Sign in / up

back to article Remote ID verification tech is often biased, bungling, and no good on its own

A study by the US General Services Administration (GSA) has revealed that five remote identity verification (RiDV) technologies are unreliable, inconsistent, and marred by bias across different demographic groups. In a pre-press version of the GSA study, shared this month, the agency said that only two of the RiDV products it …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. imanidiot Silver badge

    "It's worth noting that the RidV study only included results for volunteers who completed testing with all five vendors, which the GSA said might mean error rates could be higher if users dropped out due to frustration. Performance for fraud detection also wasn't tested as part of the study."

    Holy selection bias batman! This right here pretty much invalidates the study anyway. Especially the first bit. I can't find it right now, but is there any reported number on how many people started and then stopped midway through? I'd imagine the "best" might actually be the worst if all the people for whom it doesn't work have just given up and only those who can reliably make it through the testing (ie, the only ones who can make it work) stay in the study.

    5 0 Reply
  2. Stuart Castle Silver badge

    How would these systems deal with a fake webcam that just streams a JPEG of your face, licence or ID card? I can't check as I don't think I have access to any of these systems, but I should imagine that these systems would be relatively easy to fool if used remotely. At least on a PC or Mac. On a phone or tablet, it might be a different story, because the phone may be limited to using it's internal cameras.

    3 0 Reply
    1. Graham Cobb
      Reply Icon

      Yeah, I did that last summer with a non-governmental entity in Paris who wanted obnoxious ID requirements. It wanted to scan my ID, and then use my camera to see a picture of me. Then it would let me make the reservation I wanted to make.

      I didn't lie to it about who I was but I decided to use the experience to see how hard it would have been to lie to it. The answer: not hard. I scanned my UK driving licence (which seems to have a small and poor photo of me) - on a fairly low resolution on my scanner. Then I told v4l to send a still photo of my face as if it was a videocam. I had no trouble getting in.

      In this case, I was actually identifying as me. But I could probably have done those two things with a photo of <insert name of favourite actor> and a photoshopped driving licence scan.

      0 0 Reply
  3. vtcodger Silver badge

    It's worth pointing out that login.gov has no less than FIVE methods for multifactor identification. Face/fingerprint, security key, authentication app, text/phone, pre-established one time codes. With them, you don't have to use biometrics unless you want to. https://www.login.gov/help/get-started/authentication-methods/

    0 0 Reply
    1. O'Reg Inalsin
      Reply Icon

      "Face/fingerprint" -- how kind of the guv to leave the back door open for poor impersonators.

      1 0 Reply
      1. DS999 Silver badge
        Reply Icon

        As far as I can tell, that option is only available in conjunction with a smartphone so the "impersonator" will need to get hold of your phone AND fool its biometric login. Hardly the easiest bar for them.

        The fact they allow SMS/phone delivery of a one time code makes that weakest possible alternative that would leave the opening for miscreants. A simple SIM jacking or similar attack and you redirect the SMS/phone call intended for their phone to your own that's taken over the number. Though that has the disadvantage that it isn't a silent attack since they'll know something is up when their phone number has been stolen, unless you can do the same SIM jacking in reverse and restore their number without any help/knowledge on their part. Not sure whether that's possible.

        1 1 Reply
  4. ThatOne Silver badge

    I hope that KKK certification didn't cost them too much

    "marred by bias across different demographic groups"

    It's just "white Caucasians" and "Others", isn't it...

    /s

    2 0 Reply
    1. Yet Another Anonymous coward Silver badge
      Reply Icon

      Re: I hope that KKK certification didn't cost them too much

      > just "white Caucasians" and "Others", isn't it...

      Not as simple as that. It's "white Caucasians (not Irish)" and "Others"

      0 0 Reply
  5. chuckufarley
    FAIL

    I have stopped using *.gov...

    ...Because I refuse to upload my personal details to a third party who's only reason to exist is to make a profit. I mean, look at Microsoft or any other profit driven legal construct. They don't give a rats ass about being secure. They just want the money.

    3 0 Reply
  6. Slow Joe Crow
    FAIL

    used. one service and hated it

    I have had to use id.me, the subject of several articles about how lousy it is , to deal with the IRS and while it worked for me I hated every second of it.

    I'm not sure how much was the third party ID company and how much was dealing with the tax man

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like