Categories
ESD

Washington ESD Struggles with Data

During the news conference 2020-06-11 with Suzi LeVine, Commissioner of the Washington State Employment Security Department, Linzi Sheldon of KIRO TV asked a couple questions. LeVine’s answers reveal more than what she actually said.

Sheldon asked why many ESD applicants were being asked to upload the same documents, especially identification documents, more than once. Here’s LeVine’s answer. Comments immediately after.

“We are working on a problem right now with our vendor with the system regarding how we clear, and then, sustain, that clearing process. Our system was not designed for doing bulk clearing and bulk issue setting. and so, we are working through that, so that those individuals who have been cleared do not need to resubmit information and we are working towards resolving this quickly with our vendor to make sure that problem does not persist. We are aware of it and we are working on it.” . . . “however, there are some people where some of their information has changed and where we do actually need that information again.”

The vendor is Fast Enterprises from Colorado. Fast Enterprises sold ESD a complex software platform to manage unemployment applications and claims. The software is called FASTUI, which was implemented at the beginning of 2017.

“We are working on a problem right now with our vendor with the system regarding how we clear, and then, sustain, that clearing process.”

The first notable part of that statement is working with the vendor. This is an admission that ESD does not have total control over the software and the effects of configuration changes.

Once an applicant is cleared for payment, the system sometimes unclears the applicant — probably as a result of other configuration changes. This means ESD must attend to an application at least twice, thereby reducing efficiency.

“Our system was not designed for doing bulk clearing and bulk issue setting. And so we are working through that, so that those individuals who have been cleared do not need to resubmit information and we are working towards resolving this quickly with our vendor to make sure that problem does not persist.”

This is an admission the software has limitations. It is an admission ESD needs help from the software producer. Most likely the software was designed for single-applicant attention. Attempts to clear hundreds or thousands of applicants for payments is apparently not working, because other software actions are altering desired settings.

“however, there are some people where some of their information has changed and where we do actually need that information again.”

LeVine’s words are a polite way of saying this: The system is deleting and losing documents applicants have uploaded. To an ESD worker, an upload may have disappeared without even the worker being aware of the upload. So, once an ESD worker gets into an application, it may be possible the worker simply sees the need for ID documents and issues an alert for the applicant to upload — again.

Sheldon also asked if ESD would prioritize applicants, so those waiting the longest would get attention first. “Can you tell us what the ESD is doing to clear up those people who have been waiting the longest?”

Here’s most of LeVine’s answer:

“So we are working very hard to clear those people who are there longest. As someone who has dug in deeply on some of those numbers, it’s a combination in terms of how people are still waiting that amount of time. In some cases it’s that those individuals have not responded when we called. In some cases it’s that there are additional areas that need to be worked. But, most of those folks who have been waiting the longest have been contacted and those issues are being worked. So, the team is prioritizing those. In addition to that, what we are working to distinguish are those people who have been waiting longest, actually those people in adjudication who overall, and I’ve mentioned this in my remarks, who, some of whom are actually already receiving payments. It’s just that they are receiving conditional payments versus some people who are not receiving payments at all. So we are working to identify those who have not been receiving payments at all, and will be prioritizing them, again, from oldest to newest. So, that’s what we are working on in terms of, again, continuing to dig down into the data so that we can be more targeted to address and relieve the needs of more Washingtonians.”

LeVine did not really answer Sheldon’s question. Sheldon asked what ESD is doing to focus on those waiting the longest. LeVine described various aspects that might cause those to be waiting the longest. Only at the end did LeVine suggest some action: “continuing to dig down into the data . . . .” No group in ESD focused on those waiting the longest?

Let’s focus on this statement:

“…working to identify whose who have not been receiving payments at all.”

LeVine makes the task of identifying those waiting the longest as some sort of complex mystery hunt. A decent database programmer could write a few queries in a day (or less) to generate various reports. LeVine is turning a simple matter into some complex, convoluted, process.

