Merkley and a colleague call on the IRS to immediately stop using taxpayer biometrics

0

WASHINGTON (KTVZ) — In a letter sent Thursday to Tax Services Commissioner Charles Rettig, Oregon Sen. Jeff Merkley and Missouri Sen. Roy Blunt called on the IRS to immediately halt any program that collects, stores and uses any type of biometric data to identify Americans. taxpayers.

The lawmakers’ letter comes after the IRS announced it would require users to submit to facial recognition scans in order to access basic government services and tax information.

In the letter, Merkley and Blunt express concern about taxpayers losing privacy and control over their sensitive biometric data, given the involvement of a third-party provider and the IRS’ poor history of protection. information from taxpayers, citing incidents as recent as last year. . They also note that there are reports of facial recognition’s propensity to misidentify people of color and women.

Both senators urge the agency to continue to pursue a consistent, secure, non-invasive and reliable way to verify the identity of taxpayers.

“We are particularly concerned about the outsourcing of IRS biometric verification to third-party provider ID.me,” the senators wrote. “Taxpayers will be required to capture and send a live video ‘selfie’ of themselves to this third party in order to access core government services on IRS.gov. This process will be cumbersome, invasive, and potentially impossible for taxpayers. taxpayers who do not have the proper equipment or know-how to “download an app” or “take a selfie”.

“While taxpayers should never be forced into a laborious third-party process to access fundamental government services, this is especially true of IRS.gov, which was one of the most trafficked federal government websites in 2021,” they continued. “With expectations of a particularly crowded tax filing season this year, more taxpayers than ever are likely to seek out services online and, in turn, face intrusive biometric data requirements.”

Merkley and Blunt have also led bipartisan efforts to ensure that US citizens know their right to opt out of federal programs that use sensitive biometric data. Last month, the two senators teamed up on a letter discussing the use of biometrics and facial recognition in US Customs and Border Protection (CBP) entry/exit programs.

Lawmakers posed the following questions, demanding answers by February 28, 2022:

1. Will the IRS stop using facial recognition technology? If so, will the IRS commit to a specific deadline for the elimination of this practice?

2. How does the IRS currently ensure that a taxpayer’s biometric facial data is properly stored and protected after it is sent to ID.me? If the program is discontinued, how will the IRS ensure that the data is permanently deleted and not compromised or made public?

3. What are all the methods used by ID.me to verify the identity of a taxpayer, including methods other than individual correspondence? Can the IRS be sure that ID.me did not use one-to-many technology?

4. What steps does ID.me and the IRS take to prevent this data from cyberattacks or any other form of unauthorized distribution or dissemination?

The full letter can be viewed below:

###

February 3, 2022

Dear Commissioner Rettig,

We are writing to ask the Internal Revenue Service (IRS) to immediately discontinue any program that collects, processes, and stores facial recognition or other types of biometric data from U.S. taxpayers. Further, we urge the IRS to implement a complete ban on the use of such biometric data collection at the agency.

The IRS has a poor record when it comes to protecting taxpayer data. Last year, the ProPublica website published a series of articles that appeared to be based on confidential taxpayer information held by the IRS. The IRS has not announced whether this data was leaked or hacked or if action was taken to prevent another data breach. In 2015, criminals used the “Get Transcript” tool on the IRS website to steal the tax documents of over 700,000 US taxpayers. We understand that the IRS is looking for new ways to provide better service to taxpayers, but requiring taxpayers to capture and provide their most sensitive biometrics is a glaring accessibility and privacy concern.

We are particularly concerned about the outsourcing of biometric verification by the IRS to third-party provider ID.me. Taxpayers will be required to capture and send a live video “selfie” of themselves to this third party in order to access core government services on IRS.gov.

This process will be cumbersome, invasive, and potentially impossible for taxpayers who lack the proper equipment or know-how to “download an app” or “take a selfie.”

While taxpayers should never be pushed into a laborious third-party process to access fundamental government services, this is especially true for IRS.gov, which was one of the most-visited federal government websites in 2021. With expectations of a particularly crowded tax filing season this year, more taxpayers than ever are likely to seek out services online and, in turn, face intrusive biometric data requirements.

Additionally, ID.me has a history of user complaints when the technology has been used by state unemployment agencies for identity verification. For example, there are numerous reports of users facing delays in their unemployment benefits payments during the COVID-19 pandemic due to technical issues during the verification process. Additionally, given data showing that facial recognition technology is more likely to misidentify people of color and women, there are concerns that the IRS’ use of the technology could disproportionately fall on certain groups. Given these technical issues surrounding facial recognition technology, we urge the IRS to seek other avenues to protect taxpayer privacy and streamline services.

Please answer the following questions by February 28, 2022:

1. Will the IRS stop using facial recognition technology? If so, will the IRS commit to a specific deadline for the elimination of this practice?

2. How does the IRS currently ensure that a taxpayer’s biometric facial data is properly stored and protected after it is sent to ID.me? If the program is discontinued, how will the IRS ensure that the data is permanently deleted and not compromised or made public?

3. What are all the methods used by ID.me to verify the identity of a taxpayer, including methods other than individual correspondence? Can the IRS be sure that ID.me did not use one-to-many technology?

4. What steps does ID.me and the IRS take to prevent this data from cyberattacks or any other form of unauthorized distribution or dissemination?

American taxpayers expect and deserve the IRS to take the necessary steps to protect their privacy. We expect your prompt response to our request. Thank you.

Truly,

Share.

Comments are closed.