I am stating here in the strongest possible terms that I consider the website ID.me to be hugely insecure and putting enormous amount of extremely sensitive personal data at risk
I and many people like me have been forced to use this site to supposedly verify identity to the satisfaction of the likes of EDD, DMV et cetera et cetera. I have been forced, in order to become eligible for PUA & so called “Real ID” to upload information and photographs that I consider extremely sensitive, including my own likeness in stills and video to a lower level functionary person at some kind of datacentre where I could clearly see other people walking around in the background.
This itself and alone is a violation of confidentiality and security
I will be demanding a data dump of everything they have on me and requiring its deletion once my verification is done, if ever.
This is California Law, weakly enforced and undoubtedly will take as long or longer than the original application- By which point it can have been misappropriated and misused in copies.
This seems to have a follow of the disclosure that the EDD up until the end of 2020 had indiscriminately handed out benefits to the likes of federal prisoners and obviously false identity individuals –
In a massive slamming of doors after horses have bolted I have now become essentially the target for identity theft which I have scrupulously avoided since starting working on the Internet over 20 years ago – I closely guard my address Social Security number identity cards, credit cards my likeness and anything that could personally identify me which essentially has all been given away in a few short days to several organizations that literally have no idea what they were doing even before the onslaught of a pandemic.
While I have no direct evidence that ID.me itself is doing anything wrong, its methods Reek of hackability and vulnerability and simple lack of due diligence – with similar features to the sites hacked: Sony, Experian, Chase, Home Depot, Yahoo!…..
I was never given an opportunity, or any alternative to make an appearance in person with identifying documents and was never able to reach a person on the telephone for any effective identification.
So from bureaucratic incompetence those who are supposed to be served are put in a severely vulnerable position and I am stating for the record that I consider this unacceptable given that there are better ways to do it rather than loading the onus on the consumer or client.
Bureaucratically the use of the single point of failure like ID.me “makes sense” and also from a budgeting point of view and certainly saves paperwork but that the ultimate cost to the end user which is bound to come, mark my words, usually disclosed by independent parties and not the result of any in-house diligence.
I am sure the Form letter already exists:
“We take our clients security and confidentiality Very Seriously, and value the trust placed in us”. Not.
The average cost of an identity theft is about $1500 and uncountable uncertainties for further violations of finances and privacy.
Being as ID.ME says it’s “one of only three federally recognized sites for identity solutions” I might feel more confident if they had posted a financial bond to assure conpensation when they fail:
No such guarantee is shown.
One might consider the Titanic was manufactures to shipping standards of the day-
I await the sinking of this enterprise with due interest and not a little trepidation
that’s it. For now. Not the end of this particular story.