Lawmakers say facial recognition tech company was misleading about Montanans’ data
In a March letter to lawmakers, ID.me revealed it may be sharing Montanans’ biometric data with a handful of additional companies
Facial recognition illustration (Image via Pixabay | Public domain).
Montana lawmakers say that ID.me, a facial recognition company that contracts with the Department of Labor and Industry and is currently under federal investigation, was misleading about who may have access to Montanans’ facial recognition data.
In a letter sent to the Economic Affairs Interim Committee on March 25, ID.me revealed that it contracts with more than five companies to carry out its facial recognition technology services, a revelation that alarmed committee lawmakers who are currently studying legislation proposals to limit how the technology can be used in the state.
ID.me and …
In the letter to the committee, ID.me said it integrates data with Experian, TeleSign, Prove, National Plan and Provider Enumeration System, National Student Clearinghouse and TransUnion. Additionally, it said it partners with Paravision, iProov and AuthenticID to assist in facial recognition services. And for assessing digital risk on mobile devices, ID.me partners with Prove, TeleSign, and FingerprintJS and uses Fraud.net for behavior analysis. And according to the company’s website, it also works with Amazon’s facial recognition service “Amazon Rekognition.”
When the company testified before the committee in February, it made no mention of contracting with any other companies.
“We are more than happy to provide any information to the committee to ensure they have all of their questions answered,” a spokesperson for ID.me said on Friday. Additionally, ID.me said it prohibits the companies it contracts with from independently processing or storing any data.
In considering regulations for facial recognition companies, the committee has proposed requiring FRT companies that contract with the state to notify the state when their privacy policies are updated, but how that requirement would translate to sub-third-party contractors is unclear.
“The frustrating part is we have been crafting policy around the original information, and now we find out this, and it’s like asking us to start over again. I think it is easier for these tech companies to keep us in the dark because then it is harder for us to make laws that impact them … it makes me trust them less,” Sullivan said.
The Montana Department of Labor and Industry started contracting with ID.me in 2020 after it saw a spike in unemployment fraud at the onset of the COVID-19 pandemic. After the technology went into place, instances of fraud dropped to 2,000 in November 2020, and to almost single digits in December 2020, the department has said.
DLI did not respond to questions asking if it knew about the other companies ID.me contracts with when they brought them on board.
ID.me contracts with 30 state government agencies, including DLI in Montana, and 10 federal agencies. And like Montana, many states use the company to distribute pandemic relief funds.
On April 14, the U.S. House Oversight Committee launched an investigation into the company’s operations, citing security and efficacy concerns and sent a letter to ID.me’s Chief Executive Officer Blake Hall asking him to turn over records about the company’s facial recognition services. The letter and investigation were first reported by the Washington Post.
“Numerous reports have raised concerns about ID.me’s performance on government contracts and the effectiveness of its products and services,” the letter from lawmakers reads. It continues, “ID.me has also reportedly misrepresented how its facial recognition technology works.”
One of the misrepresentations cited in the letter is the company’s use of “one-to-many” verification, which uses an algorithm to match a person’s face to a large database and has been considered largely unreliable because it relies on biometric data obtained from external databases. Initially, according to the letter, the company told lawmakers it uses “one-to-one” verification, which verifies an individual’s identity by matching the person’s photo to their own photo.
“The Committees are also concerned that ID.me’s performance failures and technological requirements may have undermined the effectiveness, efficiency, and equity of pandemic-related unemployment assistance programs,” the letter says.
The investigation follows a move from the Internal Revenue Service to drop its plans to require people to submit to facial recognition verification through ID.me to access their online tax accounts after significant backlash about potential privacy violations about a private company amassing large amounts of facial recognition data.
With no federal regulations on how government agencies can use facial recognition, it has been left up to states to navigate the rapidly advancing but misunderstood industry with many potential government applications and significant privacy concerns.
Sen. Jason Ellsworth, R-Hamilton, who originally probed ID.me about other companies it may be working with, said at the end of the day, it’s about protecting Montanans’ privacy.
“I think that the concern of every Montana is that we all respect our individual privacy, and that’s amongst any party,” he said. “I think it’s a clarifying answer. And I want to make sure, as we are getting answers from companies, are they being clear and making sure that the third-party contractor is following the same principle and guidelines as required by the state.”
Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site. Please see our republishing guidelines for use of photos and graphics.