WASHINGTON, D.C. — The IRS said Monday that it would allow taxpayers to opt out of using facial recognition technology to gain access to their online accounts and would shift to an entirely different identity verification system next year as the agency tries to alleviate backlash over its use of biometric data.
The decision came after the IRS said this month that it would “transition away” from using a third-party service, ID.me, to help authenticate people creating online accounts by using facial recognition to verify their identity.
The IRS adopted the technology as a way to enhance the security of taxpayer information and avoid data leaks, which have been a growing concern among lawmakers. But activist groups and lawmakers from both parties expressed alarm, saying that the use of video “selfies” to verify accounts was an invasion of privacy.
The IRS, which signed a two-year, $86 million contract with ID.me, will continue to work with the firm. Taxpayers can still choose to have images of their faces scanned to gain access to their accounts, but those who decline to use facial recognition technology can verify their identity during a live, virtual interview with representatives from the company.
“No biometric data — including facial recognition — will be required if taxpayers choose to authenticate their identity through a virtual interview,” the IRS said in a statement.
Individual photos that have already been captured to create new accounts this tax season will be deleted from ID.me’s servers in the coming weeks. Any new selfies that are taken this year will not be stored on the servers, the IRS said.
The uproar over the agency’s use of facial recognition is the latest challenge for the IRS, which is behind in processing more than 20 million 2020 tax returns, is coping with staffing shortages and remains short on funding. The pandemic has made tax season even more complicated than usual because the IRS must process additional information related to direct stimulus checks to households, as well as advance payments of the child tax credit.
Republican lawmakers, who for years have criticized the agency and its ability to keep data confidential, called the facial recognition technology “intrusive.” Democrats have agreed, arguing that taxpayers should not have to sacrifice privacy for data security.
Proponents of facial recognition technology have noted that it is widely used in places such as airports. They argue that it is safer than providing websites with other identifying information, such as Social Security cards and other personal documents.
The IRS described the move to avoid facial recognition as a short-term solution. It said it was planning to use Login.gov, which millions of Americans already use to authorize their identity for access to some federal websites. The IRS is working with the General Services Administration to ensure that Login.gov meets its security requirements for use during next year’s tax season.
A spokeswoman for the Treasury Department, which oversees the IRS and entered into the contract with ID.me, had no comment about the future of the contract with the firm.
The fate of the company’s other government contracts is not clear. The Social Security Administration, the Department of Veterans Affairs and many state agencies also use ID.me to verify account users.
This month, ID.me said that it would roll out new options allowing government agencies to verify identities without facial recognition and that it would let people delete their photos after March 1.
“We have listened to the feedback about facial recognition and are making this important change,” said Blake Hall, the chief executive of ID.me.