Apparently, LeVine can’t simply say something like “We have developed database queries that identify those waiting the longest.” Why not? It comes down to a few factors:
— the data is locked up in a proprietary format that requires specialized, custom programming from the vendor. (Remember the vendor comments?)
— the software is not capable of the necessary queries
— ESD does not have anyone on staff capable of programming the queries — specialized or not

Really, identifying those waiting the longest should not be a big ordeal. But the fact that LeVine is still talking about “working to identify” means ESD has yet to come up with a solution to do so. The root of the problem is probably in data format, software, and knowledgeable personnel. Apparently ESD does not have the right combination of those three.

Another factor might be that with all the changes ESD is trying to do, the database has become, quite simply, a mess, such that ESD cannot depend on queries to provide good answers.

Categories
ESD

Creating ID file for WA ESD

Suggestions for Creating ID file to upload to WA ESD.

How you create a file depends largely on the equipment you have access to.

Here are two methods.

Regardless of the method used, create a file that includes the following:

  • Name and claim # at the top. This clearly ties your ID to a specific ESD claim. No confusion for ESD workers. Also, if the file gets disassociated with the claim, the ID at the top of the file shows which claim the file belongs to. (LeVine has indirectly admitted in news conference 2020-06-11 that some ID uploads have been lost. In answering Linzi Sheldon’s question about applicants being asked to upload ID over and over again, LeVine said: “There are some people where some of their information has changed and where we do actually need that information again. So, we are rapidly working to resolve this and will have more information and instructions for them, hopefully by later today that we release.” Where the ID information changes? Not likely. Working to resolve this probably means a software defect that is losing uploaded documents.)
  • Write date the file created and date submitted below name and claim # (this helps you know when you did both)
  • Then show the IDs, one on top of the other.

Here are two ways to create the file described above.

Using only phone

  • Get a piece of paper and clearly print your name and claim # on it.
  • Lay out on a table with ID stacked below.
  • Take a picture of it all, getting as close as possible for best clarity
  • This produces a single image file for upload.

Scanner and word processing program

  • Scan each image. If two fit into one scan, fine.
  • Open Word or OpenOffice Write
  • At top, type name and claim #, date created, date submitted
  • Insert images into the document, allowing for largest image possible
  • Save entire file as a PDF, which can be uploaded.

Categories
ESD

Washington ESD slipping on security again

If you think ESD is implementing best practices with security, think again after reading the analysis below. In fact, ESD is guilty of the very activity it is trying to guard and warn against.

Many individuals who have reported that they have been victims of imposter fraud through the WA State Employment Security Department are receiving email notices like the following, actual, email (click on image to enlarge):

Let’s examine ESD’s advice from the above image. ESD says:

“The email address we use will end with @esd.wa.gov or WashingtonESD@public.govdelivery.com. If you get any unemployment related correspondence from any other address, do not open or reply to it.”

The advice regarding “from any other address” certainly makes sense.

But, what if a phishing email shows up with “@esd.wa.gov” or “WashingtonESD@public.govdelivery.com” in the visible FROM field of the email? Fraudsters do this all the time, trying to trick recipients into thinking the email came from a legitimate source. Using someone else’s email address in the FROM field is called email address spoofing and there are articles all over the Internet about this. For example, Wikipedia has an article on email spoofing. Among the statements from that article:

MAIL FROM: – generally presented to the recipient as the Return-path: header but not normally visible to the end user, and by default no checks are done that the sending system is authorized to send on behalf of that address.

From: Joe Q Doe <joeqdoe@example.com> – the address visible to the recipient; but again, by default no checks are done that the sending system is authorized to send on behalf of that address.

WA State even has a law that recognizes and bans spoofing: RCW 9A.90.070 Spoofing. Is this law going to stop fraudsters? Hasn’t yet.

So, let’s say you get an email from an address ending with “@esd.wa.gov” or “WashingtonESD@public.govdelivery.com”. It invites you to visit an official-looking web site where you enter your phone number and perhaps other identifying info.

