The Controversial IRS Rollout of Facial Recognition Technology Points to a Larger Problem – Our Government Is Letting Technology Drive Policy
Opposition is building to the Internal Revenue Service’s plan to require taxpayers to submit to digital facial recognition scans to obtain tax transcripts and other records.
“This is a very, very bad idea by the IRS,” tweeted Rep. Ted Lieu (D-CA). “It will further weaken Americans’ privacy … The IRS needs to reverse this Big Brother tactic, NOW.”
“No one should be forced to submit to facial recognition as a condition of accessing essential government services,” said Sen. Ron Wyden (D-OR).
POGO, the Project on Government Oversight, fired off a letter to IRS Commissioner Charles P. Rettig demanding that the rollout of facial recognition technology be halted immediately.
“The need to engage with our tax system is one of the most universal elements of American society,” POGO wrote. “Requiring that all individuals submit a face recognition profile in order to access basic IRS services is an unacceptable cost to privacy and civil liberties, especially when government use of face recognition for surveillance is bound by essentially no federal rules or limits.”
Critics note that facial recognition technology is apt to misread the faces of people with darker skin tones, as well as to produce false matches – though this technology’s precision is steadily improving. For those for whom the technology doesn’t work, the IRS will offer a live video call where the taxpayer can hold up personal documents, from a passport to a birth certificate.
The larger issue is that the IRS announcement highlights how not to adopt transformative technology in government.
First, there was no public discussion that shaped this decision – no hearings or listening tours, no big outreach to civil liberties experts and technologists. The announcement was just dropped on the public, a clear sign that technology is driving policy, not the other way around. This is not just an IRS problem, it is a government problem. Wired reports that more than 20 federal agencies already use “selfies” for the 30 million U.S. citizens with digital accounts.
At this speed, we are unfurling facial recognition technology across business and government without thinking through all the implications and potential unintended consequences.
Second, the private company the IRS is contracting to perform this task – ID.me – is not subject to the same Privacy Act of 1974 restrictions that impose minimal standards of care by government agencies that handle personal information. Recent reports leave it unclear whether ID.me will, or will not, access our social media databases to refine its technology. It is also not clear if it will have a hard-and-fast policy against sharing your biometric data with third parties for other purposes.
Third, ID.me won the IRS contract after Equifax, the credit-reporting company, was suspended when hackers got into Equifax’s systems and exposed the personal information of more than 148 million people. Now, apply that scenario to facial recognition technology, which uses algorithms to reduce the planes, protuberances and declivities of the human face into pure math. The resulting biometric equation is the distillation of your one and only face. And, as with all data, your face can be hacked and stolen.
Once your biometric data – whether your face, your fingerprint or your voice print – is taken by hackers and sold in the bazaars of the dark web, there will be no recovering it. This is, after all, the only face you will ever have. And it would take only one grand hack on the scale of the Equifax raid to make such a thing happen to millions of people.
For all these reasons, government should slow down. The widespread adoption of facial recognition should be put on hiatus, at least until we understand how to manage the risks of this technology.