EPIC Urges GSA to Prevent Privacy Harms from New Fraud Prevention Tools on Login.gov

In comments to the General Services Administration, EPIC urged the agency to limit contracts for fraud prevention to a single third-party provider and to investigate and consider abandoning behavioral analytics techniques. Login.gov is a sign-on service for members of the public to access information and services from various federal agencies. The GSA currently contracts with data broker LexisNexis for fraud prevention and identity proofing services. EPIC also urged the agency to carefully audit any risk-scoring practices by LexisNexis and provide individuals with a clear avenue for appeal when an account is flagged as potentially fraudulent. 

EPIC regularly engages on federal identity verification policy. An EPIC-led coalition of privacy and civil liberties groups urged federal and state agencies to end their use of identity-verification through facial recognition provider ID.me and other face verification services. IRS rolled back its plan to use ID.me after criticism from members of Congress, EPIC, and many others. The company came under fire for forcing individuals to submit to intrusive facial recognition identity verification, subjecting people to long wait times for verification, and misleading the public. Individuals can join organizations pushing back against the use of face verification by signing this petition to Dump ID.me.