The IRS announced on February 7th that it will transition away from using the private facial recognition service ID.me to verify IRS.gov accounts.
"The IRS announced it will transition away from using a third-party service for facial recognition to help authenticate people creating new online accounts. The transition will occur over the coming weeks in order to prevent larger disruptions to taxpayers during filing season," according to an IRS statement.
The announcement comes shortly after Senate Finance Chairman Ron Wyden (D-Ore.) urged the tax agency earlier today to ditch the software.
“I write to urge the Internal Revenue Service (IRS) to reverse its recently announced implementation of facial recognition screening software for Americans who wish to access their historical tax documents online,” Wyden wrote in a February 7th letter to IRS Commissioner Charles Rettig, adding "the IRS’ use of ID.me’s services has set off an important national debate about the government’s use of facial recognition technology."
Wyden deemed it a smart decision for the IRS to rid itself of ID.me.
“[N]o one should be forced to submit to facial recognition to access critical government services,” Wyden said in a prepared statement.
The tax agency’s use of facial recognition has raised concerns among interest groups that the software could violate a taxpayer’s privacy or civil rights. Wyden, in his letter today, noted that the program should be run by the government.
“[I]t is also alarming that the IRS and so many other government agencies have outsourced their core technology infrastructure to the private sector. Quite simply, the infrastructure that powers digital identity, particularly when used to access government websites, should be run by the government,” he wrote.
Nine federal agencies besides the IRS currently use the ID.me software.
Wyden’s letter and the IRS announcement come on the heels of all Senate Finance Republicans raising questions about the IRS use of ID.me. Their February 3rd letter identified issues with using the software program:
- The intrusive verification measures that may be required of taxpayers, such as submitting to ID.me biometric data like a video ‘selfie’--an identifier that cannot be changed if compromised, unlike a password;
- Cybersecurity standards, and how such sensitive data will be stored and protected;
- Oversight issues, since ID.me is not subject to the same oversight rules as a government agency; and
- What assurances and rights are allowed taxpayers within the collaboration, as it appears taxpayers would be subject to multiple terms of agreement filled with dense legal print.
“We are deeply concerned for many reasons. The government and private companies have an unfortunate history of data breaches. The examples are many,” the Republican Senators wrote.
Wyden’s letter requests that the IRS transition to an existing government identity verification service, Login.gov, which does not use facial recognition technology. It is not clear if the IRS will follow the Chairman's lead.