhaps maybe getting the I.R.S. to process my federal tax return. I e-filed a month prior to the deadline and I'm still waiting for my refund. Oh, yes- I also had to do a video chat with a rep at ID.me. ID.me reps are available 24/7, yet the IRS doesn't have enough personnel to process returns in a timely manner.
I love how they always claim they saved tax payer monies, "Five state workforce agencies have publicly credited ID.me with helping to prevent $238 billion dollars in fraud. " This is standard fair with government agencies claims trying to justify all the monies spent on crap solutions. I've been in too many briefings by government agencies alluding to how much fraud exists and what they are doing to stop it. In all that time not one presentor showed us actual fraud to justify their claims. My belief is these systems exist to make money and not really prevent fraud. I believe these companies are just better at committing fraud then Thanos.
Having recently had to re-read NIST SP 800-63a, the Identity Assurance Level (IAL) tiers of what constitutes IAL-2, there is a small part of me that feels sorry for the IRS. More than likely, someone told them they have to meet IAL-2 for online access to taxpayer data. That's hard. A lot of what I've seen around the id.me stuff has been, if not something to make me feel good, at least something I can sort of understand in the context of IAL-2.
Section 4.2 statement 10 actually encourages the organization to conduct a fairly vaguely described fraud mitigation mechanism. I'm not overly conversant on the fine details of SP 800-63a, so I can't say that id.me followed the additional rules in it. But I can at least feel some understanding for what's going on. When someone I knew went through the id.me process some months ago, we compared each requirement of id.me back to the document and couldn't find any case where they weren't following a plain reading of the rules, even the steps that made us concerned were clearly listed as things they were supposed to do. I won't say I'm happy about what happened, but if we want to prevent such things from recurring, we need to understand what rules may have caused people to select a certain approach, or the next company to come along will do much the same thing, just with slightly different marketing.
So replace an at least somewhat progressive tax system with a 100% regressive tax system?
Yeah, that's a GREAT idea. /s
Income tax in the US has issues. But your proposal would replace it with taxes that heavily burden the poor, somewhat less burden the middle class, and only ever take pocket change from the rich. It's an absolutely abhorrent idea.
Biting the hand that feeds IT © 1998–2022