Recently had to perform this for a dependent family member due to online identity proofing failure when attempting to setup mail forwarding online. Super simple process. USPS provided a barcode via email, you can print or display on device. USPS staff scans barcode, requests identity documents, performs proofing, and upon approval, the exception flow completes and whatever action you requested proceeds. In and out in 5 minutes.
Really excited as this rolls out fully for Login.gov high IAL (identity assurance level) use cases (ie IRS logins). If someone from Login.gov can comment on why state IDs are accepted, but not US passports and other federal identity credentials, I would be interested!
(tangentially, behold, your government and two exceptional public goods [Login.gov and USPS] working for you efficiently and in public)
> state IDs are accepted, but not US passports and other federal identity credentials
Federal documents don't have authenticated addresses. The view seems to be that only state agencies are capable of verifying you actually live at the address on your ID (See Real ID for more context).
> Federal documents don't have authenticated addresses.
I wonder why that matters. If I am provably who I say I am, why is the address important?
Also, not specifically for you, but generally what about states that don't reissue IDs when someone moves? (I suppose their answer to that is "get an updated ID and try again".)
It's important to the USPS because the reason they want to know a person's identity is for the purpose of physically delivering mail to the correct address for that person.
> what about states that don't reissue IDs when someone moves
Do these exist? I'm not aware of any state that doesn't require you to update your address when you move.
> Will DMV send me a new DL/ID or registration card once my Change of Address is complete?
No. New documents are not issued when you change your address. However, you can request a replacement DL/ID or replacement registration card after you confirm that your address was changed successfully.
If you move, you must notify DMV of your new address within ten days. Submit a change of address online at dmv.ca.gov/addresschange or by mail. It is your responsibility to ensure DMV has your correct mailing address on record.
So, you are required to update your address, and DMV will have your correct address on file, but "you don't have to" update your license.
It’s about moving inside a state. I told the DMV of my new address, but my drivers license still has the old one. Maybe I could get it reissued, but that seems like a pain. Many people move more frequently than the license expiration period.
Every time I moved in Georgia, they mailed me a replacement license with my new address. Don't know if all states are like that but given the increasing desire to know people's whereabouts, I would guess many do. Georgia does say it can impose a fee of you move too many times during a license's validity period but haven't seen that actually happen.
In Australia, after you change your licence address, they mail you a small sticker with the updated addres, that is then stuck onto the back of your licence.
There's a small section marked on the back that is specifically for it.
I guess if you move multiple times within the expiry period, you can pull the old sticker off and replace it.
They just mailed me a new ID with the updated address in VA when I requested, was a lot less of a pain than having government documents that are wrong, imo.
In my state you're required to update your address, but they don't send you a new ID unless you pay for it.
So if you get pulled over and a cop runs your license it will show your new address. On the other hand the bars etc don't care they just look at DoB and expiration.
If you're purchasing a firearm though they do run the real address, and if it's not accurate you could be in trouble.
I can't imagine there is any state that lacks the option to update the address on your license after you move. Many will even send a sticker in the mail so you don't have to get a new card.
Yeah, my daughter tried to get into a bar, but they said she was only 19, so she put an Authentic Sticker over the birthdate, came back to the bouncer with the "update", and then had a great night out.
"try" isn't even needed. Example: Two people, living at the same address, whose names differ only in the middle initial. One person moves, submitting the change-of-address form. They then start to get some (or all) of the mail for the other person.
Four generations of men in my family have the same name other than suffix. At times three of them lived at the same address. It has caused a number of issues over the years, including unintended cross access to bank accounts. Despite the problems it sometimes creates, they seem to be amused by the confusion.
Man, I know why it's a thorny topic but sometimes I really wish we had a single identity system in the states, just one card that had all your licenses on it, driving/boating/hunting/ccw, and one API to pull all that info. Our county is too cheap/lazy to reissue pistol/sar permits if you buy, sell, or transfer a restricted weapon, instead opts to give you a piece of printer paper to go with it. You have to have that paper addendum with you whenever you're handling a restricted weapon, and you're fucked if anything happens to it, and you get caught.
They have a pathological fear of government overreach. An identity card issued by the government would lead to a slippery slope of something, not sure what. HN is fertile ground for such paranoia, so no doubt someone will explain exactly what will happen if all US residents received a free identification card.
Anyway, they get around this by using their Social Security Numbers everywhere. All residents have one. They use this in a novel way, where it’s both a username and a password, that you share with every corporation who asks. You’re supposed to keep it very secret because people can open financial accounts in your name with this number. But not that secret. Your utility company may ask for it and won’t provide service without it.
Since it’s both a username and password, it’s stored very securely. Except when it isn’t, breaches happen, and people have no recourse. It’s immutable, so they can’t do anything other than say “don’t process any credit checks for me” and hope that works.
