The IRS has announced it will soon require people to use facial recognition technology to access parts of the agency’s website, and taxpayers are getting serious jitters.
The agency said it did not plan to require facial recognition for filing tax returns, CNBC reported. But by this summer, people who want to access certain information on the IRS’s website — including past tax records and information about the child tax credit — will first need to record a video of their face with a computer or smartphone, then send it to the private contractor ID.me to confirm their identity.
The setup — and ID.me’s $86 million contract with the IRS — has some privacy advocates worried about how well a private company will protect users’ images and personal data. There isn’t a federal law regulating how the data can be shared, The Washington Post notes.
“You go from a government agency, that at least has some obligation under the Privacy Act and other laws, to a third party, where [there’s a] lack of transparency and understanding, and the potential risks go up,” Jeramie Scott, senior counsel at the Electronic Privacy Information Center, a Washington-based research group, told the publication.
“We haven’t even gone the step of putting regulations in place and deciding if facial recognition should even be used like this,” he added. “We’re just skipping right to the use of a technology that has clearly been shown to be dangerous and has issues with accuracy, disproportionate impact, privacy and civil liberties.”
Sen. Ron Wyden (D-Ore.) said in a statement that “no one should be forced to submit to facial recognition as a condition of accessing essential government services.” He also tweeted that he’s “very disturbed” by the plan.
Rep. Ted Lieu (D-Calif.) called the change a “bad idea” that would “further weaken Americans’ privacy.”
There can also be substantial racial bias in facial recognition technology, according to a 2019 report from the Department of Commerce.
The department’s National Institute for Standards and Technology conducted an analysis of one-to-one facial recognition algorithms, and they showed “higher rates of false positives for Asian and African American faces relative to images of Caucasians.” False positives — which the institute said means “the software wrongly considered photos of two different individuals to show the same person” — could pose a security concern.
Such failures in accuracy can result in government benefits being denied erroneously and cause unnecessary scrutiny, and it costs time and money to clear one’s name, The Atlantic noted in an article last week that detailed several problems with ID.me.
An official from the Treasury Department told the Post that the department was “looking into” alternatives to ID.me. The IRS had previously said in a statement that the company’s services would “create a better user experience,” and that the agency “takes any reports of inequities in service seriously.”