I don't know anything personally but I do have a friend who works as an engineer at ID.me and he explained to me that they really don't store any data.
The way it was explained to me, (apologies if there's anything factually inaccurate in here, this is my recollection from a while ago, just before the IRS very notably decided to cancel their contract for the 2021 tax year?) they had an army of people whose job was literally to visually compare the person's selfie to the ID they presented, and if I understood correctly, they also had some facility for verifying the presented ID was genuine. And that was it.
(Edit: I see from clicking through to the CyberScoop article "ID.me CEO backtracks ... on 1:many recognition use claims" that it may not be the case that's all they do with each selfie, and that in reality they do store the selfies, based on a regulatory requirement that they must do so for 7 years.)
I think based on that conversation (and sure, call me biased) the "invasion of privacy" concerns were way overblown. If you think the best way to implement an ID verification system is to hire more permanent government employees and have them do the job in-house, ... I'm on Hacker News, so I'm going to assume that nobody thought that.
If you have concerns about the truthfulness of this scheme (does it really happen without permanently storing any selfies?) I think those are fair concerns, and we should know the answer.
But is there anything to be really concerned about, if there's no permanent storage? I don't understand. Can someone explain it to me? I think that the "invasion of privacy" ship must have already sailed, the government has your photo ID in a database, and it's already on record there forever.
What does it matter if the verification is outsourced to a private company? Is there the capacity to do this already inside of our government? (Would you trust them to implement such a system efficiently and correctly without private help?)
What level of oversight would make this scheme appropriate, I guess is my question? Is there any ID verification system that people who are up in arms would accept here? I'm in favor of probing the questions but I am not surprised that wait times are longer and support staffing was evidently reduced, after the IRS cancelled their contract. "You reap what you sow."
> I think based on that conversation (and sure, call me biased) the "invasion of privacy" concerns were way overblown
I mean, that's why this calls for a probe, right? I also suspect they were overblown - but that's why you look into something.
> I think that the "invasion of privacy" ship must have already sailed, the government has your photo ID in a database, and it's already on record there forever.
I absolutely disagree with this framing of the question. It's false equivalence to suggest that once something exists somewhere "unprivate" that any other system would also be fine. We are going to need to dig into systems and understand if the reduction in privacy fulfills a necessary function and push back on all the systems where that isn't true.
There's no magic in "public" v.s. "private" companies - but each new layer introduces new potential for mismanagement and so you need to ask everyone to "get to the bottom" of what happened.
The way it was explained to me, (apologies if there's anything factually inaccurate in here, this is my recollection from a while ago, just before the IRS very notably decided to cancel their contract for the 2021 tax year?) they had an army of people whose job was literally to visually compare the person's selfie to the ID they presented, and if I understood correctly, they also had some facility for verifying the presented ID was genuine. And that was it.
(Edit: I see from clicking through to the CyberScoop article "ID.me CEO backtracks ... on 1:many recognition use claims" that it may not be the case that's all they do with each selfie, and that in reality they do store the selfies, based on a regulatory requirement that they must do so for 7 years.)
I think based on that conversation (and sure, call me biased) the "invasion of privacy" concerns were way overblown. If you think the best way to implement an ID verification system is to hire more permanent government employees and have them do the job in-house, ... I'm on Hacker News, so I'm going to assume that nobody thought that.
If you have concerns about the truthfulness of this scheme (does it really happen without permanently storing any selfies?) I think those are fair concerns, and we should know the answer.
But is there anything to be really concerned about, if there's no permanent storage? I don't understand. Can someone explain it to me? I think that the "invasion of privacy" ship must have already sailed, the government has your photo ID in a database, and it's already on record there forever.
What does it matter if the verification is outsourced to a private company? Is there the capacity to do this already inside of our government? (Would you trust them to implement such a system efficiently and correctly without private help?)
What level of oversight would make this scheme appropriate, I guess is my question? Is there any ID verification system that people who are up in arms would accept here? I'm in favor of probing the questions but I am not surprised that wait times are longer and support staffing was evidently reduced, after the IRS cancelled their contract. "You reap what you sow."