Can anyone with context speak to as why ID.me was chosen instead of Login.gov? SSA made Login.gov its primary identity provider, so I'm curious what the backstory is on IRS' identity story.
EDIT: Follow up question: Is ID.me a shim until there's traction for the USPS to perform in person identity proofing [1] [2] [3] versus ID.me's remote proofing?
The use of a third party means you don’t have to follow the same privacy rules as if the government collected the data themselves.
It’s why the police forces collect data from phone companies rather than collecting it themselves (which they might even be forbidden from doing).
For extra credit: this is a large subsidy to a private company to increase the size of its database; in return it gets to sell the database contents to others as well.
One need merely do a web search for “parallel construction”, Joe Naccio, etc to see how well such a law stands up in face of a representatlve of your regulator demanding that you breach it.
The same applies to bank policies and privacy when it comes to doing business with certain industries.
BTW I’m pro government and pro regulation so my statements are not some sort of libertarian rant. I simply recognize that complexities and misbehavior do exist such systems.
I would really like it much better if a 3rd party private company wasn't the arbiter of my ME-NESS and a potential barrier to a successful tax payment.
> I would really like it much better if a 3rd party private company wasn't the arbiter of my ME-NESS and a potential barrier to a successful tax payment.
SSA is using ID.me for the verification, Login.gov only provides the login/2FA not the actual identity matching AFAIK. My guess is the IRS thought if they are going to have to go with a third party for this anyway, might as well use their login as well.
I know they've used id.me for a while so this might not have been an option back then, but it now looks like login.gov also does identity verification (and my profile on the site does have my SSN and everything).
Since all (?) states take an electronic photo for a drivers license (and mine takes a thumbprint too), I'm not sure that this gives them any additional information they don't already have.
You do not need an IRS.com account. That's what makes it look like a not-so-innocuous data collection system. This is a possible first step to tighten identity tracking, slow boiling the frog, so to speak.
Under 6 USC 1523: Federal cybersecurity requirements [1], as well as a recent White House Executive Order [2], that would be my interpretation. ~211 federal agency applications support Login.gov, so I have a bit of curiosity in the outliers, especially when public facing.
It looks like (I'm inferring based on a couple different docs) that login.gov offers its own identity verification service (you scan your drivers license or other government ID): https://developers.login.gov/testing/#testing-ial2
I'm not sure why that's not enough, and given login.gov is free(ish) to government agencies, there must be some requirement they are missing. I was promised government SSO, why don't I have it yet?
EDIT: Follow up question: Is ID.me a shim until there's traction for the USPS to perform in person identity proofing [1] [2] [3] versus ID.me's remote proofing?
[1] https://about.usps.com/publications/pub364/ch12.html
[2] https://www.cfr.org/report/solving-identity-protection-post-...
[3] https://static1.squarespace.com/static/5a7b7a8490bade8a77c07...