IRS to Require Americans to Use Facial Recognition to View Tax Returns
New technology aims to 'reduce fraud'
© press
The US Internal Revenue Service (IRS) will soon require those wanting to access their tax returns to use facial recognition, according to reports.
The IRS partnered with a private identification firm to implement the new technology this summer.
The IRS said that soon the only way to log into irs.gov would be through ID.me.
The McLean-based company specializes in ID verification services currently used by several states to reduce unemployment and pandemic assistance fraud.
© press
As The Intercept reported:
Anyone who already has an ID.me account from another government agency can sign in with those credentials. Brian Krebs created a new ID.me account and wrote in his post that the sign-up process was time-consuming and glitchy. He got stuck about halfway through the process and had to start again from the beginning, then was prompted to join a video call with an ID.me representative — with a wait time of nearly three and a half hours.
In its “privacy bill of rights,” ID.me says it doesn’t “sell, lead, or trade biometric data to any third parties or derive any profit from the sale, lease or trade of biometric data.” It can share information with its partners with users’ explicit permission, according to its website, and when you register for an ID.me account, you have to accept the company’s biometric consent policy.
But the service requires applicants to supply a great deal more information than other online verification schemes.
If an applicant doesn’t have a driver’s license or passport, the ID.me may require a recorded, live video chat with the person applying for benefits, according to KrebsonSecurity.
© press
Krebs demonstrated the process by signing up with ID.me and later described it as a lengthy process that “may require a significant investment of time and quite a bit of patience.”
"If your documents get accepted, ID.me will then prompt you to take a live selfie with your mobile device or webcam.
"That took several attempts.
"When my computer’s camera produced an acceptable result, ID.me said it was comparing the output to the images on my driver’s license scans."
"After that is accepted, Id.me will ask to verify your phone number, not accepting numbers tied to voice-over-IP services such as Skype or Google Voice," he added.
Krebs’ application became stuck at the “Confirming your Phone” stage, leading to a video chat (and having to resubmit other information) which had an estimated wait time of 3 hours and 27 minutes.
Krebs emailed the ID.me’s founder and was able to speak with a customer service rep one minute later “against my repeated protests that I wanted to wait my turn like everyone else.”
CEO Blake Hall told Krebs last year his company was "certified against the NIST 800-63-3 digital identity guidelines” and “employs multiple layers of security, and fully segregates static consumer data tied to a validated identity from a token used to represent that identity.”
“We take a defense-in-depth approach, with partitioned networks, and use very sophisticated encryption scheme so that when and if there is a breach, this stuff is firewalled,” said Hall.
“You’d have to compromise the tokens at scale and not just the database.
"We encrypt all that stuff down to the file level with keys that rotate and expire every 24 hours.
"And once we’ve verified you, we don’t need that data about you on an ongoing basis.”
