GPO Designated Receiver

Intro

The U.S. Government Publishing Office sends letters on behalf of Login.gov as part of the identity proofing process. Users who cannot or do not want to verify their address with phone records have the option of receiving a physical letter that contains a code generated by Login.gov. The GPO handles the logistics of printing the letter, putting it in an envelope, and mailing it.

How and Why?

It’s difficult to automate testing of the United States Postal Service and the U.S. Government Publishing Office, so to ensure Login.gov is sending letters as expected, a Login.gov team member is sent a letter every day. We record the day the letters were sent and received along with a few other attributes in a spreadsheet.

What should I expect and how do I do it?

It takes 3-7 business days for letters to arrive. It is common to not receive any for a few days, and then receive multiple in one day. When you receive a letter, record the following data points in the GPO Designated Receiver Report:

  • The date it was delivered
  • The date it was printed
  • The date it was enqueued
  • The date it was postmarked (not always present)

Sample Envelope

GPO envelope with arrow pointing to postmark date

Sample Letter

GPO letter with arrows pointing to enqueued and printed dates

I want to do this!

If you’d like to volunteer to receive and record letters, please add your name to the Upcoming Volunteers tab of the GPO Designated Receiver Report spreadsheet. If you have any questions about the process, you can ask them in Slack in #login-team-ada.

Please: See something, say something!

Please make sure to record any unusual behavior observed with the letter on the Notes column of the spreadsheet. If you believe the issue requires immediate attention, please post on #login-team-ada and tag @login-oncall-ada.

How to change the designated receiver

Team Ada’s oncall engineer updates the designated receiver configuration on (or around) the 15th of every month. Here’s the process:

1. Get the new designated receiver’s address

Remember: names and addresses are PII. When reaching out to the new receiver, please request that they supply the information to you via an ephemeral channel such as:

  • Google Chat
  • Private Google doc
  • Video chat

2. Update the production application.yml file

Designated receiver name and address information is stored along with other IdP settings in the YAML secrets file.

To update, use the app-s3-secret script to update the gpo_designated_receiver_pii key:

gpo_designated_receiver_pii: '{"first_name": "Receiver first name", "last_name": "Receiver last name", "address1": "1234 Imaginary Ave.", "address2": "Apt B", "city": "Anytown", "state": "IL", "zipcode": "56789" }'

Note also that this is a string value containing a JSON object. address2 is optional and may be omitted, but all other fields are required.

3. Recycle production

A config recycle is required to apply the updated configuration.

4. Give the receivers a heads-up

Please ping the new designated receiver in Slack and let them know that they should start to receive GPO letters in a few days. You can link them back to this page to refresh their memory about their responsibilities. Additionally, let the prior receiver that they should stop receiving letters in a few days.