Selfie Biometrics Put Login.gov ‘in a Really Good Place’ for IAL2 Compliance: Director

Login.gov, the federal government’s identity verification service, is on track to meet the crucial Identity Assurance Level 2 (IAL2) standard, according to its director, Hanna Kim.

Launched in 2017 by the General Services Administration (GSA), Login.gov was created to help federal agencies securely verify users’ identities, and it now supports over 100 million accounts. However, scaling the service to meet stringent identity verification requirements has been challenging. The service was criticized in a 2023 watchdog report for misleading agencies by claiming IAL2 compliance when it had not met the standard.

To address the issue, Login.gov has embraced face matching technology, comparing a user’s selfie to their government-issued ID, as part of its push to meet IAL2. In an interview with Nextgov/FCW, Kim expressed confidence in this approach, saying the program is “in a really good place to be able to meet IAL2 compliance.” The service began piloting this capability with select agencies in May and made it available to all agencies by July. However, those uncomfortable with biometric solutions can opt for in-person verification at participating post offices.

Kim stressed that equity remains a priority in Login.gov’s adoption of facial recognition technology, acknowledging concerns about algorithmic bias. A GSA study revealed that some biometric solutions show varying levels of accuracy, with one system performing worse for certain demographics. “That’s one of the reasons why we were very intentional about making sure we’re picking an algorithm and a vendor that has been having good results,” Kim said. She added that GSA is awaiting the results of an ongoing equity study to further ensure fairness in the process.

The push toward IAL2 compliance is also part of Login.gov’s effort to rebuild trust with lawmakers and partner agencies following the 2023 report. Kim emphasized that GSA has implemented all of the report’s recommendations and is working to increase transparency through quarterly meetings with agencies and regular briefings on Capitol Hill.

Login.gov’s team is focused on maintaining accountability, especially given the $187 million it received from the Technology Modernization Fund in 2021 to enhance cybersecurity, anti-fraud measures, and in-person proofing capabilities.

While Login.gov’s shift toward IAL2 compliance is a positive step, it also raises concerns about financial sustainability and balancing upfront investments with long-term goals. Kim noted that the agency’s cost recoverability mandate adds pressure, but she remains confident in the public sector’s broader accountability to the public, stating, “We are not driven by profitability alone. We have an even broader accountability to the public.”

Kim was named director of the GSA Technology Transformation Service agency this past spring, succeeding former Login.gov director Dan Lopez-Braus.

Source: Nextgov/FCW

–

October 4, 2024 – by the ID Tech Editorial Team