Search Documents and Resources

    • Mission and Vision
    • Board & Staff
    • Financials
    • Contact Us
    • Privacy Policy
    • Donor Privacy Policy
    • Explore our work
    • Center for Defense Information
    • The Constitution Project
    • Congressional Oversight Initiative
    • Policy Letters
    • Reports
    • Testimony
    • For Oversight Staff
    • Whistleblower Resources
    • Report Corruption
  • Take Action
  • Sign Up
  • Donate
  • facebook
  • twitter
  • instagram
  • youtube
    • Mission and Vision
    • Board & Staff
    • Financials
    • Contact Us
    • Privacy Policy
    • Donor Privacy Policy
    • Explore our work
    • Center for Defense Information
    • The Constitution Project
    • Congressional Oversight Initiative
    • Policy Letters
    • Reports
    • Testimony
    • For Oversight Staff
    • Whistleblower Resources
    • Report Corruption
Project On Government Oversight
  • Take Action
  • Sign Up
  • Donate
  • Afghanistan
  • More Topics
  • About
  • Mission & History
  • Board & Staff
  • Financials
  • Take Action
  • For Federal Employees
  • COVID-19: Tips
  • Contact Us
  • Privacy Policy
  • Subscribe
  • Donate
Project On Government Oversight
    • Mission and Vision
    • Board & Staff
    • Financials
    • Contact Us
    • Privacy Policy
    • Donor Privacy Policy
    • Explore our work
    • Center for Defense Information
    • The Constitution Project
    • Congressional Oversight Initiative
    • Policy Letters
    • Reports
    • Testimony
    • For Oversight Staff
    • Whistleblower Resources
    • Report Corruption
  • Take Action
  • Sign Up
  • Donate
Constitutional Principles

POGO Calls on IRS to Halt Planned Face Recognition Requirements

By Danielle Brian | Filed under letter | January 28, 2022

Commissioner Charles P. Rettig
Internal Revenue Service
1111 Constitution Ave. NW
Washington, DC 20224

Dear Commissioner Rettig:

We write regarding Internal Revenue Service (IRS) plans to begin employing face recognition software. We urge you to cease deployment of this technology, due to the dangers it poses to civil liberties and access to services. Use of biometrics — especially face recognition — creates risks regarding both the accuracy of its use as well as the potential for facilitating surveillance.

The Project On Government Oversight (POGO) is a nonpartisan independent watchdog that investigates and exposes waste, corruption, abuse of power, and when the government fails to serve the public or silences those who report wrongdoing. We champion reforms to achieve a more effective, ethical, and accountable federal government that safeguards constitutional principles.

We understand that this summer, the IRS plans to replace the current login systems for its online website (IRS.gov) with a new verification system through ID.me, an outside vendor, that will include face recognition scans as a component of online logins.1 Essentially, the IRS will require taxpayers to submit a biometric profile to access an array of basic services, such as getting a transcript of their taxes, confirming a payment to the IRS, or using the Child Tax Credit Update Portal.2

Depending on face recognition for these and other basic activities related to paying taxes should concern all Americans, given how prone this technology is to error. Many face recognition systems are more likely to misidentify women and people of color.3 It is unacceptable that the ability to use IRS services without obstacles may vary depending on race or gender.

Additionally, ID.me, the IRS’s company of choice, has experienced serious problems with accuracy. Individuals required to use the service to receive state unemployment benefits have been improperly locked out due to errors with the application’s face recognition systems. These problems persisted for weeks or even months — preventing desperately needed aid from being received amid the COVID-19 pandemic — without ID.me providing an option to correct the error.4

We are also seriously concerned that ID.me has made false statements regarding how its systems work and how invasive they are to individuals’ privacy. The company’s CEO, Blake Hall, has repeatedly maintained that ID.me only conducts one-to-one face matching, claiming that face matching mitigates the risk of racial disparity in accuracy.5 As recently as this month, Hall reasserted this claim to defend IRS use of ID.me’s systems.6 But this week, Hall admitted that the company also conducts one-to-many face recognition, scanning individuals’ faces against large databases.7 This methodology is far more privacy invasive and prone to error. Hall himself argued that a one-to-many system is “more complex and problematic,” prior to admitting that ID.me uses it.8 We worry that a company that provides inaccurate information on such an important component of its systems is not a responsible steward of taxpayers’ sensitive biometric data.

Furthermore, less invasive alternatives exist to address any credible concerns about fraudulent access to tax information, such as the IRS’s own Identity Protection PIN (IP PIN) program. According to the IRS, more than 5.1 million taxpayers are participating in the now-nationwide IP PIN program, enabling them to proactively protect themselves against identity theft.9 While the current program is only used for filing a tax return, modest alterations could be made to use it for other tax-related purposes at the agency.

We also have misgivings about how this system might further accelerate biometric surveillance, and face recognition surveillance in particular. The need to engage with our tax system is one of the most universal elements of American society. Requiring that all individuals submit a face recognition profile in order to access basic IRS services is an unacceptable cost to privacy and civil liberties, especially when government use of face recognition for surveillance is bound by essentially no federal rules or limits.

Even if biometric profiles are limited in access to ID.me, creation of such a massive biometric database based on a government demand sets a dangerous precedent. And while ID.me states that its current policy is not to share biometric profiles with third parties, its recent history of false statements regarding privacy issues makes us concerned that a mass database of taxpayers’ face prints might be repurposed and disseminated at some point in the future. Finally, regardless of intentional dissemination, a biometric database of this scale would be a significant target for malicious hackers.

