[HN Gopher] USPS In-Person Identity Proofing
___________________________________________________________________
USPS In-Person Identity Proofing
Author : rawgabbit
Score : 105 points
Date : 2023-09-21 17:06 UTC (5 hours ago)
(HTM) web link (faq.usps.com)
(TXT) w3m dump (faq.usps.com)
| atonse wrote:
| I'm a huge fan of login.gov - It's just really nicely
| implemented, simple to use, accessible, and I love their reuse of
| well thought out ideas in the Federal Government of IALs
| (Identity Assurance Levels).
|
| I hope this system expands further, and even that local
| governments also start to use it.
| bagels wrote:
| USPS doesn't even know the difference between Australia and
| Curacao, good luck.
| CaliforniaKarl wrote:
| Uh, could you please provide some background for your
| statement?
| supernova87a wrote:
| They should expand this service to make the USPS some profit, and
| offer to banks, credit cards, real estate, city/state
| governments, etc. to combat the rising (maybe perceived, but
| certainly lots of real) problems with proving someone's real
| identity and fraud.
|
| The virtual world has opened up new channels for fraud and it
| seems government is just way behind on this. Almost to the level
| that some institutional trust is starting to break down (not to
| be too exaggerated about it though). (see pandemic relief funds)
| toomuchtodo wrote:
| Recently had to perform this for a dependent family member due to
| online identity proofing failure when attempting to setup mail
| forwarding online. Super simple process. USPS provided a barcode
| via email, you can print or display on device. USPS staff scans
| barcode, requests identity documents, performs proofing, and upon
| approval, the exception flow completes and whatever action you
| requested proceeds. In and out in 5 minutes.
|
| https://www.login.gov/help/verify-your-identity/verify-your-...
|
| Really excited as this rolls out fully for Login.gov high IAL
| (identity assurance level) use cases (ie IRS logins). If someone
| from Login.gov can comment on why state IDs are accepted, but not
| US passports and other federal identity credentials, I would be
| interested!
|
| (tangentially, behold, your government and two exceptional public
| goods [Login.gov and USPS] working for you efficiently and in
| public)
| kylehotchkiss wrote:
| > state IDs are accepted, but not US passports and other
| federal identity credentials
|
| Federal documents don't have authenticated addresses. The view
| seems to be that only state agencies are capable of verifying
| you actually live at the address on your ID (See Real ID for
| more context).
| ethbr1 wrote:
| > _The view seems to be that only state agencies are capable
| of verifying you actually live at the address on your ID_
|
| Cue state system "fun" for military folks who have a home of
| record they're legally-entitled to keep, despite not being
| resident.
| fatfingerd wrote:
| The US also follows its citizens everywhere like Eritrea..
| Being resident in a State has nothing to do with being a US
| person.
| jkaplowitz wrote:
| > Federal documents don't have authenticated addresses. The
| view seems to be that only state agencies are capable of
| verifying you actually live at the address on your ID (See
| Real ID for more context).
|
| Real ID isn't about this. Federally issued IDs like passports
| and NEXUS or Global Entry cards can be used in every context
| where the REAL ID Act's requirements apply to state-issued
| driver licenses and non-driver IDs, without any exception I'm
| aware of, even though these federal documents are not proof
| of address.
|
| But sure, your explanation might well be the justification
| behind this USPS / Login.gov policy.
| techsupporter wrote:
| > Federal documents don't have authenticated addresses.
|
| I wonder why that matters. If I am provably who I say I am,
| why is the address important?
|
| Also, not specifically for you, but generally what about
| states that don't reissue IDs when someone moves? (I suppose
| their answer to that is "get an updated ID and try again".)
| abirch wrote:
| Michael B. Jordan could try to be Michael Jordan. There are
| many popular names out there. Heck I'd change my name to
| Bill Gates.
| CaliforniaKarl wrote:
| "try" isn't even needed. Example: Two people, living at
| the same address, whose names differ only in the middle
| initial. One person moves, submitting the change-of-
| address form. They then start to get some (or all) of the
| mail for the other person.
| Mountain_Skies wrote:
| Four generations of men in my family have the same name
| other than suffix. At times three of them lived at the
| same address. It has caused a number of issues over the
| years, including unintended cross access to bank
| accounts. Despite the problems it sometimes creates, they
| seem to be amused by the confusion.
| simcop2387 wrote:
| For mail forwarding at least, there could be two John
| Smiths and requesting forwarding for the wrong one would
| let someone steal mail easily.
