How far did ID.me stray in reacting to Covid identity verification contract?
Will ID.me’s U.S. Government business be the next casualty of the pandemic?
According to investigative reporting by news publisher Business Insider, it appears that the digital identity verification company was bringing on hundreds of inexperienced workers to handle an almost-unheard-of onslaught of new business.
The result could be more than a regulatory wrist slap for ID.me and long wait times for thousands of customers seeking support.
Three U.S. senators have accused the company of carelessly handling people’s biometric and other information, Insider reports. The senators, all Democrats, are Robert Menendez of New Jersey, Ed Markey of Massachusetts and Ron Wyden of Oregon.
The senators are vocal critics of ID.me’s contract work on a troubled authentication project at the Internal Revenue Service this year. They appear to be using the company’s operational problems to push federal privacy legislation.
Insider says the trio gave the publication a statement accusing ID.me of “reckless” and “irresponsible” handling of private information.
The publication claims it spoke to nine former ID.me staffers in its investigation. They were not named for fear that it could harm their career. Until the pandemic, the vendor mostly confirmed professional credentials that earned bearers retail discounts.
(It was doing roughly similar ID verification work for the IRS last year when social media boiled with false stories about having to create a biometric profile via ID.me in order for people to pay their income taxes.)
With the onset of Covid and a growing number of biometrics contracts with states, ID.me was contracted to, among other tasks, authenticate the identities of millions of Americans trying to collect pandemic-related government aid.
Not unexpectedly, ID.me managers had a hard time expanding its headcount from 50 in January 2020 to 1,500 at yearend. The resulting frenzy, according to Insider, was a biometrics vendor operating like a loose collection of spare parts.
Best practices and explicit privacy rules in some cases were ignored in order to move the incoming ID requests, according to sources. In an interview with Insider, a company spokesperson said security and privacy are the highest priorities.
Among the more glaring accusations in the articles are accounts of shared customer personal documents, background checks for new workers not completed until after some were hired and seemingly unusual face biometrics matches.
Maybe no medium-sized identity business could have successfully addressed the nation’s needs as it reeled physically and economically. But the outcome could mean fewer government contracts or even the unpredictability of a Congressional hearing.