ID.me’s collection of biometric data for Nevada DETR unemployment identity verification is coercive, regressive, predatory, and lacks transparency.
UPDATE 4/17/22: You can now DELETE your selfie stored by ID.me using the following steps:
- Go to: https://account.id.me/
- Log in to your account.
- Click on SIGN IN & SECURITY across the top of the screen.
- Click on Privacy on the left side of the screen.
- Scroll down to the “My Selfie” section and click on the Delete Selfie button.
- Get notice “We received your request to delete your data. It may take up to 7 days to be removed.”
- Coercive & Predatory – no real choice but to comply in order to continue receiving benefits on a timely basis
- Lack of Transparency – as to why biometrics are required, given technology limitations and claimant risk
- Irresponsible & Regressive – Nevada government shifts burden and risk to claimants with limited resources
Psychological Impact of Providing Biometric Data under Duress
“I am sick to my stomach right now.” That’s how I started my Facebook post one Friday afternoon in mid-July.
I had just received an email from NV DETR that indicated existing claimants needed to verify their identity using ID.me to file unemployment claims as of July 22 (basically five days notice).
Initially, I was not too concerned. I have used ID.me before and am as anti-fraud as the next person. However, once I began the process, I became shocked, appalled, and, yes, actually sick to my stomach.
It’s bad enough that you have to enter your Social Security number and upload a picture of your driver’s license or passport. But it was when it asked me to sign off on the use of biometric data (i.e., facial recognition) and upload a video selfie that I really hit the wall. At this point, my nausea was quickly displaced by my anger about the invasion of privacy. Once that passed and the amount of exposure to hacking and identity theft became clear, I completely lost it and cried all damn night. Yes, I am THAT serious about privacy and fraud.
After bailing out of the verification process and stewing over it all, I dug in to do some research. I was not at all surprised to find a fair amount of reporting, here in Nevada and elsewhere (see source links below), about how poorly the process works and how difficult ID.me is to deal with. That simply supports what I already knew and has no doubt been aggravated by adding a slew of new organizations to their client list recently.
UPDATE: After finding no viable alternative, I went ahead and completed the ID.me verification process. It was abso-f’ing-lutely the creepiest thing I’ve ever done (much less been forced to do). I felt totally violated; it seemed every bit as invasive as a gynecological exam (but at least I know the purpose of that). There is NO way that was needed to verify my identity!
And after all that, the list of information shared with UINV was the same as what I’d had previously verified for EBB. According to the UINV screen after log-in,* you would only need to click on “Allow DETR Access” if ID.me had already verified your identify for another purpose. I was relieved when I read it, but it was simply one more cruel trick in a string of inaccurate communications.
Adding insult to injury, you are told to remove any accessories (e.g., glasses, hats, etc.) just before taking the video selfie. During the faceprint process, you need to follow instructions on the screen (in small type) to successfully complete the process. But you can’t read them because you have your glasses off!
Lack of Transparency on “Need” for Biometric Data
It is shameful that the DETR email didn’t at least outline what would be expected so claimants could be prepared before starting the process. It’s not just a problem for someone objecting on privacy grounds like myself, but also for those people who don’t have ready access to compatible technology. It’s an even bigger problem because the “Selfie” screen provides no information on any options! Going back to the email, it does say that you need to call if you can’t or won’t complete the process online to do the process manually (whatever that means), but it is also clear that doing so will delay filing and payment of your claims.
This is an absolutely ludicrous request at this point in the process. After over a year of mismanagement, with only weeks left of PEUC/PUC benefits and a filing system that is still a mess, how is THIS the priority? To ask thousands of Nevadans to allow a private party to store their biometric data with all the hacking that’s been going on, even for people who have been in the system for years, is just beyond the pale.
I am aghast that it is just assumed people will be comfortable submitting a selfie. There is no explanation of why this is necessary in addition to documents and previous means of verification. Just “snap a selfie!” I don’t snap a selfie very often for ANY reason and I sure as hell don’t want to provide it to a third-party who is working with multiple government agencies. I have been able to navigate successfully for many years without ever having to provide a selfie, so what has changed all of a sudden that biometric data can be required without even the slightest discussion of invasion of privacy or risk of identity theft?!?
