identity – Page 20 – Bredemarket

The Double Loop Podcast Discusses Research From the Self-Styled “Inventor of Cross-Fingerprint Recognition”

(Part of the biometric product marketing expert series)

Apologies in advance, but if you’re NOT interested in fingerprints, you’ll want to skip over this Bredemarket identity/biometrics post, my THIRD one about fingerprint uniqueness and/or similarity or whatever because the difference between uniqueness and similarity really isn’t important, is it?

Yes, one more post about the study whose principal author was Gabe Guo, the self-styled “inventor of cross-fingerprint recognition.”

From https://www.linkedin.com/in/gabeguo/.

In case you missed it

In case you missed my previous writings on this topic:

My first post, “Claimed AI-detected Similarity in Fingerprints From the Same Person: Are Forensic Examiners Truly “Doing It Wrong”?” was (1) primarily my perspective, and (2) written before I read the actual paper.
The second post, “Did the Columbia Study “Discover” Fingerprint Patterns?” was written after I looked at the paper (“Unveiling intra-person fingerprint similarity via deep contrastive learning“) myself, but again suffers from being primarily my own perspective (albeit augmented by people who knew what they were talking about).
I also wrote something only on Lin k edIn (and Facebook) that cited a CNN article that quoted Christophe Champod and Simon Cole. (Interestingly enough, my last post on Cole concerned how words matter, which is appropriate in this discussion.) Unfortunately, the person who wrote the CNN headline (“Are fingerprints unique? Not really, AI-based study finds”) didn’t pay attention to a word that Champod and Simon Cole said.

But don’t miss this

Well, two other people have weighed in on the paper: Glenn Langenburg and Eric Ray, co-presenters on the Double Loop Podcast. (“Double loop” is a fingerprint thing.)

From https://doublelooppodcast.com/about-us/.

So who are Langenburg and Ray? You can read their full biographies here, but both of them are certified latent print examiners. This certification, administered by the International Association for Identification, is designed to ensure that the certified person is knowledgeable about both latent (crime scene) fingerprints and known fingerprints, and how to determine whether or not two prints come from the same person. If someone is going to testify in court about fingerprint comparison, this certification is recognized as a way to designate someone as an expert on the subject, as opposed to a college undergraduate. (As of today, the list of IAI certified latent print examiners as of December 2023 can be found here in PDF form.)

Podcast episode 264 dives into the Columbia study in detail, including what the study said, what it didn’t say, and what the publicity for the study said that doesn’t match the study.

Eric and Glenn respond to the recent allegations that a computer science undergraduate at Columbia University, using Artificial Intelligence, has “proven that fingerprints aren’t unique” or at least…that’s how the media is mischaracterizing a new published paper by Guo, et al. The guys dissect the actual publication (“Unveiling intra-person fingerprint similarity via deep contrastive learning” in Science Advances, 2024 by Gabe Guo, et al.). They state very clearly what the paper actually does show, which is a far cry from the headlines and even public dissemination originating from Columbia University and the author. The guys talk about some of the important limitations of the study and how limited the application is to real forensic investigations. They then explore some of the media and social media outlets that have clearly misunderstood this paper and seem to have little understanding of forensic science. Finally, Eric and Glenn look at some quotes and comments from knowledgeable sources who also have recognized the flaws in the paper, the authors’ exaggerations, and lack of understanding of the value of their findings.
From https://doublelooppodcast.com/2024/01/fingerprints-proven-by-ai-to-not-be-unique-episode-264/.

Yes, the episode is over an hour long, but if you want to hear a good discussion of the paper that goes beyond the headlines, I strongly recommend that you listen to it.

TL;DR

If you’re in a TL;DR frame of mind, I’ll just offer one tidbit: “uniqueness” and “similarity” are not identical. Frankly, they’re not even similar.

Will Ferrell and Chad Smith, or maybe vice versa. Fair use. From https://www.billboard.com/music/music-news/will-ferrell-chad-smith-red-hot-benefit-chili-peppers-6898348/, originally from NBC.

Intelligently Writing About Biometrics

Let’s say that your identity/biometric firm has decided that silence ISN’T golden, and that perhaps your firm needs to talk about its products and services.

Silence is not an optimal communication strategy. By Lorelei7, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=3164780

For example, let’s say that your firm fights crooks who try to fraudulently use synthetic identities, and you want to talk about your solution.

