California’s EDD – Same As It Ever Was

This article has been updated to explain a correction.

“In response to pandemic problems, EDD unveils massive reform initiative.”

A headline that anyone has seen?  Nope.

A headline that should have been seen?  Yup.

A headline Governor Newsom and the legislature even remotely tried to trigger by actually doing something?  Not a chance.

As President Biden has declared the pandemic over, questions now arise – is the EDD (the state’s apparently unironically named Employment Development Department) ready for another one and how much did the agency lose to unemployment benefit fraud in the last one?

As for the amount lost, that number is still a moving target.  EDD claims the number is about $20 billion, or about 11 percent of the total of the about $180 billion paid out.  Other estimates by security industry experts, however, put that fraud percentage rate number as possibly high 40 percent, adding that the amount is at least $32.6 billion, closer in line with the national fraud estimate of about 17 percent.

(Note – the word “about” will appear often in this item; for example, the EDD pay-out number includes everything paid through July of this year even though by then the unemployment numbers started to approach pre-pandemic levels.  In other words, while the EDD states that $185 billion has been paid out in unemployment benefits, about $177 billion of that could be described as “very very pandemic” related.

Also, the federal Department of Labor stated it paid California $133.4 billion for benefits and another $778 to the state in administration fees; the EDD did not reply to a question attempting to confirm the remain $44 billion was only “state” money. )

In early 2021, the EDD stated it had paid out about $114 billion and claimed that “95 percent of the fraud” was associated with the federal funds (PUA – pandemic unemployment assistance – and PUC – pandemic unemployment compensation and other smaller programs) and only 5 percent involved state funds, adding that the federal dollars were “particularly susceptible to fraud.”

This, however, is a distinction without a difference as ALL funds – state and federal – flowed through the EDD system; in other words, the feds cut the checks and the individual states spent – and entirely controlled – the distribution of funds, which means it does not matter where it came from as they were indistinguishable from one another.

Though it has only gone up each time it announces a new fraud number, the EDD remains steadfast in its current $20 billion estimate.  The CEO of LexisNexis Government Risk Solutions, is extremely skeptical.

“Before the pandemic the EDD had a fraud rate of 15 percent (a number the agency claims was actually 6 percent), so that rate is not going to be lower during the pandemic,” said Haywood Talcove of LexisNexis, adding that his $32.6 billion is “on the conservative side” and he would not be surprised to see that number double.

However, Talcove is worried that a focus on how big the exact number is could divert focus from the underlying issue that unemployment and other government systems remain vulnerable to continued attacks.  “While important, the bureaucratic back and forth about the number still leaves the same problem in place,” Talcove said. “It doesn’t matter to the boat what the size of the iceberg is – it’s still sinks.”

He also noted that this problem goes beyond the fact that the money was stolen to who stole it.  While there was a vast amount of “garden variety” fraud, the amounts taken by overseas bad actors dwarfs that number and that means that – as in the case of the Sacramento man who used EDD money to buy guns – the proceeds are now lining the pockets of international terrorists, drug smugglers and human traffickers.

Adding in other government pandemic-related relief programs like Payroll Protection loans – which has all totaled so far in the $5 trillion range – and Talcove believes the final total nationwide fraud number could hit $1 trillion dollars, dollars that largely went to overseas criminals (note – $1 trillion dollars is about $3,300 per United States resident.)

“Where – and for what purpose – do you think this money ended up?” Talcove asked.

The recent news from the federal Department of Labor’s Inspector General that at least $45 billion was stolen nationwide also adds a level of confusion to the equation, as that number is only verified theft obtained/stolen in a limited number of ways – using either the Social Security numbers of prisoners and dead people, claims made by the same person in multiple states, and benefits paid out to accounts associated with “suspicious” email accounts (not sure if imcommittingunemploymentfraud@gmail.com was used, but you get the idea that these were accounts that, for the most part, even a cursory glance would show as fake.)

What that number does not appear to take into account is the massive, organized – local and international – fraud rings that plundered every unemployment agency in the country using identities made from whole cloth.  Cybersecurity expert (and former cybercriminal) Brett Johnson said you can still find identities on the “dark web” that are good enough to scam government benefits for about $3.70 each (there is a bulk discount) and a fully functional nearly unimpeachable identity – driver’s license, etc. (everything except a passport) can be had for about $130.

If anything, the national $45 billion is just the tip of the iceberg, especially if California alone could account for that entire figure.

Realizing there was a problem, the EDD in September, 2020, stopped automatically backdating every unemployment claim to April, 4.  Until then, the federal and state money was placed in its entirety on a chipless debit card (and/or transferred into a special account that could then be transferred again to another account) and mailed out, with those cards each carrying about 24 weeks of payments which would be at least about $12,000 in instantly available – anywhere there was an ATM machine –  cash (hence the reports of single addresses getting hundreds of cards, the spike in mail theft, etc.)

The EDD also brought in ID.me to begin verifying – for the first time ever – the identities of claimants.  The agency stated that these measures prevented $125 billion in fraud, noting this past week that “(R)ecently ID.me and the IRS entered a contract and we are looking at that as a guide for what we’d do to allow individuals to upload and delete their selfie or have a live person.”

