A biometric ID system used across state and federal governments in the US has drawn fire from the Senate, over concerns that it discriminates against non-white ethnicities and violates privacy laws. Moreover, the company is thought to have misled the public about its use of the technology.
In an open letter to the Federal Trade Commission (FTC), four Senators urged it to investigate the company ID.me over what they say are “deceptive statements [...] about its use of facial recognition.”
ID.me came under scrutiny at the beginning of the year, when the Internal Revenue Service (IRS) dropped its requirement that all users of its portals submit to a facial recognition scan provided by the company.
However, other federal and state government agencies still use the service – despite the fact that ID.me has apparently been less than truthful about how the data it gathers is used.
“Dozens of other federal and state agencies continue to require applicants to submit to facial recognition scanning by ID.me in order to access essential services like state Unemployment Insurance,” said the open letter, signed by Senators Ron Wyden, Edward Markey, Alex Padilla, and Cory Booker.
The letter states that the problem centers around a key difference between two types of facial recognition – “one-to-one” and “one-to-many” – and false claims made by ID.me that it only used the former, deemed to be less invasive to privacy.
“In one-to-one facial recognition, one photo is compared to a single other photo to confirm that both are of the same person,” said the letter. “ID.me uses one-to-one facial recognition to compare an applicant’s submitted selfie against a photo the applicant provides of their driver’s license or passport.”
“In contrast, one-to-many facial recognition involves comparing a face against a database of other faces to find any potential matches,” it added, saying that this meant “that millions of innocent people will have their photographs endlessly queried as part of a digital ‘line up’.”
“Not only does this violate individuals’ privacy, but the inevitable false matches associated with one-to-many recognition can result in applicants being wrongly denied desperately-needed services for weeks or even months as they try to get their case reviewed,” it said.
Worse still, testing by the National Institute of Standards and Technology revealed that such one-to-many facial recognition is up to a hundred times more likely to return false results for people of West and East African and East Asian descent – meaning that vulnerable people of color could be locked out of benefits they need to survive and to which they are legally entitled.
ID.me initially claimed in blog posts and white papers published on its website that it did not use one-to-many recognition technology.
“In these materials, the company repeatedly emphasized that one-to-one facial recognition was more accurate and less biased than one-to-many – distancing its system from criticisms of facial recognition raised by experts, such as the evidence that many systems are less accurate at identifying people of color.”
During the IRS backlash, ID.me chief executive Blake Hall released a statement on behalf of the company, saying it “does not use one-to-many facial recognition,” calling it “problematic” and “tied to surveillance applications.”
But just two days later, Hall backtracked and published another statement on LinkedIn saying just the opposite. Shortly afterwards, all public material relating to ID.me’s use of one-to-many was edited to say that the company did in fact use the technology.
Citing media reports, the Senate letter said: “The company’s decision to correct its prior misleading statements came after mounting internal pressure from its employees.”
It added: “They likely misled consumers about how the company was using their sensitive biometric data, including that it would be stored in a database and cross-referenced using facial recognition whenever new accounts were created in the future. Second, the statements may have influenced officials at state and federal agencies as they chose an identity verification provider for government services.”
At the time of writing, the case is pending before the FTC.
More from Cybernews:
Subscribe to our newsletter