So you turn to your favorite generative AI tool to write something that will represent your company in front of everyone. What could go wrong?

Battling synthetic identities requires a multi-pronged approach. Layering advanced technology is key: robust identity verification using government-issued IDs and biometrics to confirm a person’s existence, data enrichment and validation from diverse sources to check for inconsistencies, and machine learning algorithms to identify suspicious patterns and red flags. Collaboration is crucial too, from financial institutions sharing watchlists to governments strengthening regulations and consumers practicing good cyber hygiene. Ultimately, vigilance and a layered defense are the best weapons against these ever-evolving digital phantoms.
From Google Bard.

Great. You’re done, and you saved a lot of money by NOT hiring an identity blog writing expert. The text makes a lot of important points, so I’m sure that your prospects will be inspired by it.

Bot-speak is not an optimal communication strategy either. Generated at craiyon.com.

Well…

…until your prospects ask what YOU do and how you are better than every other identity firm out there. If you’re the same as all the other “me too” solutions, then your prospects will just go with the lowest price provider.

So how do you go about intelligently writing about biometrics?

Intelligently writing about biometrics doesn’t only require some critical words such as “validation.”
Intelligently writing about biometrics doesn’t only require that you KNOW what those words mean, and that you’re conversant in basic biometric topics. (If you want to know five topics a biometric content marketing expert needs to understand, read my post on that subject.)
Intelligently writing about biometrics doesn’t only require that you know the key players in the identity/biometrics market. (I’ve previously listed over 40 such firms, and FindBiometrics and Acuity Market Intelligence have listed many more in their Biometric Digital Identity Prism report.)

No-siree.

Intelligently writing about biometrics requires that you put all of this information together AND effectively communicate your message…

…including why your identity/biometrics firm is great and why all the other identity/biometric firms are NOT great.

If you’re doing this on your own, be sure to ask yourself a lot of questions so that you get started on the right track.

If you’re asking Bredemarket to help you create your identity/biometric content by intelligently writing about biometrics, I’ll take care of the questions.

Drive content results with Bredemarket Identity Firm Services.

Oh, and one more thing: if you noted my use of the word “no siree” earlier in this post, it was taken from the Talking Heads song “The Big Country.” Here’s an independent video of that song, especially recommended for people outside of North America who may not realize that the United States and Canada are…well, big countries.

From https://www.youtube.com/watch?v=cvua6zPIi7c.

I’m tired of looking out the window of the airplane
I’m tired of traveling, I want to be somewhere
From https://genius.com/Talking-heads-the-big-country-lyrics.

Get the Balance Right

Have you ever created content that contradicts itself?

Let me take you back to 1978, when the Who released an album entitled “Who Are You”—whose title song is beloved by identity/biometrics professionals over 45 years later.

But there’s another song on the album that seems at first glance to speak to the times of 1978.

Bands of the last decade like the Who had apparently been eclipsed by bands like the Sex Pistols, a band that had already imploded.

In this environment, the Who recorded a song called “Music Must Change,” a song that seemed to speak to the changing of the guard.

Until you listened to the song’s obscure lyrics and orchestral backing, which makes as much sense as an entire double album about a musician spitting at his audience. (That album would come in 1979.)

Meet the new song…same as the old song.

From https://youtu.be/ROG9llPP9qE?si=nyeRi2bXIiOCjNUh.

SOMEONE is Using my 29 Years of Identity/Biometrics Experience

On behalf of a recruiter I am re-examining my consulting experience in the identity/biometric industry, and came to this realization:

If Bredemarket hasn’t consulted for you, it’s a guarantee that Bredemarket has applied its 29 years of identity/biometric experience consulting for your competitors.

Do you want your competitors to realize all the benefits?

I didn’t think so.

Why Your Identity Company Isn’t Saying Anything

Bredemarket spends a lot of its time on competitive analysis, either as part of client projects, or for my own personal edification. For example, right now I’m working on a client project and analyzing 20 of the client’s competitors in over 20 markets serving hundreds of customers.

But when I perform competitive analysis, I use entirely ethical and legal methods to obtain my competitive information. Nothing clandestine that will get me in trouble.

Painting of French spy captured during the Franco-Prussian War. By Alphonse-Marie-Adolphe de Neuville – [1], Public Domain, https://commons.wikimedia.org/w/index.php?curid=38398454

But sometimes the well of competitive information goes dry. Companies go silent and then come back, with no explanation of why its former communications were…um…incomplete.

