A group of Democratic senators has asked the Federal Trade Commission to investigate whether identity verification company ID.me illegally misled consumers and government agencies over its use of controversial facial recognition software.
ID.me, which uses a mixture of selfies, document scans and other methods to verify people’s identities online, has grown rapidly during the coronavirus pandemic, largely as a result of contracts with state unemployment departments and federal agencies including the Internal Revenue Service.
The company, which says it has more than 80 million users, has also faced
Key to the concerns have been questions about ID.me’s use of facial recognition technology. After long claiming that it only used “one-to-one” technology that compared selfies taken by users to scans of a driver’s license or other government-issued ID the company earlier this year said it actually maintained a database of facial scans and used more controversial “one-to-many” technology.
In a letter sent to FTC chairman Lina Khan requesting an investigation, Senators Ron Wyden, Cory Booker, Ed Markey and Alex Padilla on Wednesday asked the regulator to examine whether the company’s statements pointed to its use of illegal “deceptive and unfair business practices.”
ID.me’s initial statements about its facial recognition software appeared to have been employed to mislead both consumers and government officials, the senators wrote in the letter.
“Americans have particular reason to be concerned about the difference between these two types of facial recognition,” the senators said. “While one-to-one recognition involves a one-time comparison of two images in order to confirm an applicant’s identity, the use of one-to-many recognition means that millions of innocent people will have their photographs endlessly queried as part of a digital “line up.”
The use of one-to-many technology also raised concerns about false matches that led to applicants being denied benefits or having to wait months to receive them, the senators said. The risk was “especially acute” for people of color, with tests showing many facial recognition algorithms have higher rates of false matches for Black and Asian users.
Patrick Dorton, a spokesman for ID.me, declined to address the specific issues raised by the senators surrounding the company’s description of its facial recognition technology.
In a statement, Dorton said ID.me had been credited with helping to prevent billions of dollars of unemployment fraud in the states in which it operates as part of what one senior FBI official called “an economic attack on the United States.”
“ID.me played a critical role in stopping that attack in more than 20 states where the service was rapidly adopted for its equally important ability to increase equity and verify individuals left behind by traditional options. We look forward to cooperating with all relevant government bodies to clear up any misunderstandings,” Dorton said.
Questions over ID.me’s use of facial recognition software surfaced in January after the publication of a Bloomberg Businessweek
In interviews with
A week later, Hall corrected the record in a
Hall, in that post, said the company’s use of a one-to-many algorithm was limited to checks for government programs it says are targeted by organized crime and does not involve any external or government database.
“This step is not tied to identity verification,” Hall wrote. “It does not block legitimate users from verifying their identity, nor is it used for any other purpose other than to prevent identity theft. Data shows that removing this control would immediately lead to significant identity theft and organized crime.”
Bias concerns
While researchers and activists have raised concerns about privacy, accuracy and bias issues in both systems, multiple studies show the one-to-many systems perform poorly on photos of people with darker skin, especially women. Companies such as Amazon.com Inc. and Microsoft Corp. have as a result paused selling those types of software to police departments and have asked for government regulation in the field.
According to internal Slack messages
The company had not disclosed its use of Rekognition in a white paper on its technology issued earlier that month.
Privacy and artificial intelligence safety advocates have also complained that ID.me has not opened up its facial recognition systems to outside audits.