Lawmakers demand information from IRS contractor ID.me amid security concerns

Top House lawmakers have issued a sweeping demand for information from IRS facial recognition contractor ID.me amid concerns about the security of its technology in pandemic-related unemployment assistance programs and other government contracts.

House Oversight and Reform Committee Chair Carolyn Maloney (D-N.Y.) and Rep. James Clyburn (D-S.C.), the chair of the Select Subcommittee on the Coronavirus Crisis, sent a letter to ID.me CEO Blake Hall on Thursday asking for a list of their government contracts and information regarding inaccuracies in their systems, among other details.

Last year, the IRS said people filing taxes online would be required to have their identities verified by registering with ID.me, though the agency announced in February that filers could also opt for a virtual interview with a company representative.

The lawmakers said they had learned that close to 7 million people have provided the IRS and ID.me with biometric information, some of which ID.me still possessed.

Maloney and Clyburn noted that in February, the IRS amended its contract to require that all video recordings of users and biometric selfies be destroyed by mid-March.

“However, IRS did not indicate any current plans to cancel the ID.me contract or recoup any of the $86 million already spent for ID.me’s licenses. Instead, it appears that IRS will continue to rely on ID.me for identity verification technology while ‘IRS is urgently working with GSA to resolve problems that prevent Login.gov from meeting the IRS’s needs,’” the lawmakers wrote to Hall.

“IRS further disclosed that ID.me will be permitted to continue to retain all biometric data that has been identified as being suspicious or potentially fraudulent. This is concerning, given the large volume of data that ID.me regularly misidentifies as fraudulent,” they added.

The lawmakers slammed ID.me for misrepresenting its technology after it originally claimed it had not used “one-to-many verification,” which Maloney and Clyburn noted was more likely to misidentify minority women, for instance, than white men.

The lawmakers also criticized the technology’s performance in unemployment assistance programs related to the COVID-19 pandemic.

“Under difficult circumstances where assistance was needed expeditiously, disbursement delays caused by ID.me’s products were common,” the two said.

“Applicants in Colorado, for example, reportedly faced up to ten hour waits for help with the company’s verification process. Applicants in Nevada reported spending seven to eight hours per day waiting for ID.me support, only to be disconnected when they reached the end of the line.”

The letter to ID.me’s chief executive was first reported by The Washington Post.

ID.me told The Hill in a statement that it “remains a highly effective solution” for governments and said it looked forward to providing more information to the committee.

“As noted in the Washington Post, ID.me has nearly doubled the number of people able to create an IRS account, and made it easier” for people, including minorities and those with low-income backgrounds, to access their tax information, ID.me said.  

“We are proud to have helped government agencies dramatically lower government benefits fraud by organized foreign criminal gangs during the pandemic. The FTC reported identity theft tied to government benefits increased by 2,920% during the pandemic,” the company said. “ID.me adheres to the federal guidelines for identity verification and login while providing services to public sector agencies.”

The Hill has reached out to the IRS for comment.