IRS to ditch biometric requirement for online access

399 pointsby bonytover 3 years ago

26 comments

WalterGRover 3 years ago

124 comments about a week back: <a href="https://news.ycombinator.com/item?id=30126118" rel="nofollow">https://news.ycombinator.com/item?id=30126118</a>

评论 #30251591 未加载

strangesongsover 3 years ago

“Login.gov is already used to access 200 websites run by 28 Federal agencies and over 40 million Americans have accounts,” Wyden wrote in a letter to the IRS today. “Unfortunately, login.gov has not yet reached its full potential, in part because many agencies have flouted the Congressional mandate that they use it, and because successive Administrations have failed to prioritize digital identity. The cost of this inaction has been billions of dollars in fraud, which has in turn fueled a black market for stolen personal data, and enabled companies like ID.me to commercialize what should be a core government service.”not great!

评论 #30252318 未加载

评论 #30251466 未加载

评论 #30257593 未加载

评论 #30253942 未加载

评论 #30251417 未加载

评论 #30254180 未加载

评论 #30252406 未加载

toomuchtodoover 3 years ago

Success is possible. Fingers crossed Login.gov is the solution they’re moving to [1]. Big thanks to everyone who complained to the IRS or their Congressional reps.Onward to yeeting ID.me from state and local government next [2].[1] “The IRS will also continue to work with its cross-government partners to develop authentication methods that protect taxpayer data and ensure broad access to online tools.” (From IRS’ press release on the topic in a sibling comment)[2] <a href="https://www.gsa.gov/blog/2021/02/18/logingov-to-provide-authentication-and-identity-proofing-services-to-a-limited-number-of-federally-funded-state-and-local-government-programs" rel="nofollow">https://www.gsa.gov/blog/2021/02/18/logingov-to-provide-auth...</a>

AdmiralAsshatover 3 years ago

The fact that this was even being considered shows how pitifully little anyone learned from the Equifax breach.

评论 #30251357 未加载

评论 #30251473 未加载

评论 #30251793 未加载

NaturalPhallacyover 3 years ago

Oregon Unemployment uses it too.It's the most difficult login process I've ever encountered and I've lived on the internet since 1996.The fact that it's the only vendor you can use should be illegal.This barrier has been put between Oregonians and the unemployment benefits they're entitled to. <- This is a bigger story IMHO.

furyg3over 3 years ago

I recently needed to access some information on the IRS website, and had to do a 3 hour, very annoying, ID.me registration. Everything failed. The OCR software thought the issue date of my passport was my birthday (so I wasn't old enough to register), fail. The 'link' they send via SMS to take photos of your ID, failed (wouldn't load). A VPN was needed to do some steps from outside the US. I was kicked out of the 'queue' twice to video call with a human where I have to hold up my 'biometric' printed-on-paper social security card.The killer? This morning I woke up to spam emails from ID.me offering me a discount on my first blue apron meal order.Where I am in the Netherlands there is a government-issued digital ID (DigID), that was very straightforward to sign up for and easy to use.

评论 #30258222 未加载

tims33over 3 years ago

IRS press release: <a href="https://www.irs.gov/newsroom/irs-announces-transition-away-from-use-of-third-party-verification-involving-facial-recognition" rel="nofollow">https://www.irs.gov/newsroom/irs-announces-transition-away-f...</a>Great news for everyone here. I still don't know how this provider was actually selected, but at least this change came relatively quickly.

mwexlerover 3 years ago

Hmm... In the US, login.gov still uses id.me for verification (at least on new signup), and this is the sso for TSA stuff like Global Entry, and the Social Security site. I guess it's used "less" now, but is still present for US Government services.

ipsinover 3 years ago

So for anyone who's already used id.me, how hard will it be to purge the biometrics? (And same question for if you live in California)

Unklejoeover 3 years ago

Well now I feel like an idiot for signing up. Is there any way to have ID.me delete all of my records? Or is that a lost cause?

评论 #30254016 未加载

评论 #30254068 未加载

__coaxialcabalover 3 years ago

What was the vendor selection process for ID.me? Their UX, privacy, and security practices seem terrible. What’s the real story on how ID.me became so pervasive in the public sector with such a terrible product?

评论 #30254621 未加载

评论 #30258623 未加载

helperover 3 years ago

Now we just need to get all the state government agencies to drop this requirement as well (looking at you, California).

rarespover 3 years ago

Interesting news. But I see a lot of negative comments regarding the biometrics.Here's my two cents.I'm the founder of a biometric users identity check solution, called Typing AI Biometrics ( <a href="https://typing.ai" rel="nofollow">https://typing.ai</a> ). We identify users by the way they type. Typing biometrics can be used as a two factor (2FA) or multi factor (MFA) authentication method.Instead of combining the usual username + password with an OTP code that you recive on your smartphone or email, you can combine the basic username + password with a typing pattern check, it's much more secure and efficient. The typing signature translated into a 300+ encrypted characters hash, which is (up until now) impossible to break.You can even remove the username + password and combine the typing biometrics check (known as keystroke dynamics) with an OTP verification. Biometrics are the future of authentication and authorization, because they are unique to each person, but only with the promise of not keeping and sharing the users data.You can AMA on this Show HN thread: <a href="https://news.ycombinator.com/item?id=30130447" rel="nofollow">https://news.ycombinator.com/item?id=30130447</a>

