The Internal Revenue Service already has a lot of personal information about American taxpayers: how much we earn, how much we pay in taxes, our Social Security numbers and addresses. But should it also have photos of our faces on file? The agency is now requiring that some taxpayers who want to get certain kinds of tax information submit a photo, and privacy advocates are raising alarms.
First of all, to be clear: The IRS is not requiring that every taxpayer filing a return submit a selfie. It will be used only to verify the identification of people who want to set up an account with the IRS in order to see their past returns or to get information about child tax credit payments.
Still, it’s an overreach, says Emily Tucker, director of the Center on Privacy and Technology at the Georgetown Law School.
“The consequences of not agreeing to give up a photo of yourself, which is then stored in a corporate database, which is protected only by that corporation’s own easily changeable privacy policies is that you may not be able to comply with federal tax law under some circumstances,” she tells NPR.
The IRS says because of a lack of resources, it has contracted out the identification verification to a Virginia-based company called ID.Me. That is where taxpayers submit their photos to, and that is where the photos will be kept.
Jeramie Scott, senior counsel at the Electronic Privacy Information Center, says one of the problems outsourcing this information is whether it’s kept safe. “What it does is create another kind of target for criminals. Obviously, data breaches are a big issue. And you know, the more areas that sensitive information is, the more likely it [will] be the target of a data breach.”
18 federal agencies use some sort of facial recognition technology
ID.Me says it does not sell the personal information of its users. And the IRS is not alone in using the company; 10 other federal agencies do, as well as many states, according to the company’s website. A Government Accountability Office report last summer, found that overall, 18 federal agencies use some sort of facial recognition technology, including law enforcement looking to spot criminals and Customs and Border Protection to check the identities of people entering the country.
And its widespread use is part of the problem for privacy advocates like Scott. “You no longer have control over identity,” Scott says. “And when that infrastructure is in place, it just takes, you know, a few bad actors to really kind of muck things up.”
Scott also notes that research has shown that “to varying degrees, some of these algorithms have a racial bias and do not work as well on people of color.”
Not everyone thinks facial recognition technology is a bad idea. Ashley Johnson, a senior policy analyst at the Information Technology and Innovation Foundation, which is partially funded by the tech industry, says as long as safeguards are in place, it can be a useful tool.
“I would say that it can definitely have a lot of great benefits for users and for the organizations that are using them,” she says.
But she cautions that the government needs to step up its cybersecurity protections. “There have been many high-profile data breaches of various different government agencies in the past that have involved government employees’ employment information being stolen, citizens’ information being stolen,” Johnson says. “And this is the real privacy concern, in my opinion, just based on the history that we’ve seen of this happening in the past.”
In a statement on its website, ID.Me says its face match is comparable to taking a selfie to unlock a smartphone. But the company admits it also uses a form of verification called “1:many,” in which it compares the submitted picture with an array of other photos. It says it does this for government programs targeted by organized crime.
Some in Congress are pushing back on the IRS’ use of facial recognition software
Senate Finance Committee Chairman Ron Wyden, D-Ore., tweeted that he is “very disturbed” by the IRS plan and that “no one should be forced to submit to facial recognition as a condition of accessing essential government services.” Wyden says he’s pushing the IRS for greater transparency on the plan.
And one lawmaker, Rep. Bill Huizenga, R-Mich., has proposed legislation forbidding the IRS from using facial recognition software, calling it “a huge mistake” by the agency and raising questions about its constitutionality.
A Treasury Department official said in a statement that the IRS is now looking into alternatives to ID.Me but did not specify any concerns.
Tucker says communities of people outside governments should be able to decide whether to allow the use of facial recognition technology. But she says, “It’s very difficult to have that kind of engagement when we already have mass surveillance infrastructure that’s been put in place totally outside of any democratic processes.”