WRAL: Jobless in the pandemic? You may be in a facial recognition database.

By Travis Fain, state government reporter

At the height of the pandemic, as unemployment surged across the country, tens of thousands of North Carolinians sent pictures of themselves to a private company—a new state requirement to confirm their identities—before they could get unemployment benefits.

It was an emergency measure meant to cut down on fraud as tens of thousands of jobless claims poured in daily to North Carolina’s overwhelmed Division of Employment Security.

The tradeoff—personal information for income in hard times—may have come at the expense of privacy. As many as 270,000 North Carolinians are now in a facial recognition database that the company planned to keep for up to seven-and-a-half years and, in some cases, share with law enforcement.

That’s in flux after pushback from privacy groups and members of Congress worried about the company’s rapid expansion. Virginia-based ID.me says it has contracts with 30 states, as well as some federal agencies, and that it provides “digital identity to 70 million Americans.”

The company says it helped prevent billions in unemployment fraud nationwide as states grappled with massive jobless claim volumes that enabled fraudsters to hide within the system. The U.S. Department of Labor last year said some $83 billion may have gone out improperly, with “a significant portion” due to fraud.ADVERTISING

But a federal plan to require facial recognition to access IRS records was a tipping point. After a backlash, the Internal Revenue Service said this month that it would drop those plans, and ID.me said it would let all ID.me users delete photos on file with the company beginning Tuesday by logging in to their account.

“ID.me is an identity verification company, not a biometrics company,” the company said in that announcement, using a catch-all word for images and other data that quantify physical features.

Deletions will take place within seven days of receiving a request, the company said in a statement Friday, but it wasn’t clear how people will be informed that the option exists. “We are working through any communications with our state government agency partners,” the company said.

A growing universe

Experts said ID.me’s government contracts represent one more privacy encroachment in a world rapidly implementing facial recognition technology, which uses computers to identify people by comparing their picture to a database of images.

The North Carolina Division of Motor Vehicles, for example, has an online portal that law enforcement can use to request facial recognition searches of the state’s drivers license database, no subpoena required. A DMV spokesman said he couldn’t say how often that happens because requests aren’t tracked.

A number of local governments have or are adding surveillance cameras with facial recognition capability. Two years ago the Raleigh Police Department said it would stop using a facial recognition service that had scraped billions of images from social media and the internet without people’s consent.

Earlier this month The Washington Post reported that this same service, Clearview AI, told investors it’s on track to have 100 billion photos in its database within a year, enough to ensure “almost everyone in the world will be identifiable.”

Even in that environment, ID.me’s case has some disconcerting conditions, according to privacy experts who advocate against facial recognition. People have to use the service to get certain government benefits, a private company controls the database and ID.me’s terms of service are difficult to suss out.

“You’re very much dependent on how ID.me interprets their own policy,” Jeramie Scott, senior attorney at the Electronic Privacy Information Center, said. “And given their wording, different aspects of the policy could be interpreted pretty broadly.”

Read more here.