More data collection, and potential data sharing, but this time from the partnership between the IRS and identity data verification service ID.me.

January 24, 2022

By: Bobby Casey, Managing Director GWP

dataWe’ve talked about how the IRS is getting earmarked for quite a windfall. $80 billion over the next ten years to be exact, to be used toward enforcement. The annual spending on enforcement prior to this was $5.2 billion. It’s now at $13.2 billion per year spent on enforcement.

Important to note two critical facts about tax collection in the US:

  • The IRS brought in roughly 80% of what was owed… sometimes more… sometimes less. But that’s about where they landed the plane year over year. Which means about 20% never got collected.

  • The largest amount of money to be chased down is from the fraud perpetrated with the Earned Income Tax Credit (EITC). While there are many more people to chase down for smaller amounts, they are in the United States, more easily tracked, with little to no means to challenge the IRS… unlike their offshore counterparts.

How they will use the new allocations is anyone’s guess as it pertains to which brackets they’ll come for first.

However, the one thing we do know about the future of IRS spending is: Facial Recognition software is being rolled out, and the only way to access your account will be by using this mechanism.

The IRS has partnered with ID.me to provide identification verification services, as have 27 states so far. The states have been using it to prevent fraud by those applying for various social programs.

Some 27 states already use ID.me to screen for identity thieves applying for benefits in someone else’s name, and now the IRS is joining them. The service requires applicants to supply a great deal more information than typically requested for online verification schemes, such as scans of their driver’s license or other government-issued ID, copies of utility or insurance bills, and details about their mobile phone service.

When an applicant doesn’t have one or more of the above — or if something about their application triggers potential fraud flags — ID.me may require a recorded, live video chat with the person applying for benefits.

If your documents get accepted, ID.me will then prompt you to take a live selfie with your mobile device or webcam. That took several attempts. When my computer’s camera produced an acceptable result, ID.me said it was comparing the output to the images on my driver’s license scans.

Thus far, it’s proven to be a bit cumbersome, and time-consuming. One person from Krebson Security tried to sign up for this. There was a point where he had to call into ID.me and was told his expected wait time was over three hours!

Whether you want to call it a “cost” or a moral hazard, you would be correct. The greatest fear of asking the government to do something is that they will! And worse than that: HOW they will.

Let’s back up for a second and consider what is happening in a totally different sector: advertising.

Google announced it would be doing away with the 3rd party cookie by Fall of 2023. That is to say that piece of data that tracks and follows people around the internet will be done away with. To be fair, smaller browsers have long since gotten rid of their cookies.

Once Google joins the ranks of Safari and Duck-Duck-Go, advertisers will need to find another solution entirely for how to recapture some of what was lost in terms of their audience.

One such solution is the “universal ID”. It’s based on the consent of the user, but a collection of their data where services organize that data to confirm they all belong to the same individual.

For example, Jane Doe signs up for a news letter from a retailer to receive alerts in advance of their sales and new inventory. Now we know Jane Doe belongs to this email address.

Jane Doe then consents to text messages because by doing so she can save 15% on her purchase that day plus receive exclusive offers and coupons. Now we know Jane Doe and her email address are associated with this phone number.

Jane Doe now being a “preferred member” gets points when she spends money, and her preferred location is the one on Main St.

They can see what she buys, where she buys it, what her average transactional value is, and tie all of that to her phone number and email address. If she orders anything online, they’ve now connected her physical address to everything else, they know exactly who she is and how to market to her.

She’s okay with this because the marketing she receives is relevant to her, and she gets some value in return through savings and advanced notice.

When she goes online, she is part of a larger list that is “hashed” or encrypted, where the company then looks for others like her.

On the internet side of things and for private enterprises, the encryption of the personal identity is what makes it “privacy compliant”.

Now let’s take this capability, put it into the hands of government, and “unhash” the identities.

And let’s stop pretending that there isn’t considerable data sharing between government and Big Tech/Big Data, and of course data sharing between government bureaucracies.  There is a very high probability that the data the IRS collects through these means will later be shared with other entities such as the DHS, CBP, or FBI.

There is a fantastic interview with an Oxford professor, Carissa Veliz, where she points out the historic dangers of seemingly benign data collection.

During World War 2, Germany invaded both Holland and France. Holland had a statistician who was overseeing their census, and he was very interested in collecting all sorts of data about the population. France, on the other hand, decided in the late 1800s they would not collect much data at all on its citizens.

As a result, the Nazis were able to capture 75% of the Jews in Holland, but only 25% of the Jews in France: simply because there was no centralized tracking of the Jewish population in France.

People can make all sorts of excuses for data collection and submission for immediate purposes, but we shouldn’t be so short-sighted to think that data collection can’t get out of hand, and destroy the lives of innocent people.

World War 2 being a bit far off for some of you, perhaps a better more recent example is Hong Kong. Hong Kong is small and built its economy off the service and financial industry. It prided itself on its technological adaptations, until China turned its technology against them.

You can now find footage of people in Hong Kong pushing to use cash instead of card, shying away from cameras and even attempting to take them down.

No matter how benevolent or harmless the initial purpose is or was, when it comes to personal data, having it all centralized in one place makes everyone sitting ducks for bad or worse actors to come in and exploit it.

Click here to schedule a consultation on how you can protect your assets from overreaching governments, or here to become a member of our Insider program where you are eligible for free consultations, deep discounts on corporate and trust services, plus a wealth of information on internationalizing your business, wealth and life.