As further proof that I am celebrating, rather than hiding, my “seasoned” experience—and you know what the code word “seasoned” means—I am entitling this blog post “Take Me to the Pilot.”
Although I’m thinking about a different type of “pilot”—a pilot to establish that Login.gov can satisfy Identity Assurance Level 2 (IAL2).
A recap of Login.gov and IAL2-non compliance
I just mentioned IAL2 in a blog post on Wednesday, with this seemingly throwaway sentence.
So if you think you can use Login.gov to access a porn website, think again.
From https://bredemarket.com/2024/04/10/age-assurance-meets-identity-assurance-level-2/.
The link in that sentence directs the kind reader to a post I wrote in November 2023, detailing that fact that the GSA Inspector General criticized…the GSA…for implying that Login.gov was IAL2-compliant when it was not. The November post references a GSA-authored August blog post which reads in part (in bold):
Login.gov is on a path to providing an IAL2-compliant identity verification service to its customers in a responsible, equitable way.
From https://www.gsa.gov/blog/2023/08/18/reducing-fraud-and-increasing-access-drives-record-adoption-and-usage-of-logingov.
Because it obviously wouldn’t be good to do it in an irresponsible inequitable way.
But the GSA didn’t say how long that path would be. Would Login.gov be IAL2-compliant by the end of 2023? By mid 2024?
It turns out the answer is neither.
Eight months later we have…a pilot
You would think that achieving IAL2 compliance would be a top priority. After all, the longer that Login.gov doesn’t comply, the more government agencies that will flock to IAL2-compliant ID.me.
Enter Steve Craig of PEAK.IDV and the weekly news summaries that he posts on LinkedIn. Today’s summary includes the following item:
4/ GSA’s Login.gov Pilots Enhanced Identity Verification
From https://www.linkedin.com/posts/stevenbcraig_digitalidentity-aml-compliance-activity-7184539504504930306-LVPF/.
Login.gov’s pilot will allow users to match a live selfie with the photo on a self-supplied form of photo ID, such as a driver’s license
Other interesting updates in the press release 👇
And here’s what GSA’s April 11 press release says.
Specifically, over the next few months, Login.gov will:
Pilot facial matching technology consistent with the National Institute of Standards and Technology’s Digital Identity Guidelines (800-63-3) to achieve evidence-based remote identity verification at the IAL2 level….
Using proven facial matching technology, Login.gov’s pilot will allow users to match a live selfie with the photo on a self-supplied form of photo ID, such as a driver’s license. Login.gov will not allow these images to be used for any purpose other than verifying identity, an approach which reflects Login.gov’s longstanding commitment to ensuring the privacy of its users. This pilot is slated to start in May with a handful of existing agency-partners who have expressed interest, with the pilot expanding to additional partners over the summer. GSA will simultaneously seek an independent third party assessment (Kantara) of IAL2 compliance, which GSA expects will be completed later this year.
From https://www.gsa.gov/about-us/newsroom/news-releases/general-services-administrations-logingov-pilot-04112024#.
In short, GSA’s April 11 press release about the Login.gov pilot says that it expects to complete IAL2 compliance later this year. So it’s going to take more than a year for the GSA to repair the gap that its Inspector General identified.
My seasoned response
Once I saw Steve’s update this morning, I felt it sufficiently important to share the news among Bredemarket’s various social channels.
With a picture.
For those of you who are not as “seasoned” as I am, the picture depicts the B-side of a 1970 vinyl 7″ single (not a compact disc) from Elton John, taken from the album that broke Elton in the United States. (Not literally; that would come a few years later.)
By the way, while the original orchestrated studio version is great, the November 1970 live version with just the Elton John – Dee Murray – Nigel Olsson trio is OUTSTANDING.
Back to Bredemarket social media. If you go to my Instagram post on this topic, I was able to incorporate an audio snippet from “Take Me to the Pilot” (studio version) into the post. (You may have to go to the Instagram post to actually hear the audio.)
Not that the song has anything to do with identity verification using government ID documents paired with facial recognition. Or maybe it does; Elton John doesn’t know what the song means, and even lyricist Bernie Taupin doesn’t know what the song means.
So from now on I’m going to say that “Take Me to the Pilot” documents future efforts toward IAL2 compliance. Although frankly the lyrics sound like they describe a successful iris spoofing attempt.
Through a glass eye, your throne
From https://genius.com/Elton-john-take-me-to-the-pilot-lyrics.
Is the one danger zone
Postscript
For you young whippersnappers who don’t understand why the opening image mentioned “54 Years On,” this is a reference to another Elton John song.
And it’s no surprise that the live version is better.
Now I’m going to listen to this all day. Cue the Instagram post (if Instagram has access to the 17-11-70/11-17-70 version).