Starting in the summer of 2022, the U.S. Internal Revenue Service will require taxpayers who want to validate their account or obtain an online transcript to undergo a facial recognition procedure, and while this type of technology is becoming increasingly common, the controversy comes when it is the government accessing that information for any other purpose.
According to an Axios report, the IRS announced in November that it would begin requiring facial recognition for some taxpayers attempting to use online services but an analysis by a cybersecurity expert reignited the controversy.
Brian Krebs, posted a lengthy blog about his experience validating his identity on the IRS website in which he notes:
“If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device.”
From the government’s point of view, the procedure to validate an online account, which as Krebs points out is full of steps, delays and requires a lot of patience, is intended to prevent fraud.
In recent years, the number of criminals impersonating other people to collect refunds of thousands of dollars has increased exponentially and facial recognition technology aims to deal with this problem.
An inevitable invasion of privacy
Critics point out that there are problems with ID.me’s terms and conditions that present the prospect of the government accessing users’ biometric data for other purposes or simply without users’ consent.
Caitlin Seeley George, campaign director for Fight For the Future, an NGO focused on rights in the digital world, said, “This announcement signals one of the largest expansions of facial recognition technology in the U.S. and there is no question that it will harm peoples’ privacy.”
Seeley also pointed out that the company has “the right to share people’s data with police, government, and ‘select partners'” based on its terms and conditions which would involve a real risk to privacy.
Certainly with the pandemic approach, the digital area has expanded enormously, and today to open an online bank account or any digital payment application, they require facial recognition and little do users of these applications know what companies do with their biometric data.
However, government or police involvement presents a different prospect.
Other points raised by critics were that the app sometimes malfunctions and fails to recognize users or many elderly or low-income people may have trouble accessing the technology to validate their identity.
However, the company clarified that, with the implementation of the new technology, it will also open more than 650 centers in the country for in-person identity verification and assured that 90 percent of the people who use the online services manage to verify the account.
The legal framework must define the scope of the use of technology
Beyond a scenario where government, police or other agencies use the biometric data of IRS users for other reasons has to be defined by a legal framework, i.e. by legislation that sets out what the boundaries are for the use of people’s personal data.
Blake Hall, CEO of ID.me said he supports legislation that specifies how government agencies can make use of facial recognition technology.
“There are things around tracking and surveillance that absolutely need to be regulated,” said Hall.
Portland, Minneapolis, Boston and San Francisco are among the cities that have already limited the use of facial recognition through legislation but at the federal level, there are no specific rules yet to handle this new scenario.