Given this array of concerns, we believe the IRS should cease deployment of its planned face recognition identification systems for any public IRS services and tools. Before deploying such a system, the agency should solicit input from civil rights and civil liberties stakeholders, as well as tech experts, and assess whether less problematic alternatives are available.

In addition to halting deployment, we also request that the IRS publicly provide the following information regarding its plans to deploy face recognition through ID.me:

  1. What steps has the IRS taken to ensure that women and people of color will not face higher levels of difficulty using the planned system?
  2. What steps has the IRS taken to ensure that face recognition errors will not cause significant delays — similar to the unacceptable login delays individuals experienced when using ID.me for state government aid — in accessing IRS services and tools?
  3. Did the IRS consider less intrusive alternatives to biometric collection in developing its online verification systems? If so, why were these alternatives rejected?
  4. Is the IRS prohibited from directly accessing, storing, disseminating, or otherwise using biometric data and profiles collected for this newly planned login system?
  5. Does the IRS contract with ID.me prevent the vendor from disseminating or otherwise using biometric data and profiles for any purposes other than the planned login system?

Thank you for your consideration of this important issue, and its potential impact on Americans. We look forward to your response.

Sincerely,

Danielle Brian
Executive Director

cc: House Financial Services Chairwoman Maxine Waters
Senate Finance Committee Chairman Ron Wyden
United States Secretary of the Treasury Janet Yellen

The Constitution Project

The Constitution Project seeks to safeguard our constitutional rights when the government exercises power in the name of national security and domestic policing, including ensuring our institutions serve as a check on that power.

Author

  • Author

    Danielle Brian

    Danielle Brian is POGO's executive director and president.

Related Tags

    Constitutional Principles Surveillance Facial Recognition Congress Internal Revenue Service (IRS)

Related Content

  • Abuse of Power

    Correcting Misconceptions and Planning Effective Safeguards on Face Recognition Technology

  • Constitutional Principles

    Face Recognition Is Far from the Sci-Fi Super-Tool Its Sellers Claim

  • Constitutional Principles

    Facial Recognition Technology: Strong Limits Are Necessary to Protect Public Safety & Civil Liberties

  • Constitutional Principles

    Testimony In Support of Limits on Funding for Face Recognition Surveillance

1 Kim Lyons, “The IRS will soon make you use facial recognition to access your taxes online,” the Verge, January 20, 2022, https://www.theverge.com/2022/1/20/22893057/irs-facial-recognition-taxes-online-idme-identity. 2 Peter Butler and Clifford Colby, “Here’s what you need to know about the IRS’ facial recognition program,” CNET, January 25, 2022, https://www.cnet.com/personal-finance/taxes/taxes-irs-account-selfie-how-to-id-me-verify/. 3 Drew Harwell, “Federal study confirms racial bias of many facial-recognition systems, casts doubt on their expanding use,” the Washington Post, December 19, 2019, https://www.washingtonpost.com/technology/2019/12/19/federal-study-confirms-racial-bias-many-facial-recognition-systems-casts-doubt-their-expanding-use/. 4 Todd Feathers, “Facial Recognition Failures Are Locking People Out of Unemployment Systems,” Vice, June 18, 2021, https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems; Shawn Donnan and Dina Bass, “How Did ID.me Get Between You and Your Identity?” Bloomberg, January 20, 2022, https://www.bloomberg.com/news/features/2022-01-20/cybersecurity-company-id-me-is-becoming-government-s-digital-gatekeeper. 5 Todd Feathers, “Facial Recognition Failures Are Locking People Out” [see note 4]. 6 Peter Butler and Clifford Colby, “Here’s what you need to know” [see note 2]. 7 Tonya Riley, “ID.me CEO backtracks on claims company doesn’t use powerful facial recognition tech,” Cyberscoop, January 26, 2022, https://www.cyberscoop.com/id-me-ceo-backtracks-on-claims-company-doesnt-use-powerful-facial-recognition-tech/; Blake Hall, “We avoid disclosing methods we use to stop identity theft and organized crime as it jeopardizes their effectiveness,” LinkedIn, January 26, 2022, https://www.linkedin.com/feed/update/urn:li:activity:6892131524746326016/. 8 ID.me, “ID.me Comments on Adherence to Federal Rules on Facial Recognition ‘Selfies’ that Protect Identities from Theft,” Press Release, January 24, 2022, https://insights.id.me/press-releases/id-me-comments-on-adherence-to-federal-rules-on-facial-recognition-selfies-that-protect-identities-from-theft/?cn-reloaded=1. 9 Internal Revenue Service, “National Tax Security Awareness Week, Day 3: Choosing a special Identity Protection PIN adds extra safety for taxpayers,” December 1, 2021, https://www.irs.gov/newsroom/national-tax-security-awareness-week-day-3-choosing-a-special-identity-protection-pin-adds-extra-safety-for-taxpayers.

Site Footer

  • facebook
  • twitter
  • instagram
  • youtube
  • Press Center
  • Contact Us
  • Careers
  • Briefing
  • Newsletters
  • Publications
  • Report Corruption
Better Business Bureau Accredited Charity CharityWatch Top Rated Charity Great Nonprofits 2021 Top-Rated Charity Navigator Four-Star Charity

©2023 POGO | Privacy Policy

Project On Government Oversight logo

Project On Government Oversight

Oversight in your inbox.