IRS abandons facial recognition plans for online services

If you dislike the use of facial recognition technology in relation to essential services, you’re in luck. One such proposition has been removed.

Last year, the IRS announced it would be using facial recognition selfies to confirm identity. If you wanted the convenience of making payments online, updating addresses, or performing several other tasks, you could have it, but facial recognition was going to become a requirement.

New accounts would have no say in the matter. Older accounts were likely to be switched over to the new service at some point in the immediate future. It seemed folks were going to get used to facial recognition whether they liked it or not.

How was the new service supposed to work?

The proposed system, ID(dot)me, was to take a video selfie alongside the uploading of various identity documents. Often this type of service is restricted to specific devices only, so it did at least offer up alternatives where required.

This was, as you may expect, met with many questions and a sizeable slice of anger. Objections came from a wide range of politicians and protestors. Multiple letters demanding more information or simply just objecting to the switchover were put forth to the IRS. As one congress member wrote:

Any government agency operating a face recognition technology system — or contracting with a third party — creates potential risks of privacy violations and abuse. We urge the IRS to halt this plan and consult with a wide variety of stakeholders before deciding on an alternative.


One of the strongest objections came from Senate Finance Committee Chair Ron Wyden:

Americans shouldn’t have to sacrifice their privacy for security. Full stop. Today I’m calling on the IRS to end its plan to require facial recognition for online accounts.

— Ron Wyden (@RonWyden) February 7, 2022

Some of his main points are highlighted below:

While the IRS had the best of intentions — to prevent criminals from accessing Americans’ tax records, using them to commit identity theft, and make off with other people’s tax refunds — it is simply unacceptable to force Americans to submit to scans using facial recognition technology as a condition of interacting with the government online, including to access essential government programs. Furthermore, many facial recognition technologies are biased in ways that negatively impact vulnerable groups, including people of color, women, and seniors.

He goes on to mention that facial recognition would not be needed if they “cleared out red tape” preventing use of images already verified and held by other agencies such as the DMV and Social Security Administration. There’s also some additional requests for what the IRS should do in terms of alternatives to simply dropping facial recognition on everyone:

First, the IRS should redouble its efforts to remind taxpayers that facial recognition scanning is not now and has never been necessary to file taxes or receive a refund, as well as educate taxpayers on ways to access other IRS services without the use of facial recognition technology. Second, as a stopgap measure, the IRS should promptly revert its decision to require use of to transact online through the IRS’ website, delay the phase out of accounts created prior to the implementation of, and restore the ability of taxpayers to create new accounts, which does not use facial recognition. And finally, in the longer term, the IRS should migrate away from third-party identity verification services and utilize GSA’s government-wide service. 

Well, that’s a lot of requests, demands and more general annoyance. The question is, did the IRS listen?

A surprising response

The answer is yes, it did. From the announcement:

The IRS announced it will transition away from using a third-party service for facial recognition to help authenticate people creating new online accounts. The transition will occur over the coming weeks in order to prevent larger disruptions to taxpayers during filing season.

During the transition, the IRS will quickly develop and bring online an additional authentication process that does not involve facial recognition. The IRS will also continue to work with its cross-government partners to develop authentication methods that protect taxpayer data and ensure broad access to online tools.

“The IRS takes taxpayer privacy and security seriously, and we understand the concerns that have been raised,” said IRS Commissioner Chuck Rettig. “Everyone should feel comfortable with how their personal information is secured, and we are quickly pursuing short-term options that do not involve facial recognition.”

Down but not out?

It isn’t just the IRS that was considering facial recognition. Other services were (or still might be) getting ready to make the leap. Plenty of concerns remain over the use of facial recognition more broadly, with some organisations moving away from a field fraught with issues.

You may well have dodged facial recognition from embedding itself in your tax affairs, but it could easily show up in other areas of your day to day workings. For those not sold on this use of technology, your good news is that campaigning and protesting does seem to work at least some of the time. It remains to be seen whether or not this rollback is a one off, or a gradual push-back against certain private sector technologies tied to Government services.

The post IRS abandons facial recognition plans for online services appeared first on Malwarebytes Labs.

Article Link: IRS abandons facial recognition plans for online services | Malwarebytes Labs