By Joy Buolamwini
With tax season upon us, the IRS is pushing individuals to submit to facial recognition in exchange for being able to complete a range of basic tax-related activities online. The IRS has retained a private firm—ID.me (formerly known as TroopSwap)—that claims to provide “secure identity proofing, authentication, and group affiliation verification for government and businesses across sectors.” The IRS is not the only government agency working with ID.me. The company claims to serve “27 states, multiple federal agencies, and over 500 name brand retailers.”
This is alarming for several reasons. In a 2022 white paper, the company frames its technology in misleading ways. Specifically, ID.me obfuscates the relationship between two distinct types of facial recognition—one-to-one verification (unlocking a phone with your face) and one-to-many identification (police searching for criminal suspects using security-camera footage and a mug-shot database). In the white paper, ID.me goes out of its way to suggest that it does not do facial recognition per se. It recognizes these two distinct types of facial recognition, and then immediately proceeds to expressly define “facial recognition” as facial identification only. By doing so, ID.me appears to recognize the dangers of facial-recognition technologies—which are widely criticized and have been linked to false arrests—and want to be seen as outside of this technological category. The company’s linguistic move to distance its services from the term facial recognition should raise alarms about its trustworthiness.