When registering for a new IRS online account, people will no longer be required to upload video selfies of themselves.
The IRS announced on Monday that it would stop using a facial recognition service provided by a third party to verify new online account registrations.
“The changeover will take place over the next few weeks in order to minimize the impact on taxpayers during the tax-filing season. Additional authentication methods will be developed and implemented by the IRS during the transition period.”
ID.me, a third-party facial-recognition system, has been used by the IRS to identify taxpayers. Opponents of the system include civil liberties and privacy groups as well as elected officials from both major parties.
The IRS did not require ID.me verification for the filing of tax returns, but it was required for the access of related services, such as account information, online applications for payment plans, transcript requests, and the Child Tax Credit Update Portal.
“Using Amazon’s controversial Rekognition technology,” the ID.me system verified 20.9 million users’ selfies as of January 25, Bloomberg reported.
The Treasury Department last year signed a two-year, $86 million contract with a vendor to deploy and maintain ID.me software.
Some senators, like Oregon Democrat Ron Wyden (D), have called on the Internal Revenue Service (IRS) to scrap its current system.
In response to Wyden’s request, the Treasury Department has instructed the Internal Revenue Service to stop using the controversial ID.me verification service, as requested earlier in the day.
Even though the transition might take some time, I appreciate the administration’s recognition that privacy and security are not mutually exclusive and that no one should be forced to use facial recognition for accessing critical government services. ”
The IRS process involves uploading a photo of an ID (such as a license or passport) along with a video selfie, which is compared against each other to verify the user’s identity.
There’s an explanation for why ID.me processed fails: “You will be redirected to an ID.me video call to authenticate your identity. The Referee You Can Count On… You’ll need to show your ID.me Trusted Referee your identity documents and a selfie a picture of yourself to complete your verification process.”
People who wanted to open an IRS account needed to have their ID.me verified before they could do so.
If you already have an IRS online account, you’ll be able to use it until the summer of 2022, but you’ll be prompted “as soon as possible” if you don’t have an ID.me account.
15 Republican senators last week sent a letter to IRS Commissioner Chuck Rettig claiming that the “IRS has unilaterally decided to allow an outside contractor to stand as the gatekeeper between citizens and essential government services.” As well as “intrusive verification measures,” the senators also took issue with what they called ID.me’s “lack of oversight rules as those that apply to a government agency.”
Earlier this week, four Democratic House members sent a letter to the IRS urging them to scrap their plans to use facial recognition technology.
American citizens will be compelled to enter personal information into an unprotected biometric database, the authors wrote.
The Democrats demonstrated the danger by referencing a 2019 presidential race “The face and license plate numbers of tens of thousands of US citizens were made public as a result of a cyberattack on a CBP subcontractor.
Subcontractor cyberattack and subsequent fallout were significant, but the IRS’s plan is far greater: millions of Americans rely on the IRS website each year for a variety of vital functions, and each of them will be forced to trust a private contractor with some of their most sensitive data, making the risk far greater.”
In addition, the Democratic lawmakers expressed concern about racial bias in facial recognition systems and called out a “lack of transparency” in what technology ID.me uses
The IRS’s contract with ID.me and ID.me’s business practices are both opaque to us, which is why we’re concerned.
One-to-many face recognition, which compares a facial image to a large database of other facial images and is both more intrusive to privacy and more error-prone, is not used by ID.me, as the company has repeatedly stated, including in a press release issued just a couple of weeks ago.
In the same month, ID.me’s CEO publicly stated that his company uses one-to-many face recognition technology.
ID.me uses this technology on Americans, but the IRS’s Privacy Impact Assessment does not mention it. In light of these concerns, requiring millions of Americans to put their faith in this new protocol is simply wrong.
Rettig made the following statement the day before: “The IRS is concerned about the safety and privacy of its taxpayers, and we share their worries.
In the short term, we’re looking into alternatives that don’t use facial recognition to protect people’s personal information.”
The IRS has stated that Monday’s announcement was correct “does not affect the taxpayer’s ability to file or pay taxes owed.
For now, the IRS is still accepting returns, and it will have no effect on the current tax season. Individuals should file their taxes in the same manner as before.”
When asked about ID.me, the US General Services Administration said it “is committed to not deploying facial recognition… or any other emerging technology for use with government benefits and services until the rigorous review has given us confidence that we can do so equitably and without harming vulnerable populations.”