Anyway, that’s the short version of why Americans are terrified of being assigned an ID, actually have an ID (SSN), but can’t use that ID because it’s super secret, but then use it everywhere anyway because they have no choice.
You have a charming way with words. Yes, national IDs and the right to bear arms are wrapped up in our national identity.
To paraphrase Charleston Heston, they can put a national ID in my wallet when they pry the AR15 from my cold dead hands. Never mind I am trusted traveler with global entry and I have a real ID state drivers license. Never mind the Chinese government hacked the federal Human Resources database all those years ago and have the data for anyone who took a paycheck from Uncle Sam.
> Both Republicans and Democrats have opposed a National ID system. President Reagan likened a 1981 proposal to the biblical “mark of the beast,” and President Clinton dismissed a similar plan because it smacked of Big Brother. A National ID would not only violate privacy by helping to consolidate data and facilitate tracking of individuals, it would bring government into the very center of our lives by serving as a government permission slip needed by everyone in order to work. As happened with Social Security cards decades ago, use of such ID cards would quickly spread and be used for other purposes – from travel to voting to gun ownership.
^ yep. SSNs are also terrible to collect, as they are hard to verify if the user even gave you a valid number, as there's no self checking system like credit cards, you have to check against some 3rd party database that may know who that person is, but can't be sure, or just may not know who they are. Also, if you fuck up, you screw over a lot of people.
Fun fact, until 2011 SSNs were loosely based on where you were born. If you were a bad actor and wanted to use a fake SSN, just change a couple of numbers at the end and you could get a new number of someone that was born around when you were, in the same hospital as you.
The "something" is a consolidation of federal power. The US is not a unitary state like most of the countries in Europe. The states hold a lot of power individually, and many want to maintain that as much as possible. The rules around identification are something that is significant to how people interact with their government and people do not want those rules to be decided federally when they can maintain that power locally instead.
> The "something" is a consolidation of federal power.
Ok but I still don't understand what power are you consolidating here.
If the federal government decided to issue an ID card valid for all citizens, what's the issue?
You already have something that work that way and it's the passport.
Now, I know that having a passport is not mandatory but if tomorrow the US government decided to issue passports, for free, to all citizens, would that be an issue?
A passport is only used for international travel, which was already under the purview of the feds. It is also only used for travel, which means that many people don't have one.
Drivers licenses (/IDs) are used for everything else pertaining to someone's daily life. In this way it affects how/who/where/when people drive, vote, buy and sell controlled things, engage in some financial transactions, travel domestically, obtain social benefits, etc.
It allows local authorities to be gatekeepers. A commonly used and carried federal ID would shift that gatekeeping authority to the feds. It could also enable additional gatekeeping which is not currently possible in the absence of this ID, which is a primary concern of the people who are against this.
Hidden deep in the fog of American politics, there is also a fear of triggering the folksy religious conservatives who fear/anticipate a literal "mark of the beast". To them, a national, compulsory ID number would signal the arrival of the Antichrist...
And yet for some reason that doesn’t apply to a state ID. It’s all just nonsense puppeteering of manipulable people because it’s profitable to have a dysfunctional federal government.
Not the person you are replying to, but... National ID cards tend to feel icky to people who live in countries that don't have them. People who already have them don't even seem to notice.
I think added to that is that Americans have a historical tendency not to trust any kind of federal govt oversight/information collection
The U.S. is rooted in freedom from overreaching governments. (Slavery, equality is a separate dimension). That's how we were formed. For a while we were nearly tribal and free. We got screwed over when we allowed a federal governemnt to "protect" us. The Bill of Rights was supposed to ensure we didn't lose our freedom. It should have kept us free but instead allowed key points of control like real estate tax incentives to enrich an oligarch class and now we have "corporotacracy." The recent/present leaders can not protect us without violating our rights to privacy... ...or won't.
Electric fences and RF food collars feel icky to cows in pastures that don't have them. Cows who already have them don't seem to notice.
For the same reason the UN telling every country they need a global ID for every citizen is a thorny topic. In the United States, the states are provided with fairly strong protections under the 10th amendment. This is the principle of federalism.
In many very important fundamental aspects, the USA is 50 different countries standing on top of each other wearing a long trench coat and pretending to be one country.
> Federal documents don't have authenticated addresses. The view seems to be that only state agencies are capable of verifying you actually live at the address on your ID (See Real ID for more context).
Real ID isn’t about this. Federally issued IDs like passports and NEXUS or Global Entry cards can be used in every context where the REAL ID Act’s requirements apply to state-issued driver licenses and non-driver IDs, without any exception I’m aware of, even though these federal documents are not proof of address.
But sure, your explanation might well be the justification behind this USPS / Login.gov policy.
