US Senator Bob Menendez and other lawmakers this week demanded the Internal Revenue Service (IRS) and ID.me contact taxpayers who have uploaded biometric information to the platform and inform them of their right to delete their selfie or photo account immediately after the service is available.
In a letter to IRS Commissioner Charles Rettig, Menendez and Senators Cory Booker, Alex Padilla, and Catherine Cortez Masto called on the IRS to provide taxpayers with plain language instructions in multiple languages on how to complete the process of deleting their selfie.
The IRS announced last week that it will no longer be using ID.me facial recognition software after signing an $86 million contract with the company, adding in a statement that it will "transition away from using a third-party service for facial recognition to help authenticate people creating new online accounts."
The IRS had faced overwhelming backlash from civil rights groups and members of Congress from both parties, all of whom questioned how the IRS could begin the use of facial recognition without advance warning.
But the announcement did little to quell outrage about the initial decision to use ID.me's tools and senators on both sides of the aisle continue to raise concerns about what information ID.me gained access to.
"Despite well-documented concerns with this technology -- especially for individuals who have poor internet service at home, rely on computers in public libraries, use older phones, or for whom English is not their first language -- the IRS required the use of this technology to access and review advanced child tax credit (CTC) payment information," the senators added.
"Nearly 35 million families received the advanced Child Tax Credit last year, including numerous Black, Hispanic, Asian, and Native American families, and many immigrant families using an Individual Taxpayer Identification Number."
Menendez said the IRS and ID.me need to clarify whether facial recognition will remain an option for verification during the 2022 filing season.
"If it will remain an option, we request the IRS clarify how it will ensure taxpayers using ID.me -- especially last-minute filers -- are not forced to rely on facial recognition technology as their only practical option to avoid long wait times for live-video verification," the letter said.
The senators demanded the IRS and ID.me send them a list of all federal, state, or local law enforcement agencies that would have been provided access to biometric data through the IRS' ID.me verification system no later than Friday, February 25.
"Congress has repeatedly expressed concern with the development of an unconstrained and pervasive surveillance infrastructure, fueled by systems like ID.me. The Project on Government Oversight (POGO), a leading oversight watchdog, has cautioned that the use of this type of technology often plays an outsized role in law enforcement investigations, despite serious flaws that can lead to wrongful arrests and civil rights violations," the senators wrote.
The letter also explains a range of concerns Congress has about how ID.me will manage the vast amount of government documents provided by American taxpayers since the IRS started using the platform last summer.
"We are concerned about whether taxpayers will be offered a meaningful choice to protect their biometric data, whether ID.me will properly manage the vast amount of biometric data provided by taxpayers, and whether there has been substantial oversight of this facial recognition technology since the launch of ID.me verification at the IRS last summer," the letter added.
The senators' letter comes as 46 civil rights organizations continue the push to stop other government agencies at the federal and state level from using ID.me for vital services. ID.me says it is used by agencies in 30 states as well as by the Veterans Affairs Administration and Social Security Administration.
Led by EPIC in partnership with Algorithmic Justice League and Fight for the Future, the organizations' letter demands that all federal and state government agencies immediately end their use of ID.me and any other facial verification tools. It also highlights the lack of assessments by federal and state agencies to determine whether face verification technology has a disproportionate impact on marginalized groups, and argues that "sensitive biometric data should not be used to access government services."
The letter also asserts that ID.me's recent announcement about offering a non-facial verification option to all users doesn't adequately address the massive privacy and security concerns created by ID.me's tools, arguing that "the vast majority of people are not aware of the risks associated with handing over their sensitive biometric information, and making this tech 'optional' puts the onus on the individual to have the right information about those risks."
Evan Greer, director of Fight for the Future, said in addition to ending all contracts, a full scale investigation is needed to reveal how it came to be that US tax dollars were used "for such invasive and unsafe technology."
"The revelations about ID.me exploiting its workers, lying about its facial recognition technology, and continuing to recklessly amass millions of people's personal data all point to the same conclusion: it's irresponsible and unacceptable to do business with a company as shady as ID.me, much less allow it anywhere near our most personal information," Greer said.