[strangesongs]

“Login.gov is already used to access 200 websites run by 28 Federal agencies and over 40 million Americans have accounts,” Wyden wrote in a letter to the IRS today. “Unfortunately, login.gov has not yet reached its full potential, in part because many agencies have flouted the Congressional mandate that they use it, and because successive Administrations have failed to prioritize digital identity. The cost of this inaction has been billions of dollars in fraud, which has in turn fueled a black market for stolen personal data, and enabled companies like ID.me to commercialize what should be a core government service.”

not great!

[cproctor]

If the IRS (or Sen. Wyden) is looking for a "core government service" which has been inappropriately commercialized, they might start with tax preparation.

[apex3stoker]

This article[1] has more details. Sen. Wyden[2] has been pushing for more funding to IRS to develop its free file program, but Turbotax has been successful via their lobbying of Republican politicians and some Democratic politicians in preventing it from happening.

1. https://www.propublica.org/article/inside-turbotax-20-year-f... 2. https://www.nytimes.com/2021/07/19/opinion/intuit-turbotax-f...

[ThunderSizzle]

Lol. Its always the Republicans. If it was priority for the Dems, they'd have done it. They have gotten through several other things the Republicans opposed.

Anyhow, the better alternative is to return to lower the rates and remove deductions (aside from the standard deduction). Even simpler yet would be to go to a flat tax with an extremely high standard deduction (e.g. ~$50k with ~10% after that).

I can't think of many good reasons to continue complicating the IRS code aside from political targeting and giving Congress more kickbacks.

[tzs]

> Even simpler yet would be to go to a flat tax with an extremely high standard deduction (e.g. ~$50k with ~10% after that).

That's not a flat tax. That is a progressive tax with two brackets.

Once you have accepted that progressive taxes are acceptable, it is hard to see why two brackets is better than three, or 4, or even dozens. One might argue that two brackets is simpler than say 10 brackets, but that is a very weak argument since it is just a table lookup, and nobody can argue with a straight face that a 10 line table is too complicated.

An interesting exercise is to consider what it would be like if instead of a single tax to cover everything funded by income tax we did a two bracket progressive tax for each budget item separately, with the taxes applied serially. By applied serially I mean that the taxable income for tax N+1 is what is left after you have paid tax N.

You then end up with a progressive tax with N+1 brackets where N are the number of budget items (and then you would have a table big enough that it would arguable be complicated!). If you keep the same total budget but divide the budget items into smaller subitems, your tax curve approaches a continuous curve which represents a progressive tax with an infinite number of infinitely small brackets.

I remember working out the equation for that curve once, and finding the result mathematically satisfying, but I've totally forgotten what it was.

[ThunderSizzle]

> Once you have accepted that progressive taxes are acceptable. . .nobody can argue with a straight face that a 10 line table is too complicated.

First, I don't think anyone should pay taxes on their labor. And just because my labor makes more shouldn't mean I pay a higher percentage; so, no, I don't agree with the concept of progressive taxation on labor. Regardless, that's what we have.

Anyway, 10% after $50,000 is dead simple. e.g. make $120,000 as a family, take away $100,000, left with $20,000, I pay $2,000. Real tax rate is only 1.6%, so maybe that's too nice for the American family? You can change it to 15% after $25,000 and it's still simpler. $120k-$50k=$70k x .15=$10.5k or 8.75% real tax rate, all without worrying about IRAs, 401ks, HSAs, etc.

With a 6-12 tax brackets with crazy amount of deductions, I need to:

1) calculate taxable income. This is some func of deductions. i.e. standard deduction ($25k) + max 401k ($20k) brings taxable income to $75,000. There's other deductions such as IRAs, HSAs, 529, etc; all with their own maxes based on various criterias and income, which has it's own list of gotchas that screw over people. Hopefully you didn't forget a deduction on top of all that.

2) Now determine tax rate. 22%. Feels bad, but whatever -nearly a quarter of your income (nominally, at least) to finance the debt to keep inflation going. The graph says ~$4,800+22% of anything over ~$42,000. Alright. So $4,800+(22% x $33,000)=$12,060 are taxes owed.

3) Now determine your credits, if any. Such as a child credit. I hope you know your credits, because you might've forgot about a tax credit for something you bought. Let's assume you know you get $3600 for a toddler, and put that in. Now your $12,000 is $8,400.

