Reproducing toomuchtodo’s excellent rebuttal [0] in the sibling thread where you posted the same thing:
Login.gov does not provide a sufficient level of identity assurance (IAL2 [1]) to serve as the IDP for this pilot and IRS functions in general (ID.me liveness check and facial recognition). IRS is working with Login.gov to upgrade Login.gov to deprecate ID.me for this purpose [2] [3].
Would it make sense to not proceed with this pilot until this was ready? Certainly not; Login.gov will catch up and meet IRS in the future as Direct File expands next filing season. Very similar to when Social Security Administration (ssa.gov) transitioned from ID.me and their internal IDP to Login.gov.
(Login.gov partners with USPS to perform in person identity proofing for those who cannot perform remote proofing via a mobile device)
Perfect is the enemy of good enough. The call to action is to ensure, through pressure, that the desired outcome is reached. Are we on track? It appears so.
IDK. I've seen too much bureaucracy where a bad solution (with properties the bureaucrat likes) is implemented with promises to improve later (into something the petitioner wants). But after the initial solution is implemented, all they gotta do is procrastinate - and the whole time they procrastinate, they get what they want. Why change it? All the bureaucrat has gotta deal with is a bit of complaining.
The far more common problem with bureaucracy is that nothing ever gets done because every incremental step is met with "but this isn't perfect so you shouldn't do it!" from one faction or another, which ensures that no step is ever made, if given credence.
The other problem with bureaucracy: "We must do something! This is something. Let's do it." Just because it's important to get something done, doesn't mean we should be satisfied with something that messes other stuff up.
Again, the far more common problem is the one I described. Lots of people say the problem you're describing is the bigger problem, but I've spent a lot of time in the adult world now, and I conclude that no, that is not the bigger problem, at least in the US.
I'm very pleased to see dissatisfaction of the form "this isn't good enough; here are ideas for incremental improvements to it", but have totally lost my patience with the far more common "this isn't good enough; we should do nothing instead".
Well, I agree it's the more overt problem. But having spent some time in the adult world myself, I find that the larger problem is partial solutions piled on partial solutions, burying users in piles of steaming bureaucracy that take time and effort to wade through. Like good software, it requires principles and discipline to construct correctly and avoid 'technical debt' - though a quick&dirty solution will certainly work in the short term.
I've noticed as well, it's quite common that when a well-constructed solution takes much more time (and may be harder to identify) than an quick fix, proponents of the quick fix will claim that the 'do it right' folks are actually saying we should do nothing.
We'll have to just agree to disagree :) We simply have different philosophies; you're a perfectionist whereas I'm an incrementalist. We both have life experiences and probably personality traits that lead us to our differing preferences.
In my view, "partial solutions piled on partial solutions" is just life as a human being, where the alternative to that is not perfect solutions with no piling required, but rather no solutions. And yes, it is just like software, where incrementalism is also the better approach, in my view.
> proponents of the quick fix will claim that the 'do it right' folks are actually saying we should do nothing.
We don't think you're actually saying we should do nothing, just that it's the common end result, despite your best intentions.
And in the sphere of politics in particular, I think well-meaning people who really do want better solutions are often used by more cynical people who really do want to do nothing, for their own ends. Like the tax software industry lobbyists, in this case. Or like how old school environmentalists often find themselves aligned with fossil fuel industry lobbyists when it comes to building renewable or nuclear power generation, or transmission lines.
I don't begrudge people their dislike of partial solutions, I just don't subscribe to the same strategy.
Granted, I think I used a somewhat different sense of the word "perfectionist" than the usual one, in an effort to contrast it with "incrementalist". I'm not sure what the better wording to contrast those things is; "incrementalist" vs. "full-solution-ist"?
> Literally the only thing you have to change is some text.
The corollary to this is that the text is difficult to change for precisely the same reason that people dislike it: it holds legal baggage. If it were "just" some text, you could ignore it. But it's text that is related to contracts and agreements that would need to be renegotiated and audited and more I'm not thinking of.
Yes, that is the process we are talking about. It didn't suddenly become this hard when I voiced my criticism: it was the same level of difficulty from the beginning, and will not get any easier by simply ignoring my criticisms.
Progress must include work: otherwise it is no longer progress.
Not sure whether this is a criticism of or agreement with the parent comment. This seems like both an accurate summary of that comment, and the right path forward.
Don't make perfect the enemy of good. The rent-seeking of tax preparation businesses is a bigger problem than these privacy issues. That doesn't mean those aren't also a problem. (And I'd be shocked if Intuit has a less problematic set of terms with respect to privacy...)