| hiatus wrote:
| I can't imagine there is any state that lacks the option to
| update the address on your license after you move. Many
| will even send a sticker in the mail so you don't have to
| get a new card.
| kube-system wrote:
| It's important to the USPS because the reason they want to
| know a person's identity is for the purpose of physically
| delivering mail to the correct address for that person.
|
| > what about states that don't reissue IDs when someone
| moves
|
| Do these exist? I'm not aware of any state that doesn't
| _require_ you to update your address when you move.
| trianglesphere wrote:
| It's about moving inside a state. I told the DMV of my
| new address, but my drivers license still has the old
| one. Maybe I could get it reissued, but that seems like a
| pain. Many people move more frequently than the license
| expiration period.
| Mountain_Skies wrote:
| Every time I moved in Georgia, they mailed me a
| replacement license with my new address. Don't know if
| all states are like that but given the increasing desire
| to know people's whereabouts, I would guess many do.
| Georgia does say it can impose a fee of you move too many
| times during a license's validity period but haven't seen
| that actually happen.
| pimlottc wrote:
| Whether it's required or not, it's rarely enforced.
| WirelessGigabit wrote:
| California.
|
| https://www.dmv.ca.gov/portal/online-change-of-address-
| coa-s...
|
| > Will DMV send me a new DL/ID or registration card once
| my Change of Address is complete? No. New documents are
| not issued when you change your address. However, you can
| request a replacement DL/ID or replacement registration
| card after you confirm that your address was changed
| successfully.
| [deleted]
| kube-system wrote:
| I think that answers the question to "what about?" above.
| You request a replacement.
| WirelessGigabit wrote:
| But you don't have to.
| Ridj48dhsnsh wrote:
| So how would that work if the IRS requires ID verification for
| my taxes and I live on the other side of the world, usually
| visiting the US every 2-3 years?
| kylehotchkiss wrote:
| Embassies are supposed to be helpful for this matter. I spent
| a few years abroad and needed to file ITIN paperwork for
| spouse and we went in together to get a certified photocopy
| of their passport for about $50. The IRS accepted this as
| binding as an American document.
|
| That said, the IRS doesn't really want you on their sites if
| you don't have a US address. I struggled to get transcripts
| on the site (but they allow you to submit written requests
| for them). This is a reasonable thing for the IRS to
| implement given the significant interest in fraud from their
| systems from people overseas.
| taway_6PplYu5 wrote:
| >the IRS doesn't really want you on their sites if you
| don't have a US address. ... This is a reasonable thing for
| the IRS to implement given the significant interest in
| fraud from their systems from people overseas.
|
| Except that US tax law also requires that all US persons,
| worldwide, to file US tax returns (note: this is a superset
| of US citizens).
|
| So if the law applies to expats and to anyone who has ever
| applied for a green card even if denied or not used or not
| revoked, then the system needs to support worldwide access.
| jkaplowitz wrote:
| The current IRS online account system with ID.me does allow
| signing up with foreign addresses, and then you can
| download transcripts there.
|
| Your struggles were probably with the previous system,
| which only allowed creating an account with a US address.
| It did however allow placing an online request without an
| account for a transcript to be mailed to a foreign address.
| I did this successfully myself and received the mail in
| Canada.
| toomuchtodo wrote:
| Remote identity proofing, either automated to confirm
| liveness or with a video call. Takes about 3-5 minutes in my
| experience.
|
| https://help.id.me/hc/en-
| us/articles/8214940302999-Internal-...
|
| You bring up an interesting edge case though. I will reach
| out to my State Dept folks to ask about supporting Login.gov
| identity proofing IRL at embassies and consulates for expats.
| donmcronald wrote:
| > USPS staff scans barcode, requests identity documents,
| performs proofing, and upon approval, the exception flow
| completes and whatever action you requested proceeds. In and
| out in 5 minutes.
|
| This is how code signing certificates should work. Better yet,
| let them be issued with a simple OAuth flow through sites like
| login.gov where people have already been verified.
|
| The current system is the worst of everything. It's a
| convoluted process with geographically and culturally
| disconnected people doing verification for (primarily)
| businesses that don't even need to be tied back to a natural
| person or beneficial owner. To top it off, it's ridiculously
| expensive for an individual or open source project.
|
| Microsoft also plays a huge role in propping up the currently
| broken system by trusting EV certificates more than personal
| certificates even though the identity of a natural person is
| far more valuable than the identity of a shell company that can
| easily be used by bad actors.
