Three Key Problems with the Government's Use of a Flawed Facial Recognition Service
Last week, news that the IRS has started requiring people who want to set up an account to go through a private company called created an . What it means is that when dealing with the IRS you may be forced to run a time-consuming, inaccessible, and privacy-invasive gauntlet in the name of 鈥渋dentity verification.鈥 And the IRS is just the latest government agency to place this company as a gatekeeper between itself and the public it鈥檚 supposed to serve. During the pandemic, at least started using ID.me鈥檚 service to verify identity for access to unemployment benefits. The company is also being used by other federal agencies such as the Department of Veteran鈥檚 Affairs and the Social Security Administration.
The Treasury Department is the IRS contract, and we strongly urge them to abandon their plans to use ID.me, as should the states that are using it. The 桃子视频has been working with some of our state affiliates to gather more information about the role of this company in the states via public records requests. We鈥檙e still gathering information, but what is already abundantly clear is that the system is beset with privacy and equity problems. We think there are three key problems with relying on ID.me that policymakers need to recognize.
1. The lack of accessible offline options
One problem is ID.me鈥檚 lack of accessibility and the barriers that creates for people on the wrong side of the digital divide. Using the service requires uploading government identification documents and taking a live selfie, which means you need an internet-connected device with a camera (no desktop computers that lack webcams). If someone is unable to verify their identity through the automated process, as apparently occurs often, they must go through a live virtual interview with ID.me. That requires a strong enough internet connection to transmit live video, and time to spare. Users of the service having to wait in a virtual queue for the interview for hours, only to be booted out of line when internet connections fail. This especially disadvantages , and households, which are less likely to have reliable broadband access.
Even worse, many to vet unemployment insurance recipients don鈥檛 give people an alternative, offline means of doing business or provide extremely limited offline alternatives, forcing people to use ID.me if they want the government benefits they鈥檙e entitled to. It seems likely such problems will worsen as government agencies increasingly move business online.
We should make a commitment as a society to preserve offline ways of doing business. Just as people should have a right to physical and not just digital identity documents, so too should people have a right to do business by mail or in person. And people need not just offline alternatives, but meaningful ones 鈥 a single office across the state doesn鈥檛 cut it. The IRS and other government agencies have been doing business for more than a century without the need for high-bandwidth video chats; people should have alternatives today.
2. Outsourcing a core government function
Even if you do have reliable internet access, that鈥檚 no guarantee that the ID.me system will work. ID.me appears to be by users for its and verification . But this is not a problem of one badly managed company; the problem is structural. A for-profit company is always going to short-change service when the people it serves aren鈥檛 its customers. A private company has an incentive not to do extra work even where that鈥檚 required for fairness and equity, and it鈥檚 exempt from the checks and balances that apply to government such as public records laws or privacy laws specifically applicable to government agencies.
Outsourcing this function also creates privacy problems. ID.me collects a rich stew of highly sensitive personal information about millions of Americans, including biometric data (face and voice prints), government documents, and things like your social security number, military service record, and data 鈥渢elecommunications networks, credit card bureaus, [and] financial institutions.鈥 That information will be retained for up to seven and a half years after a person closes their account. The company promises it won鈥檛 share personal information with third parties 鈥 but reserves a number of exceptions, like with law enforcement requests that are 鈥渘ot prohibited by law.鈥 The company鈥檚 typically dense privacy policy makes it hard to know just what they consider themselves entitled to do with people鈥檚 data, and states may or may not choose to add additional privacy protections in their contracts with ID.me. But any pool of information that sensitive will always pose temptations for for-profit entities 鈥 and for malicious hackers who see a valuable honeypot ready to be raided.
Government agencies are also susceptible to hackers, of course, but there are great efforts underway to improve their security and they are subject to far more oversight than an up-and-coming Virginia tech company. The IRS already holds enormous troves of sensitive data about Americans and is constrained by strict laws ensuring their confidentiality. Companies like ID.me, meanwhile, are barely regulated at all.
3. Biased biometrics that aren鈥檛 subject to independent audits
Another with ID.me is its use of face recognition, which the company uses to decide whether your selfie matches your identity documents. Face recognition is generally problematic; it is often inaccurate and has by race and gender, which is unacceptable for a technology used for a public purpose. ID.me claims the face recognition algorithm it uses for these one-to-one identity verifications has 鈥渘o detectable bias tied to skin type鈥 鈥 but we have no choice but to take the company鈥檚 word on this because it is not subject to the transparency requirements of a government agency.
In addition, after claiming for months that it used face recognition only for one-to-one image comparisons, the company last week that it also performs 鈥渙ne-to-many鈥 searches against some larger database of other photographs it holds. Even the CEO previously admitted that kind of search was 鈥渕ore complex and problematic.鈥 The revelation raises numerous questions. How is that one-to-many facial recognition match being conducted? Are they doing a broader search for duplicate applicants among the millions of photos the company now holds (which would greatly increase error rates)? Or is the company maintaining some internal ban list of suspected wrongdoers (which would also raise due process questions)? Or something else? What are the error rates for these one-to-many searches? Do they differ by race and gender? And what standards is ID.me using to determine whether there is a match and when to alert law enforcement for what it thinks may be fraud? Law enforcement uses of one-to-many facial recognition has already lead to people 鈥 especially Black people for whom the technology is particularly inaccurate 鈥 being .
People should not have to be subjected to a private company鈥檚 dragnet to access government services. More broadly, no biometric technology should be used unless its use in real-world conditions is subject to regular and open auditing by an independent party and found to be accurate, accessible, and free of bias. And the federal government shouldn鈥檛 give money to the states for purchasing biometric technology without that kind of auditing. Many of the states using ID.me for unemployment insurance have done so using .
There is no reason that we can鈥檛 have non-biased identity proving systems that protect our privacy, lessen fraud, and make things easy for users. But such systems shouldn鈥檛 be run by private companies, shouldn鈥檛 be exclusively online, and need to be closely audited. The solution to the security problems created by moving online cannot be a discriminatory system that further erodes privacy and exacerbates the harms of the digital divide.