Victory! ID.me drops facial recognition requirement for government services
First, the Internal Revenue Service reverse course of his recent announcement that it is partnering with ID.me, a third-party identity verification service, to use facial recognition for verification of users managing many aspects of their taxes online. Now ID.me, which provides identity verification services to dozens of government agencies, says it will. drop its facial recognition requirement entirely for these agencies, in a victory for privacy and security.
This is an important victory: facial recognition is a dangerous surveillance tool. Forcing facial recognition to interact with the government is particularly pernicious, as it unnecessarily forces people to give up their privacy in exchange for needed services. Worse still, forcing people to hand over their biometric data to a third party, which is bound by fewer restrictions and privacy regulations, would have exposed huge swaths of the public’s personal data to risk of misuse.
Why did the IRS and ID.me back down? The IRS plan has been roundly criticized by researchers, grassroots advocates, civil liberties experts and other branches of government. Congressmen Ted Lieu and Ron Wyden expressed their concerns on the diet. Similarly, FTC Commissioner Christine Wilson castigated noting that federal rules would require biometric data to be stored for at least seven years, a long period which makes privacy breaches more likely, and that ID.me would not be bound by legislation on how it could use this biometric data. The General Services Administration, which oversees Login.gov and provides services to 200 websites operated by 28 federal agencies, also exited. against the regimeclaiming that the GSA would not use facial recognition “or any other emerging technology for use with government benefits and services until rigorous review has given us assurance that we can do so fairly and without harm vulnerable populations”.
Compel users of the IRS website, which is one of the federal government websites most visited sites, entrusting their biometric data to a third party would have been a dangerous step. At this time, it remains unclear whether the Treasury will simply look elsewhere for biometric services. But now that ID.me is relaxing its facial recognition requirement for all government services, it’s likely that any plans to require facial recognition for this government service will be met with a backlash. Additionally, while it is good that the Treasury has pulled out of this plan and that facial recognition is not required for ID.me users to interact with government services, questions remain as to how and why the Treasury decided to force taxpayers to turn over their biometric information to a private company in the first place. Also, how has ID.me’s facial recognition requirement been in place for years with so little oversight? Congress should hold public hearings with Treasury officials and ID.me representatives to answer these questions.
The fight is far from over
Separated from ID.me, many other federal government agencies started using facial recognition or intend to do so. State and local governments have also started using them for identity verification or to “security“, despite a growing number of bans on the government’s use of facial recognition technology in local level.
No government service should require the use of dangerous face tracking technology to access services. Partnering with an unaccountable third party to collect the data and store it for seven years would have been even worse. We hope that these actions taken by the IRS and ID.me mark the beginning of a serious move away from the government’s use of this technology, and not just a way to avoid worry.