ID.ME UNDER INVESTIGATION
The chairs of two House of Representatives panel's have launched a probe into the use of ID.me identity verification technology by federal, state and local governments. Letter dated April 14 to chief executive officer of ID.me
In their letter, Rep. Carolyn Maloney (D-NY), chairwoman of the House Oversight and Reform Committee, and Rep. James Clyburn (D-SC), chairman of the House Select Subcommittee on the Coronavirus Crisis, cited the IRS's contract with ID.me for the use of facial recognition technology.
The letter noted that a company engineer reportedly "explicitly discussed" using the ID.me's "one-to-many" methodology with IRS officials. "The engineer reportedly told colleagues, 'This seems like it could be troublesome,'" the letter stated.
According to the legislators, by February 11, nearly seven million Americans had already turned over their biometric data to the company and the IRS. Subsequently, the IRS put the brakes on further use of biometric data and announced, pursuant to a revised contract, ID.me would be required to destroy all the biometric data it had already received.
"However, [in a communication with the Oversight Committee] IRS did not indicate any current plans to cancel the ID.me contract or recoup any of the $86 million already spent for ID.me's licenses," the letter said. "Instead, it appears that IRS will continue to rely on ID.me for identity verification technology while 'IRS is urgently working with the General Services Administration to resolve problems that prevent Login.gov from meeting the IRS's needs.'"
The letter continued: "It also appears that ID.me will continue to collect and retain biometric information that is not subject to the new retention requirements, including the biometric selfies. IRS further disclosed that ID.me will be permitted to continue to retain all biometric data that has been identified as being suspicious or potentially fraudulent. This is concerning, given the large volume of data that ID.me regularly misidentifies as fraudulent."
Note that on February 21, 2022, the IRS announced that:
The IRS announced today that a new option in the agency’s authentication system is now available for taxpayers to sign up for IRS online accounts without the use of any biometric data, including facial recognition. This is consistent with the IRS’s commitment earlier this month to transition away from the requirement for taxpayers creating an IRS online account to provide a selfie to a third-party service to help authenticate their identity. Taxpayers will have the option of verifying their identity during a live, virtual interview with agents; no biometric data – including facial recognition – will be required if taxpayers choose to authenticate their identity through a virtual interview.
Taxpayers will still have the option to verify their identity automatically through the use of biometric verification through ID.me’s self-assistance tool if they choose. For taxpayers who select this option, new requirements are in place to ensure images provided by taxpayers are deleted for the account being created. Any existing biometric data from taxpayers who previously created an IRS Online Account that has already been collected will also be permanently deleted over the course of the next few weeks.
While this short-term solution is in place for this year’s filing season, the IRS will work closely with partners across government to roll out Login.Gov as an authentication tool. The General Services Administration is currently working with the IRS to achieve the security standards and scale required of Login.Gov, with the goal of moving toward introducing this option after the 2022 filing deadline.
