Massachusetts to stop using facial recognition in identity verification

The Massachusetts Department of Unemployment Assistance on Wednesday announced it will discontinue its use of facial recognition in ID.me, a popular identity verification service that’s come under scrutiny in recent weeks.

Though 27 states use ID.me for verifying identity in processing unemployment insurance claims, Massachusetts’ unemployment bureau is the first to follow the lead of the IRS, which earlier this month announced it would phase out its use of the software’s facial recognition component. Massachusetts’ announcement, which was first reported by the Boston Herald, highlights an ongoing dispute between privacy advocates opposed to facial recognition technology and government leaders who say they want the newest tools available to fight crime.

Officials said the state adopted ID.me during the pandemic, when both real and fraudulent claims peaked, and that the facial recognition feature is no longer needed now that claims levels are returning to normal.

According to the state, more than 46,000 Massachusetts residents used ID.me between March 2021 and Feb. 2022 to validate their identities for unemployment benefits. But the state did not disclose how many of those applicants verified their identities using facial recognition, which is one of several verification options offered by ID.me. Both Massachusetts and ID.me confirmed that users were not required to use facial recognition to verify their identities if they didn’t want or were unable to do so.

‘The right call’

Kade Crockford, director of the American Civil Liberties Union of Massachusetts’ Technology for Liberty program, told StateScoop in an email that the state made “the right call.”

“This is the right call, and a victory for privacy rights,” Crockford said. “The ACLU of Massachusetts applauds the Commonwealth and thanks all of the people who raised their voices on this issue. We hope other states follow Massachusetts’ lead and center privacy and equity by reconsidering ID.me. No person should be forced to hand over their sensitive biometric data to a private company in order to do business with the government.”

Facial recognition technologies have for years been a target of organizations such as the ACLU, which claims the software can be used for broad, passive surveillance. There’s also a growing body of research indicating that facial recognition software is less accurate when applied to women or people with darker skin tones.

But states have increasingly turned to such solutions as unemployment fraud rocketed into the billions of dollars during the pandemic. This trend is after many states relaxed their identity checks in an attempt to accelerate claims processing, such as in California, where officials doled out more than $20 billion to people who submitted fraudulent claims, the Associated Press reported last October.

‘The full solution’

But ID.me is quick to advertise that fraud numbers could have been worse. The company claims that in just four states — Arizona, California, Georgia and New Jersey — its technology helped prevent an additional $210 billion in fraudulent claims from being disbursed.

On Thursday, ID.me announced a new feature it calls “Human in the Loop,” which allows users who fail an automated identity check to connect in a video chat with a human reviewer located at one of the company’s call centers in Florida or Virginia. Pete Eskew, general manager of ID.me’s public sector business, told StateScoop that the new feature is a continuation of a 2019 initiative called “No Identity Left Behind,” which offered users a similar online recourse.

“We’re not a biometric company,” Eskew said. “I think that’s been misconstrued over the past couple of weeks. We’re an identity verification company. Biometrics could be a part of the path should both the government and the user choose that. We believe that technology combined with humans is the best approach.”

Eskew said the biometric component of ID.me’s tools is included to meet technical requirements outlined by identity standards set by the National Institute of Standards and Technology. If the company doesn’t meet the biometric requirement, it would not be able to sell its products to state agencies, he said.

“That is generally the sort of solicitation request and requirement for a vendor such as us to even participate in the conversation,” Eskew said. “They want the full solution that includes a biometric but that includes a document reader, includes a phone check and includes a credit check. Not every use case requires biometric checks.”