|
| In one way I dislike identity verification systems like this
| because I think it's going to increasingly disadvantage people
| that are already less fortunate, but in another way I hope that
| it can be used to improve some of the terrible processes we
| have to endure when it comes to identity and trust.
| KennyBlanken wrote:
| The reason cert and signing costs are expensive is to
| discourage random people from signing up for accounts they
| don't need, or uploading useless apps.
|
| This sort of "price people out of being annoying or doing
| things they don't remotely need" technique is extremely
| common in society.
|
| EV certs involve a pretty lengthy number of checks, by the
| way. Having a PO box isn't enough.
| donmcronald wrote:
| I don't have a huge issue with the expense, but I don't
| think it should be a requirement. I think it should be more
| of an upgrade. For example, let me get a personal code
| signing certificate for $50 per year and then treat an
| organizational cert as an upgrade where I pay $500 to have
| my business name on the cert. I could even see a case for
| having $5000+ high value certificates.
|
| The problem with that is the way companies like Microsoft
| handle them. Instead of telling the user "this is a low
| value cert", they put up a massive warning telling the user
| their computer is going to melt down if they trust it. It
| makes the decision of whether or not to run something
| binary and it's not.
|
| I think a system where I could sign things as trivial as
| PowerShell scripts would be better than what we have now.
| Anyone I give something like that to is going to know me
| personally and can easily judge the trustworthiness of what
| they're running by seeing my name.
|
| > This sort of "price people out of being annoying or doing
| things they don't remotely need" technique is extremely
| common in society.
|
| From what I see, it makes things difficult for someone
| trying to provide fair value and favors anyone willing to
| price gouge their customers. Even worse, criminal activity
| is extremely high margin and industrial scale bad actors
| have no problem paying for things like EV code signing
| certificates.
|
| > EV certs involve a pretty lengthy number of checks, by
| the way. Having a PO box isn't enough.
|
| And, based on my experience, it's all a big clown show. The
| people doing the verification are at a huge informational
| disadvantage because (I'm assuming) they're in a processing
| somewhere with minimal training and are expected to verify
| identities for every jurisdiction in the world. It's like
| me trying to verify the identity of someone in China. No
| matter how much training you give me, I'm probably never
| going to be as good at it as a local would be.
|
| The whole system could be better. I would prefer to see
| something where everything starts with a personal code
| signing certificate for a natural person and where getting
| an EV certificate requires an attestation from someone with
| a personal certificate. My identity is more valuable than a
| shell company.
|
| There's no incentive for anyone to fix it either. The
| platform owners benefit immensely if people abandon a
| standardized code signing system in favor of the signing
| certificates they issue for their app stores. IMO that's
| half the reason Microsoft abused their market position to
| kill AppGet. Anything that improves competition for app
| distribution isn't going to be allowed.
| gopher_space wrote:
| > The people doing the verification are at a huge
| informational disadvantage because (I'm assuming) they're
| in a processing somewhere with minimal training and are
| expected to verify identities for every jurisdiction in
| the world. It's like me trying to verify the identity of
| someone in China. No matter how much training you give
| me, I'm probably never going to be as good at it as a
| local would be.
|
| The USPS is in an ideal and probably unique position to
| implement verification. Each office already has a handful
| of people who know you, personally, by name and location.
| They could pre-verify a large number of people without
| collecting or distributing additional info.
| tshaddox wrote:
| I'm glad you had a good experience. I recently had a terrible
| experience with what should have been an even simpler
| verification process.
|
| My wife and I ended up moving (within California) on short
| notice that overlapped my wife's unrelated trip out of the
| country. Despite very clear documentation on the USPS website
| about the documentation required for me to verify my wife's
| identity (and my relationship to her) in order to complete a
| Change of Address order on her behalf, the USPS employee
| immediately and aggressively accused me of attempting identity
| theft. No amount of showing him the USPS documentation about
| how to verify a spouse's identity would convince him.
|
| At the second USPS office I tried, the guy was very nice, but
| also said that due to a high rate of identity theft they are
| refusing to do anything without the person there.
|
| Luckily we only had a short interval where mail wasn't being
| forwarded before my wife returned and verified her identity in
| person, and probably didn't miss any important mail.
| dv_dt wrote:
| I have always filled out change of address online with no
| issues. But I suppose it's been 5-6 years since I last did
| this.
| bee_rider wrote:
| Their system is quite picky about address formatting (they
| ask to do a small transaction; you billing address better
| match the address USPS has for you exactly, stuff like RD
| vs road matters).
