Selfie-grifters ID-dot-me about as trustworthy as you expected.

Frantic hiring, ill-equipped staff, and data-security lapses as the company closed lucrative deals with unemployment agencies and the IRS:

Document reviewers were expected to rule on a document every 20-30 seconds, video chat agents were expected to verify about 40 people a day, and email representatives were expected to send around 70 emails a day, according to the former employees. Team "leads" would show workers a top-to-bottom ranking of employees based on how many accounts or documents they verified that week, sometimes every day, they said.

"Coffee is for closers!"

Their bosses told them on some occasions to resolve tickets on accounts that they believed were fake, potentially leading to false verifications. They were told it was not their job to catch fake documents, but to resolve email tickets, they said. [...]

"There were a lot of people who wrote in and were like, 'I feel like I'm being given the runaround, how can you be okay with ruining people's lives like this?' Because it was blocking their access to unemployment," one former ID.me employee told Insider. "I would have people emailing in like, 'I don't have any food to feed my children. We are about to be evicted.' And then follow ups that are like, 'I am now homeless because of this.'" [...]

With a company laptop, email representatives and video chat agents can see any piece of information about any ID.me user -- even people they never talk to. They could look up a user's email, and then find the information, documents, and selfie they submitted to ID.me, these people said. Customer service workers also described a tab on ID.me's internal dashboard that showed all potential facial recognition matches when a user submitted a selfie for verification. This was to catch possible fraudulent accounts, but these people said the system would often show profiles of clearly different people. [...]

Document reviewers were told to upload dubious verification documents to a "peer review" Slack channel. These documents, which sometimes included real personal information like passports or social security cards, were visible to anyone across the company who could access the channel, several former employees said. The files were deleted after a ruling was made, one former employee said, but Slack may keep files, even deleted files, permanently. Compromises to ID.me's Slack could also reveal all of these documents to hackers, regardless of ID.me's proprietary security protections.

As I said last time, "There are many ways to prove who I am to the State of California, and giving my biometric information to some third-party for-profit data-harvester with a Montenegro domain is not an acceptable one."

Previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , ,

4 Responses:

  1. K says:

    Further confirmation that, yes, the system will work however you design it. In this case the design goals appear to have been avoidance of false confirmations of identity at the minimum possible cost. Yuck.

  2. CSL3 says:

    The sad thing is that they're holding my up-to-date vax QR code hostage.
    The even-sadder thing is that I haven't needed my QR since the last time I went to DNA back in March.

    (On the plus side: I do have an up-to-date QR via SF DPH, maybe the only nice thing I'll say about them for some time.)

  3. saxmaniac says:
    1

    There was something about these jerks that either creeped me out, or annoyed the hell out of me, when first seeing them doing some IRS stuff. I said no and put it off indefinitely. Thanks for shining a light on these creeps and helping me putting a finger on it, Jamie.

  4. J. Peterson says:

    The feds have had login.gov for this very purpose.

Leave a Reply

Your email address will not be published. But if you provide a fake email address, I will likely assume that you are a troll, and not publish your comment.

Starting a new top-level thread.

  • Previously