A technology arm of the federal government had lax security on about 1 million online accounts because it rejected using facial recognition technology over “equity” concerns, according to an inspector general’s (IG) report released on Tuesday.
The General Services Administration’s (GSA) failed to provide other federal agencies accurate information about the level of security and privacy protection via its Login.gov platform, a report from the GSA’s IG report (pdf) found. It stated that the GSA “misled customers” on Login.gov’s compliance with federal digital identity standards.
“Notwithstanding GSA officials’ assertions that Login.gov met SP 800-63-3 Identity Assurance Level 2 (IAL2) requirements, Login.gov has never included a physical or biometric comparison for its customer agencies. Further, GSA continued to mislead customer agencies even after GSA suspended efforts to meet SP 800-63-3,” according to the report. SP 800-63-3 refers to federal digital identity guidelines….}