|
| I ended up changing my billing address in my bank to
| exactly match what USPS wanted. Which worked, and was fine,
| but did leave me wondering what would prevent someone else
| from doing that with their own bank account if they wanted
| to change my address for some weird reason.
| KennyBlanken wrote:
| So you signed up for a bank account with an address that
| wasn't properly formatted and you're upset at the USPS?
|
| I thought it was common knowledge to, when moving to a
| new address, check one is using the correct formatting
| via the USPS online validator.
|
| It's picky because "rd" is not valid. You would know this
| if you did a simple google search:
|
| https://pe.usps.com/text/pub28/28apf.htm
| bee_rider wrote:
| RD vs road wasn't the exact issue, it was just that sort
| of thing.
|
| They managed to deliver mail to the previous address for
| years, so I guess they were able to figure it out.
|
| Why do you think I'm upset? It was slightly annoying but
| not really a big deal, easy enough to fix, just thought
| it was a funny story.
| CaliforniaKarl wrote:
| That's a combination of the human part of the USPS, plus
| automated validation/correction routines.
|
| To the human part: If you send a letter to a residence;
| and only include a street address plus 5-digit Zip code,
| or a street address plus city/state without a Zip code;
| that's enough to get the letter through. The envelope
| might be scanned at the originating point, and the image
| sent to a human for review, or the letter might make it
| to a post office at/near the destination, and a human
| will take it.
|
| Sticking with the "rd" / "road" example: When the bank
| goes to mail something to you, I wouldn't be surprised if
| they run the address through a validation program. That
| validation program would catch things like "rd", replace
| it with the appropriate term, and also generate the Zip+4
| code. What's missing is feedback from that program. So
| the bank might continue to have "rd" in your address,
| even though it's wrong.
| LegionMammal978 wrote:
| As it happens, the USPS actually has an online form for
| this service [0]. For instance, if I query "1600
| pennsylvania avenue" in Washington, DC, then I get the
| full two-line address back on page 2, complete with the
| Zip+4 code: 1600 PENNSYLVANIA AVE NW
| WASHINGTON DC 20500-0005
|
| I've used this tool before to double-check some more
| wonky addresses before sending mail to them. I'd be
| surprised if they don't also offer an API for the
| service.
|
| [0] https://tools.usps.com/zip-code-lookup.htm?byaddress
| tshaddox wrote:
| When you do it online they have some sort of risk
| estimation thing where you provide (if I remember
| correctly) a credit card and a phone number. When I
| completed mine online, it said I was instantly verified,
| but for my wife it said additional in-person verification
| was required. I suspect it's because she changed her name
| when we got married and whatever online identity service
| they use has a combination of her old and new names.
| techsupporter wrote:
| > but also said that due to a high rate of identity theft
| they are refusing to do anything without the person there.
|
| This is the part of processes that annoys me the most. A
| company or agency will publish the rules they want people to
| follow, then there's a 30% chance that when I go to follow
| them, I will be denied because of an unpublished rule or an
| exception like this of "oh, well we're just not doing that
| right now."
|
| The whole point of the USPS policies on being able to confirm
| a relationship is to avoid identity theft. If the policy is
| no longer going to be used then remove it! Or, better yet,
| update it.
| ethbr1 wrote:
| With USPS, not to put too fine a point on it, there's also
| "I'm saying we're not doing this right now, because I don't
| want to do this work right now."
|
| (With deference to all the other, _amazing_ USPS folks I
| 've worked with!)
| ethbr1 wrote:
| I've found that USPS has a vast gulf between their IT systems
| (generally good!) and their line workers, as well as a huge
| training spread from line worker to line worker.
|
| The best approach is usually to go to another postal branch
| when you run into a bad egg... and/or go during a time of day
| that it's quieter.
| toss1 wrote:
| Does this work for a family member who cannot physically
| present themselves at a Post Office, e.g., due to illness or
| incapacity?
|
| (looks like this is what you are reporting, but the phrasing is
| a bit ambiguous on that detail - thanks!)
| CaliforniaKarl wrote:
| The USPS in-person method is an exceptional flow; it's only
| used if other options are unavailable.
|
| If someone is ill, then you should use the remote options
| that are already available for ID verification. ID.me has tip
| for friends & family that are helping with this:
|
| https://help.id.me/hc/en-
| us/articles/4589202735639-Helping-f...
