Surprising exactly no one paying attention to the slow erosion of privacy, the US General Services Administration (GSA) has rolled out its shiny new toy: facial recognition technology for accessing login.gov. Yes, that beloved single sign-in service, connecting Americans to federal and state agencies, now wants your face—literally. This gateway, clicked into over 300 million times a year by citizens has decided the most efficient way to keep us all “safe” is by scanning our mugs. How very 2024.
Related: Facial Recognition Continues To Proliferate at Concerts and Festivals
But of course, this little “upgrade” didn’t just appear overnight. Oh no, it dragged itself through bureaucratic purgatory, complete with false starts, delays, and some spicy critique from the Inspector General. Apparently, login.gov had been fibbing about its compliance with Identity Assurance Level 2 (IAL2)—a fancy label for a government-mandated security standard that requires real-deal verification of who you are. Up until now, that “verification” meant having someone eyeball your ID card photo and say, “Yep, that looks about right,” rather than dipping into the biometric surveillance toolkit.
Facial recognition was supposed to make its grand debut last year, but things got complicated when it turned out login.gov wasn’t actually playing by the rules it claimed to follow. The Inspector General, ever the fun police, caught them misrepresenting their tech’s adherence to the IAL2 standard, causing the rollout to stall while everyone scrambled to figure out if they could get away with this. Now, after enough piloting to give a nervous airline passenger a heart attack, login.gov has finally reached compliance, but not without leaving a greasy trail of unanswered questions in its wake.
Smile for the Algorithm
So here we are, with the GSA proudly offering up facial recognition as the answer to all our identity verification problems. Just snap a “live selfie,” upload it to the cloud, and let some “best in class” algorithm work its magic by comparing your face to the one on your government ID. What could possibly go wrong? According to the GSA, nothing. They swear these photos are used solely for verification purposes and won’t be stored, misused, or, you know, somehow end up in the hands of anyone you wouldn’t want to have your biometric data.
But hey, let’s not get too distracted by the fine print. “Best in class” algorithms? That’s a bold claim coming from the same government that brought us Healthcare.gov’s disaster debut and the IRS phone service from hell. There’s something hilarious about throwing out a vague phrase like “best in class” as if it absolves them of any responsibility. We’re just supposed to trust that their mysterious, highly proprietary facial matching system is doing the right thing behind closed doors—no questions asked, citizen.
The Privacy Mirage
Of course, the skeptics among us—the kind of people who read the full terms of service before clicking “I agree”—aren’t buying the GSA’s feel-good assurances. Privacy advocates have been sounding the alarm for years about the dangers of biometric data collection, and facial recognition technology has become the poster child for Big Brother’s relentless march into our lives. How do we really know that these selfies won’t be stored somewhere, only to be hacked or sold off like digital cattle at a data auction? And even if they are just for verification now, who’s to say that won’t change later?
Let’s not forget that the government doesn’t exactly have a spotless track record when it comes to handling sensitive personal data. The Office of Personnel Management hack in 2015, anyone? That little debacle only exposed the personal information of over 21 million people, including fingerprints. And yet, here we are, being asked to believe that this time, this time, they’ve got everything under control. It’s hard not to picture a row of bureaucrats crossing their fingers behind their backs while issuing their promises of security.
Even Hanna Kim, the Director of login.gov, acknowledges that the decision to integrate biometric tech came in response to “partner agency demands for handling high-risk scenarios.” Translation: Some agencies wanted an easy way to ramp up security, so now the rest of us get to hand over our facial data for the sake of “high-risk” situations. Except, it’s not just the high-risk cases that should concern us—it’s the creeping normalization of using biometric data for everyday tasks. Today it’s logging into government websites. Tomorrow it’s buying groceries with a retinal scan.
Choose Your Poison
For now, users of login.gov still have a choice—they can opt to verify their identity the old-fashioned way, without giving up their face to the algorithmic overlords. But that choice, like so many others in the digital age, comes with strings attached. Sure, you can avoid the facial recognition route, but the fact that it’s now on the table means we’re only a few policy changes away from it becoming mandatory. After all, how long before certain agencies start saying, “You know, for security reasons, we need your biometric data. If you want that social security check or to file your tax return, you’re going to have to play ball”?
Related: The TSA Plans Big Digital ID Push in 2024
There’s something sinister about this slow, methodical erosion of choice. First, it’s presented as an option, just one of many verification methods, no big deal. But as the machinery of government grinds on, options have a way of disappearing, replaced by convenient mandates. And when it comes to biometric data, once it’s out there, good luck getting it back.
The Fine Print of Freedom
Let’s call this what it is: another step towards a world where privacy is little more than a quaint relic of the past. The GSA’s move to facial recognition is part of a larger trend, one where security and convenience are dangled like carrots, while individual freedoms are quietly signed away in the background. Sure, your face is unique, but so is your right to keep it out of a database.
At some point, we’re going to have to ask ourselves: is the convenience of a quicker login worth trading in the last shreds of privacy we’ve got left? Or are we too busy snapping selfies to notice that the surveillance state just got a little closer to home?