Senators ask FTC to investigate ID.me for deceptive business practices

Four U.S. senators sent a letter to Federal Trade Commission Chair Lina Khan Wednesday, urging her to investigate deceptive statements made by the chief executive of ID.me, an identity verification company whose facial recognition technology has alarmed privacy advocates and legislators.

ID.me CEO Blake Hall said in a January LinkedIn post that the company uses a powerful kind of facial recognition tech that searches for individuals within mass databases of photos, an assertion that a company press release issued a few days prior directly contradicted. The senators’ letter cited CyberScoop reporting on the contradiction.

Federal and state government agencies have used ID.me to verify online applicants for government services. Reports of the Internal Revenue Service’s reliance on ID.me ignited a public backlash in January, leading the agency to stop requiring facial recognition for those seeking services. However, several other state and federal agencies still use ID.me technology, requiring applicants to submit to its facial recognition scanning in order to access essential services, including unemployment benefits.

The letter from the senators emphasized what they viewed as a troubling inconsistency in ID.me’s public statements about the kind of facial recognition technology on which it relies.

One-to-one facial recognition compares an individual’s photo to a single other photo to confirm the photos depict the same person. One-to-many facial recognition compares a face against a database of other faces to find matches and is much more controversial, particularly since studies have found that African and Asian Americans are far more likely than Caucasians to be the victim of a false match and in turn, potentially lose government services.

In late January, Hall released a statement denying that ID.me uses one-to-many facial recognition, calling it “problematic” and “tied to surveillance applications.” However, two days later Hall contradicted himself, admitting on LinkedIn that ID.me does in fact use one-to-many facial recognition, something the senators focused on in their letter.

“Within days, the company edited the numerous blog posts and white papers on its website that previously stated the company did not use one-to-many to reflect the truth,” said the letter signed by Democratic senators Ron Wyden of Oregon, Ed Markey of Massachusetts, Alex Padilla of California and Cory Booker of New Jersey. “CyberScoop obtained and published internal ID.me corporate chats from the days before Mr. Hall’s LinkedIn post in which multiple employees expressed concerns about the company’s deceptive public statements about one-to-many facial recognition.”

In their letter the senators slammed Hall for misleading consumers about how the company used their biometric data, including that it “would be stored in a database and cross-referenced using facial recognition whenever new accounts were created in the future.”

Additionally, the letters said that ID.me’s deceptions may have led it to win federal and state contracts it otherwise would not have obtained, a fact which the senators say could “constitute deceptive and unfair business practices under the Section 5 of the FTC Act.”

A spokesperson for ID.me said in response to the letter: “Five state workforce agencies have publicly credited ID.me with helping to prevent $238 billion dollars in fraud. Conditions were so bad during the pandemic that the deputy assistant director of the FBI called the fraud ‘an economic attack on the United States’ ID.me played a critical role in stopping that attack in more than 20 states where the service was rapidly adopted for its equally important ability to increase equity and verify individuals left behind by traditional options. We look forward to cooperating with all relevant government bodies to clear up any misunderstandings.”