“We did not and do not create a database based on citizenship or nationality,” ID.me said. Biometric update in the email.
The company has also pushed back against claims that it seems willing to share this data with other government agencies, perhaps more readily than companies such as Apple and Google. ID.me says it only stores an image of the passport, in an encrypted database made available to law enforcement or government agencies only through a subpoena, or in the investigation of identity theft or fraud.
According to comments from a Bloomberg official, the US Treasury Department is now considering alternatives to secure online access to services.
Republicans write to IRS Commissioner Chuck Rettig
A group of Senate Republicans wrote a letter to Chuck Rettig, Commissioner of the IRS, to raise their concerns and ask a series of questions about how partnering with ID.me will affect civil liberties, to be answered by February 27.
Led by ranking member Mike Crapo (Idaho), the senators list their concerns about the technology, process and implications of any data breach.
“The IRS unilaterally decided to allow an outside contractor to act as a gatekeeper between citizens and necessary government services. The decision millions of Americans are being forced to make is whether to pay the price of giving up their most personal information, biometrics, to an outside contractor or reverting to the age of paper-based bureaucracy. where information travels slowly, is inaccurate and some would say is treated inconsistently with contemporary life,” the letter reads.
“It is also of concern that ID.me is not, to our knowledge, subject to the same oversight rules as a government agency, such as the Freedom of Information Act, the Privacy Act of 1974 and multiple checks and balances.”
On technical matters, senators are looking at what’s going on under the hood. “The most intrusive verification element is the required ‘selfie’, which is more than just uploading a photo; it is to subject his face to a digital analysis by ID.me in a “facial print”, write the senators.
“ID.me’s Biometric Data Consent and Policy defines biometric data as including “fingerprints, voiceprints, hand scans, facial geometry recognition, and iris or face recognition. the retina.” Unlike a password, authenticator app, or hardware key, biometrics can never be changed.”
The senators ask fifteen questions about how the IRS came to the decision to name ID.me, what oversight it exercises over them, what due diligence it has exercised, where the data will be stored and what access ID staff have. got me to the data.
This post was updated at 9:12 PM EST on February 4, 2022 to clarify that ID.me does not create or store nationality categorizations and includes company feedback.
biometric data | biometrics | data protection | data sharing | facial biometrics | government services | ID.me | identity verification | IRS | privacy