In a letter to the CEO of facial recognition technology government contractor ID.me, two members of the House of Representatives outlined a host of problems with the company and requested documents and information. Carolyn B. Maloney (D-N.Y.), chairwoman of the Committee on Oversight and Reform, and James E. Clyburn (D-S.C.) chairman of the Select Subcommittee on the Coronavirus Crisis, wrote to CEO Blake Hall, saying, “Numerous reports have raised concerns about ID.me’s performance on government contracts and the effectiveness of its products and services,"  Among the government agencies using its services has been the IRS.

"ID.me’s users have reported long wait times to verify identities, ranging from hours to weeks, as well as other roadblocks that have led to denied benefits," Maloney and Clyburn wrote. "[U]sers have also reported significant delays in reaching the company’s ‘trusted referees,’ who facilitate identification when the automated technology cannot verify an identity. These delays have blocked access to essential government services and benefits, such as state unemployment benefits and federal taxpayer services.”  

According to the Washington Post, there are 10 federal agencies and 30 state governments contracting with ID.me. 

Maloney and Clyburn also wrote that the company “reportedly misrepresented how its facial recognition technology works.” They noted that ID.me claimed that it didn't use a “one-to-many” verification method, which is widely considered unreliable “because it relies on comparison to biometric data captured and retained from external databases.” “One-to-one” facial recognition verifies that a person matches his or her own photo, and it is considered to be more reliable. Yet after company messages leaked indicating that ID.me did in fact use one-to-many technology, the company retracted that claim, stating: “ID.me uses a specific ‘1 to Many’ check on selfies tied to government programs targeted by organized crime to prevent prolific identity thieves and members of organized crime from stealing the identities of innocent victims en masse.” The legislators pointed out that “it is unclear what databases ID.me uses for its ‘one- to-many’ fraud verification and how effective this system is.” 

They also noted that, earlier this year, after reporting indicated that the IRS would require taxpayers accessing certain services to enroll in ID.me for identity verification, the Oversight Committee began an investigation into the IRS’s use of the company’s technology. The committee found out that nearly 7 million Americans had turned over biometric data to ID.me and the IRS. A few days later, the IRS announced it would move away from its use of third-party facial recognition tools to verify users. 

Since ID.me has government contracts with state unemployment agencies, the two legislators expressed concern “that ID.me’s performance failures and technological requirements may have undermined the effectiveness, efficiency, and equity of pandemic-related unemployment assistance programs, which Congress established in 2020 to help millions of jobless Americans afford food, medicine, and housing during the sharp economic downturn.” 

They also noted another problem with the facial recognition technology—the fact that millions of Americans don’t have access to the devices needed to use it. They reported that, as of 2021, approximately 15 percent of American adults did not own a smart phone, and 23 percent did not own a desktop or laptop computer. Thus, they wrote, “The ID.me process creates disproportionate obstacles for older individuals who may face challenges using new technology, residents of rural and low-income areas without high-speed internet access, and households that share technological devices for school, remote work, or job hunting. Even without factoring in burdensome wait times, ID.me’s requirements that applicants use email addresses and smartphone cameras may have barred Americans who lacked those resources from assistance.” 

As part of their investigation, the legislators asked the company to provide documents by April 28, including:: 

1.     A detailed list of all federal, state, and local government contracts under which ID.me has provided biometric authentication from 2014 to present; 

2.     Detailed information on each federal, state, and local government contract under which ID.me has provided biometric authentication of applicants for unemployment insurance, including the specific  data by month for the period March 2020 through March 2022;  

3. ID.me’s policies and procedures on biometric data retention for all federal, state and local government contracts;  

4. ID.me’s policies and procedures on the use of Duplicate Face Detection systems for federal, state and local government contracts, including but not limited to a technical description of Duplicate Face Detection systems; 

5. All communications with IRS personnel concerning one-to-many facial recognition technology or Duplicate Face Detection systems;  

6. All internal documents describing trends in error rates and assessments of database(s) used to train algorithms;  

7. Documents sufficient to show ID.me’s profits and revenues broken down by month, between January 2020 and February 2022; and  

8. All pitch decks, executive summaries, and other investor-facing materials concerning ID.me’s ability to detect and prevent fraud that ID.me provided or presented to prospective investors between January 2020 and February 2022.  

In addition, the legislators asked ID.me to answer the following questions by April 28 

1. How does ID.me determine biometric data to be suspicious or fraudulent? a. Are these determinations made through a human review process, by artificial intelligence, or a combination of both?  

2. How does ID.me investigate inaccuracies in their systems and how does ID.me respond to inaccuracies that are found? 

3. Between March 2020 and February 2022, how many people used ID.me to verify their identity for purposes of accessing unemployment insurance?  

4. Between March 2020 and February 2022, how many ID.me employees or contractors did ID.me assign to provide direct support to users seeking unemployment insurance, broken down by month? a. Of those employees and contractors, how many were dedicated exclusively to providing direct support to users seeking unemployment insurance, broken down by month? b. How many multi-lingual employees and contractors provided direct support to users seeking unemployment insurance, broken down by language and by month?  

5. Between March 2020 and February 2022, in what counties did ID.me offer in- person identity verification for applicants to unemployment assistance programs? a. Please indicate the time periods during which each of these in-person verification locations have operated.  

6. Please provide a detailed explanation of all inputs into ID.me’s public estimate of unemployment fraud that was provided to Axios in June 2021, including all evidence, sources, and calculation methods that ID.me relied on to arrive at the estimate.