New information shows that ID.me, the company whose facial recognition tool the IRS plans to require millions of people to use on IRS.gov starting this summer, has been lying to the public about how its tool works and the scope of its surveillance technology.
CyberScoop just published new information about how ID.me, the company the IRS is contracted with to verify people accessing their IRS.gov accounts starting this summer, has been lying about the scope of its facial recognition surveillance.
Here’s the short version: ID.me has claimed in documents and to the press that its tool is one-to-one, meaning it compares one photo to one other photo (you are required to upload a selfie and your government ID), in an effort to confirm they are images of the same person. However, ID.me CEO Blake Hall walked back this claim in a LinkedIn post where he says the company also runs a one-to-many facial recognition search, meaning that it will compare your photos to those of other people.
Companies like ID.me have been splitting hairs over the details of one-to-one and one-to-many matching in an effort to avoid being associated with facial recognition altogether, which, thanks to successful grassroots campaigns to ban the technology, has become toxic in political and public spheres.
“If companies and the government have to lie about facial recognition in an effort to avoid public scrutiny, they shouldn’t be using it,” said Caitlin Seeley George, campaign director for Fight for the Future (she/her). “We already know this company is willing to say anything in order to get more government contracts. The CEO of ID.me has been peddling erroneous numbers about unemployment benefit fraud, but the fact that the IRS knew about this discrepancy is a big problem. The only responsible thing for the IRS and any other state or federal agency using ID.me to do is to stop these contracts immediately.”
Over the summer, 27 states started requiring people applying for unemployment benefits to use ID.me to verify their identity. The CEO of ID.me made statements about unemployment fraud costing states more than $400 billion, a number that is completely unverified. As soon as states started using ID.me people were having trouble completing their applications, with many sharing stories about being misidentified and locked out of their accounts, unable to access their funds or to connect with a real person to fix the errors. There is also currently no clear process for opting out of giving your biometric information to ID.me. The company alleges in-person verification options, but has little information on its site about where and how to access these options.
Ultimately the discrepancy between one-to-one and one-to-many facial recognition matching is moot. In both cases this is creating a massive database that government and law enforcement can use to track people without their knowledge, and that hackers can target to harm millions of people. Fight for the Future is calling on the IRS, lawmakers, and administration officials to immediately cease the IRS’ plan to use ID.me, to investigate how the IRS allowed this partnership and the spread of false information to happen, and for other government agencies to end contracts with this company.