From Jive Records. Fair use, https://en.wikipedia.org/w/index.php?curid=1956883

Of course, I don’t know why a particular company suddenly decides that prospect/customer communication isn’t critically important.

But this got me thinking. How often DO companies go silent?

And I had an excellent way to conduct a mini-survey and find out.

Are the 40+ blogging identity firms still blogging?

Back in September, I identified over 40 identity firms that w ere blogging, some more frequently than others. Blogging provides quantifiable benefits, and these companies were obviously taking advantage of those benefits.

Data source: Daily Infographic, https://www.dailyinfographic.com/state-of-blogging-industry

But that was back in September. How many of those companies were still actively blogging in mid-December? I wanted to find out, so I conducted a mini-survey of those identity blogs. Of the 40+ companies whose blogs and articles had identifiable posting dates:

21 had blogged at least once this month (December).
11 had last blogged in November.
3 had last blogged in October.
7 hadn’t blogged since the 3rd calendar quarter of 2023 (July – September).
4 hadn’t blogged since the 2nd calendar quarter (April – June).
1 hadn’t blogged since the 1st calendar quarter (January – March).
1 hadn’t blogged at all in 2023. Perhaps it forgot it had a blog, or a former employee never surrendered the password.

A little quiet, aren’t you? By Lorelei7, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=3164780

My mini-survey shows that of the 40+ identity firms with blogs, about one-third of them HAVEN’T SAID A SINGLE THING to their prospects and customers in the last two months.

Is your firm failing to engage in identity blog post writing, even though you have a blog?

But what about other communications?

To be fair, this is not a complete measure of corporate content marketing. While some of these companies hadn’t blogged on their own websites, they HAD communicated on Instagram (Mark Zuckerberg’s website), LinkedIn (Satya Nadella’s website), X (Elon Musk’s website), YouTube (Sundar Pichai’s website), and other websites controlled by other people. Great traffic for Zuck et al…not so great traffic for the companies.

More importantly, some of these companies communicate via email, which is a great way to find out what the company is doing…if the company has your email address.

If the company doesn’t have your email address, and if it isn’t blogging, then it’s going to be hard for prospects to find company information.

So why is your identity firm ignoring your customers?

Some identity companies with blogs and similar mechanisms are consciously making the choice to NOT communicate with their prospects and customers.

Why not?

There are many reasons. Here are five reasons that Full Funnel identified.

A couple of them have already been addressed by Bredemarket, such as “we don’t have the time.” (Bredemarket has the time.)
But I would like to dive into Full Funnel’s fourth reason: “we don’t have anything to say.” I encourage you to read Full Funnel’s response to that objection, because I agree with it. Your firm MUST have something to say if it wants to differentiate itself and remain viable. If you don’t have anything to say, prospects will go to your more talkative competitors.

When is your identity company going to start communicating with your prospects and customers?

If your identity company has fallen down on the blogging front, it’s best to restart the process as soon as possible. As I’ve said before, content marketing doesn’t yield immediate results. A particular piece of content may not result in a sale until six or twelve months later, or longer. Delaying the implementation simply delays the benefits I mentioned above.

So if your identity company is failing to reach your prospects and customers with content, why don’t you talk with Bredemarket now and develop a plan to reach them?

Yes, I know we’re right in the middle of the holidays, and some of you will put this off until next week, or probably the week after next.

For me, that’s just as well. That gives me more time to talk to your competitors and get their content process moving.

If you DON’T want your competitors to get in line ahead of you, click the image below and schedule a meeting. I’m available this week and most of next week.

Stand Out From the Identity Crowd

*Dionne Quintuplets – School Days*, painting by Andrew Loomis, 1938. By Andrew Loomis – https://www.flickr.com/photos/lac-bac/7797309642/in/album-72157631099965608/, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=56000992

A note to those of you in the identity/biometrics industry.

From Sandeep Kumar, A. Sony, Rahul Hooda, Yashpal Singh, in Journal of Advances and Scholarly Researches in Allied Education | Multidisciplinary Academic Research, “*Multimodal Biometric Authentication System for Automatic Certificate Generation*.”

Gartner has released a new report, “Emerging Tech: Security — How to Stay Relevant as an Identity Verification Vendor.” Because it’s better to be relevant than to be irrelevant.

