It’s not the first time the IRS has backed away from a terrible idea after public outcry, but it is one of the more confounding instances.
Last November, the IRS announced that it would require a live video selfie through facial recognition technology to authenticate taxpayers prior to using online services to view account information, make online payments, or update personal information.
A firestorm of complaints ensued. As the National Law Review posts, privacy advocates and some members of Congress pushed back, raising concerns about:
- A third-party, ID.me, holding and maintaining millions of individuals’ biometric information.
- The use of facial recognition, which often “misidentifies women, people of color and gender-nonconforming individuals.”
- The inherent requirement of a smartphone or other technology that “creates undue hurdles for economically disadvantaged Americans, seniors and other groups.”
By early February 2022, the IRS had bowed to public outrage, announcing it would transition away from using a third-party service for facial recognition to help authenticate people creating new online accounts. The agency says it’s working on a long-term authentication through Login.Gov, which will serve as a one-stop-shop to sign in to more than one federal government account. In the meantime, taxpayers can still opt into the ID.me self-assistance tool, or they can choose to verify their identity during a live, virtual interview with agents. The interview option doesn’t use facial recognition, no biometric data is analyzed, and the video is deleted after 30 days, writes Cnet.
But here’s the catch: ID.me was approved as a credential service provider for the federal government in 2014. It’s already been used by several federal agencies, including Social Security and Veterans’ Affairs, as well as some state agencies and retailers.
The Association for Computing Machinery, among other organizations, has called for a moratorium on government use of facial recognition technology due to questions about their accuracy. Data privacy is also a huge concern. “As part of its process, ID.me collects a very large amount of personal information. It has a very long and difficult-to-read privacy policy, but essentially while ID.me doesn’t share most of the personal information, it does share various information about internet use and website visits with other partners. The nature of these exchanges is not immediately apparent,” reports Scientific American. And can you imagine a data breach that releases your biometric data linked to your tax information?
It’s an important reminder to exercise caution before sharing your private information, even if the IRS asks for it. Check with us if you’re unsure whether the request is safe. These days, your personally identifiable information includes biometric data. Protect it as carefully as you would your Social Security number.