Advisor: California Should Pause and Consider Its Use of ID.me

California should pause and carefully consider its contract with identity-verification firm ID.me in the wake of privacy concerns about the company’s software, a non-partisan state advisor has recommended.

In a report issued to Governor Gavin Newsom’s office Tuesday (Feb. 15), the California Legislative Analyst’s Office recommended the state reconsider its contract with ID.me, which California had used to handle ID verification in the wake of the huge jump of unemployment — and rise in benefit fraud — during the pandemic.

The report from the Legislative Analyst’s Office said, “Now that this critical period has passed, we recommend the Legislature pause and carefully consider the implications of requiring third-party biometric scanning—in this case, facial recognition performed by artificial intelligence.”

The move comes days after the Internal Revenue Service said it would drop its plans to use ID.me to verify users creating online accounts, and one week after the company said it was dropping the facial recognition component of its identity verification software.

“We have listened to the feedback about facial recognition and are making this important change, adding an option for users to verify directly with a human agent to ensure consumers have even more choice and control over their personal data,” Blake Hall, ID.me founder and chief, said in a statement last week.

Read more: Biometrics Firm Drops Facial Scan Proviso From ID Verification Software

The analyst’s office notes that the contract had two key benefits: allowing the state’s Employment Development Department (EDD) to automate more claims, and preventing fraudsters from claiming benefits.

“With ID.me now in place, EDD has taken steps to substantially limit opportunities for fraud while also addressing the manual review bottleneck that caused the backlog during pandemic,” the analyst’s report said.

“But ID.me has come under scrutiny in recent days,” the report continues, saying that earlier this month, the firm’s CEO admitted it had misled clients. “Although ID.me uses one‑to‑one matching to confirm identity, the company also made so‑called ‘one‑to‑many’ matches without their client’s knowledge,” the analyst said.

These matches scan a person’s face against large databases and can thus spot fraudulent actors claiming multiple benefits. But privacy experts say these systems are prone to error, suffer from racial bias and have the potential for misuse.

“In light of this scrutiny, the Internal Revenue Service recently called off its planned adoption of ID.me for tax filing,” the report says.

In addition to the IRS and California’s unemployment office, ID.me has been used by the states of Florida, New York and Texas along with the federal Social Security, Labor and Veterans Affairs departments.