Get a $25 gift card if you help the US check whether these facial logins really work

The US authorities hopes to adhd face-based logins to .gov websites – though first it wants to cheque whether this exertion is arsenic biased aliases unreliable arsenic experts warn. 

The General Services Administration (GSA), nan US government's procurement arm, past week announced nan motorboat of a program to transportation retired that experimentation.

Folks successful nan US are encouraged to motion up for nan study and manus complete their individual identifiable accusation – including snaps of their look – to cheque nan abilities of six suppliers' facial-recognition-based authentication systems. It's hoped that 1 time this benignant of tech will beryllium built into authorities websites, allowing group to log successful utilizing their faces.

"This is an important study and inaugural to trial and validate facial nickname and matching algorithms and exertion to place barriers crossed demographic lines," said GSA Federal Acquisition Service commissioner Sunny Hashmi. "The results will not only pass authorities strategy moving forward, but will besides little barriers for much Americans erstwhile they interact pinch their authorities digitally." 

The GSA is asking for anyone pinch a US-government-issued ID, societal information number, email address, and mobile telephone scheme successful their sanction to participate. On connection is simply a $25 gift paper for sharing that ID, aggregate selfies, your SSN, and different info, and giving nan GSA support to execute an automated scan of "your mobile device's features and capabilities."

That information trove will beryllium shared pinch security-vetted suppliers for processing and analysis, and deleted from their servers wrong 24 hours, we're promised. However, nan GSA besides notes successful its FAQ that it will support that information for different six years, presumably successful 1 of those oh-so secure authorities servers we perceive truthful overmuch about.

It's 1 point to probe facial-recognition AI tech for nan biases that experts and academics person been informing astir – that women and group of colour thin to beryllium misidentified, primarily. But this study whitethorn person besides been inspired, shall we say, by an audit this twelvemonth that indicated nan GSA had "misled" different agencies astir its information standards. 

The GSA nary uncertainty wants to location successful connected authentication products that do not suffer bias and accuracy problems, though a statement successful nan charismatic announcement indicates a abstracted brouhaha whitethorn beryllium smoothed complete by nan study.

Specifically, nan procurement officials look to beryllium responding to a March report [PDF] from nan Office of nan Inspector General (OIG) that recovered nan GSA had misled different authorities bodies astir nan existent capabilities of Login.gov, nan US government's single-sign-on (SSO) portal to its public-facing websites. 

According to nan OIG report, nan GSA made misleading statements astir having implemented NIST's integer personality guidelines [PDF], peculiarly building successful personality assurance level 2 (IAL2), connected Login.gov.

When personification wants to use for a login.gov account, IAL2 requires their personality is verified utilizing either distant aliases physically-present personality proofing – eg, capturing a selfie and comparing it to a government-issue ID grounds – conscionable for illustration nan GSA study hopes to test. From November 2019, nan GSA billed customer agencies claiming its SSO strategy was IAL2 compliant, earlier admitting successful February 2022 nan tech wasn't really successful place. Which would person been somewhat annoying for those different departments.

In September 2021, nan GSA besides made misleading statements erstwhile applying for $187 cardinal successful backing from nan US government's Technology Modernization Fund. According to nan auditors, nan agency claimed "Login.gov is presently utilized successful accumulation and complies pinch NIST’s 800-63-3 modular for beardown authentication (AAL2) and personality verification (IAL2)."

The GSA doesn't reference nan OIG probe connected its facial-recognition study website, though it did mention successful its announcement that nan complete 800-63-3 modular will "serve arsenic nan model for nan study." 

The OIG study paints a image of nan GSA arsenic negligent successful its implementation of NIST's guidelines, and mentions providing its study to nan GSA "for due disciplinary action." A wide nationalist study that shows nan agency is now standards compliant, and has taken steps to robust retired accuracy problems successful future, whitethorn thief calm things down. It whitethorn awesome to nan remainder of nan national authorities that nan GSA is taking things for illustration standards seriously.

The GSA didn't instantly respond to questions from The Register for this story. ®