Analysis | IRS dodged a cyber minefield by ditching facial recognition. Today's Cybersecurity 202 w/
@aaronjschaffer
The Cybersecurity 202 • Analysis
IRS dodged a cyber minefield by ditching facial recognition
By Joseph Marks
with research by Aaron Schaffer
Today at 7:44 a.m. EST
Welcome to The Cybersecurity 202! I was reacquainted with the neo-noir film “Night Moves” this weekend, which I highly recommend. Not to be confused with the Bob Seger song, which isn’t half bad either.
Below: Lawmakers are taking another shot at mandatory cyber incident reporting, and there’s a new threat of data thefts from tech-savvy insider threats.
Cybersecurity advocates are relieved taxpayers won't have to show their faces
A wave of relief swept through the cybersecurity community yesterday as the Internal Revenue Service scrapped plans to make taxpayers share the most personal of personal information: the identifying features of their faces. ... The now-scrapped system run by by contractor ID.me had prompted dire warnings from Democratic and Republican lawmakers and privacy and security advocates,
who said it could make taxpayers even more vulnerable to damaging hacking and privacy violations, as Drew Harwell
reports.
“Facial recognition technology is based on your face and that’s something you can’t change easily. Once you lose control of it, it’s extremely hard, if not impossible, to regain control of your identity,”
Jeramie D. Scott, senior counsel with the Electronic Privacy Information Center, told me.
The program, which was already being rolled out, would have required all taxpayers to submit a “video selfie” to ID.me to access tax records and other services on the IRS website. The about-face came in a letter to Sen.
Ron Wyden (D-Ore.), who had
urged the IRS to jettison the system, calling it “simply unacceptable to force Americans to submit to scans using facial recognition technology as a condition of interacting with the government online.”
{snip}
There are nine other federal agencies already using ID.me services — though none for systems as far reaching as the IRS proposal. ... It’s also not clear what will happen with video selfies that people have already submitted to ID.me for IRS services. Here’s
more from CyberScoop’s Tonya Riley.
{snip}
Thanks for reading. See you tomorrow.
By Joseph Marks
Joe Marks writes The Cybersecurity 202 newsletter focused on the policy and politics of cybersecurity. He previously covered cybersecurity for Politico and for Nextgov. Twitter
https://twitter.com/Joseph_Marks_
By Aaron Schaffer
Aaron Schaffer is a researcher for Technology 202 and Cybersecurity 202 at The Washington Post. Twitter
https://twitter.com/aaronjschaffer
= new reply since forum marked as read