Public Benefits, Private Vendors: How Private Companies Help Run our Welfare Programs

If you’ve been following EPIC’s work on the algorithms used in public benefits programs, you may have caught something unusual: although we talk about public welfare programs, most of the systems we’ve uncovered are developed by private companies. That isn’t a coincidence. While a few state agencies have developed their own technical systems for public benefits programs, a large and growing number of states have chosen to outsource the technological systems undergirding public benefits programs to private vendors who promise accuracy, efficiency, and cost-savings. In reality, EPIC’s research suggests the opposite: many vendor systems are costly, prone to bias and error, and developed without considering agencies’ unique needs.

Understanding the role that these private vendors play in public benefits programs is just the first step to understanding the risks and harms facing public benefits recipients. But it’s an important step. Throughout this blog post, we’ll explore how private vendors—some of the largest companies in the country—have rapidly solidified their place within our public benefits landscape using proprietary data systems and marketing gimmicks. We’ll highlight the outsized power that private systems have over public benefits—power that private vendors have used to enrich themselves while exposing our most vulnerable communities to harm. And we’ll consider existing and potential reforms meant to improve our public benefits systems and protect those who use them. For millions of Americans in need, extensive data collection, faulty vendor systems, and harmful automated decision-making are part and parcel of their daily lives.

Procurement: When and Why do State Agencies Rely on Private Contractors?

Privatizing public benefits programs isn’t the only way for public benefits programs to meet the growing needs of benefits recipients—it’s just the result of active efforts by politicians and lobbyists to defund agencies and privatize public services. State agencies can and have successfully managed their public benefits programs without relying on private vendors. For example, Oregon’s Department of Human Services, Aging & People with Disability (APD) has, since 1995, relied on its own network of digital systems to facilitate long-term care needs under Medicare and Medicaid. And while these systems have evolved over time, they have never replaced or undermined case worker decision-making; their systems do not automate any eligibility determinations or authorizations and do not rely on third-party datasets.

So how did private vendors become such powerful players in the public benefits space? The answer is three-fold. First, many agencies are forced to rely on private vendors because state legislatures refuse to allocate enough funding for agencies to manage and update their public benefits programs internally. Powerful companies like LexisNexis and Maximus exploit this fact, spending millions of dollars to lobby state and federal legislatures for lucrative benefits privatization opportunities. When state agencies submit Requests for Proposals (RFPs) for private vendor contracts, these same companies leverage their size and data capabilities to submit highly competitive bids—bids that can include ongoing system maintenance provisions that lock agencies into long-term, exclusive vendor contracts. And once these major vendors set up shop in a few states, the rest began to follow suit: during the initial COVID-19 shock, for example, agencies in states like Illinois saw the work that vendors like Deloitte were doing and pursued “no-bid” contracts to bypass the competitive bidding process normally required and work directly with major private vendors.

For their efforts, many private vendors have profited greatly off public funds. As agencies in states like Maryland, Michigan, and Nevada turned to private vendors to fix outdated benefits systems and meet increasing benefits needs, major government contractors like Deloitte, Thomson Reuters, and LexisNexis began offering wholesale tech solutions for benefits administration, providing online portals and proprietary algorithms designed to screen eligible applicants and detect welfare fraud. They made a killing. During the COVID-19 pandemic, alone, Deloitte made over $410 million from fraud detection contracts, including over $33 million and counting in Illinois alone. Thomson Reuters has similarly profited off COVID-era case management and fraud detection contracts: in California, for example, the company made $771,000; in Illinois, it made over $850,000; and in Washington, D.C., it made $295,000. And in 2021, the Department of Labor gave LexisNexis $540 million to implement unemployment insurance fraud detection systems across the country. The broader trend of privatizing public benefits programs extends beyond the COVID-19 pandemic—and beyond these three vendors—but these few examples already total almost $1 billion dollars spent by state and federal agencies on private vendor systems.

The Problem: Private Vendor Systems Can Facilitate Harm and Reduce Accountability

A growing number of state agencies rely on private vendors to operate their public benefits programs, but what does that mean, exactly? Private vendors promise everything from increased efficiency and cost-savings to better data security, but these promises hide some very real—and very pressing—problems with private benefits systems.

When state agencies contract with private vendors for public benefits technologies, they alter the benefits recipient experience in important ways. Where a recipient once had an ongoing relationship with a case worker, they may now be required to upload information and receive benefits updates through an online portal. The information they submit may be automatically evaluated for eligibility, flagged for review, or even used to reduce or eliminate benefits outright without human intervention. And applicants may not even know they need to correct errors or provide additional information before their benefits are reduced or terminated; the automated systems that private vendors sell do not always notify applicants before making their benefits determinations. Worse yet, automated vendor systems may be biased, disproportionately denying benefits to applicants of color using proxy variables like zip codes and criminal records, or flawed, erroneously flagging recipients for fraud and leaving them without benefits for weeks or months at a time. Far from improving the allocation of public benefits, these systems can inject confusion and discrimination into public benefits programs.

The problems don’t stop at faulty and biased systems, though. Agencies’ reliance on private vendors makes it harder for the public to understand how public benefits programs work and how recipients’ data are used as well. When EPIC tried to use open records requests to access the source code and error rates for the Pondera software used by the Illinois Department of Employment Services—benefits software provided by a subsidiary of Thomson Reuters—we were told that the information was “proprietary and confidential.” Because open government laws like the Freedom of Information Act only permit the public to access certain public records, any proprietary information from private vendors is off-limits and hidden from view. It becomes much harder to uncover how public benefits determinations are made—and to hold agencies accountable when they fail benefits recipients.

Private benefits systems also raise privacy and data security concerns. Although many vendor contracts put restrictions on how benefits recipient data can be used, data breaches and abuses still happen. Take ID.me for example: the major provider of identity verification and fraud detection software promised states high-quality services and data security, but behind closed doors they shared recipients’ social security numbers in Slack messages and gave employees access to confidential user data without any background checks or other privacy precautions.

What’s Next: Reforms are Underway—but They’re Not Perfect

Despite these problems, there is good news: public backlash and efforts by legal aid organizations are forcing agencies to think harder about the vendors they contract with and the automated systems they use. Take Legal Aid of Arkansas, for example. Back in August, EPIC Scholar In Residence Virginia Eubanks interviewed them about their victory in Arkansas Division of Workforce Services v. Legal Aid of Arkansas, where they argued—and the Arkansas Supreme Court agreed—that an Arkansas agency couldn’t hide crucial information about its unemployment fraud systems from the public. Two months later, Legal Aid of Arkansas won another landmark legal victory against harmful automated benefits systems when the Eight Circuit ruled in Elder v. Gillespie that Arkansas agency officials could be held personally liable for the harms that their automated Medicaid system caused.

In a small but growing number of states including California and Washington, legislative efforts are also underway to enact algorithmic oversight mechanisms that keep automated benefits systems under control. From independent audit requirements and algorithmic impact assessments, these legislative proposals may halt the worst harms of automated benefits systems before they occur. However, reporting requirements and system-specific litigation only go so far to rein in the powerful private vendors within our public benefits programs. To combat the systemic, long-term challenges facing public benefits programs nationwide, we’ll need broader support—and greater funding—for the agencies administering public benefits themselves. Austerity measures weaken our legal protections while empowering private vendors, and regulating the automated systems vendors provide is only one part of combatting discrimination and harm in our welfare system.