In reference to its 1:1 matching, ID.me stated in a press release that “there was no statistically significant difference in the propensity to pass or fail the face match step across demographic groups, including groups with different skin tones, as corroborated by NIST, ID.me, and a state government agency.” The company’s 1:1 or 1:many facial recognition technologies have not been made available for public auditing.
ID.me declined to share how many attempts a user is given before a potentially fraudulent photo is escalated to review. “Through January 25th, 2022 there have been 20,901,406 accounts that have been secured against identity theft with 1:many fraud checks,” the spokesperson wrote. “For every 10,000 identity proofing attempts, on average 8 attempts would have been flagged for review.”
“It’s all very opaque,” Stanley said. “And that’s a recipe for injustice.”
Multiple studies have shown that, even in ideal lab conditions, facial recognition technology disproportionately results in false positives when used on people of color. Some lawmakers have called for a ban on the use of facial recognition technology by law enforcement because of substantial inaccuracy issues leading to false arrest.
The new information adds to growing scrutiny over the IRS’s recently announced decision to use the technology to verify credentials for its online web portal. The move has been questioned by privacy advocates as well as lawmakers, including Sen. Ron Wyden, D-Ore.,
Concerns with the company aren’t new. Users navigating the company’s technology to receive unemployment benefits during the pandemic reported hours-long wait for verification, incorrectly rejected matches, and waiting months to rectify denials.
Cybersecurity reporter Brian Krebs reported a similar experience using the company’s technology to create IRS credentials through the system.
In addition to the IRS, ID.me has contracts with the Veteran’s Affairs Department and Social Security Administration. ID.me says it discloses its use of 1:many facial recognition to government partners “when active.’
The IRS did not respond to questions sent by CyberScoop.
Updated 1/26/22: To include additional information about internal company discussions and comment from the ACLU.
Next Post
