Politics Foreign Affairs Culture Fellows Program

The IRS Wants Your Face

The IRS will require users to scan their faces to access their tax returns. The news has privacy advocates worried.

In just a few months’ time, we’re told, the IRS will require users to scan their faces to access their tax returns. The news has privacy advocates worried.

According to Jackie Singh, director of technology and operations at the Surveillance Technology Oversight Project, the decision “will only lead to further ruin for Americans when their data is inevitably breached.” The IRS’s use of facial-recognition technology is “very bad” for those who value their privacy, she said, calling on every “tech-aware American to fight it.”

I reached out to Surveillance Technology Oversight Project for further comment on the matter. According to the company’s executive director, Albert Fox Cahn, “facial recognition is invasive, error-prone, and ripe for abuse.” The technology, he accurately argues, is biased against minorities, as well as “women, children, and the elderly.” Sadly, such “technology is increasingly inescapable in modern life, given unprecedented power to track us both online and in physical space.” What sort of data breaches are possible? “Facial recognition and other biometric data is uniquely dangerous when it falls into the wrong hands, ” Cahn said. “You can change your Social Security number, you can even change your name, but you can’t change your face. When your biometric data is compromised, you are exposed for the rest of your life.”

The U.S. is, I believe, fast becoming a techno-surveillance state. Cahn agreed. “America is quickly becoming one of the most surveilled countries on earth. We see ever-growing surveillance at the federal, state, and local level. Agencies are using more and more invasive tools to target increasingly low-level crimes, such as graffiti and shoplifting. We have a narrow window left to reverse this pattern and ensure that we don’t become a permanent surveillance state.” Yes, a permanent surveillance state—like China.

What we are seeing is the equivalent of the foot-in-the-door technique used by salesmen. Invasive tech ostensibly is used to fight crime, but, as Edward Snowden demonstrated, after a certain period of time, everyone becomes a suspect.

Chris Burt, an editor with Biometric Update, told me that there “are legitimate data-privacy concerns that should be addressed by any digital identity verification system, including those that use facial authentication or other biometrics.” However, he added, “the agency seems to be having a problem fighting fraud, which strong authentication using face biometrics could certainly help with.” Although the IRS does struggle with fraud, the “cure” should not be worse than the “disease.”

Data breaches are not just possible, they are guaranteed. In 2015, as the Washington Post reported, hackers breached the IRS network, stealing the personal information of more than 100,000 taxpayers. According to then-IRS Commissioner John Koskinen, several years’ worth of tax returns and other highly sensitive information were among the information stolen. As the piece noted, after “clearing a security screen that requires users to know the taxpayer’s Social Security number, date of birth, address and tax filing status,” the thieves “gained access to information from prior years’ tax returns,” thus allowing them to “file fraudulent tax returns.”

Ironically, the IRS’s new system might actually incentivize, rather than prevent, fraud. After all, data breaches are on the rise, and branches of government are ill-equipped to deal with the ever-evolving, highly sophisticated techniques used by hackers. According to Eva Velasquez, president and CEO of the Identity Theft Resource Center, the U.S. saw a profound “shift with the increase in data breaches in 2021 compared to 2020, primarily because of the growing number of phishing attacks, ransomware attacks and supply chain attacks.” Hackers have already stolen the fingerprints of 5.6 million US workers. China has already stolen the personal data of 80 percent of American adults. They will be back for more sensitive data, and this time, they might steal your face.

Finally, facial recognition technology is closely aligned with mass surveillance. It violates users’ privacy and exposes innocent individuals to a host of dangers. We are fast approaching a world in which we will “own nothing” and “be happy.” Soon enough, if the IRS has its way, you mightn’t even own your face. But hackers in China or Russia might. Remember, once your face is gone, it’s gone. The IRS’ decision must be reversed. It may be responsible for collecting your tax information, but it shouldn’t be responsible for collecting your biometric data.

John Mac Ghlionn is a researcher and essayist. His work has been published by the likes of National ReviewNew York PostSouth China Morning Post, and the Sydney Morning Herald. He can be found on Twitter at @ghlionn.