Federal lawmakers joined with advocacy groups that argued requiring biometric information to access records online is a “creepy and disturbing strike” at privacy and security.
After Democrats in both chambers of Congress added their voices to the growing chorus of opposition to the U.S. Internal Revenue Service’s plan to require the use of a private company’s facial recognition software to access various information online, Sen. Ron Wyden revealed Monday that the IRS intends to change course.
“This is big: The IRS has notified my office it plans to transition away from using facial recognition verification, as I requested earlier today,” tweeted the Oregon Democrat. “While this transition may take time, the administration recognizes that privacy and security are not mutually exclusive.”
Welcoming Wyden’s announcement, tech campaigner Kade Crockford tweeted that “fighting back works!”
Confirming that the transition will occur in the weeks ahead, IRS Commissioner Charles Rettig said in a statement that “the IRS takes taxpayer privacy and security seriously, and we understand the concerns that have been raised.”
“Everyone should feel comfortable with how their personal information is secured, and we are quickly pursuing short-term options that do not involve facial recognition,” he added.
Earlier Monday, Wyden as well as Reps. Yvette Clarke (D-N.Y.), Anna Eshoo (D-Calif.), Pramila Jayapal (D-Wash.), and Ted Lieu (D-Calif.) had sent a pair of letters to Rettig calling for the agency to halt its plan to use ID.me beginning this summer.
Their demands followed earlier letters from Democratic and Republican lawmakers, proposed federal legislation that would bar the IRS from using facial recognition software on taxpayers, and outrage from advocates of privacy rights—including a petition that called the biometric requirements “a creepy and disturbing strike” at privacy and security.
Wyden wrote that “it is simply unacceptable to force Americans to submit scans using facial recognition technology as a condition of interaction with the government online, including the access essential government programs,” and noted that such technology is often “biased in ways that negatively impact vulnerable groups, including people of color, women, and seniors.”
“In addition to the serious privacy and civil liberties issues associated with the use of facial recognition technology, it is also alarming that the IRS and so many other governmental agencies have outsourced their core technology infrastructure to the private sector,” he added.
The senator pushed for the use of Login.gov, which is operated by the General Services Administration (GSA), pointing out that it is already used to access 200 websites run by 28 federal agencies and more than 40 million Americans have accounts.
“Unfortunately, Login.gov has not yet reached its full potential,” he explained, “in part because many agencies have flouted the congressional mandate that they use it, and because successive administrations have failed to prioritize digital identity.”
Americans shouldn’t have to sacrifice their privacy for security. Full stop. Today I’m calling on the IRS to end its plan to require facial recognition for online accounts. pic.twitter.com/cggpAnc7va
— Ron Wyden (@RonWyden) February 7, 2022
Director of the GSA’s Technology Transformation Services, Dave Zvenyach, told The Washington Post that the agency “is committed to not deploying facial recognition… or any other emerging technology for use with government benefits and services until rigorous review has given us confidence that we can do so equitably and without causing harm to vulnerable populations.”
The newspaper reported Monday that unnamed sources said IRS officials who visited Capitol Hill Friday to discuss concerns with its ID.me plan “told members of Congress that they were actively considering an identity-verification option that would not use facial recognition.”
The four House Democrats, in their Monday letter, urged the IRS to “halt this plan and consult with a wide variety of stakeholders before deciding on an alternative.”
The quartet highlighted that the agency planned to require taxpayers to “upload images of their driver’s license, state-issued ID, or passport and then take a live video of their face with a computer or smartphone so ID.me can confirm their identity,” and the biometric requirements would be “necessary for accessing a wide array of vital tools the IRS provides, including confirming a payment, using the Child Tax Credit Update Portal, and accessing a tax transcript.”
They detailed various “alarming issues,” including that forcing Americans to put biometric information into a database is a cybersecurity risk; accuracy and bias problems with face recognition systems; and “lack of transparency” regarding both the IRS contract with ID.me and the company itself.
The letter also featured seven questions for Rettig related to the agency’s plan—questions he must urgently answer, according to Fight for the Future campaign director Caitlin Seeley George.
BREAKING: after an amazing rapid-response effort from groups like @fightfortheftr and @AJLUnited as well as a flurry of letters from lawmakers, the IRS is backing down on its plan to use #facialrecognition.
When we fight we win!
Now let’s get *all* Federal agencies to dump IDme
— Evan Greer (@evan_greer) February 7, 2022
Seeley George, whose group is among those behind the petition opposing the original IRS plan, said in a Monday email to Common Dreams that it is “critical” the IRS—and other state and federal government entities using ID.me—answer questions raised in lawmakers’ letters and encouraged all agencies to “immediately” cancel contracts with the company.
“How did this company win so many government contracts when it puts so many peoples’ most sensitive information in danger?” the campaigner asked. “It’s clear that ID.me is comfortable lying to the public, so how could we possibly trust it with this information?”
In a LinkedIn post last month, CEO Blake Hall clarified ID.me’s use of a type of facial recognition that involves searching for people within large databases of photos, following internal concerns that the company’s public comments on the matter were inaccurate.
Hall’s post came a week after press release from the Virginia-based company stated that “our 1:1 face match is comparable to taking a selfie to unlock a smartphone. ID.me does not use 1:many facial recognition, which is more complex and problematic.”
The CEO admitted that ID.me does, in fact, use 1:many verification “once during enrollment.” He added that it “is not tied to identity verification” and “we avoid disclosing methods we use to stop identity theft and organized crime as it jeopardizes their effectiveness.”
That admission bolstered widespread criticism of U.S. government agencies contracting with the company for identity verification purposes.
Here are all the lawmakers (Rs and Ds) that have written to IRS about https://t.co/kaliGC1Xgg just within the past week: @RonWyden @SenJeffMerkley @RoyBlunt @RogerWicker @tedlieu @RepAnnaEshoo @RepJayapal @RepYvetteClarke + Senate Finance Republicans. https://t.co/LKuMlQ3mIR
— Tonya Riley (@TonyaJoRiley) February 7, 2022
“The swift response from rights organizations, the public, and legislators has pushed this issue to a tipping point and essentially has made it impossible for the IRS to ignore the very serious implications its plan to use ID.me and facial recognition would have on millions of peoples security and rights,” Seeley George told Common Dreams.
“The legislative response has also shown that this is not a bipartisan issue—facial recognition technology and the collection of peoples’ biometric data puts everyone in danger,” she said.
After the IRS caved to sweeping pressure Monday, Seeley George added in a statement that “we’re glad to see that grassroots activism and backlash from lawmakers and experts has forced the agency to back down.”
However, she noted, “several other federal agencies are still using ID.me’s discriminatory and insecure software, including the [Department of Veterans Affairs] and Social Security Administration, as well as 30 states that use it on people trying to access unemployment benefits.”
“No one should be coerced into handing over their sensitive biometric information to the government in order to access essential services,” she said. “The lawmakers who led the charge against the IRS use of this technology should immediately call for an end to other agencies’ contracts, and there should be a full investigation into the federal government’s use of facial recognition and how it came to spend taxpayer dollars contracting with a company as shady as ID.me.”