4) Ensure your paid taxes is correct. You paid throughout the year, adds up to ~$8000. So taxes due are now $400.

5) Now you go to pay $400. Welp. Now you need to pay $50 because you decided you wanted to buy a stock that gave you $10 in dividends in a brokerage account, and now you can no longer free file. But you don't want to be audited, so you report the $10 and pay the $50.

Yeah, that's very simple and straight forward. But good news is the actual tax rate is actually only 7%, even though you felt like you just paid nearly 22%, wasted hours of your life, and were insulted with an additional fee just to pay your taxes.

[tzs]

> With a 6-12 tax brackets with crazy amount of deductions, I need to [list of 5 steps]

None of your steps are made more complicated by more brackets or less complicated by fewer brackets. You determine your taxable income (the complicated part), then lookup that taxable income in the tax tables (simple).

If the taxable income is low enough, there is a table with a large number of entries that each cover a small enough range that you don't even have to do any computation. You just find the line that covers your taxable income and the table tells you the tax.

If your income is too high for that table you have to use a smaller table with entries that cover larger ranges. That table currently has 4 entries. You find the row whose range includes your taxable income, and calculating your tax involves a multiplication and a subtraction--which is just as much work as calculating your tax under your proposed two bracket system for people whose income is high enough to be in the second bracket.

[KptMarchewa]

>First, I don't think anyone should pay taxes on their labor.

This is the part where I start yawning

[ArnoVW]

You're not wrong in saying that tax codes in general are complex. The problem is, they're complex for a reason.

Tax codes are a tool of policy makers. They allow wealth and income distribution. They allow compensation. And they allow policy makers to promote or penalize specific behaviors or activities.

Look at the legal system as a code base (in French, 'law' translates to 'code'). And imagine having 538 product owners, each asking for 'just one feature' that is both 'critical and urgent'. Is it any wonder that we are in this situation?

Perhaps we should implement more sunset provisions? I don't know. But 'we need a simpler system' is sort of like 'we have too many LoC'. It's true, but not easily actionable.

[furyg3]

Yes, but we all know that business rules and logic can be very complex, but you can still simplify the interface for the vast majority of users.

The IRS collects tax information from most businesses with employees, banks and investment firms, so it's is comically easy to pre-load that information in a tax return. Ask a few simple questions (did you buy a house, did you start a business, do you have a new dependent). Pre-fill what you can. Generate a report which you can directly file or share with your tax expert. Many developed countries do this.

While this (correctly) tanks an entire industry of tax preparation software, it actually makes it easier for politicians to do their thing. Right now a tax break for X is buried under form 92921X2 which you learn about after reading the instructions for line 48 on schedule 8812 which you are filling in after being told to in the supplementary instructions for line 21 on your 1099. If you elected to use the alternative streamlined maximum option, of course, if you chose for the default minimum compensation model, well, those are different forms.

With a properly made simple official tax filing process, you just see you got an extra $400 back this year because of the tax break for X.

[Dracophoenix]

>Tax codes are a tool of policy makers.

Therein the problem lies.

>They allow wealth and income distribution. They allow compensation. And they allow policy makers to promote or penalize specific behaviors or activities.

Robbing Peter to pay Paul is not a good reason to tax. Taxation should be decided by the whims of a crab bucket.

>Look at the legal system as a code base (in French, 'law' translates to 'code'). And imagine having 538 product owners, each asking for 'just one feature' that is both 'critical and urgent'. Is it any wonder that we are in this situation?

We're in this situation because most of congressmen believe they have the right to impose their morals on and the expense of thst individual men and women by way of legislative fiat.

>Perhaps we should implement more sunset provisions? I don't know. But 'we need a simpler system' is sort of like 'we have too many LoC'. It's true, but not easily actionable.

It is actionable. Politicians, however, are usually ignorant of tax law until there comes a point where the "wrong" people "win" too much. That is the issue in what should mostly be an administrative affair, if it should at all occur. The people who complicate the tax do not code lack the wherewithal to simplify it. Their feigned weakness and indifference is a choice.

[wolverine876]

The GOP opposes it; they are the obstacle. I think such actions by the GOP has become normalized for people, and so they overlook it. I don't see how you can blame the Democrats, who are voting for it.