Anthropological Alphonse Bertillon. By Jebulon – Own work, stitching of archives of Service Regional d’Identité Judiciaire, Préfecture de Police, Paris., CC0, https://commons.wikimedia.org/w/index.php?curid=37546591

When co-author Akif Khan promoted the report on LinkedIn, he made the following comment:

Identity verification (which Gartner defines as the ID-plus-selfie process) is arguably the topic that I get the most inquiry calls about, but I also cover >70 vendors in this space. My end-user clients struggle to differentiate between them, and as the market evolves, it will become tougher to stand out in the crowd.
From LinkedIn.

C. Maxine Most of Acuity Market Intelligence advocates a similar message about the need to stand out. She provides the following to her clients:

Innovate, differentiate, and outmaneuver the competition
From https://www.acuitymi.com/.

It is in the vendors’ interest to keep the identity market from becoming a commodity market. But how can vendors keep the market from becoming commoditized when (almost) everyone is sharing the exact same message?

Why are you in business? To provide trust.
What do you do? Trust stuff.
How do you do this? Trust us.

If all the identity companies are peddling the exact same thing, the cheapest vendor wins.

Which is why certain vendors strive to do things differently.

And I’m here to help.

I ask my clients questions before I start work so that we can craft the client’s unique message. Read Bredemarket’s e-book “Seven Questions Your Content Creator Should Ask You” for more details.

Are you ready to craft a message that looks just like everybody else? Well, I CAN’T help you with that.

Are you ready to craft your own message? Then let me tell you how Bredemarket CAN help you do this.

Identification Perfection is Impossible

(Part of the biometric product marketing expert series)

There are many different types of perfection.

Jehan Cauvin (we don’t spell his name like he spelled it). By Titian – Bridgeman Art Library: Object 80411, Public Domain, https://commons.wikimedia.org/w/index.php?curid=6016067

This post concentrates on IDENTIFICATION perfection, or the ability to enjoy zero errors when identifying individuals.

The risk of claiming identification perfection (or any perfection) is that a SINGLE counter-example disproves the claim.

If you assert that your biometric solution offers 100% accuracy, a SINGLE false positive or false negative shatters the assertion.
If you claim that your presentation attack detection solution exposes deepfakes (face, voice, or other), then a SINGLE deepfake that gets past your solution disproves your claim.
And as for the pre-2009 claim that latent fingerprint examiners never make a mistake in an identification…well, ask Brandon Mayfield about that one.

In fact, I go so far as to avoid using the phrase “no two fingerprints are alike.” Many years ago (before 2009) in an International Association for Identification meeting, I heard someone justify the claim by saying, “We haven’t found a counter-example yet.” That doesn’t mean that we’ll NEVER find one.

You’ve probably heard me tell the story before about how I misspelled the word “quality.”

In a process improvement document.

While employed by Motorola (pre-split).

At first glance, it appears that Motorola would be the last place to make a boneheaded mistake like that. After all, Motorola is known for its focus on quality.

But in actuality, Motorola was the perfect place to make such a mistake, since it was one of the champions of the “Six Sigma” philosophy (which targets a maximum of 3.4 defects per million opportunities). Motorola realized that manufacturing perfection is impossible, so manufacturers (and the people in Motorola’s weird Biometric Business Unit) should instead concentrate on reducing the error rate as much as possible.

So one misspelling could be tolerated, but I shudder to think what would have happened if I had misspelled “quality” a second time.

Announcing a WhatsApp Channel for Identity, Biometrics, ID Documents, and Geolocation

I’ve previously stated that Bredemarket is present on a bunch of social platforms.

Well, if you’re a subscriber to the Bredemarket mailing list, or to the Bredemarket Threads account, then you already know what I’m about to say. Bredemarket is now on one additional social platform…kinda sorta.

I’ll explain:

What WhatsApp channels are.
How this impacted me.
Most importantly, why this may, or may not, impact you.

(Long-time readers of the Bredemarket blog see what I did there. In reverse.)

What are WhatsApp channels?

Meta, the company that owns Facebook, Instagram, WhatsApp, Threads, and half the known universe, wants to keep people on those social platforms. They can check out any time they like, but they can never leave.

