undefined | Better HN

0 pointseropple2y ago0 comments

Why? Iteration is something to be embraced rather than stigmatized in moving towards a more responsive set of government services. Login.gov is the future of government identity in the United States, but IAL2 is a higher bar than most government services need; waiting for IAL2 implementation is a tradeoff in favor of understandable-but-abstract risks against addressing a concrete harm that exists now.

You have an opt-out (use the existing methods of filing, including mail), and you're not harmed or even treated less preferentially by the existence of the ID.me option.

0 comments

8 comments · 3 top-level

lupire2y ago· 3 in thread

The government is putting citizens at risk by allowing a bad solution (ID.me) and wasting time supporting it that could be spent working on login.gov.

toomuchtodo2y ago

ID.me is already plugged in to IRS' platform, and is used today for all IRS account services to prevent fraud (return fraud being previously very prevalent [1], but there are other threat actor concerns with regards to IRS and identity). Throwing more people at Login.gov will not cause a solution to be arrived at tomorrow [2] [3]. It's suboptimal, but the world runs on duct tape, and a fix is underway. There is always risk, it is about managing that risk effectively.

Personally, I believe saving tens of billions of dollars in potential fraud costs every tax filing season buys a lot of tolerance to people complaining about the interim solution. The complaints are valid, but so are the attempts at fraud. And so, we balance the risk of the implementation.

[1] https://www.justice.gov/tax/stolen-identity-refund-fraud ("The IRS estimated that during the 2013 filing season alone, over 5 million tax returns were filed using stolen identities, claiming approximately $30 billion in refunds. The IRS was able to stop or recover over $24 billion of that total, or approximately 81% of the fraudulent claims.")

[2] https://en.wikipedia.org/wiki/The_Mythical_Man-Month

[3] https://en.wikipedia.org/wiki/Brooks%27s_law

(interviewed with a team that worked on fraud prevention at IRS as part of a US Digital Service interview)

creer2y ago

Are they though (that much plugged in)? I have done quite a few iterations of IRS contacts, checking on returns, paying fees online, paying taxes online, etc over the past few years. Without yet having to deal with ID.me. Enough that at this point I would definitely do some work before giving in. So are they that prevalent really? Certainly NOT used for all account services.

1 more reply

eroppleOP2y ago

Federal workers are not project-fungible in such a way as to make what you suggest possible. And it's not just the federal government, either; ask any large corporation. There is no path to "well the IRS's developers should just go make Login.gov happen faster", even if you get a hall pass from the mythical man-month.

So, now that we've acknowledged reality--what now? Do nothing, while the active harm continues, because of fear of a hypothetical future (but with a limited time horizon) one?

thfuran2y ago· 2 in thread

Because a US government service should not be outsourcing to a .me domain. I don't really care whether their internal service has IAL2, but it should be on .gov.

Atotalnoob2y ago

It’s just a domain name? It resolves to US based nameservers, the company is US based, with offices in the US, the founders are US citizens.

Would idme.com make you happy?

As much as I dislike Id.me, the domain name isn’t something to get upset at, it’s just branding…

tomrod2y ago

I think parent comment assumes the DNS mapping is owned by the `.me` TLD owner, setting up an external contact that may or may not be hostile to owners of `.gov` TLD owner (the US), setting up a potential for nefarious activity.

"just a domain name" but MITM DNS attacks exist.

Cthulhu_2y ago

Because if this works, the process of moving to login.gov might stall or be canceled altogether; there's nothing as permanent as a temporary solution.

j / k navigate · click thread line to collapse