EPIC Urges GSA to Minimize Use of SSNs, Limit Unnecessary Fraud Prevention Practices on Login.gov

In comments to the General Services Administration, EPIC urged the agency to limit contracts for fraud prevention to a single third-party provider and to investigate and consider abandoning behavioral analytics techniques. Login.gov is a sign-on service for members of the public to access information and services from various federal agencies. The GSA currently contracts with data broker LexisNexis for fraud prevention and identity proofing services. EPIC also urged the GSA to more aggressively limit the transmission of Social Security Numbers (SSNs) to only necessary applications.

EPIC works to protect people interacting with the government by pushing for the most privacy protective standards for digital identity. In 2020 an EPIC-led coalition of privacy and civil liberties groups urged federal and state agencies to end their use of identity-verification through facial recognition provider ID.me and other face verification services. Last month, EPIC urged the Financial Crimes Enforcement Network (FinCEN) to require strong privacy and security protections in their Consumer Identification Program (CIP) Rule that governs how banks obtain Social Security Numbers (SSN) for customers.