ID.me and the Government’s Identity Verification Problem
Digital identity company ID.me burst into the public eye last year with a simple, straightforward elevator pitch—a one-stop shop for online ID verification—and an eye-popping statistical argument to justify its existence: $400 billion of the federal dollars spent on supplemental unemployment benefits during the pandemic, ID.me asserted, had been lost to fraud.
These sorts of statements contributed to the company’s meteoric rise, with hundreds of millions of dollars in venture capital financing, a $1.5 billion valuation, and, by last fall, a blizzard of contracts to run e-security for government entities at every level—including the unemployment agencies of 27 states, the Department of Labor, and, most notably, the Internal Revenue Service. If you wanted to access your records on the IRS’s website—old tax returns, outstanding balances owed the government, and so on—you’d need to go through ID.me.
But this week, the IRS backed out of the deal, citing ID.me’s use of facial recognition technology. “Everyone should feel comfortable with how their personal information is secured, and we are quickly pursuing short-term options that do not involve facial recognition,” IRS Commissioner Charles Rettig said in a statement.
The IRS retreat wasn’t particularly surprising: ID.me has been suffering a death of a thousand cuts in the press in recent days, including in a Bloomberg feature (“How Did ID.me Get Between You and Your Identity?”) that portrayed the product as a buggy mess and a widely circulated blog post from security writer Brian Krebs that detailed his own difficulties running ID.me’s verification gauntlet. Internal blunders threw more wood on the bonfire: The company admitted earlier statements claiming it had only used so-called “one to one” facial recognition software (matching your picture to the picture on your government-issued documents, without reference to any biometric database) were untrue. Last week, even Congress got in on the action, with senators on both sides of the aisle publicly calling for the IRS to tear up its ID.me contract.
