US tax agency plans to implement facial recognition
Starting next summer, U.S. citizens will have to authenticate themselves via facial recognition if they want to access their records online at the national tax agency IRS. Among other things, there is criticism because biometric data will be processed in the system of a private company.
As CNN reported Friday, the facial recognition system can already be used to access tax records online, if a user account already exists with the IRS. However, logging in by password remains possible for now. Those who do not yet have a username and password with the IRS, on the other hand, must already register with the private provider ID.me and use facial recognition to log in.
Starting in the summer of 2022, facial recognition will then be mandatory for all online users.
The tax agency told the news station that taxpayers can alternatively submit or request their documents by mail – without an online account and facial recognition.
In the future, users will have to identify themselves to the provider ID.me for online access by, for example, photographing their driver’s license. They must also film themselves via smartphone or webcam. The company then uses facial recognition to automatically compare whether they are the same person.
If the system can’t find a match, identification is to take place via video call, the Washington Post reports. Users must then show their official documents as well.
Implementation without rules
Data protectionists are alarmed at the fact that a private company is responsible for identification via facial recognition. The contract with the tax agency was signed for two years for the time being. Jeramie D. Scott of the Electronic Privacy Information Center research group told the Washington Post that it has not yet been legally decided in the U.S. whether facial recognition technology can be used for these purposes. There are no regulations to that effect, he said. “We’re just going straight to using a technology that has clearly been shown to be dangerous.” The potential risks increased by cooperating with a private company, he said.
Democratic U.S. Sen. Ron Wyden criticized, “No one should be forced to undergo facial recognition to access critical government services.” According to the Washington Post, the Internal Revenue Service is also looking at alternatives to the facial recognition system, but a spokesman for the agency declined to provide details.
Facial recognition systems use biometric data that is considered particularly sensitive, because it cannot be changed. People can be identified by them for the rest of their lives. A data leak would have serious consequences for those affected.
In principle, people can have their biometric data stored with ID.me deleted. However, the Washington Post refers to an IRS document that states that the company is obliged to retain the data for at least seven years in order to comply with audit regulations.
Unreliable technology
According to the company’s privacy policy, it can also use personal data to cooperate with law enforcement. The company says ID.me also stores millions of facial images to detect identity theft – and calls in authorities when suspicions arise.
The use of facial recognition software is controversial and considered unreliable, meaning that even innocent people could fall under suspicion. A study by the U.S. National Institute of Standards and Technology had found at the end of 2019 that the error rate for people with dark skin color is 10 to 100 times higher than for white people. Women with dark skin color have the highest rate of misidentification. According to the Washington Post, at least three black men have been arrested in the U.S. because technology incorrectly identified them.
ID.me claims that internal tests of the technology found no evidence of racial or gender discrimination. However, the Washington Post criticizes that the alleged test results were neither published nor reviewed by independent experts.
Computer scientist Joy Buolamwini, who researches discrimination through facial recognition, also criticized ID.me for misinterpreting or failing to cite earlier research findings in its reports.
Lack of transparency
ID.me has also been accused of lacking transparency because company founder Blake Hall recently made contradictory statements about how the system works. Buolamwini demanded that ID.me have the system used checked by external experts. The danger to privacy posed by the technology and the potential for abuse should not be ignored.
CNN had already reported last year on the use of ID.me at various U.S. federal agencies. At the time, this included half of the employment offices in all U.S. states. Because there were problems with verification in some cases in 2020, the payment of unemployment benefits had also been delayed. 70 million people are already said to be registered with ID.me.
Last year, the U.S. Government Accountability Office had questioned 42 federal agencies about their use of facial recognition technology. The GAO had pointed out that federal agencies should continuously monitor the use of systems from private providers. Untested systems run the risk of not complying with data protection requirements, it said. The GAO had also warned of IT attacks on databases. In June 2019, thousands of Americans’ facial photos had been published on the Internet after a company that worked with U.S. Customs was attacked. (js)