> If it was priority for the Dems, they'd have done it.

Easily said, but as we know, not easily done.

[ThunderSizzle]

https://www.opensecrets.org/political-action-committees-pacs...

https://www.opensecrets.org/political-action-committees-pacs...

Seems like the donations are pretty evenly split for the companies that would be the largest lobbies over the past several years. This seems like the case of the uniparty being apparent, where there's no real drive to simplify the tax code because it's something both can blame each other on when nothing is done. Of course, this was the entire point of the TEA Party (which later became manifested as MAGA), which was mainly a conservative movement, so it manifested inside the GOP, but the GOP RINOs in Congress did nothing.

[wolverine876]

Despite your hypothesis, the evidence is that the Democrats vote for it, and the GOP against it.

[throw10920]

This is a really good point - if the tax code were a few dozen pages for the common case instead of a few hundred, then you might not even need tax-prep software in the first place. "The best program is the one that doesn't exist", to quote a popular refrain.

Ongoing software projects require periodic refactoring to reduce complexity and increase comprehension - why would the law be any different?

[giraffe_lady]

I think we've fairly well established that the complexity of the code isn't the problem. The IRS knows what you owe and could just tell you if they wanted to.

Having citizens exposed directly to the mechanics of it during the filing process is a policy choice and the way to fix that is to change the policy, not try to reinvent the tax code from first principles.

This is a complex set of laws yes but it is also detailed multi-generational documentation of all the shit people have tried to pull. You don't just throw that out because it has grown complex. Like all necessary complexity, you isolate and manage it, not spray it all over the end user.

[bzbarsky]

> The IRS knows what you owe and could just tell you if they wanted to.

This is true often, but not always. Examples just off the top of my head:

* Had large medical bills compared to your AGI? How does the IRS know that?

* Paid for college tuition? How does the IRS know that?

* Deducting state sales taxes? How does the IRS know what those were for you?

* Paid for daycare? How does the IRS know how much?

I'm sure I could find more examples if I went and looked at the actual tax forms right now. And while these are all things that don't affect everyone every year, they do affect a large fraction of people at some point in their lives. They certainly affect everyone who pays for college or has kids.

Note that this is not getting into anything too esoteric here, and completely ignoring anything involving self-employment or consulting, or running a small business or whatever. I _think_ those are rarer than having kids anyway.

Now could we have a more streamlined filing process that did the easy bits when possible and asked more directed questions to find out whether people might be in edge cases that might need more handholding or professional help? Absolutely. Could we get rid of the edge cases I listed above with a simpler tax code? Perhaps.

[eru]

> This is a complex set of laws yes but it is also detailed multi-generational documentation of all the shit people have tried to pull. You don't just throw that out because it has grown complex. Like all necessary complexity, you isolate and manage it, not spray it all over the end user.

Who says that complexity is necessary?

Most of that complexity just grew out of other complexity.

If you have a simpler tax code to begin with, you don't need to patch all the work-arounds people found.

Of course, that's much easier said that politically done. Simpler taxes are popular as an idea, but rarely when you get into the specifics.

[ej3]

> The IRS knows what you owe and could just tell you if they wanted to.

I must admit I've always sort of blindly believed the same thing, but here I am year after year accumulating and submitting my own absurd set of turbo-tax button smashes.

Honestly I have trouble figuring out how much I owe myself. I would believe that they have some core set of data linked to my SSN, and every time I submit they run some sort of markov-chain statistical model that says - "meh, looks pretty close. No need for further review. Please pay the refund to the latest identity scam." or "red flag for actual review".

100% chance the IRS is understaffed, running legacy spaghetti, managed by folks just trying not to be the next scape-goat so they can go home to their family and watch the next episode of what everyone at work is talking about.

[thaumasiotes]

> I think we've fairly well established that the complexity of the code isn't the problem. The IRS knows what you owe and could just tell you if they wanted to.

The IRS has no way to know which of your expenditures are tax-deductible.

[throw10920]

> I think we've fairly well established that the complexity of the code isn't the problem.

I've never heard this claimed before; I'm interested to see your evidence, because it's also not obviously true.

[wolverine876]

> if the tax code were a few dozen pages for the common case instead of a few hundred

Isn't this the fantasy of clean sheet software? 'We'll get rid of all this cruft and make it clean and simple.' But it turns out that the cruft is needed to deal with reality, which is messy rather than the abstract clean-room requirements of our imaginations.

