In IRS Using Facial Scanning
I reported on the IRS’s move to use the identity proofing and authentication services from ID.me for logging into their online services. ID.me has contracts with other federal agencies like Veteran’s Affairs and numerous states.
One of the controversial aspects of ID.me’s service is an identity proofing service that matches a selfie to the uploaded picture of a government credential. This is called 1:1 facial matching: one selfie, one credential picture.
ID.me’s original press release, since updated
claimed that the company didn’t use 1:many facial matching where the selfie or ID photo is compared to a database of pictures. But after an internal Slack discussion where an engineer pointed out that the company did use AWS’s Rekognition service
for 1:many facial scanning, the company backtracked.
In admitting that ID.me uses 1:many facial recognition, the company ignited a firestorm with privacy watchdogs piling on. A recent EFF article
, written before the ID.me revelations, states “Face recognition isn’t just face identification and verification: It’s also photo clustering, race analysis, real-time tracking, and more.” Many are echoing these concerns. And, of course, the fact that ID.me lied about what they were doing is not inspiring confidence. I imagine their management team has had better weeks.
In ID.me CEO backtracks on claims company doesn’t use powerful facial recognition tech
, Tonya Riley at CyberScoop details the turn around and the events that led up to it. One of the Slack messages reportedly said “We could disable the 1:many face search, but then lose a valuable fraud-fighting tool. Or we could change our public stance on using 1:many face search.” There were no details about how the 1:many facial recognition is used to fight fraud.
One way 1:many facial recognition might be used to fight fraud is to keep copies of all the pictures that have been uploaded. If someone tried to steal identities by using fake IDs, then the system would flag that the same face shows up on multiple IDs. I can see why the IRS would want to do this since one way people defraud the IRS is claiming other people’s refunds. And it’s not hard to do with all the personal data for sale on the dark web. Facial recognition could cut this dramatically.
ID.me retains selfies uploaded during the verification process for seven and a half years after an account is closed, per federal guidelines. Of course, you don’t really close your account with the IRS until you’re dead, so that’s a long time.
I don’t like that the IRS is using a third party to do this. But I wouldn’t really like it if they were using login.gov
either (yeah, that’s a thing). Regardless of who does it, having a huge trove of biometric information sitting out on the internet is just asking for trouble.
As I said last week, the right solution is to use verifiable credentials. They have cryptographic properties that prevent the fraud
without a big, new trove of biometric and personal data. Specifically the credential exchange can prove the person presenting the credential is the same person who it was issued to.
Whether you are a fan of or hate the idea of a national ID, ID.me is on the path to become one. I don’t think having a private third party run the national ID system is a good idea. If we’re going to do it, then let’s architect it correctly and securely. But we can keep the current, decentralized system of identification and also prevent fraud with technology available today. I vote for that.