|
| If a person is ill, and the normal (remote) methods don't
| work, my suggestion would be to reach out to the Postmaster
| for your local area (if you have multiple post offices in
| your area, there may be one Postmaster for all of them). Meet
| them in person and explain the situation. Before you reach
| out, get documentation from a local doctor to back up your
| case. Ask what options are available.
|
| If someone is incapacitated, then identity verification is
| not going to work, but that's the point: If you don't
| currently have the capacity to participate in transactions,
| that responsibility falls to someone else (spouse, next of
| kin, power of attorney, court-appointed person), etc..
| t3rabytes wrote:
| > In and out in 5 minutes.
|
| Most of my USPS experiences are great _once I actually get to
| the desk_ , but it might take 45-60 minutes of standing in line
| before I actually get there.
| mistrial9 wrote:
| sure all that is great - but terrible side effect of the USA
| system is that _every person_ must run through some gauntlet of
| ID systems.. two generations ago, some tax professionals and
| some government employees had to have super-rigorous profiles
| on file.. and the person agreed to that when they pursue that
| profession.. the dystopian parts come with the 75-year old
| widow with dementia or college student aka slacker has to
| adhere to similar standards to be basically functional.. there
| needs to be some middle ground, say some
| toomuchtodo wrote:
| Functioning identity systems are a component of a functioning
| government. I agree there should be very robust exception
| handling mechanisms to get folks on rails who fall off.
| Someone being able to prove they are who they say they are is
| only dystopian to a vocal minority.
|
| If you don't want to drive, don't want to buy alcohol, don't
| want to travel internationally, etc, certainly, you can go
| without a state issued ID or driver's license, or a US
| passport. That is a choice. You're still going to need to
| prove who you are to rent formally, transact in real estate
| (buy a home with or without a mortgage), apply for state of
| federal benefits, obtain non emergency healthcare, etc.
| toast0 wrote:
| > transact in real estate (buy a home with or without a
| mortgage)
|
| FWIW: buying with owned funds is easy, selling is hard.
| Sellers don't really care about identity verification as
| long as the funds are good. OTOH, buyers/lenders/title
| insurance issuers do want the sellers' identities to be
| solid, because if they transacted with the wrong person,
| they are going to have a bad day. Lenders probably also
| want the buyer to be well identified, because it'll be a
| mess if not.
| nonrandomstring wrote:
| > Functioning identity systems are a component of a
| functioning > government.
|
| That's a very strong and parochial claim.
|
| Good, reliable, trustworthy, functioning government has
| existed for between 5,000 and 10,000 years depending on
| which anthropology you follow.
|
| For almost all of that time, governments have had scant
| legibility into the size or makeup of their population,
| barring a rather crude census every now and then.
|
| Identity at individual granularity happened practically
| yesterday, and is still a project in progress for many
| nation states. It's really a function of global travel,
| banking systems, modern social welfare benefits and
| healthcare.
|
| A well designed government does not need micro-relations
| with each and every citizen, but works fine in aggregation,
| devolved autonomous subsystems and heuristics.
|
| The "Government needs to know all about you" is a
| technocratic conceit less than 100 years old.
| bbarnett wrote:
| _The "Government needs to know all about you" is a
| technocratic conceit less than 100 years old._
|
| I remember, as a kid, when Canada rolled out the Social
| Insurance Number, only for tax use! Now it's used for
| everything.
|
| And later... health cards! Used to be, you'd just wander
| into a hospital.
|
| Now you need endless id for everything.
|
| 50 years only!
|
| It's really absurd.
| zht wrote:
| what is your main concern about requiring IDs to do
| things like obtain health care?
| kccqzy wrote:
| Traditionally speaking, the United States did not agree
| with that. People argued against a national identity
| system, and even when SSNs first appeared it was stipulated
| that they not be used for identity.
|
| That said I personally agree with you.
| mistrial9 wrote:
| > Someone being able to prove they are who they say they
| are is only dystopian
|
| it is intellectually dishonest, or motivated reasoning as
| they say, to imply that I said anything to the contrary.
| Perhaps you can reconsider that assessment of the comment ?
| toomuchtodo wrote:
| > the dystopian parts come with the 75-year old widow
| with dementia or college student aka slacker has to
| adhere to similar standards to be basically functional..