I can't see how the tax code can be short, having to deal with such a wide range of situations. Has anyone every successfully used a tax code like the short, simple ones that people fantasize about?

[throw10920]

> Isn't this the fantasy of clean sheet software? 'We'll get rid of all this cruft and make it clean and simple.' But it turns out that the cruft is needed to deal with reality, which is messy rather than the abstract clean-room requirements of our imaginations.

The fantasy is that the software can be made completely clean and simple because there are no edge cases. The reality is that it can be made less terrible by reworking complex parts of the design that were slowly hacked into place over time, and by eliminating technical debt. The fact that the ideal is unobtainable is irrelevant to the fact that there are still concrete, worthwhile, and necessary improvements to be made.

If your perspective on taxes were applied to software engineering, then most large projects would have collapsed by now.

> I can't see how the tax code can be short, having to deal with such a wide range of situations.

Not "short", but short-er than the 74,000 pages that it currently is. And, it's already dealing with a wide range of situations by simply compressing the feature-space down a lot, so one way of making it simpler is to compress it down even more. For instance, you could eliminate a bunch of individual rules that reduce effective taxes for low-income earners, and then just reduce the tax rate at that bracket.

[IG_Semmelweiss]

yes. I believe a baltic country (Slovakia) taxes flat tax rates.

https://taxfoundation.org/flat-tax-lessons-slovakia

https://accace.com/tax-guideline-for-slovakia/

[LukeShu]

Sen. Wyden's already been fighting that fight for more than a decade. https://www.congress.gov/bill/111th-congress/senate-bill/301...

[bmitc]

I still don't understand why tax returns aren't primarily automatic. Every year, I have these forms that I collect that were all generated automatically, and most of them are sent to the IRS anyway (or the data they contain). So why can't I login to some IRS website, choose how I want to file, report anything extra, and then hit submit?

[Broken_Hippo]

Moving overseas made me even more angry at the American tax filing system.

Literally, what I do for Norwegian taxes:

1. Get a letter stating that they've calculated last years' taxes. 2. Look at the tax authority's website and as long as things are correct, I don't have to do anything else, though I can click a conform button. (I usually do) 3. Wait for refund - IIRC, they pay out in summertime. Or alternatively, pay tax if you owe.

You get the choice of doing it yourself and filing differently and stuff, but I don't see the point.

[xeromal]

lol, the arrogance to call out someone for something they actual are a champion in fighting.

[cproctor]

It was carelessness. I know Sen. Wyden has been good on this issue and other issues of digital governance. My comment came originally out of the frustrating irony that id.me was getting heat for commercializing what should be a government service when Intuit's behavior is so much more galling. I originally posted my comment attributing the quote to the IRS, then corrected the attribution to Sen. Wyden without thinking about the broader context. The sarcasm probably didn't add much to the conversation anyway; sorry.

[xeromal]

It's all good, my friend.

[cheschire]

perhaps it's just ignorance? not to be insulting to the gp, just saying perhaps they didn't know.

[drzaiusapelord]

HN has a lot of "both sides are the same" centrists and libertarians. They don't realize there there is still a tiny thread of pro-worker pro-middle-class democratic action in the US government. I have no idea how much longer it can survive, but people like Wyden, AOC, Bernie, etc fight the good fight and that goes against everything centrists and 3rd party types believe. Everyone is a republican to them and when shown otherwise, they either nitpick with whataboutisms or just clam up.

[kiawe_fire]

I don’t think it’s so much “everyone is a {whatever party I hate}” (which changes with your frame of reference). It’s more “everyone is part of the elites against the people”. The party labels are pretty meaningless, which itself is a bit shattering for those who come to realize it late.

But you’re right, there are a few left that seem to be fighting for the people. Some are effective and others are naive but well meaning.

But they are clearly the minority. They’re fighting bombastic partisan media coverage on both sides, they’re often fighting people within their parties, they’re often struggling just to earn their place.

At first, you get excited at the prospect of holding police accountable when Rand Paul introduces laws against knockless warrants, or you hope for the prospect of a real, sustainable income plan from Yang or Gabbard.

