IRS debuts face biometrics and suddenly everyone is a privacy regulator

It is unclear if the U.S. Internal Revenue Service’s 7 February reversal on the use of face biometrics was caused by a lack of transparency or political cynicism.

Regardless, the move does illustrate the mottled perception people have of facial biometrics.

Many federal and state governments employ the AI algorithms, often using face photos scraped by the billion from social media accounts without permission, and usually without public outcry.

Still, it is surprising that the federal IRS online user identification program, which was farmed out to the digital ID-authentication vendor ID.me, made it beyond the pilot stage.

(It was obscurely mentioned last June as an option for accessing an IRS status-update portal for tax filers. Prior references are rare, and a government bid announcement is difficult to locate.)

The portal news was immediately seized on by zealous privacy activists and right-wing bloggers as evidence that the government wanted too much personal information or the Biden administration was just plain evil, respectively.

Both major parties in Congress have spotted an opportunity to beat up the widely disliked IRS and to look like heroes for saying citizens deserve better protection of their biometrics. Federal regulation has never been seriously considered on Capitol Hill.

The IRS’s statement on its change of heart mentions “concerns” about biometric data privacy and security. Officials are “quickly pursuing short-term options that do not involve facial recognition.”

The Washington Post, which is owned by Jeff Bezos, founder of AI giant Amazon, has been covering the story, and may have provided the impetus for abandoning face biometrics at the IRS (although ID.me does also use Amazon’s Rekognition software for one-to-many biometric checks for fraud detection).

On 7 February, the same day the IRS pulled out of its face biometrics service, the Post published a story focused on the clash of authentication approaches. Login.gov, the federal General Services Administration’s five-year-old log-in service used by many agencies to simplify access to services, asks subscribers for a scan of a government-issued ID and a phone number.

The IRS/ID.me service required a short video clip of a citizen’s face. The GSA criticizes the face biometrics approach as too problematic to be justified for identification. Meanwhile, ID.me reportedly contracts with 10 federal agencies, 30 states and private firms.

Article Topics

biometrics  |  face biometrics  |  facial recognition  |  facial verification  |  fraud prevention  |  government purchasing  |  ID.me  |  identity verification  |  IRS  |  U.S. Government