> USPS staff scans barcode, requests identity documents, performs proofing, and upon approval, the exception flow completes and whatever action you requested proceeds. In and out in 5 minutes.
This is how code signing certificates should work. Better yet, let them be issued with a simple OAuth flow through sites like login.gov where people have already been verified.
The current system is the worst of everything. It's a convoluted process with geographically and culturally disconnected people doing verification for (primarily) businesses that don't even need to be tied back to a natural person or beneficial owner. To top it off, it's ridiculously expensive for an individual or open source project.
Microsoft also plays a huge role in propping up the currently broken system by trusting EV certificates more than personal certificates even though the identity of a natural person is far more valuable than the identity of a shell company that can easily be used by bad actors.
In one way I dislike identity verification systems like this because I think it's going to increasingly disadvantage people that are already less fortunate, but in another way I hope that it can be used to improve some of the terrible processes we have to endure when it comes to identity and trust.
The reason cert and signing costs are expensive is to discourage random people from signing up for accounts they don't need, or uploading useless apps.
This sort of "price people out of being annoying or doing things they don't remotely need" technique is extremely common in society.
EV certs involve a pretty lengthy number of checks, by the way. Having a PO box isn't enough.
I don't have a huge issue with the expense, but I don't think it should be a requirement. I think it should be more of an upgrade. For example, let me get a personal code signing certificate for $50 per year and then treat an organizational cert as an upgrade where I pay $500 to have my business name on the cert. I could even see a case for having $5000+ high value certificates.
The problem with that is the way companies like Microsoft handle them. Instead of telling the user "this is a low value cert", they put up a massive warning telling the user their computer is going to melt down if they trust it. It makes the decision of whether or not to run something binary and it's not.
I think a system where I could sign things as trivial as PowerShell scripts would be better than what we have now. Anyone I give something like that to is going to know me personally and can easily judge the trustworthiness of what they're running by seeing my name.
> This sort of "price people out of being annoying or doing things they don't remotely need" technique is extremely common in society.
From what I see, it makes things difficult for someone trying to provide fair value and favors anyone willing to price gouge their customers. Even worse, criminal activity is extremely high margin and industrial scale bad actors have no problem paying for things like EV code signing certificates.
> EV certs involve a pretty lengthy number of checks, by the way. Having a PO box isn't enough.
And, based on my experience, it's all a big clown show. The people doing the verification are at a huge informational disadvantage because (I'm assuming) they're in a processing somewhere with minimal training and are expected to verify identities for every jurisdiction in the world. It's like me trying to verify the identity of someone in China. No matter how much training you give me, I'm probably never going to be as good at it as a local would be.
The whole system could be better. I would prefer to see something where everything starts with a personal code signing certificate for a natural person and where getting an EV certificate requires an attestation from someone with a personal certificate. My identity is more valuable than a shell company.
There's no incentive for anyone to fix it either. The platform owners benefit immensely if people abandon a standardized code signing system in favor of the signing certificates they issue for their app stores. IMO that's half the reason Microsoft abused their market position to kill AppGet. Anything that improves competition for app distribution isn't going to be allowed.
> The people doing the verification are at a huge informational disadvantage because (I'm assuming) they're in a processing somewhere with minimal training and are expected to verify identities for every jurisdiction in the world. It's like me trying to verify the identity of someone in China. No matter how much training you give me, I'm probably never going to be as good at it as a local would be.
The USPS is in an ideal and probably unique position to implement verification. Each office already has a handful of people who know you, personally, by name and location. They could pre-verify a large number of people without collecting or distributing additional info.
Most of my USPS experiences are great once I actually get to the desk, but it might take 45-60 minutes of standing in line before I actually get there.
I always thought the USPS would be the perfect agency for more public outreach and goverment-citizen interaction.
It sounds weird when its stated, but they are the only government entity that sends an employee to your house 6 times a week. It could quickly turn distopian but I could imagine the mailman becoming your single stop for interacting with the government and its services.
I'm glad you had a good experience. I recently had a terrible experience with what should have been an even simpler verification process.
My wife and I ended up moving (within California) on short notice that overlapped my wife's unrelated trip out of the country. Despite very clear documentation on the USPS website about the documentation required for me to verify my wife's identity (and my relationship to her) in order to complete a Change of Address order on her behalf, the USPS employee immediately and aggressively accused me of attempting identity theft. No amount of showing him the USPS documentation about how to verify a spouse's identity would convince him.
At the second USPS office I tried, the guy was very nice, but also said that due to a high rate of identity theft they are refusing to do anything without the person there.
Luckily we only had a short interval where mail wasn't being forwarded before my wife returned and verified her identity in person, and probably didn't miss any important mail.
> but also said that due to a high rate of identity theft they are refusing to do anything without the person there.