But what the IRS is doing here is the correct prioritization of problems to attack.
> The rent-seeking of tax preparation businesses is a bigger problem than these privacy issues.
> But what the IRS is doing here is the correct prioritization
I read this as: "saving money, and keeping it out of unscrupulous hands, is more important than preserving our privacy and freedom". I don't agree with that, and you shouldn't assume that others agree with your take.
It's worth comparing to the status quo here, which is...TurboTax, which is not a better steward of your personal info.
The government saying "we are being more scrupulous than TurboTax" from the start, with a clear plan to improve is really only net gains. And the normal objections about things being worse because government don't really apply, since the IRS ultimately needs and has this information anyway, the risk is just them sharing it.
The status quo for this level of filing is free fillable forms which AFAIK turbotax made under a restrictive contract that prevents them from involving data brokers and involving other private ventures.
There's no justification for the IRS needing higher security than free fillable forms or normal turbo tax to deliver a similar self prepared efiling, so they are repeating the same crime the next level down, choosing a private system to provide something that benefits the IRS and is of negative value to the tax payer themself.
Yes, you read it correctly. We have an honest disagreement on this. I'm not sure what makes you think I am assuming others agree with my take. I'm just describing and arguing for my view on it.
Indeed, I assume my take on that trade-off is the less popular one amongst the commenters, and perhaps also the readers, of this thread. But I do think it is the far more popular view among the population at large. And part of the reason I'm commenting here is to point that out.
Only reason I thought you were making that assumption was this line: "But what the IRS is doing here is the correct prioritization of problems to attack." It comes across as more than a personal opinion.
It's one of these frustrating things where I already feel like I add "in my view" and "in my opinion" and "I think" and "I feel like" to too many of my sentences, but then inevitably someone will read a statement of opinion as an attempt to state as fact something that is central to the dispute at hand. I've never been sure how to square this circle.
They literally have an alternative that they've already rolled out. And they've stated the reasons they can't use the more modern IDP yet. What's so hard to understand about a v1?
> Login.gov will catch up and meet IRS in the future
Do you have any evidence they're even working on this right now? Last news I heard was 2 years ago when they promised ID.me was a temporary solution for that tax season, but it sure looks like that was to make the public happy, and ID.me is here to stay.
Note: This isn't an argument against releasing the tax tool, I'm just commenting on the login.
> Login.gov does not provide a sufficient level of identity assurance (IAL2 [1]) to serve as the IDP for this pilot and IRS functions in general (ID.me liveness check and facial recognition).
IRS functions in general when conducted via paper or electronically via existing third parties also do not have to this level of identity assurance, so its kind of hard for me to believe that this is a hard minimum for the function. That justifies compromising privacy.
That's your prerogative, but you're doing a disservice to anyone less technical to yourself who you advise to do the same. This pilot is, in its current form, better than what the vast majority of people use to file their taxes. If you're already super-privacy-sensitive in your choice of tax-filing software, then great, you do you, but I'd wager that upwards of 99% of taxpayers don't know or care about this and definitely aren't choosing their tax-filing solution based on it. Maybe some of those people are getting better privacy than this, incidentally, but if so, it's not because they are seeking that out.
I'm not advising anyone else about how they deal with their taxes, so I'm doing nobody a disservice.
If not wanting to have my data exposed to yet another data broker makes me "super-privacy-sensitive", then so be it. As currently implemented, this program is simply a nonstarter for me because of the use of id.me.
I am immensely disappointed because I really want to be able to file my taxes in the way this program is aimed. Well, what I actually want is for the IRS to compute my taxes for me and send me a bill, but this would be better than nothing.
It does indeed make you "super-privacy-sensitive". It's hard to see that from within our bubble here, but this is absolutely the case. I'm also "super-privacy-sensitive", though less than you and others here, merely by virtue of being aware of this kind of issue at all, and strongly agreeing with the general sense here that people should care about this. But people broadly just ... don't ... care about this, regardless of what we think.
I'm also disappointed that I can't use this this year, because I'm not in one of the pilot states. But that's what makes it a pilot program! It's explicitly not intended to be used by everyone at this stage.
If this were to become required for everyone, and still leaked tons of data to a third-party at that point, then I would be right there with all of you that it's unacceptable. But we're far from that point.
What "bullshit"? Giving you a better and more privacy-preserving system than is currently available via any other means? I truly can't understand the level of entitlement and off-kilter worldview that leads to a statement like this!
