Automated public-benefit fraud detection used by states subject of new FTC complaint

An automated system used by several state agencies to detect public benefits fraud is the subject of a complaint that the Electronic Privacy Information Center, or EPIC, filed Tuesday with the Federal Trade Commission. The research group claimed the system incorrectly identifies fraud and is in violation of several federal rules.

The software named in the complaint, Thomson Reuters’s “Fraud Detect,” advertises itself as a tool that detects fraud against public benefits, like unemployment insurance and the Supplemental Nutrition Assistance Program. The complaint alleges the software uses sensitive personal data to power an algorithm that alert benefits administrators of potentially fraudulent activity and contains an “opaque, proprietary algorithm.” EPIC also claimed the adoption of the Thomson Reuters tool by government agencies has led to millions of legitimate claimants going without access to public benefits.

Fraud Detect is used under various names in 42 states, including Illinois, Indiana, Iowa, Nevada and the District of Columbia, the complaint states. Its algorithm is trained on both historical public benefits data and also incorporates applicants’ personal data to predict fraud and determine how much assistance public benefits recipients should receive, according to EPIC’s complaint.

“To make these predictions, Thomson Reuters compiles sensitive data about public benefits recipients and retailers from both government and third-party, commercial data sources. The data points that Thomson Reuters compiles and uses for fraud predictions include, inter alia, recipients’ home addresses, how far recipients travel to buy groceries, affiliated persons, and social media profiles,” the compliant read.

EPIC claimed the system also relies on credit scores and that it contradicts the Fraud Detect website, where Thomson Reuters disclaims all liability, stating the product “may not be used as a factor in consumer debt collection decisioning; establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing; or for any other purpose authorized under the [Fair Credit Reporting Act].”

The complaint said the system sorts applicants into five risk levels. Some metrics that created fraud alerts the complaint named included “recipients entering into high-dollar-amount transactions, recipients traveling 25 miles or more to shop at a big box store, and recipients requesting their EBT card balance 12 or more times in a year.”

EPIC also claimed that Fraud Detect has incorrect in its fraud predictions. The complaint claims that in December 2020, the California Employment Development Department hired Pondera — the company behind Fraud Detect that Thomson Reuters acquired in 2020 — to review 10 million unemployment insurance claims paid out since the beginning of the COVID-19 pandemic. Using the same algorithm Thomson Reuters bought, and out of the 10 million claims paid out, the company flagged 1.1 million claims as “suspicious.” As a result, the complaint said, all 1.1 million claimants’ benefits were suspended. Further investigation showed that more than 600,000 — or 54% — of the flagged claims were legitimate, the compliant said.

The FTC complaint, which follows a three-year investigation conducted by the Electronic Privacy Information Center into Thomson Reuters’ fraud detection system, also states that the media company has failed to show that its algorithm meets federal standards for responsible automated decision-making systems. Those standards include those set out in President Joe Biden’s October Executive Order on the “Safe, Secure, and Trustworthy Development and Use of AI,” 2022’s White House Blueprint for an AI Bill of Rights and the National Institute of Standards and Technology’s AI Risk Management Framework.

EPIC also claimed that Thomson Reuters is in violation of Section 5 of the FTC Act because it has engaged in unfair and deceptive trade practices, both directly and indirectly. In its complaint, EPIC urged the FTC to open an investigation, secure an injunction and seek model deletion or destruction of the system.

The filing comes just days after the FTC banned the drugstore chain Rite Aid from using AI facial recognition systems. According to the complaint and order filed in the Eastern District of Pennsylvania, the retailer deployed the technology without reasonable safeguards.