Ups and downs continue for GSA 18F’s identity management effort

The federal government’s fourth attempt to create a customer-friendly, usable identity management approach for citizen services is not failing as some have rumored. But Login.gov is teetering on the edge of viability as a large agency customer decided not to participate in its initial launch.

Multiple industry sources confirmed that the U.S. Citizenship and Immigration Service (USCIS) will not to take part in the pilot test that was expected to begin in 2017.

The decision by USCIS comes around the same time as the General Services Administration’s 18F organization started to get some momentum behind the program.

18F awarded Equifax an eight-month, $3.3 million contract with one four-month option to provide online identity proofing and fraud detection. A GSA spokesman confirmed GSA received five proposals and Equifax was found to be the best choice.

Advertisement

“GSA looks forward to continued collaboration with valued private sector partners in making online interactions with the U.S. government simple, efficient and intuitive,” the spokesman said.

Sources say GSA made the award in November.

GSA released the request for quotes in September, pulled it back because of a protest by eventual winner Equifax, and released again in October.

The GSA spokesman offered no further details on how 18F would implement the contract, or if any agency customers have signed on to the project yet.

But the decision by USCIS not to be a part of the initial pilot is a blow to a concept that has struggled over the last 15 years. Three other attempts to create a standard approach to identity management for citizen services either failed or never got far enough out of the starting gate to have an impact.

18F launched Log-in.gov in May, hoping to find the magic formula that has eluded others.

A government source, who requested anonymity, said the decision to for USCIS to drop out was a matter of risk versus reward. The official said the Login.gov has a lot of potential and is a service that the government would benefit from, but the time wasn’t right for USCIS.

The source said the main issue was USCIS would have to take on too much responsibility around security authorizations, cloud hosting and other support services while not having enough confidence that 18F would get the critical mass for Login.gov to make it a long-term viable option.

The source said USCIS is open to working with 18F in the future.

One possibility, sources say, is for 18F to take their Login.gov code open source. Users could benefit from the development efforts by implementing it on their own systems and ensuring interoperability across all the federal services that use it.

Sources also say 18F has an alternative plan now that USCIS is not participating in the initial pilot, including other agencies which may be interested in being Login.gov’s first customer.

Federal Chief Information Officer Tony Scott offered cautious support for the effort back in June. In a memo to CIOs, Scott detailed milestones and objectives for Login.gov, including working with the Veterans Affairs Department on the Vets.gov platform; the Social Security Administration on its MySSA portal; and the IRS on its new-and-improved Get Transcript service.

But at least two of three already have identity management services in place or in the works.

It’s unclear if Login.gov met those objectives detailed in the memo, including agency CIOs developing a plan by Oct. 31 to move applications into the new platform using multi-factor authentication and identity proofing based on OMB guidance.

This is the second award under the Login.gov initiative.

18F awarded Agileana a $1.2 million contract Sept. 9 to work with their office and other federal agencies “to build integration (using Security Assertion Markup Language (SAML) or other appropriate technology) between agency web properties and 18F identity management product.”

Agileana also will provide 18F with feedback based on agency requirements in order to improve the identity management product.

As an interesting aside to this story, the award to Equifax comes before the Consumer Financial Protection Bureau took action against the company and TransUnion, requiring them to pay a total of more than $17.6 million in restitution to consumers, and fines totaling $5.5 million to the CFPB.

CFPB said Jan. 3 that Equifax and TransUnion deceived customers about the usefulness and actual cost of credit scores, and lured consumers into costly recurring payments for credit-related products with false promises.

To be clear, this punishment by CFPB and the award under Login.gov may have little or nothing to do with each other. But it’s worth noting that the company GSA hired to provide identity proofing fraud detection, validation and logging and reporting just got in trouble for misleading customers.

All of this doesn’t bode well for a program that many in industry and government already are doubting it can succeed.

Return to the Reporter’s Notebook