| there needs to be some middle ground, say some
|
| Did I read this wrong? It sounded like you were
| insinuating that these use cases shouldn't required
| strong identity assurance. If that is not what you meant,
| I apologize for reading the statement incorrectly. If
| identity credentials are provided at low or no cost to
| prevent marginalization or disenfranchisement, I see no
| issue. Those credentials are then leveraged for all other
| systems that require identity proofing. That widow will
| need to prove who they are for social security benefits,
| medicare, or to receive an estate from a deceased partner
| (including removing them from their home's deed if held
| together, or accepting retirement accounts as a
| beneficiary). That college student will need to prove who
| they are for government funding aid, student loans, and
| to enroll. Disenfranchisement is very real, but so is
| identity fraud.
|
| People who want strong privacy and governance around
| identity aren't wrong, they are simply solving at the
| wrong OSI layer by saying the technical implementation of
| identity systems shouldn't be good. Fix tech problems
| with tech, fix people problems with people.
| renlo wrote:
| > the dystopian parts come with the 75-year old widow with
| dementia [...] has to adhere to similar standards
|
| I don't mean to strawman, but, isn't this all to prevent the
| 75-year old widow from losing her retirement savings by
| scammers? Don't let perfect be the enemy of good, sure there
| are issues, but there needs to be something.
| mistrial9 wrote:
| this is a great point and absolutely a real problem.. the
| specific person I was thinking of, is getting phone calls
| daily on her new iPhone from strangers.. In the past, a
| licensed professional of some kind would be an intermediary
| over a committed period of time..
| wayfinder wrote:
| Pretty sure this is by design, not by a side effect. National
| ID systems are not super popular.
|
| Inefficiency is strangely sometimes the only reliable way to
| prevent consolidation of power.
| foogazi wrote:
| This is great example of the USPS as the federal government store
| front. They already handle passport appointments.
|
| I'd like to see options for the unhoused and unbanked:
|
| Homeless people get ID verified, get virtual mail access: all
| mail scanned and available online, physical mail at closest zip
|
| Low income unbanked get access to free banking options
| CaliforniaKarl wrote:
| The USPS piloted a postal-banking program last year, in four
| post offices: https://federalnewsnetwork.com/agency-
| oversight/2022/04/usps...
|
| It would be awesome if that could be expanded!
|
| Mail scanning is a service already provided by private
| companies. For example, a random search returned this result
| for a store in Los Altos (near Mountain View):
| https://www.villagemailcenter.com/Products-Services/Digital-...
|
| It would be awesome if a community-services provider could set
| up something similar, but it's worth noting the USPS does have
| two services which might work:
|
| * https://faq.usps.com/s/article/Is-there-mail-service-for-
| the...
|
| * https://faq.usps.com/s/article/What-is-General-Delivery
| supernova87a wrote:
| The stupid thing is that (I understand) the USPS is prohibited
| by law from offering such services. Go figure.
| lxgr wrote:
| That's truly ironic - in Europe, the giro/wire transfer
| system has its roots in the postal service in many countries!
|
| In the US, a similar thing happened for American Express and
| Western Union, which also started out as postal and telegraph
| service providers before they became financial service
| providers.
| CaliforniaKarl wrote:
| Source?
| supernova87a wrote:
| https://www.gao.gov/products/gao-20-354#:~:text=In%20genera
| l....
| ineptech wrote:
| Very cool, I hope this gets widespread enough to become the
| default way to prove identity online. I know a lot of people are
| very concerned about preserving the right to be anonymous, but it
| should be equally concerning that it's difficult to _not_ be
| anonymous without involving a giant corporation.
|
| Would it be too much to ask for a Keybase style app on top of
| this? One can hope...
| AdamJacobMuller wrote:
| That was my first thought with too.
|
| I hope it doesn't become the default for most sites (which have
| no need for your actual identity) but for many use cases I can
| see the need for varying levels of identity tied to your real
| identity.
|
| Minimally, login.gov could issue a (globally) unique token
| which they will only issue one per user per site, which would
| effectively allow the site to enforce a 1:1 human:account ratio
| (or at least know which accounts are linked to which humans)
| without disclosing any actual details of the human.
| macinjosh wrote:
| Is it OK to force folks to go to the Post Office to verify their
| government issued ID, in order to say receive benefits or pay a
| tax or fee? It is exclusionary to verify ID when voting, so what
| is the difference here?
| devmor wrote:
| It's not a forced method, its an option. In my experience
| setting up my own Login.gov account, and helping family members
| with theirs, the online methods have frequent and frustrating
| technical difficulties. This option may be preferable than
| spending an hour or two trying to get the Login.gov mobile
| website to actually use your device's camera.
