Identity verification company ID.me uses a type of powerful facial recognition that searches for individuals out of mass databases of photos, CEO Blake Hall explained in a LinkedIn post on Wednesday.
The post follows a news release from the company last week stating directly that: “Our 1:1 face match is comparable to taking a selfie to unlock a smartphone. ID.me does not use 1:many facial recognition, which is more complex and problematic.”
Privacy advocates say that both versions of facial recognition pose a threat to consumers. In addition to numerous studies demonstrating the technology is less effective on non-White skin tones, amassing biometric data can prove a huge security risk.
“Governments and companies are amassing these databases of your personal biometric information, which unlike databases, of credit cards, cannot be replaced,” explained Caitlin Seeley-George, campaign director at nonprofit Fight for the Future. “And these are databases that are highly targeted by hackers and information that can absolutely be used in ways that are harmful to people.”
In the Wednesday LinkedIn post Hall said that 1:many verification is used “once during enrollment” and “is not tied to identity verification.”
“It does not block legitimate users from verifying their identity, nor is it used for any other purpose other than to prevent identity theft,” he writes.
“We avoid disclosing methods we use to stop identity theft and organized crime as it jeopardizes their effectiveness,” Hall writes. He pointed to a recent indictment of a New Jersey man last week by the FBI after the man bypassed ID.me’s verification system and stole nearly a million dollars in unemployment benefits.
Seeley-George says the fact that ID.me mislead the public about the type of technology it is using raises serious concerns about government agencies using facial recognition technology.
“This is just another example where ID.me is falsely portraying its tool and how it will be used on millions of people,” said Seeley-George. “This is not the type of product that we should be asking millions of people to be using if they have to lie about what it’s doing.”
The information also raises additional questions about the scrutiny that went into the IRS’s recently announced decision to use the technology to verify credentials for its online web portal. The move has been questioned by privacy advocates as well as lawmakers, including Sen. Ron Wyden (D-Ore.).
Concerns with the company aren’t new. Users navigating the company’s technology to receive unemployment benefits during the panic reported hours-long wait for verification, incorrectly rejected matches, and waiting months to rectify denials.
Cybersecurity reporter Brian Krebs reported a similar experience using the company’s technology to create IRS credentials through the system.
In addition to the IRS, ID.me has contracts with the Veteran’s Affairs Department and Social Security Administration.
This is a developing story. CyberScoop has reached out to the IRS and ID.me with questions and will update if they respond.
The post ID.me CEO backtracks on claims company doesn't use powerful facial recognition tech appeared first on CyberScoop.