This is the part of processes that annoys me the most. A company or agency will publish the rules they want people to follow, then there's a 30% chance that when I go to follow them, I will be denied because of an unpublished rule or an exception like this of "oh, well we're just not doing that right now."
The whole point of the USPS policies on being able to confirm a relationship is to avoid identity theft. If the policy is no longer going to be used then remove it! Or, better yet, update it.
With USPS, not to put too fine a point on it, there's also "I'm saying we're not doing this right now, because I don't want to do this work right now."
(With deference to all the other, amazing USPS folks I've worked with!)
I've found that USPS has a vast gulf between their IT systems (generally good!) and their line workers, as well as a huge training spread from line worker to line worker.
The best approach is usually to go to another postal branch when you run into a bad egg... and/or go during a time of day that it's quieter.
When you do it online they have some sort of risk estimation thing where you provide (if I remember correctly) a credit card and a phone number. When I completed mine online, it said I was instantly verified, but for my wife it said additional in-person verification was required. I suspect it's because she changed her name when we got married and whatever online identity service they use has a combination of her old and new names.
Their system is quite picky about address formatting (they ask to do a small transaction; you billing address better match the address USPS has for you exactly, stuff like RD vs road matters).
I ended up changing my billing address in my bank to exactly match what USPS wanted. Which worked, and was fine, but did leave me wondering what would prevent someone else from doing that with their own bank account if they wanted to change my address for some weird reason.
That's a combination of the human part of the USPS, plus automated validation/correction routines.
To the human part: If you send a letter to a residence; and only include a street address plus 5-digit Zip code, or a street address plus city/state without a Zip code; that's enough to get the letter through. The envelope might be scanned at the originating point, and the image sent to a human for review, or the letter might make it to a post office at/near the destination, and a human will take it.
Sticking with the "rd" / "road" example: When the bank goes to mail something to you, I wouldn't be surprised if they run the address through a validation program. That validation program would catch things like "rd", replace it with the appropriate term, and also generate the Zip+4 code. What's missing is feedback from that program. So the bank might continue to have "rd" in your address, even though it's wrong.
As it happens, the USPS actually has an online form for this service [0]. For instance, if I query "1600 pennsylvania avenue" in Washington, DC, then I get the full two-line address back on page 2, complete with the Zip+4 code:
1600 PENNSYLVANIA AVE NW
WASHINGTON DC 20500-0005
I've used this tool before to double-check some more wonky addresses before sending mail to them. I'd be surprised if they don't also offer an API for the service.
This works wonderful until the site tries to force the suggestion on you and your address is somehow wonky in the system like not existing at all or under a wrong or mis-ordered apartment number.
The USPS in-person method is an exceptional flow; it's only used if other options are unavailable.
If someone is ill, then you should use the remote options that are already available for ID verification. ID.me has tip for friends & family that are helping with this:
If a person is ill, and the normal (remote) methods don't work, my suggestion would be to reach out to the Postmaster for your local area (if you have multiple post offices in your area, there may be one Postmaster for all of them). Meet them in person and explain the situation. Before you reach out, get documentation from a local doctor to back up your case. Ask what options are available.
If someone is incapacitated, then identity verification is not going to work, but that's the point: If you don't currently have the capacity to participate in transactions, that responsibility falls to someone else (spouse, next of kin, power of attorney, court-appointed person), etc..
sure all that is great - but terrible side effect of the USA system is that every person must run through some gauntlet of ID systems.. two generations ago, some tax professionals and some government employees had to have super-rigorous profiles on file.. and the person agreed to that when they pursue that profession.. the dystopian parts come with the 75-year old widow with dementia or college student aka slacker has to adhere to similar standards to be basically functional.. there needs to be some middle ground, say some
Functioning identity systems are a component of a functioning government. I agree there should be very robust exception handling mechanisms to get folks on rails who fall off. Someone being able to prove they are who they say they are is only dystopian to a vocal minority.
If you don't want to drive, don't want to buy alcohol, don't want to travel internationally, etc, certainly, you can go without a state issued ID or driver's license, or a US passport. That is a choice. You're still going to need to prove who you are to rent formally, transact in real estate (buy a home with or without a mortgage), apply for state of federal benefits, obtain non emergency healthcare, etc.
> Functioning identity systems are a component of a functioning
> government.
That's a very strong and parochial claim.
Good, reliable, trustworthy, functioning government has existed for
between 5,000 and 10,000 years depending on which anthropology you
follow.
For almost all of that time, governments have had scant legibility
into the size or makeup of their population, barring a rather crude
census every now and then.
Identity at individual granularity happened practically yesterday, and
is still a project in progress for many nation states. It's really a
function of global travel, banking systems, modern social welfare
benefits and healthcare.
A well designed government does not need micro-relations with each and
every citizen, but works fine in aggregation, devolved autonomous
subsystems and heuristics.
