After a bipartisan backlash, the agency will transition away from using a service from ID.me.
WASHINGTON — The Internal Revenue Service plans to stop using facial recognition software to identify taxpayers seeking access to their accounts on the agency’s website amid concerns over privacy and data security.
The I.R.S. was already coping with a daunting tax season, faced with backlogs of old tax returns, staffing shortages and the additional complexity of paying stimulus and child tax credits. Now the agency must also change how it verifies the identity of taxpayers.
The I.R.S. said on Monday that it would “transition away” from using a third-party service for facial recognition to help authenticate people creating online accounts. The transition will occur over the coming weeks to prevent additional disruptions to the tax filing season, which ends April 18.
The tax agency came under criticism after the Treasury Department awarded ID.me, an identity verification company, an $86 million contract last year to make taxpayer accounts more secure from data leaks, a growing concern. But the service, which requires taxpayers to take video selfies as part of the verification process, frustrated taxpayers and raised concerns about the collection of sensitive biometric data.
“The I.R.S. takes taxpayer privacy and security seriously, and we understand the concerns that have been raised,” said Charles P. Rettig, the agency commissioner. “Everyone should feel comfortable with how their personal information is secured, and we are quickly pursuing short-term options that do not involve facial recognition.”
The I.R.S. is developing another authentication process that does not involve facial recognition and is working with other agencies to create tools to protect taxpayer data. The agency said the change would not affect the ability of taxpayers to file their returns.
For weeks, advocacy groups complained that making taxpayers have their faces mapped was an invasion of privacy, and lawmakers received complaints that the creaky I.R.S. website had gotten even harder to use.
“The I.R.S. got way ahead of itself by forcing taxpayers to use facial recognition without having done the hard work of ensuring the technology’s appropriateness,” said Eric Goldman, co-director of the High Tech Law Institute at Santa Clara University. “The I.R.S.’s backtracking on facial recognition-based identity verification provides a strong cautionary tale for any other government agencies thinking facial recognition is an easy or quick solution.”
Caitlin Seeley George, campaign director at Fight for the Future, a digital freedom group, noted that the Social Security Administration, the Department of Veterans Affairs and many state agencies also use ID.me, and she called for those contracts to also cease.
“No one should be coerced into handing over their sensitive biometric information to the government in order to access essential services,” she said.
A group of Republican senators expressed alarm about the I.R.S.’s authentification system in a letter to Mr. Rettig last week, calling the software “intrusive.”
Senator Ron Wyden of Oregon, the Democratic chairman of the Senate Finance Committee, expressed similar concerns in a letter to Mr. Rettig on Monday.
“I have long argued that Americans should not have to sacrifice their privacy for security,” Mr. Wyden said. “The government can treat Americans with respect and dignity while protecting against fraud and identity theft.”
He hailed the I.R.S.’s move on Monday as a “smart decision,” saying that “no one should be forced to submit to facial recognition to access critical government services.”
Mr. Wyden has proposed that the I.R.S. use Login.gov, an authentification system that millions of Americans already use for access to some federal websites, as a replacement.
The I.R.S. has been a frequent target of criticism in recent years, particularly from Republicans who have tried to starve the agency of funding, and it was initially reluctant to abandon ID.me. It unveiled the system in November as a way to ensure that taxpayers could securely monitor their accounts and check on payments such as child tax credit deposits.
Some technology experts said fears over facial recognition technology were misplaced.
“A lot of it is just irrational discomfort over face recognition ever being mentioned,” said Nicholas Weaver, a computer science lecturer at the University of California, Berkeley. He argued that using facial recognition was safer than providing websites with other identifying information.
ID.me’s chief executive, Blake Hall, has been responding to the public criticism via posts to his LinkedIn page. Last month, he argued that his system not only verified identity but also checked faces against those of known identity thieves.
He pointed to the indictment last month of a New Jersey man on charges that he tried to claim more than $2.5 million in unemployment benefits in California. “Data shows that removing this control would immediately lead to significant identity theft and organized crime,” Mr. Hall said.
The status of ID.me’s contract with the federal government, including whether the government will continue to pay the company, is not clear, and the Treasury Department had no comment.
ID.me referred questions on the matter to the I.R.S. on Monday, and it appeared to defend itself on Twitter.
“Facial recognition is just one of the components we use to follow the federal standards,” the company said. “Without it, the identity thieves behind these masks would be much more successful.”