I will never participate in facial recognition to file my taxes. Never. I'd rather go to jail.
I've filed online in a foreign country and it was a breeze. California as well... breezy enough. Neither required privacy invasion by a malicious third-party.
It's time to ask yourself, what exactly are you rooting for here? Your creepy insults come off as very self-serving.
To answer your last question: I'm rooting for launching a pilot of a public system that is better than the for-profit alternatives used by the large majority of people. What I want long term is for filing taxes to no longer be a difficult and error-prone process that everyone dreads doing each year. In order to achieve that, I believe it is necessary for it to stop being such a cash cow, with its profits used on tons of advertising to make people believe it's normal that it's so hard to do this and lobbying to maintain (or worsen) that status quo.
I'd ask you to consider how the companies with the dominant products in this space afford the "file for free" products that most people use. Perhaps it is altruism? Or maybe it's the normal way that companies offer free products that collect a lot of personal information, by profiting off that data.
I'm incredibly sympathetic to people here who don't want to personally use this until it is no longer using ID.me (I may well make the same choice if this were available at all in my state this year), but I'm incredibly unsympathetic to criticizing this pilot program for not waiting until this problem (which the vast majority of people don't care about) to be solved.
Preaching to the choir here, in your first two paragraphs.
It is available in my state but does not handle some detail (this year) I need. But still I won't touch it with a ten foot pole with F.R. etc, and not going to be chastised for saying so.
It's not like complaining here on HN is going to influence even one percent of the non-technical public anyway. And I learn things from others griping. :-D
TurboTax is not a "preparer", the preparer is the taxpayer themself.
For paid, professional preparers (who don't use TurboTax, but rather commercially available software designed for practitioners who prepare dozens or hundreds of returns), the security requirements are higher, even if not quite IAL2. The IRS has worked for a number of years now on a "Security Summit" in concert with all the pro software vendors to tighten up their security, resulting in drastically less filing fraud than in previous years. By "filing fraud" I mean filing returns using a false identity, not simply reporting wrong income or deductions.
Did you write this exactly backwards? Especially for a voluntary pilot, it makes sense to not wait to launch it until it is better than every other option in every way. That's a pretty big part of the whole "pilot" idea... that something is launched smaller and faster and then incrementally improved and expanded. It's a very good idea to do things in this way!
Of the 3 countries I have experience with, neither Norway, Sweden or Germany require a "liveness check" or facial recognition for delivering taxes online.
And I think it was possible to do it without that in US too?
I think it would have been better to work to remove those restrictions. Especially since there are a sizable portion of the population in the US who are very concerned about governmental control.
Add Finland to list. Did my taxes yesterday with essentially 2FA id provided by my bank. I could swear I had already filled all the info and they lost it, but mine are so simple not much time was lost.
> Login.gov will catch up and meet IRS in the future as Direct File expands next filing season
Are you confident login.gov will be caught up and avaialable by next filing season and if so based on what?
Your cite at [3] above (thanks!), is dated Feb 2022, and doesn't have a timeline, but also sort of implies that login.gov should be ready by the "next" tax season (Feb 2023), when it says "While Login.gov is not expected to be ready in time for use by taxpayers during the current tax season…"
So this is now the third tax season since then that login.gov is still not available. What leads you think it'll be available next filing season?
(Note: I am not saying it may not make sense to move ahead with the pilot in parallel anyway, instead of blocking on waiting for auth solution work. Certainly in a normal industry software engineering scenario, parallel development is often better than blocking. I don't really have an opinion here. I do wonder what the budget allocation to login.gov looks like and if it's really being considered a necessary component of this product or not…).
Login.gov does not provide a sufficient level of identity assurance (IAL2 [1]) to serve as the IDP for this pilot and IRS functions in general (ID.me liveness check and facial recognition). IRS is working with Login.gov to upgrade Login.gov to deprecate ID.me for this purpose [2] [3].
Would it make sense to not proceed with this pilot until this was ready? Certainly not; Login.gov will catch up and meet IRS in the future as Direct File expands next filing season. Very similar to when Social Security Administration (ssa.gov) transitioned from ID.me and their internal IDP to Login.gov.
(Login.gov partners with USPS to perform in person identity proofing for those who cannot perform remote proofing via a mobile device)
[0] https://news.ycombinator.com/item?id=39691325
[1] https://pages.nist.gov/800-63-3-Implementation-Resources/63A...
[2] https://news.ycombinator.com/item?id=30430851
[3] https://fedscoop.com/irs-to-adopt-login-gov-as-user-authenti...