back to article Did ID.me hoodwink Americans with IRS facial-recognition tech?

Democrat senators want the FTC to investigate "evidence of deceptive statements" made by ID.me regarding the facial-recognition technology it controversially built for Uncle Sam. ID.me made headlines this year when the IRS said US taxpayers would have to enroll in the startup's facial-recognition system to access their tax …

  1. 4d3fect

    "increase equity"

    Whose?

    Yours, I expect?

  2. Anonymous Coward
    Anonymous Coward

    Do I look Boris in this dress?

    They say one-to-one, as in one hash derived from your image is matched against the stored hash derived from your picture, for authentication. Okay, that's a valid use.

    Then they say one-to-many upon initial signup, to catch nefarious ne'erdowells reusing pictures for multiple accounts, just like on Facebook. Hey, how else are you going to try to catch them? Of course, with so many facial images available, bad guys reusing pictures is just laziness.

    But... what about many-to-one, much later? You have a hash stored for me. You have a hash stored for thee, and thou, and they, and xi, and so forth. All with the same unchanging algorithm? Then sometime someone does a database lookup on that column for equality.

    How are you going to keep the hash, the algorithm and the database all secure forever? That's the flaw here. And that's why no from me.

  3. Anonymous Coward
    Megaphone

    Shocked then not surprised

    As a US taxpayer with an online IRS account, I was shocked to learn that they would require ID.me in the future.

    I was not at all surprised to find that ID.me lied about how they used their information (which is captured from much more than the IRS). I would not be at all surprised to learn that they were planning to 'anonomize' the IRS data and store it in their massive databases where it could be sold.

    The Senators' call for an FTC investigation is good but I would also like to see the IRS's Contract Office declare the entire contract null and void due too fraud, and insist on the repayment of the full $86m.

    1. Alumoi Silver badge

      Re: Shocked then not surprised

      Too late for that. The company got the money and the government your mugs. It's a win-win situation.

  4. Anonymous Coward
    Anonymous Coward

    The U.S. is a corporate run dystopia

    I was "forced" to get a face scan as well as having to submit three forms of ID, just so that I could have the privelage of perhaps maybe getting the I.R.S. to process my federal tax return. I e-filed a month prior to the deadline and I'm still waiting for my refund. Oh, yes- I also had to do a video chat with a rep at ID.me. ID.me reps are available 24/7, yet the IRS doesn't have enough personnel to process returns in a timely manner.

    1. Anonymous Coward
      Anonymous Coward

      Re: The U.S. is a corporate run dystopia

      I just logged into my account. No id.me required, I used the same old username and password that I set up years ago. No face scan, no forms of ID, no video chat, nothing but a texted 2-factor code to my phone.

  5. TheBruce

    Bunch of Blah Blah Blah

    I love how they always claim they saved tax payer monies, "Five state workforce agencies have publicly credited ID.me with helping to prevent $238 billion dollars in fraud. " This is standard fair with government agencies claims trying to justify all the monies spent on crap solutions. I've been in too many briefings by government agencies alluding to how much fraud exists and what they are doing to stop it. In all that time not one presentor showed us actual fraud to justify their claims. My belief is these systems exist to make money and not really prevent fraud. I believe these companies are just better at committing fraud then Thanos.

    1. Mike 16

      Better at fraud than Thanos

      There is more than one way to grab wealth and power.

      Thanos is not so much into stuff like fraud. It just doesn't boost the special effects budget enough.

      Or did you mean Theranos?

  6. mmccul

    NIST SP 800-63a issues

    Having recently had to re-read NIST SP 800-63a, the Identity Assurance Level (IAL) tiers of what constitutes IAL-2, there is a small part of me that feels sorry for the IRS. More than likely, someone told them they have to meet IAL-2 for online access to taxpayer data. That's hard. A lot of what I've seen around the id.me stuff has been, if not something to make me feel good, at least something I can sort of understand in the context of IAL-2.

    Section 4.2 statement 10 actually encourages the organization to conduct a fairly vaguely described fraud mitigation mechanism. I'm not overly conversant on the fine details of SP 800-63a, so I can't say that id.me followed the additional rules in it. But I can at least feel some understanding for what's going on. When someone I knew went through the id.me process some months ago, we compared each requirement of id.me back to the document and couldn't find any case where they weren't following a plain reading of the rules, even the steps that made us concerned were clearly listed as things they were supposed to do. I won't say I'm happy about what happened, but if we want to prevent such things from recurring, we need to understand what rules may have caused people to select a certain approach, or the next company to come along will do much the same thing, just with slightly different marketing.

  7. Anonymous Coward
    Anonymous Coward

    No surveillance in the US. Ever. No siree! Honest.

    The sheep fear the wolf all their entire life but in the end they are all slaughtered by the shepherd.

    Forget all this, let's look at China!

  8. Anonymous Coward
    Anonymous Coward

    It will always amaze me

    how American population is constantly being coerced into a nationwide surveillance program which is eroding their basic freedoms while at the same time they are stockpiling guns and ammo to fight against an abusive government.

  9. a_yank_lurker

    Another Reason...

    One solution is to have a tax system that does not require individuals to file annual paperwork with the tax cheats. In this case replace income taxes with other taxes that do not require detail knowledge of each citizen to be collected (sales taxes, excise taxes, etc.).

    1. VicMortimer Silver badge
      Flame

      Re: Another Reason...

      So replace an at least somewhat progressive tax system with a 100% regressive tax system?

      Yeah, that's a GREAT idea. /s

      Income tax in the US has issues. But your proposal would replace it with taxes that heavily burden the poor, somewhat less burden the middle class, and only ever take pocket change from the rich. It's an absolutely abhorrent idea.

  10. Bump in the night
    Coffee/keyboard

    Honesty is the best policy

    Here is a valuable "Upper level college" ethics tip from Captain Obvious:

    When proposing something to prevent fraud, it's probably best not to have any suggestion of fraud in your proposal.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like