GSA is conducting a study of the effectiveness of identity verification technologies to help inform the future of Login.gov andresr / GETTY IMAGES
GSA is looking for participants for its facial recognition study
Federal Acquisition Service Commissioner Sonny Hashmi said the study will help determine how to move forward with Login.gov.
The General Services Administration is moving ahead with a study on remote identity proofing to assess how well different identity verification technologies and methods work across race, gender, ethnicity and other demographic factors, as it decides how to move forward with its identity proofing solution for government — Login.gov — long-term.
So far, the agency has abstained from using facial recognition for Login.gov, citing concerns about bias. It uses data-matching techniques to verify identities instead.
Earlier this year, GSA came under fire from the agency’s inspector general, which released a report saying that GSA had misled other federal agencies about the level of identity proofing standard Login.gov meets.
The easiest way to meet the standard in question — called identity assurance level 2, or IAL2, and set by the National Institute of Standards and Technology — is by using biometric methods. However, NIST is currently updating its standards and appears to be planning major changes on the use of facial recognition, even investigating potential new options that don’t use the technology at all.
For now, GSA is recruiting up to 4,000 participants for its study on remote identity proofing, which first appeared in a request for information in April 2022 and was set for publication this year.
“Login.gov is exploring paths to provide an IAL2 compliant identity verification service to its customers in a responsible, equitable way,” a GSA spokesperson told Nextgov/FCW. “This equity study is one action GSA is taking to support that.”
Sonny Hashmi, Federal Acquisition Service Commissioner at GSA, wrote on LinkedIn that the study “will not only inform government strategy moving forward, but will also lower barriers for more Americans when they interact with their government digitally.”
Participants will provide demographic and personal information, as well as photos of their government-issued ID and selfies to match against those official photos.
To participate, individuals need a mobile phone with a camera, a valid government ID and a Social Security number, used for data-matching as part of the identity verification process. Participants will get $25 gift cards as compensation for participating.
The agency is testing five systems, according to the study website, and GSA’s privacy impact assessment references Incode, LexisNexis Risk Solutions, Jumio, Socure and Transunion.
GSA is working with Clarkson University and the Center for Identification Technology Research to do a statistical analysis of the systems’ pass and fail rates for the identity checks of participants, as well as forthcoming reports on the study’s findings, according to the privacy impact assessment.
That assessment says the question at hand is “if and how demographic factors affect the vendors’ remote identity proofing software’s identity proofing decisions.”
GSA is testing both facial recognition and other ways of identity proofing, like data checks, the impact assessment says. officials saidit says. Results will be published in a peer-reviewed publication in 2024, according to the study website.
“The current methods of identity verification are often inequitable, leaving certain groups of people unable to access the services they need,” the study website says. “The GSA study on remote identity proofing aims to understand how different methods to verify your identity can improve this issue.”
In addition to concerns about facial recognition, Hashmi himself has previously pointed to concerns about how well different methods work for unhoused people and people without cell phones or credit histories, for example, which can be important for remote, data-matching types of identity proofing.
Although data on the effectiveness of remote identity technology is relatively limited, GSA isn’t the only government agency currently studying it.
The research arm of the Department of Homeland Security is also testing the ability of systems to match selfies to identity documents as part of a series of tests that also include document authentication and liveness technology.
Previously, the DHS Science and Technology Directorate has tested facial recognition in use cases of small groups of people, such as in airports, finding that group processing can work, although some systems did have different performances depending on the demographics of the people it was identifying.
In that test, errors generally came from cameras having difficulty calibrating for people with dark skin and less so with extremely light skin, as opposed to errors coming from facial recognition algorithms, which have “improved drastically” in recent years, a DHS official told reporters at the time.
Still, as the use of remote identity proofing tech proliferated in the government during the pandemic, so too have concerns about potential bias in the systems and that could block legitimate users.
The inspector general at the Labor Department urged “extreme caution” on the use of the technology in unemployment insurance in April, citing potential bias and discrimination.
That memo pointed to a 2019 National Institute of Standards and Technology study that found evidence for demographic differentials in the majority of algorithms it studied. For example, NIST found higher rates of false positives in one-to-one matching for Asian and African American people relative to white people.
NIST also stressed that different algorithms have varying levels of performance, and since 2019, the technology has generally improved, a top NIST official told lawmakers in March.