| Ridj48dhsnsh wrote:
| If their tech decides it doesn't like my de-googled phone,
| then it becomes no longer optional.
| shelbel wrote:
| Can you say more? Like describe what your experience with
| it was
| Ridj48dhsnsh wrote:
| I haven't actually used the system in question; I'm just
| speculating based on my frustration with the increasing
| number of banking, trading, and even taxi booking apps
| that will refuse to work on modified phones.
| devmor wrote:
| For me, it wasn't even a modified phone. It was just a
| bog standard iPhone 14 Pro.
| redavni wrote:
| Outside of California, excluding criminals from defrauding the
| government is viewed as a good thing.
| Dalewyn wrote:
| >It is exclusionary to verify ID when voting, so what is the
| difference here?
|
| I would argue the problem is not verifying identity for voting
| in elections.
| shelbel wrote:
| It's not required
|
| >the registrant will be given the option to have their identity
| verified in-person at a participating USPS retail location
|
| Login.gov also offers remote identity proofing (eg photos of
| your ID)
| kylehotchkiss wrote:
| A lot of people are in the post office on a regular basis for
| reasons other than this service. There's an established process
| for applying for passports like this. What's wrong with
| expanding identity verification, which is something that we've
| learned again and again over the past 30 years cannot be done
| securely online?
| Aaargh20318 wrote:
| > A lot of people are in the post office on a regular basis
| for reasons other than this service.
|
| Why would people need to go to a post office? In my country
| (the Netherlands) we no longer even have post offices.
| lxgr wrote:
| This used to be what everybody in Germany had to do to open a
| bank account or request a new credit card, until the alternative
| of KYC by video call became popular.
|
| It's not efficient by any means, but in my view it beats the US
| practice treating an SSN as a password, together with bizarre
| "security questions" sourced from public records that some banks
| use as a "verification method". And no, "phone number
| verification" (that really only works for phone numbers with the
| big three mobile carriers) should also never have been a thing.
|
| I really, really hope to see a usable-by-everyone identification
| method one day, as opposed to "usable by enough", with a sizable
| fraction of the population just being denied access to credit,
| banking, and more, just because they don't exist in the expected
| form in some creepy data miner's database.
|
| Ironically, German ID cards support exactly such a method: You
| can just tap it on your iOS or Android phone for a "qualified
| electronic signature" as defined by EU law. And as a non-citizen,
| you can now finally get an "e-ID only" card, so nobody is
| excluded from that scheme! Unfortunately, I don't know a single
| person that remembers their six-digit PIN that's required for
| that feature...
| seanw444 wrote:
| https://www.id.me/
| lxgr wrote:
| I know that one (and use it for IRS stuff!), but I have yet
| to find a single bank that actually uses that, rather than
| "give us your SSN, address, and a list of three states in
| which you don't own property"...
| miki123211 wrote:
| Poland does this too, if you want to create a trusted profile
| (essentially an SSO account for government services), in-person
| verification at a post or municipal office is an option.
|
| A far more popular option is logging in via your bank, which is
| an excellent idea IMO, as they already have your data anyway
| and can usually verify that it's you with fairly high
| confidence.
| lxgr wrote:
| > A far more popular option is logging in via your bank
|
| The US has that too, in a way - I've once had a call center
| agent of a prospective new bank call my existing bank and
| have _them_ verify my identity on the line!
|
| Of course, that identification then was also only the usual
| "what's your dog's zodiac sign" and "which gives you more
| goose bumps, nails on chalkboard or fingers on unpainted
| concrete".
| cesarb wrote:
| > Unfortunately, I don't know a single person that remembers
| their six-digit PIN that's required for that feature...
|
| IIRC, enabling that feature is optional (disabled by default),
| and if you never enabled it, you don't even have that six-digit
| PIN.
| lxgr wrote:
| As far as I know, it's now mandatory, i.e. you'll receive a
| random PIN in the mail after requesting a new ID card whether
| you want to use it or not.
| overlordalex wrote:
| That's if you even got a pin in the first place!
|
| I discovered this recently when I wanted to use the gloriously
| named AusweisApp2 (ID app 2, superseding a PC app which was at
| least forward thinking enough to be called ID app 1).
|
| In theory it's simple to request a new pin - you can even do it
| within the app! However I've moved since I acquired the card,
| and so instead of the reset mails going to my registered
| address, I can only assume they went to the address stored on
| the card. And in a catch-22 of course you can only update that
| with a pin...