The "Government needs to know all about you" is a technocratic conceit
less than 100 years old.
> Someone being able to prove they are who they say they are is only dystopian to a vocal minority.
There are plenty of non-dystopian ways for people to do that. I was able to prove that I'm ComposedPattern by typing my password. For a higher-stakes identity, I might provide biometrics or show that my appearance matches a previously-provided photo. Those things are possible without involving the state. In fact, it might surprise you to learn that people got healthcare and paid for housing before the early 20th century! The government doesn't enable people to prove who they are. It forces people to use a single state-controlled identity for, at first, just government services... then finance, then healthcare, then transportation... and now there are bills being proposed everywhere to require government ID for "age verification" to use porn sites or "social media".
One cpupd also use, and I think this might be a brilliant start-up idea, use a device, maybe a cube or so, to scan biometrics of people... Maybe in exchange for, I don't know, NFTs or so.
Or one could simply trust a democratically elected government with that instead...
Traditionally speaking, the United States did not agree with that. People argued against a national identity system, and even when SSNs first appeared it was stipulated that they not be used for identity.
> transact in real estate (buy a home with or without a mortgage)
FWIW: buying with owned funds is easy, selling is hard. Sellers don't really care about identity verification as long as the funds are good. OTOH, buyers/lenders/title insurance issuers do want the sellers' identities to be solid, because if they transacted with the wrong person, they are going to have a bad day. Lenders probably also want the buyer to be well identified, because it'll be a mess if not.
I recently had to deal with this here in the UK when selling my mother's house. She's 94, far into dementia and bed-bound, was a stay-at-home mom all her life. She had no photo ID of any sort, and since she'd been in a home for quite a while, no utility bills or any of the other things needed to prove identity in the modern world.
It took quite a while to work out something that would be accepted for the title transfer.
> Someone being able to prove they are who they say they are is only dystopian
it is intellectually dishonest, or motivated reasoning as they say, to imply that I said anything to the contrary. Perhaps you can reconsider that assessment of the comment ?
> the dystopian parts come with the 75-year old widow with dementia or college student aka slacker has to adhere to similar standards to be basically functional.. there needs to be some middle ground, say some
Did I read this wrong? It sounded like you were insinuating that these use cases shouldn't required strong identity assurance. If that is not what you meant, I apologize for reading the statement incorrectly. If identity credentials are provided at low or no cost to prevent marginalization or disenfranchisement, I see no issue. Those credentials are then leveraged for all other systems that require identity proofing. That widow will need to prove who they are for social security benefits, medicare, or to receive an estate from a deceased partner (including removing them from their home's deed if held together, or accepting retirement accounts as a beneficiary). That college student will need to prove who they are for government funding aid, student loans, and to enroll. Disenfranchisement is very real, but so is identity fraud.
People who want strong privacy and governance around identity aren't wrong, they are simply solving at the wrong OSI layer by saying the technical implementation of identity systems shouldn't be good. Fix tech problems with tech, fix people problems with people.
>Fix tech problems with tech, fix people problems with people.
If you've been in the industry for any significant amount of time (over a decade), you'd know that the way things work out is
A) Solve all problems (including people problems) with tech.
B) Create new problems as a result.
C) Goto A
D) As loopcount of A-C increases, the familiarity with how to solve people problems successfully and fully with people starts to wane.
E) Crappy people problem solving systems technically solved require and equip newer generations with survival skills to navigate the flawed technical solution, but not with the flexibility or experience to thrive in an environment without said systems or imagine an alternative process.
F) The world begins to look more and more insane and delocalized over time to new entrants, who now have to cope with the fact that biology equipped us to handle local state management, but increasingly, remote state management is becoming a required survival skill.
G) Human beings do not have network cards integrated into their biology. (Thank god.)
H) Duct taping on the technical solution to G) just makes the original problem we're trying to solve even harder.
I) Somewhere in here is a Paxos joke.
I'll even offer the example of blockchains and cryptocurrencies as an example of this flow.
Our financial system pre-2000's was heavily "Oh, this is a people problem", with heavy employment of "develop a human relationship to get things done." Post 00's, with things like AML/KYC, our institutions are skewing such that the digital metadata (and not the relationship between persons) is the kernel for getting things. This makes identity fraud easier, because now instead of your bank people getting to know everybody, it's "computer says yes/no". Enter cryptocurrencies (the penultimate technical solution, no human involved, just shluffing bits between private keys). Nobody knows anyone anymore. Nobody wants to. The reversal and fatfinger problem still exists and is even worse over those mediums. Now we also have new problems from everyone wanting to take all this financial activity and make it public. Making the original ID/Trust problem even worse.
