Four senators are urging the Federal Trade Commission (FTC) to investigate ID.me, who they say “made multiple misleading statements about its use of facial recognition,” according to a press release.
ID.me, a popular facial recognition software company deployed by government agencies, is accused of making misleading statements about the type of facial recognition it uses.
ID.me has maintained that it uses “one-to-one” facial recognition as opposed to “one-to-many,” which has been criticized for having privacy concerns and being less accurate in identifying people of color. On Jan. 24, 2022, after backlash over IRS plans to use the service for account registration, the company doubled down on this, with CEO Blake Hall saying the company “does not use 1:many [one-to-many] facial recognition” calling the model “problematic” and “tied to surveillance applications.”
But, just two days later, Hall said in a LinkedIn post that ID.me does in fact use one-to-many facial recognition as part of its identity verification process. The press release from the senators alleges that statements on the company’s website were edited after this announcement to amend statements about one-to-many facial recognition.
“ID.me’s statements, therefore, appear deceptive, and were harmful in two ways,” the letter from Senators Ron Wyden (D-Ore.), Cory Booker (D-N.J.), Ed Markey (D-Mass.), and Alex Padilla (D-Calif.) said.
The letter—addressed to FTC head Lina Khan—says the company “likely misled consumers” about how the company was using their data and that the company “may have influenced officials at state or federal agencies as they chose an identity verification provider for government services.”
“While one-to-one recognition involves a one-time comparison of two images in order to confirm an applicant’s identity, the use of one-to-many recognition means that millions of innocent people will have their photographs endlessly queried as part of a digital ‘line-up.’ Not only does this violate individuals’ privacy, but the inevitable false matches associated with one-to-many recognition can result in applicants being wrongly denied desperately-needed services for weeks or even months as they try to get their case reviewed,” the letter said.
ID.me was founded in 2010 and used by a number of state unemployment agencies throughout the early stages of the COVID-19 pandemic to register people for unemployment. In California, the Employment Development Department suspected that 1.4 million unemployment accounts were fraudulent, and said their accounts would be suspended in 30 days if they could not identify themselves with ID.me. However, the use of ID.me resulted in long wait times and the denial of legitimately unemployed people.
In a statement shared with Bloomberg, ID.me declined to address the allegations, pointing to its implementation by unemployment offices nationwide.
“ID.me played a critical role in stopping that attack in more than 20 states where the service was rapidly adopted for its equally important ability to increase equity and verify individuals left behind by traditional options,” the company said. “We look forward to cooperating with all relevant government bodies to clear up any misunderstandings.”