Single sign-on for US government services getting face biometrics

October 19, 2023

Officials with the General Services Administration, which owns Login.gov, have said they will add two ID verification functions to Login.gov. One will be face-matching, a controversial option for a vocal segment of privacy-prizing citizens.

Another verification option, one that does not involve facial recognition algorithms, is in the works, according to the government, but the GSA hasn’t announced it. The agency has suggested video calls connecting taxpayers and “a trained identity verification professional.”

The government had already announced a third option, which will enable people to confirm their identity by visiting a post office.

If the U.S. Postal Service is one of the most trusted federal government bureaucracies (and it is), the Internal Revenue Service is decidedly not. That is relevant here because of the drubbing IRS officials got last year over messaging about biometric verification.

In January 2022, the tax agency put out word that people could create online agency accounts via authentication services provided by ID.me, which sells the services broadly. Some taxpayers were enraged thinking, erroneously, that people had to register their faces with the government to pay their taxes.

The use of facial recognition at the IRS was pared back significantly in the aftermath of the controversy. For a short time, it looked like IRS officials were going to tie up to Login.gov, but they appear to have had second thoughts.

And it’s not as if GSA hasn’t made its share of problems for itself with Login.gov. There are accusations that GSA allegedly staff made “misrepresentations” about the security of the single sign-on service in order to bill for related services.

According to an inspector general, Login.gov officials allegedly led federal agencies to believe that the service met the Identity Assurance Level 2 standard. It did not, for a lack of biometrics, until now.