It appears that the EDD was unaware that the IRS/ID.me was cancelled in February of this year after ferocious Congressional opposition based on privacy concerns, opposition which now includes a House Oversight Committee investigation into ID.me. (Correction/update below)

There is also the issue of the number of discrete payments.  The EDD said it processed 27.8 million claims between March of 2020 and today.  Through early 2021, it had processed about 19 million claims, about five time the number of claims made during the “great recession” of 2010.  As those figures include both completely new and “stop and start” claims – and the EDD could not tease out the percentages – it remains unclear how many discrete individuals filed a claim.  

However, as the state as a total workforce of about 19 million people and that official unemployment maxed out at about 17 percent at the height of the pandemic, it is clear that every person – and then some – in the state who is usually in the job market or employed filed a claim.

As that did not happen, it should have obvious by May of 2020 that many, many more “Californians” than could actually be possible were receiving benefits.

Which brings us to the second question – is the state ready for another one?

The legislature passed – and Governor Gavin Newsom signed – a number of bills regarding certain EDD reforms – prisoner Social Security cross checks will now occur, personal identifying information such as a Social Security number will not be mailed out (nearly at random) anymore, direct deposit of benefits into an existing bank account is now allowed, certain reporting timeline strictures were put in place, an internal EDD fraud unit was created, and language translation services were (in part with the help of a federal grant) were improved.

However, what did not get out of the legislature were two crucial bills, one that would have created a citizen advisory/oversight board and one that would have created a dedicated EDD “integrity enforcement” unit in the state Department of Justice.

Also waiting to be directly addressed are the antiquated nature of the tech systems, the implementation of a proper customer service policy (experts have noted the EDD sees itself first as a tax collection agency and not a benefit disbursement operation), gross public communications mishaps – and any number of other issues facing the agency.

The EDD did not directly respond to the following questions:

“Putting aside the appointed executive directors, has anyone at the EDD lost their job or been reprimanded, punished, suspended, etc. for the fraud problems?” and

“What changes has the EDD made to internal control systems in the wake of the pandemic?”

While the answers to the questions are likely “no one” and “nothing,” that cannot be stated as categorically true, even though preserving the status quo is one of – if not the main – objective of Sacramento.

The EDD did however point out the agency’s fraud prevention web page.

The financial issues go beyond the money lost to fraud as the state must still pay back the $20 billion it had to borrow from the federal government over and above the funds simply given to the state.  Using the EDD estimate, this number is equal to the amount lost to fraud – therefore the debt would not exist if there was no fraud and/or be significantly lower if the agency had addressed the problem earlier (even the EDD’s old computers could have handled a $20 million “bolt-on” identity verification system that would have prevented the vast majority of the fraud from the beginning.)

Adding incompetence to injury, the Legislature and governor – despite a record $97.5 billion surplus, decided to use only $1 billion of that to pay back the feds – the rest (which stand at about $17.4 billion as of this date) will be covered by increasing unemployment taxes on every business in the state until it is paid back (yes, you read that right – California businesses will have to directly pay for the EDD’s fraud losses.)  Currently, the per employee payroll tax is just under $300 per year; that figure will rise, in $21 dollar annual increments, to about $500 per year until the debt is repaid, possibly in 2031.

While the EDD mess did figure in the Newsom recall campaign, the issue seems to have been memory-holed by much of the state – and all, as Gavin prepares for a presidential run, of the national – media.  Whether or not November’s election will jog any memories – or unlock any reform actions – is as yet unclear.

However, California’s – and the nation’s – overall fraud issue could come roaring back to life come January.

“Gavin is the leader of a state that saw more fraud than any other in the country,” Talcove observed.  “If the House flips (to Republican control) in November, look out – the Oversight committee will be going full force in January.”

****

Correction:

The article above states that the IRS “cancelled” its contract with ID.me in February, 2022.  This relationship between the IRS and ID.me was not ended in its entirety and only modified to allow IRS customers to use ID.me without having to electronically submit biometric data, such as “selfies,” if they choose not to.  If someone wishes to use ID.me to create an IRS account they can do so through a live personal video chat with an ID.me employee in which they physically show proof of identity by holding up their license, passport, Social Security card, etc. to the camera to allow the employee to determine a legitimate identity; i.e. does the picture match the person holding up the picture, etc.

It should be noted that this “in-person” form of verification has been available in California (and other states) through ID.me since its inception, though it was used mostly as a “back-up” to the purely electronic gathering of biometric identity data.  

Many Californians opted for the “in-person” route during the pandemic, which still leaves the EDD’s statement last week that “(R)ecently ID.me and the IRS entered a contract and we are looking at that as a guide for what we’d do to allow individuals to upload and delete their selfie or have a live person” as a bit of a head scratcher.

The IRS will also soon be allowing the use of Login.gov – a service provided by the federal General Services Administration – to create an account.

This correction does not change the fact that the House Oversight Committee is conducting an investigation into ID.me, nor the fact that ID.me has faced challenges in the past with its “in-person” system – https://www.washingtonpost.com/technology/2022/02/11/idme-facial-recognition-fraud-scams-irs/ – nor the fact that the ID.me web address is not U.S. based (like a .com) but is located in Montenegro – https://domain.me/about-me/#me-as-a-country-montenegro – nor, finally, the ethical considerations of a government agency using private third-party companies to verify identities for benefit and/or access purposes – https://californiaglobe.com/articles/monetizing-data-the-edd-id-me-and-the-unemployed-of-california/ .