At this point, you’ve been had.

Then you get a call from someone at the fraudulent website saying they are a member of “OSI from the Employment Security Department”.

There is no way to validate that the caller is really from OSI. ESD creates the same problem with its wording discussed below.

At this point, you’ve been had again!

The only secure way to communicate with ESD’s OSI is to call the number ESD posts on the website.

An email sent out June 8, 2020 has some interesting wording.

“ESD will ask you for information through official correspondence and your ESD eServices account. If we call you, you can ask the agents to identify themselves.”

“If we call you”? ESD wants us to answer a call from someone who claims to be an ESD employee? But banks, the IRS, Social Security, tell us all the time they will not call us and ask for personal information.

ESD is not following best security practices.

Here’s how a call might go:

“Hello”.

“Hi. My name is John Smith. I’m calling from the Washington State Employment Security Department.”

“Great. Been waiting to hear from you folks.”

“Before we can move forward in resolving your application, I will need some additional information from you, including your Social Security number.”

“OK. But before we do that, I need for you to identify yourself.”

“Sure, no problem. My name is John Smith. I work for the Washington State Employment Security Department. My ID# is 19395954.”

“Oh, ok. So you need my Social Security number?”

“Yes, let’s start with that.”

“My Social Security number is 555-555-1111.”

See the problem with this? There is NO WAY for the recipient of the phone call to validate that the person calling really works for ESD.

In essence, ESD is helping applicants lower their guard against calls from fraudsters.

These two examples from ESD come after ESD was foolishly inviting people to send copies of their Social Security card and ID via email.

Categories
ESD

Editorial: LeVine’s crime report gives little hope to legitimate ESD applicants

Washington Employment Security Department Commissioner Suzi LeVine’s prepared remarks Thursday morning, 2020-06-04, were more of a crime report than a help report. Of the approximately 12 minutes of her prepared remarks, with six slides, only 1 minute — maybe 2 — was focused on how applicants with legitimate claims are going to be helped. And even those remarks were empty rhetoric, such as these three snippets (approximate time from the start of the video linked above):

7:33 “Through out this crisis that has meant being as honest and transparent as we can at all times in order to uphold our responsibility to Washingtonians who need our services, even if that means delivering news that is not always welcome.”

She delivered the bad news. Fraud, and more fraud — $500-600 million she thinks, as an early estimate. LeVine reported on the number of dollars recovered — $330 million. LeVine mentioned 25,000 fraudulent applications. What LeVine did NOT report on were, for example:

— how many ESD employees are examining ID documents to verify identity?
— how many applicant IDs are able to be verified each day?
— what is the percentage distribution of ESD workers that represent different functions, e.g.: 80% on phones, 10% on programming, 10% on ID verification?

10:39 “We are calling in every single resource we can and will leave no stone unturned to get the benefits people are due and to catch the criminals and to stop fraudulent claims from going out.”

LeVine did not mention even one “single resource” they were calling in. Why not? Why not explain the triage plan to work on the applications waiting the longest — if such a plan even exists.

12:45 “Everyday we see thousands of suspeciaous claims come in with increasingly convincing false IDs that must be reviewed and dealt with by trained investigators.”

How many investigators? Nine, as has been suggested in social media posts?

The six slides she included in her prepared remarks were:

1. Latest Numbers (of applicants)
2. Preventing Fraud: Helping the Victims
3. Preventing Fraud: Still Under Attack
4. Operation 100% (where she spend no more than 2 minutes, and said the June 15th deadline is going to be extended by at least two weeks)
5. Looking to the future (basically for another extension of PEUC benefits)
6. Fraud: Actions to take

Not one slide was devoted to “Actions to take if you are in limbo” or “Actions and resources we are taking to get you out of limbo”.

Overall, her crime report may be fodder for newspaper and TV reports, but offer little hope to the thousands of legitimate applicants thrown out of work and needing financial assistance.