Scanned by Wikipedia user David Fell from the CD cover, Fair use, https://en.wikipedia.org/w/index.php?curid=14790284

So now WhatsApp, the service that was originally intended for PRIVATE communications between people that knew each other’s phone numbers, is now your latest source for Kardashians news. Seriously; there are millions of people who follow the Daily Mail’s “Kardashians News” channel.

No, this is NOT a Kardashian (yet), but this is something that @cultpopcult would post (with a misattribution) so I’m doing it myself. By Office of Congressman Greg Steube – https://twitter.com/RepGregSteube/status/1451579098606620673, Public Domain, https://commons.wikimedia.org/w/index.php?curid=112088903

Some people are kinda sorta breathless about this, if you take the IMM Institute’s LinkedIn article “WhatsApp Channels: Revolutionising Business Communication” as evidence.

WhatsApp, a widely used messaging platform, has recently introduced a revolutionary feature known as WhatsApp Channels. This innovation empowers businesses to thrive by effectively communicating with a broader audience, sharing vital information, and engaging with customers in a more personalised and efficient manner.
From LinkedIn.

Revolutionary? Frankly, this isn’t any more revolutionary than the similar broadcasting feature in Instagram, with one important difference: not everyone can create an Instagram channel, but anyone with WhatsApp channel access can set up their own channel.

Which got me thinking.

How I was impacted by WhatsApp Channels

I began mulling over whether I should create my own WhatsApp channel, but initially decided against it. Bredemarket has enough social media properties already, and the need to put Bredemarket stuff on WhatsApp is not pressing (the “100” WhatsApp group members get enough Bredemarket stuff already). The chances of someone ONLY being on WhatsApp and not on ANY other channel are slim.

I’d just follow the existing WhatsApp channels on identity, biometrics, and related topics.

But I couldn’t find any.

So I created my own channel last Friday entitled “Identity, Biometrics, ID Documents, and Geolocation.”

Why should you care?

Why should you care about my WhatsApp identity channel? Maybe you SHOULDN’T.

If you don’t use WhatsApp, ignore the WhatsApp channel.

If you use WhatsApp but have other sources for identity industry information (such as my Facebook group/LinkedIn page), ignore the WhatsApp channel.

But if you love WhatsApp AND identity, here is the follow link for “Identity, Biometrics, ID Documents, and Geolocation.”

https://whatsapp.com/channel/0029VaARoeEKbYMQE9OVDG3a

Geolocation Identifies People (Who Don’t Want To Be Identified)

A person in Upland, California posted this on the local NextDoor. While anecdotal and not statistical, in this case the geolocation capabilities of a device (in this case AirPods) identified someone in possession of a stolen vehicle.

https://nextdoor.com/p/ks5wW5n_csJB?utm_source=share&extras=NDk4MjIxOTI%3D

Login.gov and IAL2 #realsoonnow

Back in August 2023, the U.S. General Services Administration published a blog post that included the following statement:

Login.gov is on a path to providing an IAL2-compliant identity verification service to its customers in a responsible, equitable way. Building on the strong evidence-based identity verification that Login.gov already offers, Login.gov is on a path to providing IAL2-compliant identity verification that ensures both strong security and broad and equitable access.
From https://www.gsa.gov/blog/2023/08/18/reducing-fraud-and-increasing-access-drives-record-adoption-and-usage-of-logingov

It’s nice to know…NOW…that Login.gov is working to achieve IAL2.

This post explains what the August 2023 GSA post said, and what it didn’t say.

But first, I’ll define what Login.gov and “IAL2” are.

What is Login.gov?

Here is what Login.gov says about itself:

Login.gov is a secure sign in service used by the public to sign in to participating government agencies. Participating agencies will ask you to create a Login.gov account to securely access your information on their website or application.

You can use the same username and password to access any agency that partners with Login.gov. This streamlines your process and eliminates the need to remember multiple usernames and passwords.
From https://www.login.gov/what-is-login/

From https://www.gsa.gov/about-us/organization/federal-acquisition-service/technology-transformation-services

Obviously there are a number of private companies (over 80 last I counted) that provide secure access to information, but Login.gov is provided by the government itself—specifically by the General Services Administration’s Technology Transformation Services. Agencies at the federal, state, and local level can work with the GSA TTS’ “18F” organization to implement solutions such as Login.gov.

