Last week, the General Services Administration (GSA) announced that Login.gov is available for use by local and state governments. This is the biggest govtech news in the last five years.
Login.gov is a GSA solution to help solve the difficult problem of verifying that a person is who they say they are to receive a government benefit, as well as a solution for logging into government websites. It was created through the combined efforts of the United States Digital Service (USDS) and 18F — the two most prominent digital service teams in all of government — and is in use by many federal agencies. Today, it provides access to government services for over 27 million people.
Moreover, as I’ve written in the past, it is my hope that the Office of Management and Budget (OMB) will mandate the use of Login for all federal agencies. This is already mandated by law, but OMB is not enforcing the requirement. The most expensive part of the tool is the identity verification step. However, once an identity has been proven, it does not need to be re-proven if the customer wants to use any other service that is using Login.
This means that as more organizations sign up for Login, the cost to each decreases. By allowing federal agencies to maintain their own independent login systems, the costs remain high. Moreover, this presents customers with an inferior experience, as they must sign up for a new account for each website or application.
It’s also important to note that most identity verification behind the scenes is using data sources that the government controls and gives to private companies, who then sell the government back its own data in the verification process at a very high premium. Eventually, it would be smarter to allow agencies to exchange the necessary information themselves, cutting out the middle person, which would decrease the cost to almost nothing. (Congress, of course, could speed this along too with the right legislation.)
The Login team has also been working on a pilot to allow customers to prove their identity in person at a government facility, which has shown to improve the success rates of the verification process. The Veterans Affairs Department (VA) uses such a process to help veterans walk through the process of setting up their online accounts right in the lobby of VA health clinics.
The U.S. Postal Service also performed a similar pilot several years ago, where anyone could stop by a post office and have them review their documents, or even let their postal carrier perform the review when they drop off the day’s mail, allowing them to reach almost every single person in the country.
Detractors still complain about the cost of Login.gov and consider that a reason to not require it — even though the cost would be reduced if it was mandated. Even so, if the federal government agrees that this is the tool that agencies should be using, then it should be treated as a public good, like a library or park. To that end, Congress could pass appropriations dedicated to funding this critical program, for instance, as part of President Biden’s proposal for Technology Transformation Services funding.
However, I would caution agencies from implementing identity requirements beyond what is absolutely necessary! The Digital Identity Guidelines from the National Institute of Standards and Technology (NIST) are the baseline that most federal agencies use. In my personal opinion, they set too high a bar.
The government must provide critical services to at-risk and economically disadvantaged groups. By setting requirements that individuals in these groups cannot meet, agencies are not serving people equitably. For instance, the VA serves veterans that may be experiencing homelessness, may not have a credit card, may be partially or fully blind, may have trouble remembering or recalling information, may not have fingerprints, and so on. Because the standard methods of identity verification and authentication may present an impossible barrier for the very people the VA serves, it is in the best interest of these people to not implement NIST’s high standards as written.
There are, however, still a few restrictions for city and state use of Login.gov. To be eligible, the government agencies must be using Login for a “federally funded program.” I am hopeful that this restriction will be removed in the future and this incredible service will be open to all who want it.
If you’re a city or state government interested in a world-class identity solution, I’d recommend reaching out to GSA about Login.gov! Even if you don’t meet this requirement, it’s definitely worthwhile to getting in touch with GSA anyway. As we’ve learned, policies change every day.
Bill Hunt is a technology-policy enthusiast who currently works for the U.S. government. Previously, he spent 20 years building award-winning software and teams in the private sector. His article was originally posted on billhunt.dev.