And then you watch as they get maligned and lied about on Fox News and CNN alike. You think, “this plan they’re advocating for will surely attract support from the rest of their party” and then you watch in awe as both sides warp, twist, or outright attack their plans.

You watch with weary eyes as someone like AOC who appears to come from the outside with a background similar to your own gets taken in by people like Pelosi, and you hope against the odds that she will remain true to her ideals, but you know that so many before her did not. After all, at one point Pelosi herself was fighting for the freedom of the internet, yet look at her now.

At some point, you get tired of putting hope into the good ones. You get frustrated every time they seem to make progress only to be struck down. You get sick of seeing them naively fall for the notion that their colleagues are as genuine as they are.

At some point, you just find it easier, both for the sake of conversation but also your own peace of mind, to wrap it all up into the same package of “they’re all bad” and just stop wasting your emotional energy on it.

Or maybe that’s just me.

[ThunderSizzle]

You pick AOC and Bernie as examples of people fighting for the middle class. AOC's Green New Deal would've destroyed the middle class. She probably means well, but she really is just a useful idiot.

[csh0]

I am sort of confused by this. There was never even any actual concrete legislation to pass.

AOC introduced a resolution (text here: https://www.congress.gov/bill/116th-congress/house-resolutio...) which if passed, would have basically just affirmed (in a non-binding way) the interest of the house to create a "Green New Deal". The actual legislation itself would, if the house agreed to do so, need to then be created, debated, and voted on before being passed.

"House resolutions are not binding law, but rather express the collective sentiment of the House on a particular issue, person, or event."

The actual resolution itself is pretty short, and I find most of the statements and goals in it pretty tame and agreeable. But again, it is not as if this resolution being passed means that all of those things necessarily must end up in the actual Green New Deal to be passed or even that it gets created at all.

Could you elaborate on how this would destroy the middle class? I might have missed something but there was never even any policy proposed, because the Green New Deal was never created to be voted on. I don't understand how you can make an evaluation like that without examining the actual policies to go into effect.

[femiagbabiaka]

Strong statements, no evidence. Barely distinguishable from trolling.

[mulmen]

Please evaluate your filters. If you believe this you are in a bubble. It’s the economic and historical equivalent of belief in a flat earth.

The “New Deal” saved the middle class. A “green” new deal could do it again.

We have an incredible need and opportunity to (re)build infrastructure in this country. That’s where the middle class can thrive.

The green new deal was an olive branch as much as anything. An opportunity for everyone to make a needed contribution and be compensated for it.

[ThunderSizzle]

You really did a good job at convincing me.

- assume my "filters" are wrong. A difference of opinions doesn't mean my filters are wrong. It simply means I made different conclusions. If you want to support AOC and her policies, go for it. I won't partake.

- believe I'm in a bubble. Right. That's why I'm on HN; because I'm in a bubble and you think exactly as I do?

- Now I believe in a flat earth. That's just a wasted comment.

- Pointing to the "New Deal" that "saved the middle class". It's highly debatable if the New Deal prolonged the Great Depression or not. While it helped many Americans keep food on the table, no doubt, it didn't stop the Great Depression. Regardless, I can turn around and say, I want the "____ New Deal", and it must be good because that's what I called it? That's a laughable concept.

By your measure, healthcare actually became more affordable after the Affordable Healthcare Act became law - because that's the title of the law?

Regardless, I agree that the infrastructure can be improved. My state is already doing it. They've rebuilt an interchange in record time because a bridge wall collapsed. What is your state doing?

Stating that everyone should have access to "high-quality health care" or "economic security" isn't an olive branch. Obviously no one disagrees with that. The discussion is "how", and that's the only important discussion to have.

But, if you want to stick with mudslinging and belittling those who disagree with you, go for it.

[eru]

The commercialization itself isn't the problem, but that the data that the IRS already has on you isn't available for you, I guess?

If they made the data available to you, an open source program could take it and spit out your tax forms. The existence of commercial alternatives wouldn't hurt this workflow one bit.

Of course, the problem seems to be that those commercial alternatives come with considerable lobbying to make access hard. And from what I've heard, US taxes are so complicated, that it's hard to do them right.

[jackson1442]

I was extremely confused when I was asked to create an ID.me account for IRS. I have implemented Login.gov for some projects and it's rather easy; I can't see why they'd choose something else.