Why would agencies implement Login.gov? Because the agencies want to protect their constituents’ information. If fraudsters capture personally identifiable information (PII) of someone applying for government services, the breached government agency will face severe repurcussions. Login.gov is supposed to protect its partner agencies from these nightmares.

How does Login.gov do this?

Sometimes you might use two-factor authentication consisting of a password and a second factor such as an SMS code or the use of an authentication app.
In more critical cases, Login.gov requests a more reliable method of identification, such as a government-issued photo ID (driver’s license, passport, etc.).

What is IAL2?

At the risk of repeating myself, I’ll briefly go over what “Identity Assurance Level 2” (IAL2) is.

From https://pages.nist.gov/800-63-3/sp800-63a.html

The U.S. National Institute of Standards and Technology, in its publication NIST SP 800-63a, has defined “identity assurance levels” (IALs) that can be used when dealing with digital identities. It’s helpful to review how NIST has defined the IALs. (I’ll define the other acronyms as we go along.)

Assurance in a subscriber’s identity is described using one of three IALs:

IAL1: There is no requirement to link the applicant to a specific real-life identity. Any attributes provided in conjunction with the subject’s activities are self-asserted or should be treated as self-asserted (including attributes a [Credential Service Provider] CSP asserts to an [Relying Party] RP). Self-asserted attributes are neither validated nor verified.

IAL2: Evidence supports the real-world existence of the claimed identity and verifies that the applicant is appropriately associated with this real-world identity. IAL2 introduces the need for either remote or physically-present identity proofing. Attributes could be asserted by CSPs to RPs in support of pseudonymous identity with verified attributes. A CSP that supports IAL2 can support IAL1 transactions if the user consents.

IAL3: Physical presence is required for identity proofing. Identifying attributes must be verified by an authorized and trained CSP representative. As with IAL2, attributes could be asserted by CSPs to RPs in support of pseudonymous identity with verified attributes. A CSP that supports IAL3 can support IAL1 and IAL2 identity attributes if the user consents.
From https://pages.nist.gov/800-63-3/sp800-63a.html#sec2

So in its simplest terms, IAL2 requires evidence of a verified credential so that an online person can be linked to a real-life identity. If someone says they’re “John Bredehoft” and fills in an online application to receive government services, IAL2 compliance helps to ensure that the person filling out the online application truly IS John Bredehoft, and not Bernie Madoff.

As more and more of us conduct business—including government business—online, IAL2 compliance is essential to reduce fraud.

One more thing about IAL2 compliance. The mere possession of a valid government issued photo ID is NOT sufficient for IAL2 compliance. After all, Bernie Madoff may be using John Bredehoft’s driver’s license. To make sure that it’s John Bredehoft using John Bredehoft’s driver’s license, an additional check is needed.

This has been explained by ID.me, a private company that happens to compete with Login.gov to provide identity proofing services to government agencies.

Biometric comparison (e.g., selfie with liveness detection or fingerprint) of the strongest piece of evidence to the applicant
From https://network.id.me/article/what-is-nist-ial2-identity-verification/

So you basically take the information on a driver’s license and perform a facial recognition 1:1 comparison with the person possessing the driver’s license, ideally using liveness det e ction, to make sure that the presented person is not a fake.

From https://www.nist.gov/news-events/news/2023/09/whats-wrong-picture-nist-face-analysis-program-helps-find-answers

So what?

So the GSA was apparently claiming how secure Login.gov was. Guess who challenged the claim?

The GSA.

Now sometimes it’s ludicrous to think that the government can police itself, but in some cases government actually identifies government faults.

Of course, this works best when you can identify problems with some other government entity.

Which is why the General Services Administration has an Inspector General. And in March 2023, the GSA Inspector General released a report with the following title: “GSA Misled Customers on Login.gov’s Compliance with Digital Identity Standards.”

The title is pretty clear, but Fedscoop summarized the findings for those who missed the obvious:

As part of an investigation that has run since last April (2022), GSA’s Office of the Inspector General found that the agency was billing agencies for IAL2-compliant services, even though Login.gov did not meet Identity Assurance Level 2 (IAL2) standards.

GSA knowingly billed over $10 million for services provided through contracts with other federal agencies, even though Login.gov is not IAL2 compliant, according to the watchdog.
From https://fedscoop.com/gsa-login-gov-watchdog-report/

So now GSA is explicitly saying that Login.gov ISN’T IAL2-compliant.

Which helps its private sector competitors.