Here’s what’s wrong with an IRS proposal to use facial recognition tech for tax filing

0

The US Internal Revenue Service plans to require citizens to create accounts with a private facial recognition company in order to file their taxes online. The IRS joins a growing number of federal and state agencies that have contracted with ID.me to authenticate the identity of people accessing services.

The IRS decision aims to reduce identity theft and the growing number of tax returns from people pretending to be other people. Fraud in pandemic relief programs has also been a major concern.

The IRS decision prompted a backlash, in part because of concerns about requiring citizens to use facial recognition technology and in part because of difficulties some people have had using the system. The reaction led the IRS to reconsider its decision.

As a computer scientist and chair of the Association for Computing Machinery’s Global Technology Policy Council, I have been involved in exploring some of these questions. Many concerns have been raised about the general use of this technology in policing and other government functions, often centered on whether the accuracy of these algorithms may have discriminatory effects. In the case of ID.me, other issues are also involved.

ID.me is a private company that started with an ID service so military service members could prove they were eligible for discounts at various companies. The US Department of Veterans Affairs began using the technology in 2016.

To use ID.me, a user loads a mobile phone application and takes a selfie – a photo of their own face. ID.me then compares this image to various IDs obtained either through open registrations or through information provided by applicants through the application. If it finds a match, it creates an account and uses image recognition for identification. If it cannot complete a match, users can contact a “trusted referee” and make a video call to resolve the issue.

A number of companies and states have been using ID.me for several years. News reports have documented issues people have had with ID.me failing to authenticate them. In addition, the technological requirements of the system could widen the digital divide, making it more difficult for many people who need government services to access these services.

But much of the concern about the IRS and other federal agencies using ID.me revolves around its use of facial recognition technology and biometric data collection.

Algorithms, data sharing

To begin with, there are a number of general concerns about the accuracy of facial recognition technologies and whether there are discriminatory biases in their accuracy. These have led the Association for Computing Machinery, among other organizations, to call for a moratorium on the government’s use of facial recognition technology.

A study of commercial and academic facial recognition algorithms by the National Institute of Standards and Technology found that US face-matching algorithms generally have higher false positive rates for Asian and black faces than for white faces, although that recent results have improved. ID.me claims there is no racial bias in its face-matching verification process.

There are many other conditions that can also lead to inaccuracies – physical changes caused by illness or accident, hair loss due to chemotherapy, color change due to aging, gender conversions and others. How any company, including ID.me, handles such situations is unclear.

There are other issues that go beyond the question of how well the algorithm performs. As part of its process, ID.me collects a very large amount of personal information. It has a very long and hard to read privacy policy, but essentially, even though ID.me does not share most personal information, it does share various information about internet usage and website visits with other people. other partners. The nature of these exchanges does not appear immediately.

So a question that arises is what level of information the company shares with the government and whether the information can be used to track US citizens. It’s not hard to imagine ID.me or any of its competitors requiring identification to access government services, obtain medical coverage, and even vote.

Another issue is who audits ID.me’s cybersecurity? While no one is accusing ID.me of bad practices, security researchers are concerned about how the company can protect the incredible level of personal information it will end up with. Imagine a security breach out there that released IRS information to millions of taxpayers.

These are the early days of the government using private companies to provide biometric security, and some details are still not fully explained. Even if you admit that the IRS’ use of technology is appropriately restricted, it’s potentially the start of what could quickly snowball for many government agencies using commercial facial recognition companies to circumvent the legal limits of their powers.

The United States is on the edge of a slippery slope, and while that doesn’t mean facial recognition technology shouldn’t be used at all, I think it does mean the government should take a lot more care and due diligence in the exploration of the land. in advance before taking these crucial first steps.

James Hendler is Professor of Computing, Web and Cognitive Science at Rensselaer Polytechnic Institute.

Send letters to [email protected]

This article was originally published on laconversation.com

Share.

Comments are closed.