[Spooky23]

Easy, the answer is right here: https://developers.login.gov/overview

Login.gov is a fine authentication service, but cannot deliver the identity assurance level (IAL-2) required to identify people. (It may not be able to deliver AAL-2 authentication soon either as standard evolve.) Uploading a picture of your drivers license is not a meaningful validation of your identity.

The reaction of the Senators here is the equivalent of “I’m shocked to hear there is gambling happening here”. Typical pandering. Literally every drivers license and ID in the country is running through a biometric identity provider run by a contractor to identity duplicate licenses. Many DMVs outsource credential production to a third party.

I don’t think ID.me is the best solution, but it is better than providing a trivially stolen number “what was your AGI last year” that facilitates billions of dollars of fraud annually.

[akersten]

No third party/private solution is appropriate here.

The government that oversees the issuing of these IDs and attests that they are sufficient for government use (Real ID) cannot themselves validate said ID?

Corruption or incompetence are the only paths that lead to outsourcing federal identity verification.

[Spooky23]

The only IDs issued widely by the US government are military credentials, immigration credentials, and passports. Driver’s licenses are issued by states and other entities. They are also fraught with problems as millions of people do not have REAL IDs, yet need to interact with government.

The problem is that any bartender who has scanned your drivers license has the information required to scam an online validation without some other validation.

If you want good online validation for the public, you need a third party right now. In the future, in some states, you’ll be able to use a mobile drivers license, provided you own a smartphone. Also problematic, as the government has to support everyone. Foreign nationals pay tax. People in nursing homes who cannot appear before a DMV need to pay taxes.

You can yak about corruption and incompetence, but that honestly attests to ignorance on the topic.

[toomuchtodo]

You continue to make some good points, but at the end of the day, this is a government function and responsibility, not that of a private company. Login.gov can use the same AWS services in GovCloud as ID.me uses (Rekognition, available since 2017 in GovCloud). With USDS and 18F, it cannot be argued GSA (which Login.gov falls under) doesn’t have the skills available to build this capability.

This is a call to enhance Login.gov’s identity abilities, and US government citizen identity management in general. Login.gov (and perhaps USPS for in person proofing) should be funded to do this, not ID.me. Higher level, this is about building strong public goods and defending them.

[Spooky23]

USPS is already the agent for a national id program in all but name — passports and passport cards, which are much better than DMV issues credentials in many ways.

As another poster mentioned, the problem is that both progressive and conservative constituencies are strongly against meaningful national identity for different reasons, some of which are insane.

It’s a policy problem that won’t be solved in our lifetime. Our best bet long term is for states to issue mobile credentials, but even that is problematic because it will disenfranchise people.

[PaulDavisThe1st]

> You continue to make some good points, but at the end of the day, this is a government function and responsibility, not that of a private company.

I 100% agree. Problem is, the federal government (and the state governments and to a large extent big chunks of the citizenry) are fundamentally opposed to the issuance of a non-passport general citizen's ID and/or number. Those opposed to it don't have any good solution to "how to protect information the government keeps about you" either, so it's no good asking them.

Devising an actual public system for identity verification when you're being told the government cannot identify people is ... challenging.

[mpyne]

> You continue to make some good points, but at the end of the day, this is a government function and responsibility, not that of a private company.

Private companies have been part of the government discharging its responsibilities since first days of the Republic. You'd probably be shocked when you learn who does credit monitoring after government servers get hacked, by the way.

By your logic the government couldn't use cloud computing (run by a private company), couldn't use computer hardware even if they wanted to run a private cloud (hardware is built by private companies).

[techsupporter]

> If you want good online validation for the public, you need a third party right now.

In all reality, this is fine. I have no particular problem with using facial recognition, but I want it regulated and I want recourse.

Fine, outsource it to ID.me. But the terms of service better be a page, maximum, and include the ability for me to appeal a decision that says I am not who I say I am and to use other forms of validation that may be slower or more procedural (such as presenting myself to a Post Office). I want no binding arbitration clause in the agreement, and if that means the Federal government has to indemnify ID.me, then so be it. I want it in the TOS that the data ID.me uses for this will be segregated and kept for a very limited time and that I have the right to review and correct it.

Use the third party for what they are good for but enforce suitable rights for the rest. This is doable, it just wasn't fully done here.

