Future implementation of digital identity verification at IRS emphasized for enhanced tax reporting and filings
In a recent report, the Government Accountability Office (GAO) has made several recommendations concerning federal agencies' digital identity proofing practices, particularly focusing on privacy, program evaluation, and data sharing. The report, which scrutinizes the use of third-party providers like ID.me, emphasizes the need for improved practices across various federal agencies.
One of the key areas of concern is privacy protections and data validity. The GAO highlights the necessity for federal agencies, such as the Internal Revenue Service (IRS), to ensure robust privacy protections when using third-party identity providers. Following external pushback, the IRS updated contracts with ID.me in 2022 and conducted reviews of ID.me’s code to ensure proper data deletion and protection of user privacy.
Another issue raised by the GAO is the lack of measurable goals and documented procedures for evaluating the performance of identity-proofing vendors. The IRS, which relies solely on ID.me for identity assurance level (IAL) 2 products, was found not to have independently identified outcome goals or routine performance evaluations, limiting its ability to take corrective actions against fraud risks. The GAO recommends agencies implement regular evaluation practices and set clear, measurable objectives for identity-proofing programs.
The report also calls for more transparency in how artificial intelligence is used by identity-proofing vendors and agencies, urging adherence to AI standards and compliance. Additionally, the GAO emphasizes the need to break down siloed identity infrastructures and improve data interoperability across government offices.
The report further recommends treating identity proofing as critical infrastructure and advises strategic investments in coordinated modernization efforts supported by federal grants. This would help address current fragmented systems like ID.me, Login.gov, and various others operating in isolation.
In summary, the GAO's recommendations for federal agencies using third-party identity proofing like ID.me emphasize the need for enhanced privacy protections and data handling controls, clear, documented performance goals and regular vendor evaluations, transparency around AI and technology use, breaking down siloed identity infrastructures and improving data interoperability across government offices, and strategic national-level coordination and investment in modernized and unified digital identity systems. These measures aim to improve security, user privacy, and trust in federal digital identity programs while reducing fraud and inefficiency.
The recommendations given to the IRS are grounded in the National Institute of Standards and Technology (NIST), the Office of Management and Budget (OMB), and various statutes, and are applicable to other federal agencies. The IRS has made significant progress in digital identity proofing, moving from a pass rate of 30-40% to 70-80% with the implementation of the Secure Access Digital Interface (SADI) and the use of third-party credential service provider ID.me. The IRS needs to evaluate the performance of ID.me for each application and ensure that all internal parties receive the data provided by ID.me.
The GAO report indicates that much progress has been made, but much remains to be done, particularly in regards to privacy and program evaluation practices for digital identification. The report's findings and recommendations can be used by other federal agencies to improve their own programs. The interview discusses these issues and the IRS's efforts to beef up its digital identity proofing and allow taxpayers easy access to various services and applications on its website. The interview took place in the context of various presidential administration intentions to reduce waste, fraud, and abuse.
- The Federal workforce, as evidenced by the IRS, is encouraged to reimagine its digital identity proofing practices by implementing regular evaluation practices, setting clear, measurable objectives, and ensuring transparency in how artificial intelligence is used.
- To improve security, user privacy, and trust in federal digital identity programs, the Government Accountability Office (GAO) recommends that the industry, including the finance sector and cybersecurity, adhere to AI standards and comply with the need to break down siloed identity infrastructures, thereby enhancing data interoperability across government offices.
- In the spirit of treating identity proofing as critical infrastructure, the GAO suggests strategic investments in data-and-cloud-computing technology for coordinated modernization efforts supported by federal grants, with the aim of addressing current fragmented systems and advancing towards unified digital identity systems within the federal workforce.