Now everyone is required to understand network theory and distributed systems to be able to hew out a local truth state, but maximally ill equipped to do the actual hewing, because the skills that got you that truth state in the first place were social, which we've done everything possible to technically engineer away.
this post is such a treasure -- and manages to convey the actual feeling of frustration at seeing things simple made impossible. Another reason this post is a treasure is that it does not have to go way down the dark rabbit hole of .. oh nevermind that! definitely agree with this overview in reality of human efforts
> the dystopian parts come with the 75-year old widow with dementia [...] has to adhere to similar standards
I don't mean to strawman, but, isn't this all to prevent the 75-year old widow from losing her retirement savings by scammers? Don't let perfect be the enemy of good, sure there are issues, but there needs to be something.
this is a great point and absolutely a real problem.. the specific person I was thinking of, is getting phone calls daily on her new iPhone from strangers.. In the past, a licensed professional of some kind would be an intermediary over a committed period of time..
So how would that work if the IRS requires ID verification for my taxes and I live on the other side of the world, usually visiting the US every 2-3 years?
You bring up an interesting edge case though. I will reach out to my State Dept folks to ask about supporting Login.gov identity proofing IRL at embassies and consulates for expats.
Embassies are supposed to be helpful for this matter. I spent a few years abroad and needed to file ITIN paperwork for spouse and we went in together to get a certified photocopy of their passport for about $50. The IRS accepted this as binding as an American document.
That said, the IRS doesn't really want you on their sites if you don't have a US address. I struggled to get transcripts on the site (but they allow you to submit written requests for them). This is a reasonable thing for the IRS to implement given the significant interest in fraud from their systems from people overseas.
>the IRS doesn't really want you on their sites if you don't have a US address. ... This is a reasonable thing for the IRS to implement given the significant interest in fraud from their systems from people overseas.
Except that US tax law also requires that all US persons, worldwide, to file US tax returns (note: this is a superset of US citizens).
So if the law applies to expats and to anyone who has ever applied for a green card even if denied or not used or not revoked, then the system needs to support worldwide access.
The current IRS online account system with ID.me does allow signing up with foreign addresses, and then you can download transcripts there.
Your struggles were probably with the previous system, which only allowed creating an account with a US address. It did however allow placing an online request without an account for a transcript to be mailed to a foreign address. I did this successfully myself and received the mail in Canada.
This used to be what everybody in Germany had to do to open a bank account or request a new credit card, until the alternative of KYC by video call became popular.
It's not efficient by any means, but in my view it beats the US practice treating an SSN as a password, together with bizarre "security questions" sourced from public records that some banks use as a "verification method". And no, "phone number verification" (that really only works for phone numbers with the big three mobile carriers) should also never have been a thing.
I really, really hope to see a usable-by-everyone identification method one day, as opposed to "usable by enough", with a sizable fraction of the population just being denied access to credit, banking, and more, just because they don't exist in the expected form in some creepy data miner's database.
Ironically, German ID cards support exactly such a method: You can just tap it on your iOS or Android phone for a "qualified electronic signature" as defined by EU law. And as a non-citizen, you can now finally get an "e-ID only" card, so nobody is excluded from that scheme! Unfortunately, I don't know a single person that remembers their six-digit PIN that's required for that feature...
These systems are remarkably hostile to recent immigrants.
PostIdent (go to post office, get verified, send confirmation by mail) does not support Indian passports, among many others. The video replacement has the same flaw. You are legally entitled to a bank account, but a large portion of immigrants are left out.
Many banks now require a plastic residence permit. In Berlin it takes a few months to arrive. How do you pay your rent while you wait?
The residence permit is an eID, but I don't know anyone who activated it. You get an activation code weeks before the permit arrives, but it doesn't explain why it's useful and the activation requires an in-person visit somewhere. So I'm told; I have not activated mine.
Soon they want to use the eID for the address registration. This would save everyone an in-person appointment... except immigrants who must register long before they get a residence permit.
Fortunately, there are old Germans who must also be accounted for, so old-fashioned bureaucratic services exist in parallel.
France allegedly has a good method: the postal worker knocks at your door and verifies your identity.
I'm not Indian, but I help people immigrate for a living.
There is no straight answer. It's just complicated. You either send money through another channel, or choose from a smaller selection of banks until you get a residence permit. I can't answer so easily because I opened my account 8 years ago and things got harder since then.
Say what you want about Indian bureaucracy, but Aadhaar is a good example of a system that’s been designed to be accessible to every single segment of society, even people with minimal documentation or little access to technology at home. EU bureaucracy (and German bureaucracy in particular) doesn’t even try.
I discovered this recently when I wanted to use the gloriously named AusweisApp2 (ID app 2, superseding a PC app which was at least forward thinking enough to be called ID app 1).
In theory it's simple to request a new pin - you can even do it within the app! However I've moved since I acquired the card, and so instead of the reset mails going to my registered address, I can only assume they went to the address stored on the card. And in a catch-22 of course you can only update that with a pin...
