Login.gov plans to adopt facial recognition technology – how GSA and users can reduce risk
Login.gov’s adoption of facial recognition technology is a significant moment for the technology, and could lead to further adoption by other technologists in the future.
In October, the General Services Administration announced it would add facial recognition technology to Login.gov, the single sign-on service Americans use for government benefits and online services, in 2024. GSA said it will also add a digital identity verification option for those who do not want to use facial recognition technology.
Although facial recognition technology has been around for decades, Face ID, the facial recognition feature on iPhone X in 2017, served as a significant catalyst for consumer adoption, effectively accelerating this trend , making facial recognition a more visible and practical technology for everyday use. After a few years, it’s safe to say that nearly a billion consumers have used this technology as a means of verification.
The benefits of this technology are clear. First, it provides a very convenient and quick way to verify your identity. Second, it’s more secure than traditional passcodes. Thirdly, fingerprint scanners are unique and provide increased privacy compared to fingerprint scanners, which may reveal more than your facial features. It also provides an additional layer of transparency regarding who is signed in.
Risks of facial recognition technology
However, while the use of facial recognition technology can be used to enhance security, it can also pose a threat to personal privacy and raise accessibility and equity concerns.
In the past, the technology has been accused of displaying racial bias and disproportionately impacting vulnerable populations. This is an area that GSA has thoroughly considered over the past two years before deciding to use this technology. Still, this is something that needs to be monitored closely and continuously.
Beyond this, the certainty of verification decreases unless a physical presence or matching ID is presented. Additionally, in the event of a data breach, an additional layer of sensitive personal information (SPI) will be exposed. It is also possible for someone with similar facial features to be able to access someone else’s account by impersonating the system using photos or deepfake technology. This can be especially difficult when dealing with identical twins.
How can we mitigate these risks?
When it comes to people trying to impersonate systems using photos and deepfake technology, this is an area that GSA needs to work hard to protect against. Facial comparisons are understood to be one-to-one and similar to using ID cards in person, but there are risks if these trusted images are somehow compromised. This technique is even more accurate when comparing faces one-to-many. Of course, both false positives and false negatives can occur, and the results of the algorithm will vary depending on demographics.
To ensure that facial recognition technology delivers on its promise, GSA must continually test and reevaluate its accuracy. As with anything that poses a potential cyber threat, clearing the hurdle once is not enough. The technology must be able to withstand the array of attacks that threat actors use every day. Over time, even the strongest walls can overcome cracks that invite unwelcome guests.
Users also play a role
In addition to the safeguards that GSA has in place to protect you, some of the responsibility also falls on you.
First, users will want to keep their digital trail as clean as possible. Attackers often gain access to one account by compromising another account. You can help keep attackers at bay by using a secure password manager to save your passwords and being careful about the links you click. Users are also wise to sanitize their social media accounts and avoid giving threat actors the information they need to easily break into their accounts. For example, if someone shares their ID photo with her Login.gov in advance, it should be used for that purpose only. It would be unwise to post that photo on social media.
To take this further, Login.gov has the opportunity to offer safety training and explicitly address safety related to this topic throughout its website. This ensures that users are familiar with best practices and do not introduce additional risks beyond those inherent in the technology itself.
Looking to the future
Technology is always advancing. What may have previously been too risky can become your best option with just a few adjustments. Login.gov’s adoption of facial recognition technology is a significant moment for the technology, and could lead to further adoption by other technologists in the future. Although Login.gov employs this, the technology is not completely risk-free. Login.gov and its users must each be smart about their security controls and work together as necessary to keep identities safe and protected.
Jennifer Mahoney is the Manager of Data Governance for Privacy and Protection. Optive.
Copyright © 2024 Federal News Network. All rights reserved. This website is not directed to users within the European Economic Area.
