Say after me ten times: Identity is not Authentication, nor Authorization. Identity is not Authentication, nor Authorization. Identity is not...
Now, got that? You are making the same sad mistake that the IRS did. You are confusing Identity with Authentication.
SSN & DoB are perfectly fine identifiers for a person. Not quite unique, but they will work for the purpose.
The problem is that there is no authentication, nor any authorization infrastructure for them to use as far as I know. There are in other countries (see for example https://www.bankid.com/en/). I have understood that there are ideological reasons not to roll out a decent Authentication/Authorization infrastructure in the US, but the lack of such an infrastructure will cost US business (and private person) more and more dearly as important information moves to the internet.