评论 #30258203 未加载

评论 #30258800 未加载

1121redblackgoover 3 years ago

I appreciate the institutional awareness and leadership and culture that, in this instance, is leading to the IRS changing their mind.

theduder99over 3 years ago

thank goodness. I received an ambiguous letter from the IRS last week talking about how I may need to file something special this year related to the $1400 covid credit. I was going to login to the IRS site to get more details until I saw the facial ID requirement and quickly noped away from there.

operatingthetanover 3 years ago

I had a phone screen at ID.me and then some of the articles came out and I started looking more into them. They tried to have me start doing interviews but I declined. I watched a motivational video from their CEO and his energy was a bit of a turn off as well.

hannibalhornover 3 years ago

I actually gave it a try, and couldn't successfully signup due to the phone number check, even though my name is on the line. Figure I've wasted a couple hours on it in total. Unnecessary friction.

mistrial9over 3 years ago

here is a repeat of my comment a few weeks ago, which scored 134 on YNews. This was about using biometrics for getting social benefits.. later, someone said "hey! I object, taxes are not benefits" and I reply "the similarity is that biometric requirement to use (obviously efficient) online services. That includes both social benefits like unemployment, and also required interaction like taxes" .. hope that clears it upthe core of the thought is -- if the government interaction is flawed such that it is not actually doing only what it says it is doing, to the detriment of most ordinary people, and is subject to insider gaming with rewards to do so THEN additional and perhaps draconian requirements on the ordinary individual, do not solve the flaws, burden and antagonize an ordinary person, and the implementation becomes a new attention target WITH new penalties attached, for the ordinary person. hth--American here"perhaps better known as the online identity verification service that many states now use to help staunch the loss of billions of dollars in unemployment insurance and pandemic assistance stolen each year by identity thieves"In the great State of California, billions in unemployment benefits were sent to the wrong people.. because their internal systems were designed to delay, deny and deprive, I say. Actual people with real jobs were repeatedly refused, while insiders who knew how to fill out paperwork, and apparently knew where the blind spots were, filed hundreds of claims in the early pandemic days. A newly appointed Director (young, tech savvy woman) soon stopped making public statements, and the situation nearly two years later, is not resolved. This is at a time when California has record income to the State.Now, some people may jump on this and say "well, you see how photo ID would have helped that" and, with incomplete knowledge and personal opinion, I say no, it would not solve it. You see, people with real jobs, with every real paper filed, were denied benefits, while insiders were pulling checks with both hands, using certain kinds of identities that would slip through. How would ever more restriction, requirement and verification, have helped here?I am deeply against the collective government making ever more demands on citizens for "papers, please" enrollment to massive money social services (edit e.g. govt unemployment benefits). It is not going to have the desired effect, despite superficial evidence otherwise. Additionally this represents a slippery slope where the ability to interact as an individual will be eroded, and opportunity for insider graft will increase

idontwantthisover 3 years ago

Was this just a Theranos level scam? It simply didn't work, right? I uploaded perfect scans of my passport and driver's license and it couldn't recognize them, so I had to wait several hours to video chat with a real person, who confirmed my identity.

oversocializedover 3 years ago

Great - now lets fix Home Depot. As of Feb 1, veterans only receive their 10% discount if they submit their photo id to a website and use a phone at the register.

jakeoghover 3 years ago

"Why come you don't have a tattoo?" -2006Damn those anti-chippers!

google234123over 3 years ago

Well, hopefully we wont have a 100+ billion dollars stolen from the US this year b/c of this decision.

guerrillaover 3 years ago

Do people need to care about this if they're filing online with a firm like H&R Block?

评论 #30255063 未加载

stjohnswartsover 3 years ago

I suspect this is more of a pause until it blows over.

pyronik19over 3 years ago

But it's somehow racist to show ID to vote.

评论 #30257698 未加载

评论 #30264628 未加载

throwawayseaover 3 years ago

What I would like to see next is an investigation into why this process was considered at all and how the vendor was selected. I find this entire situation deeply suspicious, since MOST online services (including financial services) do not need this kind of invasive verification process and do not require interfacing with a random third-party. My cynical guess is that id.me has some connection (like via political donations) to those who had the power to effect this change.It also looks like many states use id.me for various purposes (example <a href="https://www.reuters.com/business/states-using-idme-rival-identity-check-tools-jobless-claims-2021-07-22/" rel="nofollow">https://www.reuters.com/business/states-using-idme-rival-ide...</a>). I would also want those decisions revisited and investigated.

评论 #30251418 未加载

评论 #30251932 未加载