Keith Chu (202) 224-4515
Wyden Calls on IRS To End Use of Facial Recognition For Online Accounts
Although E-Filing Is Not Affected, Wyden Points to Lengthy Wait Times, Privacy and Security Risks of Outsourcing ID Verification; Login.gov Offers Better Way to Secure Taxpayer Accounts
Washington, D.C. – Senate Finance Committee Chair Ron Wyden, D-Ore., called on the Internal Revenue Service to end the use of facial recognition software for users to access their tax information on IRS.gov, he wrote in a letter to Commissioner Charles Rettig today.
“The IRS does not use facial recognition for tax filing or to receive a refund, and the agency should not require facial recognition for any of the other important services it provides taxpayers,” Wyden wrote.
“I have long argued that Americans should not have to sacrifice their privacy for security,” he continued. “The government can treat Americans with respect and dignity while protecting against fraud and identity theft. The IRS should take immediate steps to address the many valid concerns that have been raised by taxpayers about its use of facial recognition technology.”
In recent weeks privacy and civil rights advocates have raised concerns about the IRS decision to use facial recognition software by private vendor ID.me to verify taxpayers’ accounts and access tax information online. The IRS does not require use of the system to e-file tax returns. However, users have reported hours-long waits to complete the verification process.
While the IRS effort to secure user accounts against fraud and scammers is laudable, Wyden’s letter requests that the IRS transition to an existing government identity verification service, Login.gov, which does not use facial recognition technology. Login.gov is already used by 40 million Americans to access 200 websites run by 28 federal agencies.
Cutting through red tape could allow login.gov to offer higher levels of security, and greater convenience for Americans. One option would be to expand pilot projects to allow in-person ID verification at U.S. Postal Service and Department of Veterans Affairs locations, Wyden said.
The full letter is here or below.
February 7, 2022
The Honorable Charles P. Rettig
Internal Revenue Service
1111 Constitution Ave, NW
Washington D.C, 20224
Dear Commissioner Rettig:
I write to urge the Internal Revenue Service (IRS) to reverse its recently announced implementation of facial recognition screening software for Americans who wish to access their historical tax documents online. The IRS does not use facial recognition for tax filing or to receive a refund, and the agency should not require facial recognition for any of the other important services it provides taxpayers.
In November, 2021, the IRS announced that taxpayers wishing to securely access their tax information online would soon need to sign up for an account with ID.me, a commercial identity verification provider, which uses facial recognition technology as part of the verification process when users first sign up for an account. Although the IRS is not the first government agency to use ID.me — the company’s services are also used by nine other federal agencies and thirty states — the IRS’ use of ID.me’s services has set off an important national debate about the government’s use of facial recognition technology.
While the IRS had the best of intentions — to prevent criminals from accessing Americans’ tax records, using them to commit identity theft, and make off with other people’s tax refunds — it is simply unacceptable to force Americans to submit to scans using facial recognition technology as a condition of interacting with the government online, including to access essential government programs. Furthermore, many facial recognition technologies are biased in ways that negatively impact vulnerable groups, including people of color, women, and seniors.
In addition to the serious privacy and civil liberties issues associated with the use of facial recognition technology, it is also alarming that the IRS and so many other government agencies have outsourced their core technology infrastructure to the private sector. Quite simply, the infrastructure that powers digital identity, particularly when used to access government websites, should be run by the government.
In 2015, Congress required federal agencies to use a single-sign-on service called login.gov, which is operated by the General Services Administration, so that Americans would not have to maintain different accounts for each U.S. government website. Login.gov is already used to access 200 websites run by 28 Federal agencies and over 40 million Americans have accounts. Unfortunately, login.gov has not yet reached its full potential, in part because many agencies have flouted the Congressional mandate that they use it, and because successive Administrations have failed to prioritize digital identity. The cost of this inaction has been billions of dollars in fraud, which has in turn fueled a black market for stolen personal data, and enabled companies like ID.me to commercialize what should be a core government service.
To be clear, the IRS cannot solve digital identity by itself. The Administration will need to take ownership of this problem, in part by clearing red tape that is preventing GSA from accessing and using for identity verification photographs and other data held by Departments of Motor Vehicles and the Social Security Administration. Login.gov also currently lacks one feature offered by ID.me — comparing an applicant to a photo on an official government ID. This does not need to be performed using facial recognition technology though, and login.gov is piloting verification by humans in conjunction with the United States Postal Service and the Department of Veterans Affairs. These pilots should be expanded nationwide, along with a call center that can verify by video people who, for a variety of reasons, are unable to be verified in-person.
I have long argued that Americans should not have to sacrifice their privacy for security. The government can treat Americans with respect and dignity while protecting against fraud and identity theft. The IRS should take immediate steps to address the many valid concerns that have been raised by taxpayers about its use of facial recognition technology. First, the IRS should redouble its efforts to remind taxpayers that facial recognition scanning is not now and has never been necessary to file taxes or receive a refund, as well as educate taxpayers on ways to access other IRS services without the use of facial recognition technology. Second, as a stopgap measure, the IRS should promptly revert its decision to require use of ID.me to transact online through the IRS’ website, delay the phase out of IRS.gov accounts created prior to the implementation of ID.me, and restore the ability of taxpayers to create new IRS.gov accounts, which does not use facial recognition. And finally, in the longer term, the IRS should migrate away from third-party identity verification services and utilize GSA’s government-wide login.gov service.
Thank you for your attention to this important matter.
Next Article Previous Article