Just three months after the Office of the Inspector General (OIG) at the General Services Administration (GSA) found that the Federal agency had been misleading users on the standards of its Login.gov identity proofing website, GSA Federal Acquisition Service (FAS) Commissioner Sonny Hashmi said this week that the tool’s adoption curve continues to increase despite the OIG’s findings earlier this year.
“I’m excited to share that Login’s adoption curve continues to increase,” Hashmi said during Carahsoft’s Government Customer Experience and Engagement Summit on June 1. “Purely because there’s a need out there. Agencies need to use, need to develop, and deliver goods and services – identity is a big part of that. And Login is the only kind of platform across government – state, local, Federal – that is known to work,” he said.
The March OIG report found that GSA knowingly billed customer agencies over $10 million for Login.gov services that purported to meet National Institute of Standards and Technology (NIST) digital identity guidelines but did not.
“FAS exercised inadequate oversight and management controls over Login.gov’s day-to-day operations, and thus bears responsibility for [Technology Transformation Services (TTS)] and Login.gov’s derelictions. FAS’s failure to establish management controls allowed TTS’s hands-off culture to continue unchecked and empowered Login.gov to mislead customer agencies,” the March 7 report states.
During the Carahsoft event, Hashmi explained that “the whole premise of Login has always been to create a government issued digital identity that is built and operated by an organization that doesn’t have a profit motive, to leverage that information, to use people’s data against them, to sell that data for profit, or to manipulate their privacy.”
He continued, “Now, as [with] any new capability, there’s going to be ups and downs, and we’ve had many successes with Login. We actually just surpassed about 70 million persistent Login transactions a month; we are tracking to well over a million verified identities at a high assurance level.”
“However, in the interest of continuing to kind of champion the program, certain teams took some shortcuts,” Hashmi explained.
“The first principle to everything we do – whether it’s Login or anything else at FAS – is to have trust first. And so, by some of these actions, we lost the trust of our customers,” the GSA official said.
Hashmi explained that his team has done a lot to rectify the situation – like beginning to implement the OIG’s recommendations – and that Login “as a program has never been more vital.”
Login.gov is a single sign-on solution for U.S. government websites, and it enables users to log in to services from numerous government agencies using the same username and password.
Hashmi said that the public can expect to see a lot more from his team at GSA this year regarding Login.gov.
“We’re going to be doing a lot more and sharing a lot more this year,” Hashmi said. “We’re working very closely with NIST on an update to the regulation that actually governs the standards, and that new regulation is going to allow for a lot more flexibility in how you test or validate identity.”
He concluded, “We’re excited about the progress with the program. Obviously, a lot has been learned over the last few months, and we want to make sure that internally we don’t repeat those mistakes.”