[strong2024]

ID.me does have the ability to appeal the decision by hopping on a video call to complete the registration. They also do have the ability to close your account and through that delete all your data.

[throwhauser]

> If you want good online validation for the public, you need a third party right now.

I should not under any circumstances need to enter into a direct agreement with a private entity like id.me in order to access public services. The government might reasonably subcontract out some of the work, but public services need public accountability. The government service itself needs to be the direct counterparty to the public.

[nataz]

The government issues HSPD-12's, of which CAC/military PIV cards qualify as. In theory both federal staff and contractors need an HSPD-12 compliant ID/"smart credential" to access facilities and networks.

Just wanted to point out that there are lots and lots of federal IDs that are not military, immigration, or passports.

[jdmichal]

I generally agree with you. However:

Real ID validates that you are the person you are at the time of issuance, but does not guarantee that the possessor of the ID is that person. This stems from the fact that an ID is "something you have". Like any secure system, you should use multifactor authentication. The facial scan is "something you are", so the combination of ID and scan provides that. One might also use "something you know", such as your adjusted gross income (AGI) that the IRS used before.

[PaulDavisThe1st]

I think the difficulty is that the (federal) government can't currently do anything except the "something you know" part. It can't use "something you have" (because too many people are opposed to federal government issued ID), and "something you are" appears beyond the scope of the federal govt to implement (correctly) at this time.

[toomuchtodo]

Every IRS, Social Security, DHS/CBP, and USPS branch are locations where they could proof your identity in person. It is simply a matter of will to implement the policy and enable the software features for government employees to perform the function.

I would also propose finding ways to drastically reduce the cost of issuing smart passport cards, and slowly transforming that into a national ID over time as the electorate composition changes. Your passport number eventually becomes your national ID number.

[closeparen]

The government cannot build a competent identity solution because a majority of voters believe that to do so presages something from genocide ("Papiere, bitte!") to the literal end of the world (“Mark of the Beast”).

[vorpalhex]

We are still in the same universe where the OPM breach happened, right?

Like no, I don't trust the government to protect the big bucket of PII on everyone in digital form. Not because of lizard people but because the government can barely keep it's own sites secure. Giving them more dangerous data in the form of bulk PII is the wrong move.

Login.gov was the first thing, in a long time, that was well executed. I need to see more things like that to restore my faith. ID.me is the wrong direction.

[alistairSH]

The IRS already has almost all our PII. Not sure how adding a photo materially changes anything in that regard.

I do agree ID.me is the wrong approach. And login.gov should be used in some form over a private enterprise. But, my concern is two-fold… it’s a private entity that I don’t really want to do business with. And the process described by Krebs was impossible - can we really expect everybody to have email, valid phone (what if they aren’t the account owner for the phone), photo ID, and whatever else was required?

[tomrod]

Check out 18F / US Digital Services.

GSA has really upped the game over the past 10 years for digital services delivery. Such as Login.gov. Look for other places 18F/USDS are involved, and you'll see significant improvements.

https://playbook.cio.gov/

[closeparen]

With a remotely sane identity system, knowing someone’s identifiers and basic biographical facts would not help you to impersonate them. PII has the sensitivity that it does in today’s world only because we abuse knowledge of PII as a poor man’s authentication mechanism.

[xenophonf]

login.gov meets IAL2 since it NIST SP 800-63-3 "allows for remote or in-person identity proofing" (800-63A page 8). Likewise, TOTP is explicitly mentioned as an allowed multi-factor OTP authenticator (800-63B pages 20-21). I'm not aware of changes in SP 800-63-4 that would affect login.gov's current implementation, but it's been a minute since I last read the -4 draft and could be wrong.

[mpyne]

Login.gov permits me if the IRS could do identity proofing.

The IRS can't do identity proofing (hence the need for ID.me, which is implementing "remote or in-person identity proofing"), and login.gov doesn't do it for the agency. Login.gov can only record whether the identity was created at IAL-1 or IAL-2.

Use of login.gov is orthogonal to the question of ID.me.

[thesimon]

What about sending a letter to the registered address?

[xenophonf]

I've also implemented login.gov as an identity provider of last resort for a system that requires identity proofing (IAL2). It works great once folks are signed up and verified for a login.gov account, but the identity assurance process always seems to end up requiring a piece of mail sent to new users' homes. The phone/utility verification process never seems to work right, and the postal mail option adds a week's delay (or more) to our user enrollment process. In my and several test users' cases, we've had our phone numbers in our names for literally decades, so it isn't a matter of public records being ambiguous.