Summarize this content to 100 words
Login.gov’s adoption of facial recognition technology is a significant moment for the technology, and could lead to further adoption by other technologists in the future.
jennifer mahoney
March 1, 2024 5:10pm
4 minute read
In October, the General Services Administration announced it would add facial recognition technology to Login.gov, the single sign-on service Americans use for government benefits and online services, in 2024. GSA said it will also add a digital identity verification option for those who do not want to use facial recognition technology.
Although facial recognition technology has been around for decades, Face ID, the facial recognition feature on iPhone X in 2017, served as a significant catalyst for consumer adoption, effectively accelerating this trend , making facial recognition a more visible and practical technology for everyday use. After a few years, it’s safe to say that nearly a billion consumers have used this technology as a means of verification.
The benefits of this technology are clear. First, it provides a very convenient and quick way to verify your identity. Second, it’s more secure than traditional passcodes. Thirdly, fingerprint scanners are unique and provide increased privacy compared to fingerprint scanners, which may reveal more than your facial features. It also provides an additional layer of transparency regarding who is signed in.
Risks of facial recognition technology
However, while the use of facial recognition technology can be used to enhance security, it can also pose a threat to personal privacy and raise accessibility and equity concerns.]]>
In the past, the technology has been accused of displaying racial bias and disproportionately impacting vulnerable populations. This is an area that GSA has thoroughly considered over the past two years before deciding to use this technology. Still, this is something that needs to be monitored closely and continuously.
Beyond this, the certainty of verification decreases unless a physical presence or matching ID is presented. Additionally, in the event of a data breach, an additional layer of sensitive personal information (SPI) will be exposed. It is also possible for someone with similar facial features to be able to access someone else’s account by impersonating the system using photos or deepfake technology. This can be especially difficult when dealing with identical twins.
How can we mitigate these risks?
When it comes to people trying to impersonate systems using photos and deepfake technology, this is an area that GSA needs to work hard to protect against. Facial comparisons are understood to be one-to-one and similar to using ID cards in person, but there are risks if these trusted images are somehow compromised. This technique is even more accurate when comparing faces one-to-many. Of course, both false positives and false negatives can occur, and the results of the algorithm will vary depending on demographics.
To ensure that facial recognition technology delivers on its promise, GSA must continually test and reevaluate its accuracy. As with anything that poses a potential cyber threat, clearing the hurdle once is not enough. The technology must be able to withstand the array of attacks that threat actors use every day. Over time, even the strongest walls can overcome cracks that invite unwelcome guests.
Users also play a role
In addition to the safeguards that GSA has in place to protect you, some of the responsibility also falls on you.
First, users will want to keep their digital trail as clean as possible. Attackers often gain access to one account by compromising another account. You can help keep attackers at bay by using a secure password manager to save your passwords and being careful about the links you click. Users are also wise to sanitize their social media accounts and avoid giving threat actors the information they need to easily break into their accounts. For example, if someone shares their ID photo with her Login.gov in advance, it should be used for that purpose only. It would be unwise to post that photo on social media.
To take this further, Login.gov has the opportunity to offer safety training and explicitly address safety related to this topic throughout its website. This ensures that users are familiar with best practices and do not introduce additional risks beyond those inherent in the technology itself.
Looking to the future
Technology is always advancing. What may have previously been too risky can become your best option with just a few adjustments. Login.gov’s adoption of facial recognition technology is a significant moment for the technology, and could lead to further adoption by other technologists in the future. Although Login.gov employs this, the technology is not completely risk-free. Login.gov and its users must each be smart about their security controls and work together as necessary to keep identities safe and protected.]]>
Jennifer Mahoney is the Manager of Data Governance for Privacy and Protection. Optive.
Copyright © 2024 Federal News Network. All rights reserved. This website is not directed to users within the European Economic Area.
https://federalnewsnetwork.com/commentary/2024/03/login-gov-set-to-embrace-facial-recognition-technology-how-gsa-and-users-can-mitigate-risks/ Login.gov plans to adopt facial recognition technology – how GSA and users can reduce risk