10 comments

[ 4.7 ms ] story [ 26.9 ms ] thread
I didn't know this existed! It should see much wider adoption by agencies, and I might even email my reps to say so.

It's beyond ridiculous that a for-profit company (ID.me) was awarded a juicy, logo-plastering contract with the IRS. The notion that verifying your identity for tax purposes is a valid insertion point for middleman enterprise is absurd.

As of this comment, Login.gov is supported by over 230 federal agency websites as an identity provider. IRS should be soft launching with Login.gov in the near future. I would strongly encourage you to contact your representatives to further encourage uptake.

https://www.gsa.gov/about-us/newsroom/news-releases/us-gener... (“U.S. General Services Administration announces all Cabinet agencies are now using Login.gov”)

https://www.gsa.gov/about-us/newsroom/news-releases/gsa-and-... (“GSA and DOL expand Login.gov partnership to increase access, decrease fraud, and support modernization in unemployment insurance”)

There could be nuanced inter agency sharing of information and linking of information affecting privacy

I say nuanced because a person is probably using similar identification documents/id across agencies anyways

There are three... THREE different login methods on the social security website. User/password, login.gov, and ID.me.

I can't tell you how confusing this is for my 70 year old father. I think login.gov is a fantastic idea but who ever decided to support three different login methods on a website designed for senior citizens .... AHHHHH. It's like torture for your chosen demographic and their children.

Social Security began with their own identity provider (user/pass). They then onboarded ID.me before Login.gov was accelerated by GSA and USDS. Login.gov, once plugged into SSA, was promoted to primary identity provider (circa September 2021). At some point, user/pass and ID.me will be deprecated (user/pass signups are no longer enabled).
Looks like the french gov login https://franceconnect.gouv.fr/ with which you can authenticate to taxes, pension, and other gov services such as driver licenses or else. It's OIDC-based. We're far from what Estonians have, but I like the idea.
If they can create a secure government citizen authentication method like this (which I know they can), they can also create a secure online voting platform.

I think extra layers and MFA should be mandatory for a voting platform, perhaps even a physical MFA key that gets assigned and retrieved in person.

I am just tired of the US dragging their feet on digital voting when we have the technology.

The problem with voting is that the closer you bring authentication to the picture, the harder it becomes to solve the issue of ballot secrecy.

Today's "sign the book at the poll, and we give you a ballot, which is one of 500 in this precinct-level box" provides at least some level of obfuscation.

I did vote in an election online. Back in 2000, the Arizona Democratic Party ran their (largely a token gesture) primary online as an proof of concept, and I cast my ballot from the main computer lab at ASU. It was convenient, but not breathtakingly more convenient than the mail-in balloting that is a major percentage of users today. Arguably, putting a physical ballot in people's hands is a really strong motivator to actually vote. Although even there, I'm a little more suspect about ballot secrecy; are they really keeping a firewall between the signed perjury declaration on the envelope and the ballot itself?

Secrecy is not incompatible with authentication. Various implementations of blockchain demonstrate this.

It's a question of trusting the government to be open about their security measures and not implementing a backdoor.

Dare I say that this software could be open source and shared with other governments. If it's properly secure enough, opening the source shouldn't be a problem, and opens it to public audit.