We've also had problems getting login.gov to proof new users with national but not state IDs. For example, we have someone with a passport but no driver's license. They should be able to use just the passport for identity proofing since the passport itself requires two or more forms of SUPERIOR/STRONG evidence (per NIST SP 800-63-3), but login.gov must not authenticate the passport with the State Department, meaning it fails 800-63A 4.4.1.2 (evidence collection requirements) rule 1 and must implement rule 2, instead (collect two pieces of STRONG evidence, i.e., national _and_ state IDs both). It's really frustrating because I cannot demand my users go out and get (pay for) state IDs they don't otherwise want or need.

All that said, even though login.gov isn't perfect, I do like it and am very impressed with 18F/TTS's work. They've done a very thorough job with their SAML implementation compared to the ADFSes/Oktas/Pings/etc. of the world.

[FireBeyond]

Not to mention, ID.me is horrible.

Scanned my Driver's License at 200dpi.

"Unable to find a face in the image you uploaded."

Okay, 300dpi.

"Unable to find a face in the image you uploaded."

Huh.

Scan at 72dpi.

Success.

Scan back of DL at 72dpi.

"Unable to read barcode."

Scan back of DL at 200dpi.

"Unable to read barcode."

Scan at 300dpi.

Success.

What a shitshow.

[bladegash]

Really? Not that I particularly wanted to, but all I had to do was take a photo of the front and back using my iPhone and it went through without any problem.

[GCA10]

Pixel phone user here. Very similar experience.

[southerntofu]

That's debatable. login.gov would certainly be better than id.me, but a centralized database of everyone sounds like a problem in all cases. A unique identifier for everyone is the path to more social/technological control.

Here in France, some people from the anti-nazi resistance from the 40s later got into heated arguments about the national ID card, which had been made mandatory by the collaborationist regime. The idea is that if there were reliable/secure unique identifiers during WWII, the resistance movement could not have existed at all, and could not have saved countless lives.

To this day, France is one of the rare countries where it's perfectly legal to walk anywhere without any identifying document with you. This doesn't mean that you won't be harassed by fascist cops though, depending on what you look like.

I'm pretty much against fraud in the common sense of the word. But the biggest frauds are done by the rich and don't require to make up new identities. They're hidden in plain sight with lawyers and contracts with offshore corporations. I personally couldn't care that social services fraud costs the government some millions every year, when tax evasion and corrupt-government contracts (remember the Pentagon audit?) account for literally trillions going missing and nobody in government wants to do anything about that.

[rootusrootus]

I’m very happy Wyden is my senator. I made a point the last time I was in DC to stop by his office and express my support but his staffers were profoundly uninterested. Oh well, I voted for him, not them.

[StanislavPetrov]

Not great that there is billions of dollars in fraud or that the government uses a private company to harvest and retain the biometric data of over 40 million Americans. Great that the IRS is no longer part of this biometric data harvesting scheme that represents a massive attack on the privacy and dignity of every taxpayer.

[fishywang]

I have used login.gov for my global entry application and I'm actually impressed. The only complaints I have with it are:

1. It doesn't make it obvious on how to add additional u2f keys (you have to go to login.gov explicitly to do that)

2. I still can't find a way to remove u2f keys

But then when I used id.me with CA DMV I'm also impressed by it (granted CA DMV does not require any crazy biometric stuff there like IRS planned to do).

[mshroyer]

> I still can't find a way to remove u2f keys

When I go to login.gov and click on "Your authentication methods", each of my security keys is listed with a "Remove key" link next to it...

[fishywang]

Oh you are right. I didn't realize that "You authentication methods" is clickable as the UI makes it look like just a header to me.

[Rebelgecko]

I recently had to sign up for login.gov (to renew my Global Entry, after they moved away from their own one-off CBP login system) and was pleasantly surprised with how good it was. Hopefully the TreasuryDirect.gov folks migrate some day

[monksy]

Are they still giving out those decoder cards?

[Rebelgecko]

You can use a CAC card as your second factor with the mandatory 2FA, but if you don't have one I think Yubikey-type devices are the only other hardware auth option