POGO Calls on IRS to Halt Planned Face Recognition Requirements

Commissioner Charles P. Rettig
Internal Revenue Service
1111 Constitution Ave. NW
Washington, DC 20224

Dear Commissioner Rettig:

We write regarding Internal Revenue Service (IRS) plans to begin employing face recognition software. We urge you to cease deployment of this technology, due to the dangers it poses to civil liberties and access to services. Use of biometrics — especially face recognition — creates risks regarding both the accuracy of its use as well as the potential for facilitating surveillance.

The Project On Government Oversight (POGO) is a nonpartisan independent watchdog that investigates and exposes waste, corruption, abuse of power, and when the government fails to serve the public or silences those who report wrongdoing. We champion reforms to achieve a more effective, ethical, and accountable federal government that safeguards constitutional principles.

We understand that this summer, the IRS plans to replace the current login systems for its online website (IRS.gov) with a new verification system through ID.me, an outside vendor, that will include face recognition scans as a component of online logins.¹ Essentially, the IRS will require taxpayers to submit a biometric profile to access an array of basic services, such as getting a transcript of their taxes, confirming a payment to the IRS, or using the Child Tax Credit Update Portal.²

Depending on face recognition for these and other basic activities related to paying taxes should concern all Americans, given how prone this technology is to error. Many face recognition systems are more likely to misidentify women and people of color.³ It is unacceptable that the ability to use IRS services without obstacles may vary depending on race or gender.

Additionally, ID.me, the IRS’s company of choice, has experienced serious problems with accuracy. Individuals required to use the service to receive state unemployment benefits have been improperly locked out due to errors with the application’s face recognition systems. These problems persisted for weeks or even months — preventing desperately needed aid from being received amid the COVID-19 pandemic — without ID.me providing an option to correct the error.⁴

We are also seriously concerned that ID.me has made false statements regarding how its systems work and how invasive they are to individuals’ privacy. The company’s CEO, Blake Hall, has repeatedly maintained that ID.me only conducts one-to-one face matching, claiming that face matching mitigates the risk of racial disparity in accuracy.⁵ As recently as this month, Hall reasserted this claim to defend IRS use of ID.me’s systems.⁶ But this week, Hall admitted that the company also conducts one-to-many face recognition, scanning individuals’ faces against large databases.⁷ This methodology is far more privacy invasive and prone to error. Hall himself argued that a one-to-many system is “more complex and problematic,” prior to admitting that ID.me uses it.⁸ We worry that a company that provides inaccurate information on such an important component of its systems is not a responsible steward of taxpayers’ sensitive biometric data.

Furthermore, less invasive alternatives exist to address any credible concerns about fraudulent access to tax information, such as the IRS’s own Identity Protection PIN (IP PIN) program. According to the IRS, more than 5.1 million taxpayers are participating in the now-nationwide IP PIN program, enabling them to proactively protect themselves against identity theft.⁹ While the current program is only used for filing a tax return, modest alterations could be made to use it for other tax-related purposes at the agency.

We also have misgivings about how this system might further accelerate biometric surveillance, and face recognition surveillance in particular. The need to engage with our tax system is one of the most universal elements of American society. Requiring that all individuals submit a face recognition profile in order to access basic IRS services is an unacceptable cost to privacy and civil liberties, especially when government use of face recognition for surveillance is bound by essentially no federal rules or limits.

Even if biometric profiles are limited in access to ID.me, creation of such a massive biometric database based on a government demand sets a dangerous precedent. And while ID.me states that its current policy is not to share biometric profiles with third parties, its recent history of false statements regarding privacy issues makes us concerned that a mass database of taxpayers’ face prints might be repurposed and disseminated at some point in the future. Finally, regardless of intentional dissemination, a biometric database of this scale would be a significant target for malicious hackers.

Given this array of concerns, we believe the IRS should cease deployment of its planned face recognition identification systems for any public IRS services and tools. Before deploying such a system, the agency should solicit input from civil rights and civil liberties stakeholders, as well as tech experts, and assess whether less problematic alternatives are available.

In addition to halting deployment, we also request that the IRS publicly provide the following information regarding its plans to deploy face recognition through ID.me:

1. What steps has the IRS taken to ensure that women and people of color will not face higher levels of difficulty using the planned system?
2. What steps has the IRS taken to ensure that face recognition errors will not cause significant delays — similar to the unacceptable login delays individuals experienced when using ID.me for state government aid — in accessing IRS services and tools?
3. Did the IRS consider less intrusive alternatives to biometric collection in developing its online verification systems? If so, why were these alternatives rejected?
4. Is the IRS prohibited from directly accessing, storing, disseminating, or otherwise using biometric data and profiles collected for this newly planned login system?
5. Does the IRS contract with ID.me prevent the vendor from disseminating or otherwise using biometric data and profiles for any purposes other than the planned login system?

Thank you for your consideration of this important issue, and its potential impact on Americans. We look forward to your response.

Sincerely,

Danielle Brian
Executive Director

cc: House Financial Services Chairwoman Maxine Waters
Senate Finance Committee Chairman Ron Wyden
United States Secretary of the Treasury Janet Yellen