DOGE allies want more online identity verification despite its mixed efficacy

Some affiliates of billionaire Elon Musk’s U.S. DOGE Service are pushing for the government to require identity verification before paying out government benefits, as part of the administration’s fight against fraud.

Just this week, the Social Security Administration announced new requirements for people applying for benefits by phone to verify themselves online or in person, sparking concerns about access as the agency sheds employees and shutters offices.

Meanwhile, Rep. Marjorie Taylor Greene, R-Ga., called for more identity verification software on federal payment processors, citing claims that doing so could save a trillion dollars a year, although that savings forecast lacks evidence. Greene chairs a DOGE-focused subcommittee.

Earlier this month, a Musk associate in the General Services Administration also called the government’s digital identity proofing system, Login.gov, “a critical part of Government-wide efforts to promote efficiency and fight fraud.”

New testing results from the Department of Homeland Security’s research arm, however, show that the technology used to identity proof people online isn’t always effective.

Digital identity verification solutions that require people to take a photo of their physical ID and a selfie to prove that they are who they claim to be proliferated across some benefit programs during the pandemic. 

The government did face legitimate problems with identity theft-fueled fraud in some programs. The Government Accountability Office estimated that up to $135 billion in unemployment went out the door to fraudsters during the pandemic, with identity fraud being a “major contributor.”

One major factor in that spike, however, was Congress’ decision to initially not require documentation at all when it set up a new jobless aid program for gig workers during the pandemic, opening the door for bad actors. 

DHS tested each part of the process for commonly used digital identity checks — the technologies used to verify IDs, match selfies to photos of those IDs and check that someone isn’t spoofing the system.

Of over 3,000 combinations of different technologies for each of the three steps, only 5% worked at least 90% of the time in allowing legitimate, real people to successfully complete the process, said Arun Vemury, director of the biometric and identity technology center at the Science and Technology Directorate.

His team found that, among systems trying to match selfies with ID photos, just over half of the systems matched the pair over 99% of the time, although the best system matched 100% of documents to selfies.

Even in terms of rooting out bad actors, DHS found that only 63% of the tested systems rejected 99.9% of imposters.

As for detecting fake IDs from real ones, “the error rates were quite large,” said Vemury — so large that DHS didn’t even release details so as not to inform bad actors’ efforts. Physical licenses aren’t necessarily made with security features meant to be validated online, as opposed to in person. 

This isn’t the first time testing has shown a wide range in the performance of digital identity systems. When the government teamed up with academia to test five commercial solutions last year, only two produced equitable results across different demographics like race and ethnicity. 

Even companies providing digital identity verification don’t always know how well their solutions work. They often rely on feedback from their customers on how much fraud is getting through or how many real people are being blocked by the system as they try to find the right balance of both, said Vemury, who will be continuing further testing meant to push industry to improve these types of systems.