But no worries, you can simply book an appointment at your nearest buergeramt to have a pin reset in person; except there are no free slots in the next 3 months.. anywhere!
I needed documents for a new visa, which should give me a new card (and hopefully a new pin!), which ultimately turned out to be faster to do than trying to sort out the damn pin
Poland does this too, if you want to create a trusted profile (essentially an SSO account for government services), in-person verification at a post or municipal office is an option.
A far more popular option is logging in via your bank, which is an excellent idea IMO, as they already have your data anyway and can usually verify that it's you with fairly high confidence.
> A far more popular option is logging in via your bank
The US has that too, in a way – I've once had a call center agent of a prospective new bank call my existing bank and have _them_ verify my identity on the line!
Of course, that identification then was also only the usual "what's your dog's zodiac sign" and "which gives you more goose bumps, nails on chalkboard or fingers on unpainted concrete".
I bought pet insurance at one point for a dog and now I regularly get quizzed on pet names when I get those questions. It will be things like “have you ever owned a pet by the name of a b c” and the answers are absurd because they are pet names.
The best one was Ulysses S Twinkletoes. I still have a screenshot of that years later
Why is it not efficient though? How many times do you need to open an bank account? Once every few years. And I think you need to do it once to establish a relationship, once you have it, opening an additional account would not require another trip. Seems reasonable and secure.
The US banks aren’t exactly eager to offer market level interest rate either. KYC has very little to do with deposit interest rate. They don’t have to, so they don’t.
> together with bizarre "security questions" sourced from public records
I just had one the other day give me a multiple choice option for the last 4 digits of my SSN. The same SSN I had free form typed into a box a half page up.
I know that one (and use it for IRS stuff!), but I have yet to find a single bank that actually uses that, rather than "give us your SSN, address, and a list of three states in which you don't own property"...
It would be awesome if a community-services provider could set up something similar, but it's worth noting the USPS does have two services which might work:
That's truly ironic – in Europe, the giro/wire transfer system has its roots in the postal service in many countries!
In the US, a similar thing happened for American Express and Western Union, which also started out as postal and telegraph service providers before they became financial service providers.
I would like USPS issue an unalienable e-mail addresses. Ideally, I want to be able to use an email provider of my choosing, but MX records does not allow configuration of email server per address. So realistically, email relay.
I'm a huge fan of login.gov – It's just really nicely implemented, simple to use, accessible, and I love their reuse of well thought out ideas in the Federal Government of IALs (Identity Assurance Levels).
I hope this system expands further, and even that local governments also start to use it.
They should expand this service to make the USPS some profit, and offer to banks, credit cards, real estate, city/state governments, etc. to combat the rising (maybe perceived, but certainly lots of real) problems with proving someone's real identity and fraud.
The virtual world has opened up new channels for fraud and it seems government is just way behind on this. Almost to the level that some institutional trust is starting to break down (not to be too exaggerated about it though). (see pandemic relief funds)
Very cool, I hope this gets widespread enough to become the default way to prove identity online. I know a lot of people are very concerned about preserving the right to be anonymous, but it should be equally concerning that it's difficult to not be anonymous without involving a giant corporation.
Would it be too much to ask for a Keybase style app on top of this? One can hope...
I hope it doesn't become the default for most sites (which have no need for your actual identity) but for many use cases I can see the need for varying levels of identity tied to your real identity.
Minimally, login.gov could issue a (globally) unique token which they will only issue one per user per site, which would effectively allow the site to enforce a 1:1 human:account ratio (or at least know which accounts are linked to which humans) without disclosing any actual details of the human.
> I hope it doesn't become the default for most sites (which have no need for your actual identity) but for many use cases I can see the need for varying levels of identity tied to your real identity
Varying levels is probably the right approach.
For most sites all they need to know when I create an account is that I control the email address that I am using to sign up. If I ever again need to prove my identity to them proving that I receive email at that address is good enough.
For the site that provides my email address they need something other than email to identify me.
If I'm using an email provider that lets you bring your own domain, they could use proof that I control the DNS for that domain as proof of identity.
How to prove identity to my domain registrar? I could use an email address that is not hosted somewhere that depends on my proof of domain ownership, like gmail or my ISP, but that is probably not a good idea. Ultimately, my ability to prove my identity at most sites would depend on proving identity to my domain registrar (or to my email host if I don't have my own domain), and so making that depend on remaining in good standing with Google might not be wise.
What we need for proving identity to a domain register (or an email provider if you don't have your own domain) is something that we can be sure we can rely on, because in the worst case when you've been massively hacked and your identity has been stolen at multiple sites and services that is going to be the identity proof you count on to let you recover everything else.