Shifting the Burden and Risk to Claimants
What most surprised me in my research was that I didn’t find any reporting on concerns about using biometrics or having personal biometrics stored by a third-party*** (especially one that is not lacking in complaints). How is that possible, given the plan for this approach was apparently announced in April 2020 or so and was implemented for PUA and new UI claimants earlier this year? And why is Nevada going to these lengths?** (My suspicion is that states requiring biometric data got a “deal” from ID.me to use this feature to help train its AI. If that is the case, it should require transparency, informed consent, and an option to opt out.)
Requiring people to provide their SSN, an image of their license or passport, and video image data for their faceprint leaves claimants more exposed than any other common application. And it’s happening at a time of unprecedented hacking of companies doing business with governments and exposure of sensitive data? This involves a huge number of people, here in Nevada…and around the country. Keep in mind, you can’t replace your face if that database gets hacked!
I have followed biometric/facial recognition technology fairly closely over the last couple of years and have been really concerned about the implications of its wide use in China and its faulty trials in law enforcement. But this is going to a whole new level. And it’s every bit as coercive as anything the Chinese are doing, since there is no way around it for people who desperately need the financial support. A technology riddled with bias and high error rates has no place in a system that is already filled with obstacles.
What it looks like to me is that the State is looking to shift the burden of verification, the risk of financial loss (and potential RUIN, in the case of the individual), and the exposure to identity theft to the claimant who has far less resources, instead of finding a better way to close the fraud loop on its end. It’s hard to see this any other way, especially at a time when the “hackability” of so many companies doing business with the government and the antiquity of many of the government systems is in the headlines every week. It just compounds the problem by adding one risk on top of another and exposing more people and resources to more financial delays and crises.
Recommendations for Nevada DETR
- Communicate clearly and accurately.*
- Provide information on what will be asked of you in the process up-front (i.e., in the notification email and on the UINV screen after log-in).
- Provide notice more than a few days in advance, so people have time to locate documents, technology, etc.
- Offer an alternative way for claimants to verify their identity, or, better yet, eliminate the biometric element altogether since it is based on faulty “under-development” technology.
- Grandfather in claimants whose benefit eligibility is expiring in a matter of weeks. This would at least limit the exposure of a large number of Nevadans who have already likely jumped through the hoops necessary to be cleared of fraud.
- Avoid putting a layer of “high-tech” over a still-dysfunctional antiquated system. It’s not all about appearances for the people who have to navigate these monstrosities.
- Require ID.me to provide:
- More explanatory information on the screens used in the process
- More transparency on how faceprint data is used, what it adds to the process, the limited ability to delete biometric data
- Help/FAQ that actually and accurately addresses common user concerns in one easily accessible place
(See previous DETR recommendations at: Fixes for 7 Issues Causing Nevada Unemployment Frustration)
- Upon log-in to the UINV system, the screen indicates that if you have already had your identity verified through ID.me for another purpose, all you will have to do is click “Allow” for NV DETR.
- When I first accessed ID.me from the July 16 DETR email, the instructions indicated you could get a link sent to your phone to use the camera on it. However, the actual screens during the process indicated you needed to use the camera on the device you were currently using. This was updated by July 24 to work as the instructions indicated
- ID.me indicates you can request deletion of your biometric data by contacting firstname.lastname@example.org but also notes they may refuse. I tried this to see what happened, using a fraught emotional plea, and was promptly sent boilerplate to inform me the only option was basically to delete my account which would likely render me ineligible for any benefits.
**The ID.me unemployment help page lists FAQs for many states. Only Nevada and South Carolina reference a selfie; only Nevada references a video selfie. However, my research indicated that a number of other states are using it. So this could be further evidence of ID.me’s lax communications or of media confusion about what different states are requiring. As already noted, not all ID.me verifications have required faceprinting.
- House lawmakers launch investigation of face-scan contractor ID.me, as reported by The Washington Post on April 14, 2022 (WHAT took so long? Great question!)
- SIGN the Petition: Ban Facial Recognition (January 31, 2022)
***On July 27, after the Nevada requirement had been implemented, I did find a couple of articles in well-known media but still surprisingly few:
Reporting Found in Original Research
Detailed coverage from The Nevada Independent about the technical issues even tech-savvy people have encountered and how it has increased the difficulty of a process that was already a struggle
Other tales of trouble from The Verge, Identity Review, KTNV1, KTNV2