GSA to pilot facial recognition option for Login.gov in May

The General Services Administration is preparing to test out a facial recognition option for Login.gov, a one-stop shop for Americans to access government benefits and services online.

GSA’s Technology Transformation Services expects to start a pilot in May to allow individuals to verify their identity online using facial recognition technology that meets standards set by the National Institute of Standards and Technology’s 800-63-3 Identity Assurance Level 2 (IAL2) guidelines.

The pilot will allow users to match a “selfie” with the photo on a government ID, such as a driver’s license.

TTS Director Ann Lewis said in a statement Thursday that the new identity verification option for GSA’s federal customers “will protect user data, prevent fraud, and align with IAL2 guidelines – all while doubling down on our strong commitment to privacy, accessibility, and security.”

“This will be a key step in helping federal and state agencies who require an IAL2-compliant solution to more easily deliver benefits to millions of Americans in a secure, seamless, and timely way,” Lewis said.

The facial recognition pilot builds on Login.gov’s existing identity verification process, which requires validation of a government-issued ID and a phone number or address.

GSA says the facial recognition pilot is a step toward protecting users from increasingly sophisticated identity fraud and cyberattacks

GSA wrote in a press release Thursday that “Login.gov will not allow these images to be used for any purpose other than verifying identity, an approach which reflects Login.gov’s longstanding commitment to ensuring the privacy of its users.”

Several agencies have opted into the pilot so far. GSA says more agencies will join the pilot when it expands this summer.

It will also seek an independent, third-party assessment to ensure the facial recognition tools comply with the IAL2 standard. GSA expects that the third-party assessment will be completed later this year.

GSA’s rollout of facial recognition technology on Login.gov comes a year after its inspector general’s office found it misled agency customers and the Technology Modernization Fund board about meeting NIST’s IAL2 standard for remote identity proofing.

The IG report found that, rather than conducting physical or biometric comparisons, such as through facial recognition or fingerprints, as required by NIST, Login.gov was instead using a third party to compare identification cards to information contained in LexisNexis.

“Login.gov has never met the technical requirements for identity proofing and authentication of NIST Special Publication 800-63-3 for Identity Assurance Level 2 (IAL2). At multiple points starting in 2019, Login.gov officials should have notified customer agencies that Login.gov did not comply with IAL2 requirements in SP 800-63-3. However, Login.gov did not notify their customer agencies until Feb. 3, 2022, after a Wired article reported that Login.gov used selfies for verification,” the March 2023 report states. “Before then, Login.gov not only portrayed publicly that it was compliant with IAL2 requirements, but also misinformed customer agencies through interagency agreements stating that they met and/or were consistent with the IAL2 requirements.”

GSA said it notified its inspector general’s office in February 2022 of the misrepresentations and initiated the audit.

Former Federal Acquisition Service Commissioner Sonny Hashmi told reporters last year that the “misrepresentations about Login.gov’s compliance with the NIST IAL2 standard, starting in 2018, were completely unacceptable.”

GSA says that in the coming weeks, Login.gov will also expand in-person identity verification to be a “visible, upfront option” for all Login.gov users to access services from nearly all participating agencies.

This in-person identity verification option expands GSA’s current partnership with the Postal Service.

Login.gov users will be able to allow Login.gov users to verify their identity in person at over 18,000 post offices across the country. More than 99% of the U.S. population lives within 10 miles of a post office.

Login.gov Director Dan Lopez said GSA’s announcements “reflect how, over the past year, our team has collected input and feedback from many agency partners and stakeholders.”

“We are pleased to be building a product that attracts and empowers both our partners and their users who increasingly demand a single sign-on service to access their services and benefits,” Lopez said.

GSA previewed the rollout of IAL2-compliant facial recognition tools in a blog post last October. GSA said it’s been working with other agencies to “evaluate the effectiveness of the Login.gov product across demographic groups, monitor for algorithmic bias in identity verification, and to evaluate additional pathways to verify identities at the IAL2 level, such as compensating controls.”

NIST and government watchdogs have previously warned that facial recognition technology, without adequate safeguards, can produce racially biased results and have an unfair impact on vulnerable populations.

GSA said it’s also informed federal customers of a new Login.gov pricing model, slated to take effect on July 1.  It says the new pricing model aims to help agencies of all sizes more affordably use and expand the use of Login.gov.

“The pricing model is based on extensive forecasting that helps ground Login.gov’s future in a long-term, sustainable financial model,” the agency wrote in a press release.

Login.gov currently serves over 40 federal and state agencies and reached a record 49 million active users in fiscal 2023.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.