For that something like the USPS identity service would be great.
95% of the worlds population are not in the US, and I expect most of us have no interest in handing our personal data over to an entity that had proven over and over it can't even avoid abusing its own citizens data, let alone foreigners.
This is way better than the "20 questions" identity verification that works by asking you multiple-choice questions about your credit report. I have about a 80% success rate with those.
This is how it should be done for mission critical stuff. We already invest in USPS infrastructure, this is a good use for it. I don’t want another id.me to use a gov service.
Somewhat related: you can request your US federal-level rap sheet (“Identity History Summary”) from the FBI for a small fee, commonly done as part of an application process for a long-term visa abroad. If you use their online form to request it, they’ll give you a barcode you can take to a participating post office, where they will collect your fingerprints digitally.
For some postal employees easy access to credit card mailings is irresistible and they get prosecuted for credit card fraud..
The specifics of what they record in a verification is a bit vague and I would be concerned that some would sell celebrity accounts, or a way to get into an account used for private financial access, etc, even if the access to identity with other government agencies is theoretically a bigger pot.
If the person seeking proofing is enrolled in Global Entry or PreCheck, the USPS could support automated facial recognition proofing at USPS kiosks, as CBP maintains facial biometrics for trusted traveler programs. Can USPS kiosks run a sandboxed app to do this? Can you trust the data connection between the kiosk and federal agency systems with such sensitive data? Great questions.
Definitely a stretch goal considering resourcing, inter agency partnership challenges, and uptake of trusted traveler programs across the general populace, but not technically infeasible. TSA is already testing automated credential proofing terminals at airport checkpoints, for example, and CBP Global Entry terminals for international arrivals are already automated kiosks.
(you probably don't need this if you have global entry, but fun thought experiment considering data sources and technology implementation feasibility; maybe upgrade someones IAL automatically at Login.gov when they're doing their Global Entry or PreCheck interviews at CBP?)
I said it could be done, not that it was a good idea. My apologies if that wasn't more clear from my comment. I agree we should be investing more broadly in government to maximize accessibility.
Tangentially, to share what is inside my head when I think of problems like this, I think "How could these events that would normally need to be explicit be automatic in the background? So that when it happens, it delights the government service consumer and feels like magic." If someone goes, "Wow, that was fast!" or "Wow, that was painless!", or just "Wow!" in general, government is delivering on its mission, and removes excuses for folks who would say "government is ineffective."
Trusted traveler programs have pretty wide latitude for removing members (for example, for something as small as not declaring a banana in your bag or bringing a spouse without global entry into that lane) and aren’t setup for use as identity verification. Plus it’d be a very small percentage of Americans - remember only around 55% have a passport. The amount with global entry will be a small percentage of that.
This confuses trust with identity verification. Anybody should be able to get identity verification, to verify that they are the same person they were at some previous time. That's useful for recovering accounts, from bank accounts to social media.
Is it OK to force folks to go to the Post Office to verify their government issued ID, in order to say receive benefits or pay a tax or fee? It is exclusionary to verify ID when voting, so what is the difference here?
It's exclusionary when voting (in the US) because (1) the states passing stricter voter ID laws are often at the same time are passing laws making it harder for people to get satisfactory ID, and often the things that are making it harder (closing offices that can issue ID, reducing hours of the offices that remain open) hit much harder in poorer and minority areas (which also happen to be the areas least likely to vote for the party that enacts these laws...), (2) voter fraud is incredibly rare in the US so they aren't actually solving any real problem, (3) and the voter fraud that does occur almost always is via absentee ballots and so is not addressed by the voter ID laws.
There are a ton of references in this comment [1] if you want more information on this.
If they would first implement a good ID system that makes it so every eligible voter can get a suitable ID easily and for free (like I believe much of the rest of the word does) then very few would object to voter ID.
A lot of people are in the post office on a regular basis for reasons other than this service. There's an established process for applying for passports like this. What's wrong with expanding identity verification, which is something that we've learned again and again over the past 30 years cannot be done securely online?
It's not a forced method, its an option. In my experience setting up my own Login.gov account, and helping family members with theirs, the online methods have frequent and frustrating technical difficulties. This option may be preferable than spending an hour or two trying to get the Login.gov mobile website to actually use your device's camera.
I haven't actually used the system in question; I'm just speculating based on my frustration with the increasing number of banking, trading, and even taxi booking apps that will refuse to work on modified phones.
https://www.login.gov/help/verify-your-identity/verify-your-...
Really excited as this rolls out fully for Login.gov high IAL (identity assurance level) use cases (ie IRS logins). If someone from Login.gov can comment on why state IDs are accepted, but not US passports and other federal identity credentials, I would be interested!
(tangentially, behold, your government and two exceptional public goods [Login.gov and USPS] working for you efficiently and in public)