|
| But no worries, you can simply book an appointment at your
| nearest buergeramt to have a pin reset in person; except there
| are no free slots in the next 3 months.. anywhere!
|
| I needed documents for a new visa, which should give me a new
| card (and hopefully a new pin!), which ultimately turned out to
| be faster to do than trying to sort out the damn pin
| hellotheretoday wrote:
| A fun anecdote from those "security questions"
|
| I bought pet insurance at one point for a dog and now I
| regularly get quizzed on pet names when I get those questions.
| It will be things like "have you ever owned a pet by the name
| of a b c" and the answers are absurd because they are pet
| names.
|
| The best one was Ulysses S Twinkletoes. I still have a
| screenshot of that years later
| jdblair wrote:
| This is way better than the "20 questions" identity verification
| that works by asking you multiple-choice questions about your
| credit report. I have about a 80% success rate with those.
| keyme wrote:
| It's almost as if you could use something like that for voting...
| Animats wrote:
| What, no biometrics?
| kylehotchkiss wrote:
| There is no federal database to verify biometrics against. The
| state ones are not shared federally. How could a post office
| implement that?
| toomuchtodo wrote:
| If the person seeking proofing is enrolled in Global Entry or
| PreCheck, the USPS could support automated facial recognition
| proofing at USPS kiosks, as CBP maintains facial biometrics
| for trusted traveler programs. Can USPS kiosks run a
| sandboxed app to do this? Can you trust the data connection
| between the kiosk and federal agency systems with such
| sensitive data? Great questions.
|
| Definitely a stretch goal considering resourcing, inter
| agency partnership challenges, and uptake of trusted traveler
| programs across the general populace, but not technically
| infeasible. TSA is already testing automated credential
| proofing terminals at airport checkpoints, for example, and
| CBP Global Entry terminals for international arrivals are
| already automated kiosks.
|
| https://uspsblog.com/usps-self-service-kiosk/
|
| https://www.cbp.gov/travel/biometrics
|
| https://thepointsguy.com/news/global-entry-facial-
| recognitio...
|
| https://thepointsguy.com/news/tsa-facial-recognition-
| softwar...
|
| (you probably don't need this if you have global entry, but
| fun thought experiment considering data sources and
| technology implementation feasibility; maybe upgrade someones
| IAL automatically at Login.gov when they're doing their
| Global Entry or PreCheck interviews at CBP?)
| kylehotchkiss wrote:
| Trusted traveler programs have pretty wide latitude for
| removing members (for example, for something as small as
| not declaring a banana in your bag or bringing a spouse
| without global entry into that lane) and aren't setup for
| use as identity verification. Plus it'd be a very small
| percentage of Americans - remember only around 55% have a
| passport. The amount with global entry will be a small
| percentage of that.
| taway_6PplYu5 wrote:
| So, another "pay to skip the line" government service.
| Because that's how you build a strong society.
|
| Instead of, you know, investing in building a well
| functioning government.
| toomuchtodo wrote:
| I said it could be done, not that it was a good idea. My
| apologies if that wasn't more clear from my comment. I
| agree we should be investing more broadly in government
| to maximize accessibility.
|
| Tangentially, to share what is inside my head when I
| think of problems like this, I think "How could these
| events that would normally need to be explicit be
| automatic in the background? So that when it happens, it
| delights the government service consumer and feels like
| magic." If someone goes, "Wow, that was fast!" or "Wow,
| that was painless!", or just "Wow!" in general,
| government is delivering on its mission, and removes
| excuses for folks who would say "government is
| ineffective."
| belltaco wrote:
| Maybe Google can pay for this to restore access to Gmail even if
| for a fee.
| fatfingerd wrote:
| For some postal employees easy access to credit card mailings
| is irresistible and they get prosecuted for credit card fraud..
|
| The specifics of what they record in a verification is a bit
| vague and I would be concerned that some would sell celebrity
| accounts, or a way to get into an account used for private
| financial access, etc, even if the access to identity with
| other government agencies is theoretically a bigger pot.
| Simulacra wrote:
| This would be useful for mailing ballots.
| SoftTalker wrote:
| Shouldn't the service be called "Identity Proving" ?
|
| "Identity Proofing" makes it sound like something that prevents
| you from being identified.
| mttjj wrote:
| It sounds right to me. I think definitions 1 and 3 of the noun
| form of the word apply here.
|
| https://www.merriam-webster.com/dictionary/proof
___________________________________________________________________
(page generated 2023-09-21 23:02 UTC)