www.securitymagazine.com/articles/97034-irs-facial-recognition-raises-privacy-concerns
facial recognition

IRS facial recognition raises privacy concerns

February 4, 2022

The Internal Revenue Service (IRS) plans to implement identity verification via mandatory facial recognition for some government services this summer. 

The identity management strategy, which is already required for taxpayers without an existing IRS online account, will become mandatory for all taxpayers looking to access certain information on the IRS website beginning in the summer of 2022.

Users will need to verify their identity via a third-party management provider, ID.me, in order to access online accounts, the Child Tax Credit Update Portal and obtain transcripts, among other services. According to the IRS website, ID.me will store the personal identifiable information (PII) of users. The agency did not indicate how long the provider would have access to user PII.

A representative from the U.S. Department of the Treasury stated that they are looking into alternative verification methods following public pushback regarding the facial recognition initiative.

Carey O'Connor Kolaja, CEO of AU10TIX, weighed in on the technology's implications for data privacy in the nation. "In this situation with the IRS, mandating facial recognition forces citizens into a more vulnerable position if they want accelerated access to tax returns. Not only does a mandate like this not offer choice, but it also creates a barrier for citizens who are not technology literate or who don’t have the best technology to take high quality photos, and it creates more opportunity for exposure. It is critical that we not only give people a choice in verification methods, but that we also hold the public sector accountable to how they process and store the biometric signature if chosen."

Government officials also responded to the IRS initiative. Oregon Senator Ron Wyden said in a statement, "No one should be forced to submit to facial recognition as a condition of accessing essential government services."

O'Connor Kolaja suggested steps government service providers should take to ensure the data privacy and cybersecurity of their users:

  • Educate taxpayers on when and how their data is collected and stored
  • Allow taxpayers the option to opt out of biometric verification
  • Leverage verification strategies that omit mandatory personal data collection